Sean Wallbridge
Yup, weird title, but then this is a bit of a weird topic. The whole IT industry is running hell bent for leather towards the “Cloud” yet many organizations are also madly building out their own infrastructure. Who’s right? What’s the best thing to do if you are planning out your next 3 – 5 years IT spend? Well, the short answer is, “who knows?”. The longer answer is a lot more complicated but here’s my take on it, for whatever it is worth …
I believe everything can be boiled down to three simple concepts – access, control and responsibility. Going forward, these are the three concepts that are key to planning what you do with your IT.
Access comes down to how do you make your data (and business processes/rules) available to your people and your partners. The days of simply sitting at a PC (or a Mac) and using nice fat apps are long gone, you have to make your data and processes available in multiple ways to suit a moving and mobile audience. Whether you like it or not, iPad’s (and all of the other “fondleslabs” as The Register terms them) are the future and delivery of data and processes to “uncontrolled” devices (in terms of command and control by corporate IT) is just going to be “the way it is”. Those organizations that embrace this concept will thrive and those that do not will find it hard to compete. If you are looking at where to put your money you could do a lot worse than to look at how you make your data and processes available. Now is the time to make those architectural changes to free up your data. Make it accessible, make it searchable and make it mobile.
But does easier accessibility imply that you have to put everything in the Cloud? Not necessarily and that’s where the concept of Control comes in. Making your data easier to access does imply that you have to put better controls in place so that only those people that should have access to the data actually do have access. At the same time, you also have to understand who controls the backend (the servers, that databases, the web servers, and so forth) that supports your new, more accessible data access. To my mind, this is probably the most critical area as you have to satisfy privacy concerns as well as many other corporate concerns while trying to ensure that you get the most bang for your buck. Many organizations have taken advantage of Cloud services to support their new accessible backends without, necessarily, understanding who now controls their data. This is something that you need to consider very seriously. There are many organizations that can easily and “safely” commit their data to the Cloud; there are many others (like healthcare professionals) that may have to examine things much more closely before making decisions.
You need to thoroughly understand who holds the controls to your data and what are the terms and conditions of those controls. If you control everything to do with your data (ie the whole backend and the delivery channel), great! If you do not, and you rely in part or in total on Cloud services, then you need to really be aware of what your service providers can do with your data (you’d be very surprised …) and where they can house the data. The simple fact that data is not held within your own country’s borders could put you at risk for privacy law violations, as an example.
Finally, there is the concept of responsibility and this is a pretty broad area. If data is easily accessible then responsibility for the data has to be accepted by both those who access it as well as those who make it available. This is a weird concept for smaller organizations that have never really given it any thought in the past but people must be made to accept responsibility for the data they access, specially so if that access is now “easy” and mobile. As an example, it’s probably not a good idea to have a person’s confidential medical records displayed on a iPad that is sitting on a table in a coffee shop in plain view of many other coffee shop patrons. While technology makes it simple to access the record in question, it is up to the user to exercise judgment as to where and when the access should be made.
Responsibility is also important to understand in terms of the backend. If your data is in the Cloud, who is responsible when it all goes pear-shaped and no one can access anything? Is this the responsibility of your Cloud service providers? Is it yours? Whose butt ends up in the wringer? When you control all of your own infrastructure it is fairly easy to affix blame; it is a lot less easy to do so with the Cloud so it is a very good idea to have a clear understanding of who is responsible for what before things go sideways.
So, there you have it. Nothing fat or juicy in terms of technology, just three woolly concepts to wrap your head around. And that’s really the point … it doesn’t matter what the technology is anymore; it doesn’t matter if you go Cloud, private cloud or just good old internal infrastructure. What does matter is that you really think about the bigger picture in terms of these three concepts and do your planning from there.