This entry has originally been published on the CloudSource blog in December 2011

Have you ever heard people complaining their IT department does not provide them the tools and services they require? I can tell you, I often get an earful of such conversations. So my next question is always, what are you doing about it? And with the younger generation, the answer is straight forward; I go around IT and do what I need to do.

That reminds me of nearly 20 years ago, when spreadsheets became popular. Users kept asking IT to develop new reports, but it took IT on average 6 months to answer the requests. So, savvy business users started to download information in raw formats (or often retype the data) into spreadsheets, perform the calculations they needed and create the reports they wanted—all in a matter of days. And as a result, the enterprise data got scattered across a multitude of PC’s and later laptops. Back-ups were almost never taken, security was dodgy. Data got exposed, forcing the CIO to apply stringent security rules, back-up procedures, and even to encrypt laptops to protect the enterprise assets.

It seems we have not learned the lesson, as we are exactly in the same situation. But this time the tool is not called Excel, but cloud computing. And the questions about security, protection, compliance, etc., are bubbling up again.

How quickly can IT respond?

So, what is the fundamental issue? It’s the speed of response of IT to the business. The business is asking for services to be delivered while IT is focused on maintaining an infrastructure and application landscape. The landscape is increasingly complex, difficult to adapt to changing needs and cumbersome to manage.

Over the last five years, the concept of service, as in service oriented architecture, has been developed. According to Wikipedia, the term service refers to a set of related software functionalities that can be reused for different purposes, together with the policies that should control its usage. Rather than having a large set of tightly-integrated-functionality provided in a complex software package, the idea of service is to have small series of functionalities, interrelated through data sources, which can be used, changed and adapted very quickly. By virtualizing, automating and standardizing the IT infrastructure, an environment has been developed in which these services run smoothly while the infrastructure use is optimized. By adding self-provisioning to the mix now the business user can, within given boundaries, decide which services he/she wants to use without having to rely on IT to set it up. This is what we call cloud, isn’t it?

Portfolio management provides governance.

So, IT is increasingly asked to develop the appropriate services ahead of time, using an agile development methodology. But before that can happen, it’s key for IT to understand which services the business requires. And here is where governance comes in. Business and IT must sit together and define what services need to be developed and what the priority is. Using a portfolio management approach, the highest priority items are then developed. IT goes down the list until the budget is consumed. If the business wants more services, a discussion around funding can now take place. The latter focuses really on the essence; what is this additional service worth for the business? Is it worth the cost of developing?

Once the list of services to be delivered is defined, it’s up to IT to decide how those will be delivered. Traditionally, IT would develop each of those services, but is that the best use of budgets and limited resources? Aren’t there services available today (e.g. in a SaaS type approach) and wouldn’t it be easier, quicker and cheaper to source those from external sources (public clouds) rather than developing them internally. Obviously many aspects, including compliance, security, SLAs, etc., will need to be addressed.

If the service is finally developed internally, the principles of SOA Governance should be followed. These include information management, policies, service contracts, lifecycle management and interoperability to provide quality, predictability and trust necessary for reuse. The SOA lifecycle is then integrated with the business governance to manage all steps of the development, test, production and shutdown of the service in line with the business requirements.

Innovation continues with or without IT.

In the near future, IT will be operating a legacy environment, deliver services they have developed themselves (running on a private or public cloud) and source external cloud services. This is what HP calls hybrid delivery.

To build an organization, processes and an infrastructure to address the increasing needs of the business’ for speed and agility, CIO’s may want to look at service providers, how they govern their environments to address the needs of their customers. And even if they do not go as far as to bill the business users in line with what they consume, they should look at how they become the internal service provider.

There is actually nothing new under the sun. Over the last couple years we have seen IT departments becoming shared services. Several Asian companies even have taken a step further, transforming IT in a separate subsidiary capable of delivering services to internal and external customers. The boundary with a service provider is becoming extremely thin. If we now add to the need of delivering services as described above, there is even more reason for going down this path.

While writing this article, I ran into a blog entry by Dave Gray, titled “Everything is a Service,” analyzing how we are in transition to the services economy. One of the reasons he put forward is the abundance of information along with networks and mobile devices for moving this information around. He notes that the biggest impediment to service innovation is not the lack of ideas. It’s the inability of companies to deliver them the way they are currently structured.

To become a service provider, IT departments have to structure them accordingly, having people focused on the management/operation of the platform that will deliver the services (if such platform is still owned by the company, in other words if they have a private cloud), while others are focused on the services. Such structure is different from many companies’ current IT structure which is focused on technologies. Change needs to happen. But are most IT departments ready for such drastic change? That’s the real question.