Some clouds may bypass IT, but someone still needs to keep the lights on

Some clouds may bypass IT, but someone still needs to keep the lights on

Summary: Analysts agree on one thing: don't fight cloud-based rogue IT, but embrace it.


Are IT departments being left in all that dust being created by the cloud? Is there any good that can come out of this?

That's the gist of a recent article posted by ComputerWorld article posted by Sharon Gaudin, who spoke with a number of industry analysts and observers about how businesspeople are going right to the cloud for solutions, instead of relying on their own IT departments.

Clouds and Sun 2-photo by Joe McKendrick
Photo: Joe McKendrick

Analysts appear to be in agreement about one thing: IT departments shouldn't fight shadow IT, but instead, offer guidance and consulting to make the most of such implementations. The best way to do this is by setting up strong cloud governance policies. As Gartner analyst Lydia Leong puts it in the article: IT leaders "need to set up service agreements with approved providers and set up controls for how secure information needs to be. How do they provide risk management? How do they make this work instead of just saying, 'You can't do this'."

It's clear IT needs to get out in front of this movement. It's up to IT to support the business with its choices. An option may be to develop a service catalog — or enterprise app store — that provides end-users easily accessible choices among well-vetted and supportable applications.

At the same time, it's important to keep things in perspective. Overall global IT spending is projected to hit $2.1 trillion this year, IDC predicts. Of this, $100 billion will be on cloud. While cloud and other "new IT" elements — mobile, social, data, and things — are the fastest-growing components of IT spending, it's also worth pointing out that cloud's $100 billion share is still only roughly five percent of the total IT spend.

That other 95 percent? Maintenance, storage, security, internal services, development — all the stuff that needs to be kept going by someone, and that someone is IT.

Topics: Cloud, IT Priorities, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I've seen this before...

    Oh yeah, it was the movie TRON. IT stars as MCP and the users are trying to break free...
    Tony Burzio
  • Issues with the Cloud

    IT does a lot more than just host servers and deal with workstation issues. As the article points out, there is a lot of governance issues that need to be addressed and there still needs to be the data security folk such as the CISO. If a corporate or government office decides to go to "the cloud", what exactly do we mean by "the cloud"? Are we talking about public cloud services such as Google Docs/Apps? Dropbox? Or, are we talking about the private cloud. In the case of the private cloud, we still need the full IT department to run and administer the private cloud. If you are talking about public clouds, companies need to address real business needs and privacy issues before they venture forth.

    Let's take a look of the issues that happened with the City of Los Angeles and Google Apps. The city was using Novell Groupwise for their email. They wanted to reduce their IT footprint and go with Google Apps. They wanted GMAIL to replace Groupwise. The main concern was the police department, LAPD. Unfortunately, LAPD needed governed data coverage in CJIS rules. Unfortunately, despite the government stepping up to make cloud use as easy as possible, all Google had to do was subject their employees to background checks. They refused this and they are not compliant with U.S. law. We know that Google scans/reads every document that passes through their services (they say so on their website; I'm not guessing at this). So, for CJIS-controlled government use, it would seem that public clouds may not be used. This is not just a Google issue, by the way. Other public cloud providers are in the same boat. But not only do we have CJIS (criminal justice) issues but what about HIPAA (health record storage) or PCI-DSS (credit card information).

    That brings up a good point: Suppose you, as an individual, take your family out to dinner at a big restaurant. You pay with your credit card and you trust the waitress is not writing down your credit card number. What happens if the restaurant (company) uses a public cloud service that doesn't submit their employees to background checks and may have your credit card information stored all over the world. Can you guarantee that some employee is not going to misuse that information? Do you think that the public cloud provider takes responsibility? Think again. Or, better yet, look at what the provider says in their Terms of Service and Privacy Policies? Does it sound like they would take responsibility?

    The point I'm making is, despite the reduction in IT expendatures with a public cloud, can businesses handle the fact that their corporate data can be given to the government such as the NSA as well as be provided to third-parties or even posted publicly?

    Having said all this, there are still issues in data privacy and security even with the traditional IT departmental model. Today, there is a tendancy to take work into the mobile workforce. Has your data left the building? Is it on an unencrpted device such as a jump drive, tablet or notebook? If the device is lost or stolen is the user going to report it to... whom? At least in California there are laws. Look up California SB 1386 or AB 1149. There are similar laws in other states. You can't just say, "Ooops! I lost my iPad; can I have another one quickly because I need to analyze all of this data....". (OK, just think of what happens if it is YOUR data that was stolen).

    No matter how we slice or dice it, the bigger issue today is privacy of data and that means that cloud adoption isn't going to spread as quickly as people think it should, despite any short-term cost savings. Corporations need to address the issue of loss of customer/constituent data. The employee doesn't "own" the data and neither does the organization. It is data that had been entrusted to them by the consumer and this needs to be addressed first before running out and throwing data to the wind assuming that someone else will take responsibility for its privacy.
  • The unsafe cloud

    You can stick the cloud were the sun don't shine it is dangers touse it and it is good that is why they dropping the price