New Business Models Need New Approaches to IT


How regulation may redefine the role of technology in business

I’ve been watching with some interest the discussion around who will “own” information technology within the emerging digital businesses: those new businesses created in response to ubiquitous IT, communication networks and social media. Many of these arguments have a strong feeling of a turf war, positioning different areas of the business as the most obvious group to own and manage IT across the business or advocating the creation of a collection of new technology-based C-suite roles to paper over perceived limitations in the skill set of established IT departments and CIOs.

Both of these arguments, however, seem to be only addressing the symptoms and not the cause of the problem.

The role information technology plays in business has changed. In the past IT was a tool to reduce costs and help a business grow. These new digital businesses use technology to create value, to engage customers and partners and to work in new ways. Information technology has become a capability that is woven into the fabric of a business, rather than an asset we deploy to achieve scale. We’re not moving around responsibility for IT: we’re building new business models that use IT in new ways.

Instead of focusing on who the new owner of IT might be, the question we should be asking ourselves is “How does a digital business consume (govern) information technology?” This is an important question, and one that we need to delve into more deeply. (Indeed, I like to keep posts fairly compact but this one post was roughly 2,000 words by the time I was happy that I’ve had covered the issue.)

The major point that the debate has been neglecting is that, in the long run, governance and not perceived importance nor the size of an existing group’s budget IT, will determine how information technology will fit into a digital business.

Government regulation for financial, anti money-laundering (AML) and counter terrorism-financing (CTF) reporting will drive both public and private business to create governance models that will enable them to show auditors that they can trust the transactions that flow through the heart of their digital businesses. It is these governance models that will determine the future role of IT in business.

The end of the IT department?

Ubiquitous consumer computing and communications technologies – such as the smartphone you probably have in your hand – are changing what it means to be a well-managed business. The best way to think about this change is to consider it as an expansion in value space for IT.

We used to define the value of IT in terms of cost savings, net present value (NPV) and time to payback. This is the world that established IT departments have developed deep expertise in: IT as a tool to drive scale and reduce costs by automating data collection and processing.

New technologies, however, are more focused on enabling companies to engage with customers, employees and partners in new ways. This might be the table touch-application that consumers use as a second screen while watching a sports event, or it might be the smartphone application that blurs the line between the online retail and in-store experience. It might also be tight integration into Facebook or other third-party systems, or even the development of a public API, to allow customers to interact with the company across a range of platforms, many of which the company does not own nor control.

These new technologies don’t provide cost savings, nor can the benefits that they bring can’t be captured by a NPV calculation. They’re best thought of as creating new sources of business value.

Traditional IT budgets are in decline, driven down by the migration to cloud and other on-demand solutions. Most IT departments also have little experience in the new digital business technologies and struggle to fit them into their existing software development and service management processes. At the same time the marketing and sales teams, the parts of organizations that interact directly with customers, are rapidly ramping up their IT spend, leaving the IT department behind as they experiment with these new technologies.

This raises the obvious question in many peoples’ minds. Will the role of the IT department expand to include these new technologies (technologies which many IT departments clearly struggle with)? Or will the ownership of IT in business shift to a new group in the business (either the marketing department, who are on track to overtake IT as the largest spender on IT in the business, or will a new department be created, one that subsumes the existing IT department?).

The future role of IT

As Andy Mulholland pointed out in a previous post on CIO of the Future:

The fundamental question we need to ask ourselves is not “What is the role of the CIO and the IT department?” This is something that is already well defined and understood. The question we need to ask ourselves is “What role should technology be playing in the business? 

The traditional role of IT is in decline. The IT department was created to procure and maintain the expensive IT assets that many businesses needed to grow into the global corporations that we know today. Now these assets are being swapped for on demand services, services that many lines of business feel comfortable procuring on their own. At the same time new technologies are being used in new ways to create value, rather than to simply reduce costs.

The challenge facing most IT departments is what to do about this decline.

The challenge for all businesses is to understand what the change means for the business as a whole.

IT is no longer a monolithic asset that will be managed by a single entity in a business, so it’s silly to wonder who will be the “owner of IT”, who will make all decisions on how IT is procured and used across the business. The value space has expanded, and we’re using IT for a lot more than simply reducing costs. Different lines of business use technology in different ways, requiring different skills and different techniques to define and measure value.

