As is usual with many procedure-bound organizations, there is little, if any, formal policy behind the procedures, and in the rare instances when there is a policy, it is even rarer for there to be an enforcement detection and response mechanism. The resource requestors soon learn the thresholds they must not cross in the request process, knowing that once the resource is assigned, it can be used as they see fit.
So now, the unintended outcome is that IT have trained the resource requesting community to submit resource requests that bypass the various security, access, network and asset management checkpoints to ensure a speedy (only weeks) allocation.
The Whole New World of Cloud
And then came Amazon! Now, the resource consumer can simply go to a Web page, peruse the offerings, select an offering and supply a credit card, and minutes later, if not sooner, the resource is available for use. Of course, the innovative resource consumer soon finds a way to expense the costs, particularly as they are able to produce results for their management in days instead of months. In many cases, this resource consumption takes place without IT being aware that their once captive consumer has now deserted them for a resource vendor who can actually accommodate their needs.
For IT to operate its environment as a cloud resource, it must find a way to eliminate the old legacy approval process. One way to do this is to provide pre-authorized services. This means the effort of authorizing a resource is now focused on the service itself, before it is made visible in the catalog, rather than at each point of consumption.
Supported by strong policies on the corporate use intended for each service offering, this approach can place responsibility solely in the hands of the resource consumer rather than IT. This sea change in procedure and policy will require a close collaboration between the CIO and the business units, as the CIO will need the most powerful voices from the business community to break through bureaucratic legacies in risk management and internal IT management.
For IT to be competitive, the procedures must be able to execute within the same time frame as its public service competition, that is, in real time. Service catalogs need to be available on the Web and support self-selection and some form of automated workflow for authorization. Once selected and authorized/paid, the process of provisioning needs to be equally streamlined, with pre-authorized workflows that can automatically be triggered and executed to supply the resource requested. This painful change is necessary so that IT can be seen as a positive enabler working to provide resources on demand to the dynamic business consumer.
In my next post, I will outline how IT can go about proving what was delivered. If you are going to supply services in various categories and under various service level agreements, you need to implement monitoring and metrics to demonstrate that you have met your commitments, both to clients and your own management.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.
Pages: 1 2