Protect yourself from the coming cloud crack-up

Here’s how it will play out in many organizations: As the years wear on, line-of-business managers and CMOs will increasingly look outside the organization to find cloud solutions to business problems, either because IT can’t move quickly enough or because self-service Web apps make cloud services so easy to adopt.

Most of that spending will be on so-called systems of engagement, where applications built and hosted in the cloud become the front line of interaction with customers. Public-facing, cloud-based Web and mobile apps will gather gobs of information about customers — and when the quantity of data grows large enough, it will become fodder for big data analytics on the same cloud platform.

Businesses will seek industry-specific solutions in the cloud as well. IDC’s “Predictions 2013” touted the emergence of the vertical PaaS (platform as a service), where nontech companies get in the cloud services game and offer cloud-based development platforms — for building and consuming everything from stock trading apps to genetic sequencing applications in the cloud. Even some of the software that defines the heart of a business may live in the cloud.

Do you recognize the enterprise architecture that may ensue from this scenario? It’s called the siloed organization. We know this pattern because we’ve been there before. In the days before enterprise application integration, duplicate yet slightly different records about the same products and customers were scattered in isolated data stores, often serving a single app, and were seldom reconciled. Processes stayed within their silos. The left hand didn’t know what the right was doing.

The crack-up of IT
Why are we headed in this retrograde direction? Because businesspeople want the best functionality with the shortest time to market. If that means going around IT to develop, say, a consumer-facing mobile app on a PaaS to serve hundreds of thousands of customers, so be it.

The result is that multiple stakeholders set up cloudy little silos outside the organization. And what happens when something goes wrong with these outside engagements? The stakeholders must work with the providers directly. If that doesn’t solve the problem, you know what happens next: IT is called in to clean up the mess.

Instead of the shared fabric espoused by service-oriented architecture, we could have many-to-many chaos, with business units shifting their budgets from internal IT to outside providers without regard to duplicate effort, duplicate data, or time-honored internal IT processes.

Learning the SaaS lesson
Fortunately, the first wave of SaaS applications provides a model for solving the silo problem. For example, years ago, Salesforce snuck into enterprises at the departmental level, but today for most customers Salesforce is part of the furniture and integrated with core, on-premises enterprise applications.

The challenge is to extend and accelerate that absorption to embrace an explosion of new cloud and mobile apps and services.

Take cloud security. The No. 1 problem is that you don’t want employees who leave a company to continue to have, say, a Workday account any more than you’d want them to keep their email account. Mature SaaS applications make integrating their access control with Active Directory pretty simple, so it’s easier to deprovision employee accounts at will.

How do you scale that to dozens or perhaps hundreds of cloud and mobile apps of varying sophistication? One answer is to adopt a SaaS gateway, such as Citrix’s NetScaler. Of course, enterprises can deploy their own, internal app stores.

But IT should not fool itself into believing users will refrain from going off-menu. Nor should they — there’s an explosion of innovation in the cloud and you don’t want to prevent your most creative people from experimenting.

If IT wants the business to comply with cloud guidelines, the first step is to support user empowerment and make the freedom to experiment explicit. From PaaS to Web applications to mobile apps, users should be able to explore to their heart’s content as long as they observe common-sense cloud security practices.

In exchange for that empowerment, users must agree that as soon as a cloud engagement gets serious and an app is used to collect data important to the company, that application must be evaluated by IT and — if it passes muster — brought into the fold. On a larger scale, business stakeholders cannot shift their spend willy-nilly to outside providers for quick time-to-market solutions without observing crucial guidelines.

When things get serious, cloud providers should be subject to the same vetting as any outside contractor or provider — with all due diligence to ensure you’re not dealing with a fly-by-night operation or one with sloppy security. But nearly as important, you need to ensure that the cloud application you adopt, or have an outside provider create, has APIs rich enough to ensure integration with your on-premises systems of record.

Integration to the rescue
Cloud data integration is at a fledgling phase. As we know from the early days of enterprise application integration, point-to-point data integration does not scale very well. Sure, Salesforce has mature APIs — more mature than a lot of COTS enterprise apps — but when you’re talking about integrating dozens or hundreds of cloud apps, there’s a limit to what IT can do, let alone maintain over time.

A number of providers have emerged to help IT implement, scale, and manage cloud integration, including Cordys, Dell Boomi, IBM Cast Iron, Informatica, Layer 7, MuleSoft, and SnapLogic. Your business is going to delve deeper into the cloud whether you like it or not, so if you haven’t already, it’s time to start vetting these solutions to determine which may be best for you. Well-planned cloud integration is the only way to avoid slipping into the modern, miserable version of the siloed enterprise.

There’s a lot of muddled thinking related to the cloud going on right now. A certain segment of the business community is rubbing its hands together and saying, “Great! We never understood what those IT idiots were nattering about anyway — now we can get instant gratification from a cloud provider.” At the other end of the hall, reactionary IT people are trying slam the door on the cloud or pretend it doesn’t exist.

IT and business management can’t afford to go at cross-purposes, particularly in times of disruption like this. Nobody has all the answers. IT needs to be open to experimentation and businesspeople need to respect the basic rules of security and integration. With the right collaborative spirit, there’s a real opportunity to leap ahead.

The way in which this fragmentation creates a mess is well known. For example, a new compliance regulation might emerge, and without centralized management, isolated systems must be altered individually — if it’s even possible to track which systems are affected. Not to mention that the 360-degree view of customers that organizations have carefully assembled starts to fracture, as rich data about customer interaction with, say, a cloud social app fails to make it back to the CRM system of record.

Source :