The question we need to understand is: How will the management of IT fit into future governance structures across the business?

The failure of (many) Chief Innovation Officers

It’s often thought that seats at the C-level are created for those things that a business deems most important. Finance is obviously important, especially for a public company, hence the CFO. If information technology is important then, by extension, a company will have a CIO, and so on.

While this trend might be true in the short term, in the longer run being seen as important is not enough.

There have been many roles created at the C-level, such as the Chief Innovation Officer, which have come and gone in many companies. They failed to find something to anchor themselves in the organization, something to provide these roles with the authority they need to last beyond the preferences of a single CEO or the latest trend in business management practices.

The thing that anchors a senior role in an organization for the long run is governance, having decision rights over and being accountable for a resource or asset essential to the operation of the business. The CFO is the most obvious example, with the regulatory requirement for a published and externally audited set of accounts forcing the vast majority of public businesses to hire a CFO.

The failure of many Chief Innovation Officer roles can be attributed to a lack of decision rights: they didn’t fit into the governance model for the organization. Other members of the C-level simply worked around them, as the Chief Innovation Officer didn’t control any the resources or assets the other members of the C-level needed to be successful.

What will determine the role of IT in business?

So what governance requirements are going to shape how IT fits into a business? What forces will determine if IT will have one owner or many, and who this owner might be?

Two examples spring to mind:

  • Existing regulations for public companies to publish externally audited financial reports
  • Emerging regulations for public and private companies to support government and international AML and CTF programmes 

External Audit

External audit is an obvious candidate. With marketing departments going rogue often there’s only a tenuous link between what’s happening at the coalface and a company’s chart of accounts. One day the auditors will come knocking, and they will want to be able to trace a transaction all the way from the point of purchase (which well may be for a non-standard product procured via a widget in a social media platform) through to the company’s general ledger.

One great example of this challenge is from a large fast food chain in Europe.

The chain found itself confronted with increasing customer disloyalty and declining revenue. The firm’s old business model wasn’t working anymore as consumer behavior had changed. Rather than its brand being a beacon used to consumers to plan their day – “hey, let’s grab a quick snack there before hitting the clubs” – it had come to represent a predictable and consequentially uninteresting experience. Consumers were turning to recommendation services, accessed via their smartphones, to find somewhere more interesting to meet for their pre-club snack.

The firm’s response was to renovate its restaurant to create a more pleasant café-like atmosphere and to introduce a sandwich of the month to make the menu more dynamic. Consumers would find the new ambiance more to their liking and desire to try the latest sandwich would draw them in.

This is a situation that would make any CIO sit back for a moment. Every month there would be a new product on the menu for customers to try. This implies changes in everything from the till back through the supply chain to the new collection of suppliers required to support the new offering. This sort of constant business process churn will put a spanner into the works of many core systems, causing the CIO to push back.

The response from the fast food chain’s marketing department was to go rogue. All the technology required to support the changing menu was implemented and maintained by marketing, away from the IT department. The only integration between marketing and core IT systems would be a spreadsheet capturing marketing’s monthly profit and loss that would be manually uploaded to the general ledger.

Many firms are finding themselves in similar situations: their marketing department is responding to (what it sees as) unstoppable market forces by implementing significant IT solutions away from the IT department.

At some stage the external auditors are going to come knocking. They’ll want a complete picture of how transactions for these new offerings are generated and managed across the entire business. The business will not be able to provide the auditors with information they demand.

Anti Money-Laundering & Counter Terrorism-Financing

Another, less obvious, candidate is anti-money laundering and counter terrorism financing regulation.

Recently there has been an explosion in the number of privately managed complementary currencies. Some of these currencies are used within social networks and games to purchase services and virtual products. Others, such as Bitcoin and similar “cryptocurrencies”, are designed to supplement or even replace sovereign currencies.

