The values and benefits of cloud adoption is increasingly
clear and well known. Not to be carried away with these values and benefits, it
is important to identify and be aware of the pressure points that the Cloud
Adoption brings in as called out by ISACA in its white paper titled as ‘Guiding
Principles for Cloud Computing Adoption and Use. Essentially the differences in
technology itself and its use impacts the way IT is governed and managed and
the management’s reaction to these impacts brings on the pressure points as
well, which need to be managed.
Differences such as change in cost allocation from capital
to operational may have consequences that may not apparent at the beginning.
For instance, contracting for a cloud based software would be an operational
spend and may have a lower cost of entry and thus, such decisions may fall
outside the review and approval process. While in most cases, the pressure
points are to be managed as risks, these are not necessarily risks.
Speed and Agility
The time-to-market is a driver for cloud adoption as
solutions to meet market needs would be available more quicker at lesser cost
though there could be gaps in meeting the exact requirements. This agile
exploitation in a reduced time frame puts greater pressure on enterprise, in
which culture, process, and human factors related to technology have been
developed to support longer development cycles and long term technology use.
This pressure when not handled appropriately could result in increased risk
level in the following areas:
- An unbalanced prioritisation of value over trust in technology solution choices
- Missed opportunities when other alternatives are not considered
- Recovery mishaps because fallback positions are not fully exploited
- Missing functionality if full requirements are not identified
- Increased long-term costs due to reliance on multiple short-lived solutions
- Reduced performance when enterprises are hesitant to introduce new solutions because of existing technology investments
Changing Boundaries
The reliance on cloud providers calls for change in the
roles and responsibilities within the enterprise and transfer certain
responsibilities to outside parties. Contracts and SLAs with service providers
attempt to assign accountabilities, but governance dictates that the enterprises
themselves, their board and management remain accountable. With this, the locus
of decision making changes from governance functions to business line leaders.
This change in the organizational boundaries can put greater pressure on
enterprises. The risk outcomes out of this pressure point could be:
- Role confusion when accountabilities and responsibilities are not clearly defined
- Diminished effectiveness when decisions are made without engaging in a wider consideration of trust and value before cloud acquisition
- Failure to satisfy constituent and end-user expectations for protection and privacy
- Project delay and increased costs due to the need for personnel with governance responsibilities to revisit cloud plans
- Unclear specifications of provider responsibilities and accountabilities in SLAs
- Incomplete information being provided to board members and senior management
New Technologies and Technology Expectations
Cloud follows a sequence of disruptions in how technology is
viewed, integrated into organizational strategy and managed and in how IT risks
are identified and managed. Areas of high pressure can result when strategy and
enterprise architecture do not consider the unique qualities of cloud computing
and when enterprise processes and procedures do not easily adapt to changes made
possible by cloud computing. The following risks could be the outcome of this
pressure point:
- Missed opportunities to extract value from the integration of cloud and internal systems
- Increased vulnerability from incompatibilities and inconsistencies between cloud and internal systems
- Less than expected results when human factors are not considered in the design and integration of cloud services and infrastructures
- Levels of organizational performance that do not meet expectations because cloud solutions do not fully support organizational processes
- Levels of technical performance that do not meet expectations because processes do not take full advantage of cloud capabilities
Level Playing Field
Cloud computing removes the advantage that large enterprises
have traditionally had in terms of availability of technology specialists and
technical sophistication. Smaller enterprises now have the ability to leverage
the cloud services and use technology sophistication that large enterprise used
to enjoy. This brings the small and medium enterprises on an equal position with
much larger enterprises. This level playing field can have an impact on the strategy
and its implementation. Ignoring this impact can result in increase of risk
levels in the following areas:
- New entrants claiming a segment of traditional market dominance
- Strategies that do not address competitor capabilities
- Less-than-expected benefits received from technology-dependent solutions
Utility Services and Service Supply Chains
With cloud computing, where computing is viewed as a
utility, focus is shifting to the value and benefits obtained from such
utilities. Agile enterprises benefits from solutions that can be used as needed
and discarded when they no longer provide value. This view of computing as a
utility and the delivery of solutions supply chain of information systems
solutions puts greater pressure on enterprises that contain a culture that is
not accepting of utility solutions, a structure that does not facilitate
cooperative planning and processes that cannot take advantage of computing
solutions provided as supply chain of utilities. Ignoring this could result in
the following risk outcomes:
- Over-investment of resources in planning and building internally developed information system solutions
- Less-than-optimal results when value-producing cloud utilities are missing from the total solution
- Duplication of effort when specialist services available through cloud providers are not integrated as part of system management
- Less-than-expected results when utility components are not integrated into and managed as an information system capability supply chain
In the white paper, ISACA suggests that enterprises follow a
six guiding principles that can help illuminate the path for cloud adoption. Click here to download the complete white paper which is available for registered
(free registration) users.