Total Members: 4817

This community is proudly sponsored by :

Fighting Back Against Shadow IT: Part 2

Help your customers embrace cloud services to serve business stakeholders

In Part 1 we outlined how the rise of shadow IT affects both your customer’s and your business. You can help customers assess the situation to determine the extent of its use inside their companies and position yourself as a trusted cloud advisor. In Part 2 we will examine how to help customers identify mission-critical applications and which to host in the cloud.

Identify Your Customer’s Mission-Critical Applications

The second step in controlling this cloud-driven onslaught of shadow IT starts with helping your customer identify and acknowledge those applications and processes that require strict governance and control, and those which may only need general oversight. The complexity and sensitivity of the underlying application process should be considered when identifying which applications are mission-critical and which are not.

Customer relationship management (CRM) and enterprise resource planning (ERP) solutions are examples of mission-critical applications with a high degree of complexity. Having either of these unavailable for any length of time is unacceptable. Web conferencing, on the other hand, may not be a mission-critical application, as the lack of this capability may be a nuisance, but not catastrophic.

Gartner has provided a matrix (see Figure 1) to help identify the boundaries for shadow IT, illustrating this separation of processes along critical/non-critical and complex/simple axes. 1

Figure 1.  The Boundaries for Shadow IT

1 Embracing and Creating Value From Shadow IT, Gartner Inc., Refreshed: 02 September 2015, Published: 09 May 2014 ID: G00264121 by Simon Mingay

No shadow IT should be allowed for complex, mission-critical applications and processes, which can be found in the upper right quadrant. Therefore, the first step in managing and benefiting from shadow IT lies in working with your customers to define where shadow IT should not be permitted. After identifying those areas, you can help your customers set other appropriate boundaries for non-critical applications and processes that are only an inconvenience if not available.

The two remaining quadrants involve mission-critical, yet simple processes and nice-to-have but complex applications and processes. For all but mission-critical and complex applications, you need to help your customer define rules and offer guidance. The goal is to enable their IT administrators to function as a cloud adviser and for you to be their broker when selecting applications and services in these quadrants.

One additional key factor is how much downtime is tolerable. If the answer is none — as might

be the case with a customer-facing ecommerce application — then both you and your customer’s IT staff should be heavily involved and should drive any decision about integration points and development work supporting the application. If some downtime is acceptable, then service provider metrics — such as recovery plans and service level agreements — become less critical and you and your customer’s IT staff involvement can be minimal.

This approach of dividing process along complex/simple and critical/non-critical axes accomplishes several important goals in managing shadow IT. First, it ensures control over what is vital. Second, by allowing users and lines-of-business leeway elsewhere, it allows your customer’s IT organizations to see what is going on and how to influence it.

Re-Hosting Mission-Critical Applications in the Cloud

Now that you have established the boundaries for mission-critical applications, it’s a good time to consider whether any of those applications could fit into a cloud deployment model. Not all applications will be appropriate to migrate, but cloud technologies are quickly evolving to meet the high-availability, security and compliance standards that are expected for mission-critical applications like ERP, business intelligence, finance and others. There are some significant benefits that can be achieved by re-hosting these applications in the cloud.

They include:

  •  Enabling your customer’s IT staff to focus on business unit needs, rather than hardware refreshes, OS patches and other time-consuming maintenance tasks. (This can also present a long-term application support opportunity for you!
  • Gaining cost efficiencies by shifting from a CAPEX to an OPEX cost model.
  • Greater agility, as the environment can quickly scale up and down as needed, eliminating the need for capacity planning.
  • Resiliency and high-availability for applications, commonly backed by service level agreements (SLAs).
  • Ability to leverage additional managed services from cloud providers to supplement current staffing with networking, storage, disaster recovery, security, and compliance expertise.

It is important to build close relationships with key cloud service providers, so you can recommend them to your customers. It’s also important to recognize there may be a cultural challenge when re-hosting these mission-critical applications in the cloud, as your customer’s IT staff may see the strategy as a threat. To mitigate that reaction, verify that internal IT staff members are on board with this approach. Such support can be nurtured by pointing out that the skills and expertise of the IT staff represent abilities and know-how that are highly transferable to the new role of cloud adviser for the business units.

In establishing the parameters for cloud migration, it is important for IT staff to be deeply involved in any external vendor selection. They must set overall requirements, ensuring that these properly account for compliance considerations. By doing so, the staff will become knowledgeable about service models, and other key elements of the cloud arena. This breadth of information will be important during the migration, and such knowledge is vital when acting in an adviser role.

In total, moving mission-critical applications to the cloud can increase overall agility and scalability, while freeing up staff to focus on understanding the needs of business units. It is both important for your clients and a valuable exercise for you.

Build a List of Approved Cloud Service Providers

Whether or not you decide to migrate some of your client’s mission-critical applications to a cloud deployment model, you will want to begin to build out requirements for cloud service selection and work with your customers to establish an approved list of vendors. When working with and recommending external vendors, it is vital to get satisfactory answers to some critical questions. These may include:

  • What security certifications do they have and what audits have their cloud platforms undergone? (PCI DSS Certification, SSAE 16 Type 2, ISO 20000-1, etc.)
  • What SLAs will they provide? How will the guaranteed availability be measured?
  • What additional managed services are they able to provide beyond just Infrastructure-as-a-Service?
  • Does the cloud service provider have the expertise to help satisfy industry-specific regulatory requirements (HIPAA, PCI DSS, SOX, etc.)?
  • Is there multi-site failover of the cloud environment to protect against natural and man-made disasters?
  • Are vulnerability scans and other security tests regularly performed to hedge against breaches?
  • What is the policy for commissioning and decommissioning hardware? How are changes communicated?
  • What are the security policies followed when hiring, training, monitoring, disciplining or terminating personnel?
  • What physical security measures are in place at the data center to control access?

If you are providing the service, answering these questions will help you reinforce with the customer that you are a supplier of choice and that you will be a valuable cloud partner for them.

It should be noted that the answers to these and other questions can be critically important and

can, for many customers, even override pricing advantages. The cost of a single data breach can run into the millions, possibly negating any savings that arise from going with a less expensive and less secure provider.

In your role as a trusted advisor, it is vital for you to help the IT organization match line-of-business customers with potential cloud vendors for services you are unable to offer. It is also important for you to build strong relationships with these vendors. Providers offer differing degrees of managed support, and different business units will require varying degrees of support. Aligning the two will boost the opportunity for success with cloud migration.

In Part 3 we will outline strategies for empowering your customer’s business units and developers, while helping IT maintain oversight.

Like this post? Make sure you get the entire series and subscribe to the Cloud Services Community today! http://cloudservicescommunity.net/registration.

 

To learn more about Sungard Availability Services and how we help our business partners fight back against Shadow IT, visit http://channels.sungardas.com or email as.us.partnerprograms@sungardas.com.

Fighting Back Against Shadow IT: Part 1
Fighting Back Against Shadow IT: Part 3