As these currencies have matured they have begun to attract organized crime. Korean police, for example, captured the leaders of a money-laundering group for a Chinese gold farming ring targeting Korean online games. The foreign affairs bureau of the Seoul Metropolitan Police Agency said in their press release: “We arrested two individuals; including the ringleader who is a 37-year-old man named “Jeong”. Jeong’s ring purchased in-game money in China … and then cashed the money through domestic game item brokerages. They then illegally wired a combined 38 million dollars from Korea to China.” Jeong and his ring reportedly sold the game money illegally produced in China using cheap labor and virus programs.

The anonymous, peer-to-peer nature of Bitcoin is also attractive to criminal groups. The FBI stated that “Bitcoins will likely continue to attract cyber-criminals who view it as a means to move or steal funds” while the Washington Post labeled it “the currency of choice for seedy online activities”. Services are also emerging which facilitate illicit activities, such as Bitcoin “mixers” (such as like Bit Laundry) where Bitcoins and cash are exchanged for “clean” ones, typically for a a 1% transaction fee.

As businesses, even privately held businesses, integrate themselves into this new commercial environment they find themselves increasingly subject to AML and CTF regulation.

Create a complementary currency for exclusive use by your customers (even a currency that is simply “points” that can be traded for “services”, or possibly even something as seemingly innocent as pre-paid mobile minutes) and you will need to prove that your business and your currency is not being used to launder money or finance terrorism. Integrate your business with a complementary currency provided by a third party and the same regulation may apply. Even simply accepting Bitcoins as payment (which necessitates integrating your business with the Bitcoin network) might subject you to these regulations.

The future shape of IT in business

While the final shape of IT in business might be up for debate, we can see that governance will have a large influence on what this future shape might be.

Regardless of how IT assets and services are purchased and managed, we can see that regulation is a strong driver to create a single C-level role which is responsible for ensuring that all technology across the business is used in a way that supports the firm’s regulatory needs. This is a role similar in nature to that of the CFO, though the domain of expertise will differ significantly.

All CFOs are accountable for a firm’s financial reporting, while good CFOs will also work across the business to ensure that all lines of business are extracting as much value as possible from the financial reporting and financial assets that own.

All members of this new C-level IT role will be accountable for the firm’s transaction reporting, while the good ones work across the business to ensure that all lines of business are extracting as much value as possible from the IT assets and services that they own. This is a different skill set to those required by the current CIO (IT asset management), CDO (web and mobile) or CTO (technology development).

Most businesses allow the lines of business to manage their own budgets, though the head of the line of business is expected to have the skills and expertise do this and they do it within a governance and reporting framework managed by the finance department.

A similar arrangement might emerge for governing IT. This suggests that the head of each line of business will need to acquire the skills and expertise they need to manage the IT that their department needs. It is unlikely that we will need to create a new set of C-level roles to manage different areas of IT.

How is your business coping with the transformation required to become digital business? Do you have a new IT governance framework in place? Or are you experimenting with different options, such as creating a CDO?


[VIDEO] The Intersection Between Enterprise Technology Trends and Leadership


How governance for transformation can drive value and support the humanity of organizations

I recently gave the opening keynote at the SAP Australia User Group Summit on Leadership in Enterprise Technology. After my keynote Inside SAP did a brief video interview of me. The video and a rough transcript are below.

Some of the key themes are the idea of governance for transformation, how technology can support the ‘humanity’ of an organization, and of course leadership in enterprise technology.

Transcript: The intersection between enterprise technology trends and leadership

What will the future of enterprise technology look like?

We now have a truly connected world, where computing can literally happen anywhere. Where individuals have access to extraordinary technologies and dictate how they want to be able to use their technologies. It creates an entirely different landscape in which Enterprise Technology needs to take a leadership role. It is being subject to buffeting forces in where technology is coming from.

How can companies overcome barriers to innovation?

Organizations need to become more agile, adaptable, able to change what they are. This changes the nature of the organization itself. This is far more a cultural shift than it is technology or structure. I do believe that the idea of governance for transformation is fundamental.

We do need governance to be able to put structures around some of the risks as well to be able to understand the benefits emerging, but governance must be an enabler of transformation. So when we are looking at innovation efforts, be they explicit strategy innovation or product innovation, or they are simply creating organizations that can respond better to environment, I believe that governance from the Board of Directors down to the organization is a fundamental enabler of being able to drive effective innovation.

