The exceptional adoption of corporate cloud computing is no recent reality. The massive usage of cloud causes drastic changes in terms of technology management practices, but also raises all kinds of questions, at a crossroad between legitimate concerns and unjustified fear. What will happen to IT management? What are tomorrow’s jobs? What are tomorrow’s skills?
As a Software-as-a-Service (SaaS) solution software editor, we work every day with our customers’ IT teams. This gives us a good vantage point on the changes caused by the ever growing usage of cloud services. Let’s try to understand these changes.
Among all of the cloud’s possible usage, I will essentially focus on SaaS business software. Just a few years back, this new way of consuming software opened tons of new possibilities, along with new challenges that arose mainly because at this point, a portion of the information system was now outside the company’s boundaries: security issues, end-user service quality, and interfaces with the traditional Information System, which is still lying within the “safe” company boundaries.
In some organizations people even talk openly about shadow IT
Another change took place as well, although unadvertised: SaaS solutions now offer a form of freedom to business managers. Overnight, they are now able to purchase SaaS software without having to go through CIOs approval. Or so it seems… From the CIO standpoint it looks as if they lost control. In some organizations people even talk openly about “shadow IT”. However the relationship between businesses and the IT is more complex: businesses want more independence when they choose IT solutions, but they are powerless when these solutions are not ‘hyper connected’ to the rest of the company IS. Meanwhile, CIOs are sometimes so glad to let the business go ahead with a SaaS solution, just to get rid of a problem. Except that CIOs end up claiming control eventually. Life can be tricky!
An Inside View Into What Is Really Changing
From our SaaS editor window, SaaS does not really change the fundamentals of CIOs responsibilities. The CIOs remains in charge of the company’s IS. What changes however is the way they now express this responsibility. Yesterday’s CIOs would build, maintain and control the IS. Today’s CIOs set up rules (an “IT governance”), give guidance to business organisations and make sure the rules are applied.
Based on our experience, all well-behaved IT management team should set up a clear governance on the following topics for any SaaS vendor:
- Security Policy – authentication, data protection, hosting requirements, etc.
- Interface Policy – real time and/or asynchronous, formats, protocols, frequency, etc.
- Service Level – availability, response time, SLA, etc.
- Accessibility Rules – from the office, from home, from my smartphone, from what browsers, compliance with disability standards, etc.
- Legal Environment – contract duration, reversibility, data ownership, audit rights, etc.
Undoubtedly this strategic shift requires serious competency changes within CIO organizations. The most obvious key role in this organization is the ever more powerful Chief Information Security Officer, but there are more of these new roles. For instance we now find a Performance Manager. This person is in charge of checking the overall response time delivered by the SaaS vendor. He/She is able to measure response time and diagnose any problem in the SaaS application performance. Want another example? Please meet the Audit Manager. His/her role is to audit the SaaS vendor from head to toes: internal organization, hosting compliance, management practices, intrusion detection and more…
So now, who is on control of IT between the CIO and the Business manager? Well, there is a balance of forces between them. They “have each other by the short hairs”. The business has a greater say in selecting the provider, as well as in user experience, but the CIO holds the key to the interfaces and, therefore, to the global coherence of IS components.
All in all, the CIO’s role has developed into a referee, a coordinator and supervisor of the “golden rules” of IT governance. The CIO leaves the execution work to SaaS vendors and can concentrate on innovation, IS strategy and long-term vision.