Access to new cloud-based services makes it easy for many organizations to grasp new IT solutions quickly without involving the IT department. This can jeopardize the security of the organization. I have several good examples of when a Cloud Center of Excellence can address this, with benefits both for the business and the IT side.
There is no doubt that cloud services have many benefits. Speed, flexibility, and simplicity are just some of them. However, precisely these advantages have also meant that the business side in many companies and organizations has bypassed IT to acquire new services, gain access to developer resources, or simply implement new collaboration tools internally. The ability to click home a service easily and pay with a credit card means that the business immediately has access to new resources, but has also resulted in a tug-of-war between IT and business, where the IT department can at times be perceived as a roadblock and a nay-sayer.
Easy to skip over safety
There are many good reasons for the IT department to try and prevent each department from procuring IT resources on its own. The most critical issue is probably the security aspect. The importance of security is noticeable almost every week. Data leaks, security threats, intrusions, DDoS attacks, ransomware, and production outages make headlines in the media worldwide. This is the concrete reality that businesses must relate to and an area that is the responsibility of the IT department. Today, security incidents are not just an embarrassing shortcoming but a negative trend that can be very costly and generate significant fines, damage to trust, and substantial loss of revenue, which can last for a long time.
In this context, it is also important to point out that companies always have full administrative responsibility for their in-house developed applications, even when they are placed in the cloud. This is something that is often forgotten.
For a long time and very successfully, IT departments have worked methodically to take responsibility for security, compliance, SLAs, and much more. Many have also performed according to a developed process mindset, often directly related to or inspired by ITIL. However, taking responsibility and making things work in the long run requires some proper order - and the IT departments know that.
Common guidelines
In order to remedy the tug-of-war and at the same time gain a broad consensus regarding responsibility, goals, and processes when it comes to cloud services, I recommend creating a Cloud Center of Excellence. It is a group that involves representatives from all concerned departments or business units. It is crucial that the entire business understands that this is a business and management issue and not an area where IT goes in and cleans up afterward. My experience is that the group gets the best outcome if it is authorized by top management.
The group jointly draws up guidelines for the business’ cloud services, such as accessibility requirements, life cycle management, and security. With a standard work process, structure and strategy, it will be possible for companies and employees to have the freedom to do what they want and use the services they need, but within well-defined frameworks. As a result, it will simply be easier for everyone to do the right thing.
Here at CGI, we have been involved in establishing several Cloud Centers of Excellence for businesses. We always do this in close collaboration with the company and with the support of CGI’s many platform specialists, who can provide valuable insights based on the business’s technology choices and platforms’ requirements. Since we also have extensive knowledge of the specific challenges and requirements for many industries, we can help tailor the group based on the needs, goals, and strategies, based on both the individual business and the characteristics of the industry. Because when it comes to the crunch, it is always safest and easiest to do things right from the beginning.