Brian Hopkin’s posed an interesting question on what would happen when there was no longer a central IT shop for an organization. It stirred up the responses, as one would expect. I, for one, fall into the camp that the cloud will not remove the need for IT within any organizaiton, especially larger ones. However, the cloud will contribute to the mindset that silos can effectively control their destinies and spin away from the central authority.The central shop is efficient in terms of number of resources employed to tasks, in general. It is effective in terms of employing a standards based approach, policy based, governance model to IT, data, information within an organization, if well run.
The cloud doesn’t change any of this requirement. It may make it easier to source solutions from external providers and thus implement faster and more cheaply, but the management functions required to maintain effective governance of the organization’s assets that are information/data/digitally encoded process based still remains. If you just dump it out to an external provider, then you are very brave and heading for a disaster. There must remain some locus of command and control within the org.
Also, the org must retain some element of expertise to be able to interface with these external entities, or you will be entirely beholden to their whims. Without in house judgement, how will you decide between one option and another? Price alone?
Then one has the different options for cloud, some of which are not new, despite the explosion of the vocab amongst some execs. Private clouds have been around, at least in small scales, since the hypervisor was invented. Virtualization, and the elasticity that comes from its implementation, is not a new concept. But it is useful, and it is definitely scaling up. Large orgs with their own datacenters are able to scale much more efficiently, and hence their wanting to sell cloud services. They can afford to shed the extra because of their scales. But many of these start-ups trying to jump on this particular cash cow will pop soon enough.
Still, if you do have things out in the public cloud, if you are sensible, you will need to insure that your resources that in that public cloud (effectively past your span of control, past your network boundary) are safe and secure. Contracts are only as good as your warchest for defending them. Better a strong defence of data backup, service redundancy and avoidance of proprietary lockin than offensive legal teams after the fact.
But, because of the ease with which people can now throw things into the cloud, data, services, etc., there is this threat of increased [balkanization](http://en.wikipedia.org/wiki/Balkanization) of IT empires within a large enterprises. I think that this is merely a cloud representation of shadow systems that we have seen before. I remember initiating a shadow system count of authoritative, critical data systems in one organization, and finding over 70 within two days. Senior management were gobsmacked. They had no idea. None of them. They each knew about a few, and like a good terror cell organization, the scale of the entire plot was protected by firewalls. I can see the same happening with services and other cloud provision. This is what will be a threat to organizations that lack central governance and strategy.
Mark Jenkins wrote this insightful history of the pendulum swing of IT (de)centralization over the last 30 years.
1980: Centralized computing based on corporate MIS systems reached via terminals and site-based minicomputers for project work. Almost all IT is capital expenditures. Its rare to find terminals on desktops; terminals belong in shared terminal rooms!
1980s: Explosive growth of independent, mostly un-networked desktop PCs with Terminal Emulation to reach centralized resources. PCs drastically increased local productivity and functionality while lowering perceived cost (over site-based minicomputers) using purely local data and MIS data downloaded from centralized resources. PCs are personal not shared. PCs initially acquired largely as operational expenditures despite high costs, by end of decade corporate reigns this activity in using an expedited capital expenditure process for PC resources. PCs don’t require any authentication/authorization services because operating systems don’t support it (MS DOS, Apple Macintosh). Centralized resources use independent, centralized authentication and authorization.
Early 1990s: Large-scale multi-protocol network deployment to join independent PCs for data sharing, e-mail communications, and faster terminal emulation access to centralized resources. Centralized services continue but don’t expand (much), distributed computing using PCs continues to grow wildly as PC costs plummet/capabilities skyrocket. A return to operational expenditures for PC equipment as costs go low and as corporate decides to increase non-capital expense limits. PCs continue to go without authentication/authorization. Growth in desktop workstations using Unix/VMS with either local or departmental authentication/authorization as desktop workstation capabilities outstrip the departmental minicomputers of the previous decade but at a cost of the PCs of the previous decade.
Mid 1990s: Usage of centralized resources becomes largely limited to MIS (where the data is) and certain applications requiring larger-scale computing resources because the vendor hasn’t deployed on smaller-scale platforms yet. WWW protocol technology rapidly transforms corporate information publishing to the now familiar point-and-click Windows-based GUI available from multiple types of servers to multiple types of desktop clients (PCs w/Windows, Apple Macintosh, Unix workstations, VMS workstations). Multi-protocol network begins to converge on TCP/IP; other protocols used for local services, especially team/departmental file sharing and e-mail. Corporate provides centralized e-mail gateway services and computerized corporate personnel directories (how to reach people consistently via e-mail is still being solved).
Late 1990s/Early 2000s: Desktop/departmental computing resources move towards standardization on MS Windows with promise of departmental authentication/authorization; Apple Macintosh marginalized due to failure to make the leap from cooperative multitasking to pre-emptive multitasking as well as resurgence of centralized IT efforts for information publishing using WWW technologies staffed by old-guard MIS who seem to trade in IBM for Microsoft. Desktop computing model has completely taken over from all other models (its rare to find anyone at any level in the company without a PC/Mac on their desk). Desktop computing – operational; departmental servers – capital.
Mid to late 2000s: Corporate slowly takes over control of distributed computing resources in addition of existing control over centralized resources. First step is administrative take-over of de-centralized personnel to achieve a common policy/procedure/control environment, second is centralized administration of all distributed resources (including desktop PCs), third is centralization of all possible resources except for desktop PCs (even tentative steps to centralize this technology using “thin clients” are made, but don’t go far due to cost/benefit problems).