Which technology trends are particularly disruptive?

Vast computing powers are going into the hands of individuals. There’s processing power in terms of connectivity, and mobility is fundamentally changing the dynamic of enterprise technologies. Providers of technology and the consumers of technologies will often already have better technology in their own hands.

It applies differently across every industry, but the rise of the amount of data available and what can be done with that, the whole idea of big data which is now becoming ‘staggeringly enormous data’, changes the whole nature of what the organization it is, how it makes decisions.

What impact does technology have on organizational culture?

What is more important today than ever before, is not just technology as the enabler, but how technology relates to the humanity of the organization, to the culture of the organization.

I think social media is just one aspect of that. But on a deeper level technology is becoming enmeshed in the humanity in the organization, which was never the case before.

How will the role of the CIO change?

One of the aspects of the CIO is they are moving from managing infrastructure to hopefully managing the strategy of technology, being at the heart of strategy inside the organization. It is a shift in role to be truly in the C suite of the organization.

We’re seeing diverging paths. In some organizations technology is becoming marginalized. It is viewed as a commodity which needs to be done well and done cheaply. There are other organizations where it’s seen that technology is truly at the heart of strategy, at the heart of what the organization is becoming. The role of the CIO is to demonstrate the importance of technology being the heart of the organization. Those CIOs that are not doing that effectively are really abrogating their responsibility to that organization in creating a successful future.

Must the Business Always Bypass IT When It Wants to Innovate?


How the IT department can best engage and influence Line of Business managers

Quite a few years back, in fact I have trouble remembering exactly when given the pace of technology change and the rate of uptake by the general population, I used to ask audiences a few questions. I asked them for a show of hands from all those who had a better PC and Internet access at home than work. I could be guaranteed to see an overwhelming majority. I’d ask if they had ever actively chosen to go home because their home PC enabled them to do a particular task more effectively than their work PC. Another overwhelming majority would put their hands up.

This shows that even ten years ago that many Line of Business (LoB) managers were already finding the constraints of “enterprise IT” a challenge to be bypassed.

Come forward to around two years ago and I was asking a similar question about ownership and use of Apple iPads (and for the business community this is overwhelmingly the tablet of choice). LoB managers couldn’t get their hand up fast enough. Unless they were in the finance or IT departments, where all their work was going to be internally focused on the enterprise IT systems.

Add a question to see if they were using their tablet for business use, and the simple answer was that the iPad enabled them to access information and services that IT didn’t, or couldn’t, provide.

At this time the iPad almost certainly was not in any way intended to be “connected” to enterprise IT. It posed relatively little risk (or even, from the perspective of IT, maybe no risk) and therefore a LoB manager felt that it had nothing to do with the IT department.

At this point two things should have become clear.

First is that this is unlike the introduction of mobile phones where the focus was on email, as email required an interactive connection into enterprise IT.

Second is that these users are deploying a new generation of technology and devices for a new generation of business requirements. These solutions provide a completely different set of capabilities, capabilities that the existing generation of client-server based enterprise IT applications does not provide.

Now throw in the key question to our audience: do you have online banking and are you able to manage your own budgets and financial matters more simply and easily than before? The answer is of course “yes”. But now try asking: are you using this to bypass your enterprise’s financial systems? The unanimous reaction is “definitely not”. The fiscal management of an enterprise is recognized to be a professionally managed and legally defined responsibility.

Now move the discussion towards how far the LoB managers should be allowed to take their use of technology. The discussion will initially position the IT department in the role of technology support, and the LoB managers’ ability to be able to use these new consumer technologies without needing this support.

The reality we need to bring the discussion towards is the role IT plays in providing an auditable and compliant enterprise operating environment that underpins operations across the business, just as critically as the financial systems, systems which after all depend on IT anyway!

Yup, thought provoking isn’t it?

LoBs instinctively recognize the financial no-no, but equally instinctively have a first reaction that it’s okay to do what they are doing. That is until they really start to think about the implications of all LoBs across the group adopting this behavior, or how reliant they are on common, shared trusted information rather than the challenge of “trash and treasure” in “Big Data” usage. And that’s before we get to the point of auditable traceability!

