News
Solucom’s Enterprise Transformation Observatory: IT Departments Must Gear Up To Be Cloud Brokers
February 2014 by Solucom’s Enterprise Transformation Observatory
Cloud Computing will revolutionise the way information systems are designed, managed and used. Big
business must embrace the opportunities afforded by this new model without delay. The Cloud will help
maintain competitiveness, allow a company to keep pace with new technological developments adopted
by the general public - including customers and employees - and free it up to focus more effectively on its
core business values by leaving more standard concerns to the Cloud service provider. IT departments
must be the driving force behind this transformation and must then support and coordinate the rollout of
Cloud-based services to ensure they are seamlessly integrated into the information system. This new
Synthèse report from Solucom analyses the various levers available to IT departments and identifies the
best ways for them to gradually take on this new “Cloud broker” role.
© Tom Mc Nemar
What actually lies behind the Cloud?
The Cloud is a concept of on-demand consumption of IT resources that offers network-based
accessibility, attractive cost conditions and user-friendly services. It may be private, public or even hybrid.
But despite the dynamics of the market (which should be worth €6bn in France in 2016 according to IDC)
and the implicit promise of gains, the IT departments of major corporations have been slow to take up the
challenge, responding more reactively to the Cloud than proactively. They reserve the Cloud
predominantly for uses with limited technical risk and early ROI, hence chiefly SaaS (officeware,
messaging, CRM, payroll, etc.) and IaaS (virtual machines). PaaS is still largely underrated and used by
key accounts basically for “disposable” purposes such as prototypes or temporary websites. Nonetheless,
PaaS and the new SaaS uses will form the mainstay of tomorrow’s market, enabling users to derive
maximum value from the Cloud.
One Cloud too many may herald a storm!
It is only natural to subscribe to a range of different Cloud services, but if there is no overall perspective
or sense of anticipation, enterprises may well find themselves locked into a silo structure. The information
system will then lose part of its agility, operability and even economic performance. Four issues must be
addressed for the successful integration of a Cloud service: seamless data integration, centralised
identity management, common service management frames of reference, and service portals per type of
use or per population.
Security and the Cloud, an arranged marriage
Three risks are often cited: availability, data confidentiality and regulatory compliance. Additionally, the
question of reversibility must not be overlooked and should be considered at an early stage when
choosing the Cloud supplier.
These risks do exist but must be objectively assessed via a risk analysis as they vary from one service
and one supplier to another. A number of tools are now available to help enterprises in this task, including
a guide published by ANSSI1 and a generic but complete risk analysis supplied by ENISA2. Encryption
solutions also provide a technical response to Cloud-related risks.
An enterprise’s involvement, however, does not stop once the Cloud solution is up and running. Longterm
maintenance of the level of protection also comes within its area of responsibility. Good practices
are appropriate such as security governance, restriction of user rights, identity management to guarantee
data confidentiality, and training of administrators.
Anticipate patterns of use for a sound economic balance with the Cloud
The growth of the Cloud puts IT departments at risk of falling short of their economic control objectives:
failure to achieve their own economic balance (a more complex process when faced with pay-per-use
1 Agence Nationale de la Sécurité des Systèmes d’Information (National Agency for Information System Security)
2 European Network and Information Security Agency
business models) and difficulty in guaranteeing enterprise-wide IT cost control (due to simplified access
to Cloud-based services with direct subscription by users). To overcome this problem, IT departments
must rethink how best to manage their economic balance in the age of the Cloud: unravel the complexity
of supplier models, build service take-up scenarios and help business line management teams handle
their demand.
A necessary transformation of skills
Standardisation is a feature of the Cloud and there must be a change in mentality in IT teams and
business lines to smooth the transition from bespoke to off-the-peg services. A shift in the posture of IT
departments with respect to their business lines and suppliers is required and it is crucial to anticipate the
impact on human resources. The trend is towards a multi-generalist profile and less specialisation among
technical teams. With a hybrid information system incorporating Cloud-based services, technical
coordination will also be a major concern and technical integration skills will be necessary. To facilitate
the skills transformation process to accommodate increased Cloud outsourcing, a classic method is to
introduce a Talent Management programme.
An incubator in the IT department to coordinate Cloud initiatives
Anticipating and coordinating the various Cloud initiatives is a key issue for IT departments. To meet this
challenge, Solucom recommends urgently equipping the IT department with a small, temporary team of 3
to 5 people with cross-functional skills to assist Cloud projects for 2 to 3 years. Its remit will be to
capitalise on initial experience, progressively identify Cloud-eligible areas and facilitate the gradual
“Cloud-ready” restructuring of the IT department. This will place the IT department in a position to guide
the direction and pace of the Cloud-related transformation by allying innovation with financial and
technical control of the information system.
Combining tactical approach and strategic vision: keys to a sound Cloud strategy
There is no single, universal strategy for adopting the Cloud. Nevertheless, there are a number of basic
steps that should be taken. These include identifying those applications and IT services that are eligible
for the Cloud by assessing the value delivered, the level of data confidentiality and the degree of
specificity of the services. For each Cloud-eligible service, the target vision should prefer the SaaS
approach before considering PaaS or even IaaS for more specific services. These moves should be
prepared by steadily raising the level of standardisation of the baseware and technical foundations of the
current information system.
The IT department will gradually adopt a position as Cloud broker offering portal-based services to its
users (end customers, employees and IT project teams) together with the technical capabilities
(integration, security and management) and human resources (advice and support) necessary to
guarantee optimum use of those services. Its role will be to find solutions providing the best possible
balance between ability to meet needs and economic attractiveness while retaining the agility necessary
to switch suppliers should more competitive market offerings emerge.
