This entry was originally published on the CloudSource blog in January 2012
Remember, at the end of part 1, we highlighted that the business expects IT to be able to respond faster and address variable demands and to provide easy access to the appropriate information provided by internal systems or available on the Internet. All-the-while, they need to achieve all this at lower cost while minimizing capital expenditure. With that, work is laid out for IT in general and the CIO in particular, isn’t it?
After having invested heavily in the deployment of applications such as finance and enterprise resource planning (ERP) to support the day-to-day operation of the enterprise and address the millennium bug problem, many CIO’s have started improving the efficiency of their environments through virtualization. But that is just the start. The next step is to add automation to speed-up operations and improve flexibility.
But will that be sufficient to address the needs of the business? Probably not, as one of the requirements is the ability to quickly address new needs, some of which may require new functionality. Efficiency, responsiveness and flexibility, obtained by transforming the in-house IT landscape into a private cloud, allow existing operations to be adapted to changing needs quicker, but do little to improve the development of new functionality.
So, here is the question, does that functionality actually need to be developed by the IT department, or could it be sourced from somewhere else? You will probably tell me it takes a long time to evaluate software packages and applications, negotiate licensing terms and conditions with software vendors, etc. And you are right, but that’s in the old world.
In a new world, where Software-as-a-Service (SaaS) becomes the norm, one takes an account, tests things out (and we can ask the business to do that, can’t we?) and make a decision. If the service does not address the needs, well, it just costs us an hourly or monthly fee.
3 steps to sourcing services
Whatever business you are in, it’s critical for the CIO to put in place a governance model between business and IT. A Nascio paper, dating 2008, describes this very well. It’s titled “IT Governance and Business Outcomes – A Shared Responsibility between IT and Business Leadership” It describes governance and goes on explaining the importance of the link between IT and the business. Focused at U.S. government it points out: “The good news is that there is untapped potential in information technology to assist state government in meeting the anticipated fiscal stress, highly publicized anticipated shortage of workers, and growing challenges and citizen expectations in every government line of business.” Frankly nothing in here is specific to state government. It’s applicable throughout the business. So, the first step is to establish a governance model between business and IT to identify the services needed and their criticality.
The second step consists of defining whether the service has to be provided from inside or whether it can be sourced from an external provider. I will come back to that choice in part 4 of this series.
If the service has to be provided from internal, can an existing application/service be adapted to perform the functions required or does the development team needs to start from scratch? This becomes an application development decision and existing lifecycle management approaches are taken.
If the service can be sourced from external service providers (public cloud), a small team should be set-up to analyze which provider to take. It’s important that business and IT people are involved in the process. The business people will analyze the functionality provided and whether that functionality addresses their needs. The IT people will look at integration and security aspects. Indeed, there is a fair chance that the service has to be integrated with other functionality available to the business.
The third step consists in building or sourcing the service. Regular reviews should take place with the business to ensure the service is still addressing the needs and the service provider (if an external service provider is chosen) delivers according to expectations. If the service no longer fulfills the needs, a decision has to be taken on whether to improve the service or to sunset it and look for a new one.
The CIO learn from procurement
If we go back to basics, such sourcing activity is very similar to what the procurement department does in looking for a new supplier. The CIO can probably reuse many of the sourcing processes available to the enterprise, being it for direct material sourcing or for sourcing of external services (indirect procurement). The large service providers used to have a one size fits all approach, leaving the CIO only with the choice to decide which service to use on the basis of functionality, cost and existing T&C’s. We increasingly see more flexibility, particularly with smaller service providers, giving the CIO a true negotiation capability to ensure the proposed T&C’s are in line with the enterprise expectations. This is one more reason for the CIO to enlist the experience of procurement in this sourcing process. But beyond the initial decision, the management of the relationship with the supplier, the regular evaluation of the service provided and the feedback of findings to the supplier are important to build a lasting and trustworthy relationship between both parties. Such relationship is important in case of issues to ensure fast resolution. This is again something advanced procurement departments are familiar with.
Changing the role of the CIO
The role of the CIO is changing. From being responsible for maintaining an existing IT infrastructure and application environment, he/she now becomes the guardian of the services to be provided to the business. It’s his/her decision to source those services from the most appropriate way to deliver them securely and timely to the business, taking security and compliance issues into account. Slowly but surely, the CIO becomes the “strategic service broker” to the business. His main challenge, transform the IT department, manage the change and ensure he/she has the right resources for the job moving forward. But that’s an issue we’ll talk about later.