The CIO role in the new business model of the early 1990s

CIOs of a certain age and with long memories should at this point cast their minds back to the adoption pattern of PCs around 1990, back when the enterprise computing service was based on mainframes and minis running terminal-based applications.

In those days, when PCs represented the new and disruptive technology, business managers also bought their own PCs, even their own departmental networks, all for exactly the same reason as now. Namely, to use a new generation of technology to deploy a new generation of business capabilities that lay outside the capabilities of the existing enterprise data center with its mainframe/mini computer terminal-based systems. At first these were also standalone applications, as a younger generation of LoB manager introduced spreadsheets and other simple applications, and shared data via discs and then local area networks, LANS, etc.

Not surprisingly, given the benefits obtained within a matter of a few years, the enterprise was soon full of PCs, small separate departmental networks, and many, many applications, all bought from LoB manager budgets. These solutions were mainly incompatible and resulted in spiraling operating costs and, most important of all, obscured the overall understanding of the enterprise operation, to the chagrin of auditors.

There was a tipping point in most enterprises when so called “safe standalone working” had become a confused mass of activities. Even more concerning were the multiple copies of key data spread around these desktop PCs, leaving little trust in the integrity of any enterprise level results.

The huge business benefits that the early adopting LoB managers had gained in their individual work or departmental activities were becoming insignificant as, at an enterprise level, the stability of the entire business was being called into doubt. The good news was that the early adopters had accelerated the understanding and the ability to create value using these new technologies by being able to move quickly with relatively minimal constraints. The bad news was that as momentum and scale of use had built up, making the new technologies and business functions mainstream within the enterprise, professional management was sorely needed.

So how was it all resolved? How was the CIO role created? And how was the way forward to the adoption of ERP created?

The answer didn’t lie in the technology. It lay in the business’s adoption of a different organizational model; one designed around the use of PC client-server systems. Organizations were redesigned around business processes that run across the business, rather than as a string of separate departments: Business Process Re-engineering (BPR).

BPR was as big disruption to the operational models of the time. This is similar to today’s teaching on business model innovation that introduces the idea of constant reaction to external opportunities and circumstances. But BPR also introduced the necessary definitions of roles, responsibilities, and operational methodologies that made ERP the competitive necessity to create the enterprise as we know it today.

The role of the CIO, and of the enterprise IT department as we know it, is based on the business model of BPR. It’s a role designed to administer and automate internal business operations through best practice. At the heart of this is transactional data integrity built around the structured data created and managed internally by recognizable, auditable business processes protected inside the firewall. Not surprising neither the role, methodologies nor even the responsibility/authority works for or fits with the new disruption in technologies and their business use!

Our LoB managers are not using PC based client-server technology on internal enterprise applications. They are using tablet-based browser-cloud technology externally to be part of an environment that has been created by consumers via the mass adoption of cloud-based solutions.

At the stage this mostly means that the solutions they are using are not transactional but interactional. As long these solutions are completely separated from enterprise client-server systems they are reasonably safe. The challenges are when some degree of integration is requested, or made demanded. Importing traditional structured data into these solutions, or integrating internal and external data as part of Big Data analytics, challenge the integrity of the internally managed structured data.

This is the point where CIOs are right to express serious concern.

Right now in most enterprises early adopters are blazing the trail to find the winning and losing propositions, and expectations are rising for the opportunities that these new solutions will bring. Most importantly, these activities are taking place at a scale where they are still contained enough to be “standalone” and safer outside of IT.

That is not to say that you should ignore them. It is to say that you should accommodate them via a policy that apportions an appropriate level of responsibility to the LoBs, a policy that has been agreed with the CEO.

The CEO and the new Digital Business Model

The CEO is becoming the key to managing the shift to a new (IT) operating model. Business school teachings are recommending that CEO take direct responsibility for their enterprise’s digital strategy, and with it the redesign of their business model.

This is the much talked about, and little understood, topic of business model innovation; a topic that, together with business strategy, has been exercising the minds of business school professors for some years.

Today business model innovation is well-developed set of principles (defined by Mark W. Johnson) taught to business managers that explain nineteen prospective business models that can be used to position a product or service with customers, as shown in the table below. Think of it as the new BPR to suit the capabilities of new technologies deployed outside the firewall, and outside the internal processes of IT. Business model innovation brings with it a new set of business values focused on taking new products to market, wining new customers, increasing market share etc. None of which are justified around internal cost reductions. All of which could be expected to be funded from budgets other than ITs.

Source: Mark W. Johnson (2010), Seizing the White Space, Harvard Business Press

So where is the CIO in this brave new world?

The choice of the phrase “outside the role of IT” was deliberate. It doesn’t, however, mean “remote from IT and the internal business processes”.

There will at least need to be alignment across lines of business and, as the new business model develops, there will need to be integration to allow interactions and connections to take place on an end-to-end basis across the enterprise. A customer engagement should result in a customer order, and that requires integration to be managed successfully.

When will this occur? There are two distinct answers.

The first is as business-as-usual, with no new business model applied, hits a natural barrier and the law of increasing chaotic cost of operation starts to consume the new technology’s benefits. This point was identified for the PC client-server era in the book “Crossing the Chasm” by Geoffrey Moore, when the rising curve of expectations hit the trough of disillusionment as enterprise wide operational issues revealed the serious challenges to be faced. To cross the chasm meant to adopt new levels of maturity in what products and methods were used to deploy the new environment. In short, it’s the moment when the second answer below becomes unavoidable!

The second answer is for the CEO to understand the need for an enterprise to consciously understand the opportunity that digital business will bring, and to set out to redesign the business model before hitting the tipping point. To address this properly will mean clarifying how technology will operate across the business and outside the business, and how the IT department be involved in the business activities.

It’s a huge shift and a big responsibility as by now the auditors will have woken up to the need to be able to follow and understand how the digital enterprise actually functions, who has what responsibilities etc.

It’s a return to the time for professional management of technology, its use, its purpose, risk management etc. This is a big organizational role requiring a mix of business and technology understanding as well as knowledge of the enterprises current systems and compliance obligations. It’s also a role the CIO should be the right choice to fill, based on their experience and profile.

Current Realities for the CIO to address at this stage?

Sadly there is no magic bullet to immediately gain “control” of the LOB managers, their technology and business deployments. As they currently stand the CIO and the IT department are neither equipped nor empowered to solve this problem in this new environment. But that doesn’t mean blocking or stopping deployments; that’s simply not commercially feasible in the face of the increased competition and customer demand for digital based business.

Instead the answer is to work on ensuring that the separation and isolation of the new deployments from the IT environment is understood and fully observed.

LoB managers who want to be early adopters should be encouraged and supported to grasp that the real risks that they are accepting. Risks stemming from the manner in which their people use the technology and their ability to commit the company to unintended consequences. Organizing “awareness” training and guidelines for “online” behavior and hazards are both practical assistance and will create relationships that allow monitoring of what is happening to build experience.

This approach also allows for clarity in who is responsible for the impact and behavior, and that means not only for the CIO but also for LoB managers. It even means the CEO and CFO.

More importantly, it formalizes an enterprise wide management involvement that will be required as the organization develops an understanding of the good and bad impacts that the new digital environment is creating. In time this will be the group that reacts to the possible tipping moment and creates the business model and management changes necessary for the mature adoption and integration.

Are the lines of business in your organization experimenting with browser-cloud solutions? Has your organization already hit that natural barrier when the increasing chaotic cost of operation consumes the new technology’s benefits? Or has your business already set out to redesign its operating model before hitting the tipping point?


The Elephant in the Room About Cloud


How do you control SaaS and Cloud solutions when you don’t own them?

The first law of being a CIO might well be “You don’t get to talk about strategy if your IT is broken”. Moving your enterprise applications to the cloud doesn’t change this.

Once an application has been transitioned to the cloud you will no longer be responsible for the day-to-day management of a solution. You are, however, still accountable when these solutions fail. If CRM is broken then the CEO will be calling you, their CIO, and not someone at the Software as a Service (SaaS) CRM provider.

Moving applications from your own data centre to the cloud can provide tangible benefits. But you need to be prepared.

You need to do your due diligence so that you’re fully aware of the benefits and limitations. You need to integrate the solutions into enterprise wide support and business continuity processes. And you need to manage cloud providers like any other vendor: monitoring their performance and weeding the under-performers from your vendor portfolio.

It’s important that you know what you’re buying

All cloud solutions come with some sort of service level commitments. It’s important to understand what these commitments mean.

SaaS solutions will provide some commitment on availability and data durability (i.e. how much data might be lost during a failure). Often the level of these commitment will depend on the package that you purchase. Getting by on a cheap-and-cheery freemium package might seem like a smart move at the time. That is until the service fails, taking all your data with it, and you realize that the freemium service levels provide poor availability and put you at the back of the queue for data recovery.

Service levels provided by Infrastructure as a Service (IaaS) platform vendors – such as Amazon Web Services (AWS) – are more nuanced. They will provide service levels for each of the distinct platform services they offer: virtual machines, data storage, and so on. It’s up to you to weave these services together in a way that provides the end-to-end service level you require.

You’ll notice that whenever there is a highly publicized AWS outage that the store is rarely affected. The failure of third-party applications hosted by AWS is not Amazon’s fault. These applications either deemed the failure an acceptable risk or didn’t design for Amazon’s cloud computing model.

IaaS provides you with a toolbox. It’s up to you to use the toolbox effectively.

You can’t avoid integration

No application is an island, and it must be integrated into your IT estate if you want to realize it’s full potential. This might be as simple as plugging it into your identity management solution so that employees can use their usual username and password. It might be more complicated, integrating it into end-to-end business processes.

Cloud solutions also need to be integrated into your business continuity plans and processes. What will you do if the solution should be unavailable for some reason? How will you manage to keep the business running without it? How long can you keep the business running without it? What will you do if the cloud solution becomes permanently unavailable?

In many cases including a cloud solution in business continuity is as simple as periodically extracting a spreadsheet containing all the data the application contains.

Your support desk also needs to be aware of the cloud solution, and ready to support users who have problems. Users will call the same number regardless of who the solution is provided by (just as the CEO will always call you, the CIO, when a solution fails).

Finally, you need to plug the cloud solution into your operational monitoring. You want to be the first of the management team to know that the solution is down. That call from the CEO should be along the lines of “We already know about it, and this is what we’re doing to solve the problem…”

Prepare for life as a small fish in a big pond

Many of the benefits of the cloud – scaleability, low cost, etc. – come from the huge scale that cloud and SaaS providers can achieve. The downside of this huge scale is that you’ll most likely find that you’re a small fish in a very big pond.

Operating your own data centre allows you to be your own lord and master, controlling every aspect of the data centre’s operation. With the cloud solution, however, you’re just one voice among many. Your requirements will often become just one of the thousand conflicting demands that the cloud provider is attempting to balance.

You need to consider cloud and SaaS solutions as tools that your business simply uses as is, rather than solutions that you try and adapt to your unique needs. Typically it’s the commodity business activities that you want to throw out to the cloud or SaaS. There’s no benefit from foisting you peculiar approach to order management onto the SaaS solution. You might have pages of requirements, but a smarter approach is to find a solution that you consider capable and cost effective and them simply adopt whatever standard business processes it provides.

This is somewhere the CIO can help the business

Moving applications to the cloud can deliver tangible business benefits. There are, however, pitfalls that need to be avoided.

As IT spend migrates out of the IT department and into the lines of business more and more CxOs will find themselves in the unenviable position of being the proud user an IT solution that isn’t currently working. The first person they’ll turn to will be the CIO.

This is something that an astute CIO can help with.

  • Work with the other departments to ensure that the right options are purchased, covering both functional and non-functional requirements.
  • Deal with the integration challenges so that the cloud solution does not become an isolated island.
  • Weave the cloud solution into enterprise-wise business continuity and support processes.
  • Ensure that you have monitoring in place so that you get the bad news first

Cloud solution work, but you need to be smart about how you use them if you don’t want to be caught out.

Have you moved applications from the data centre to the cloud? What problems did you encounter? And how did you overcome them?