How IT can learn to stop worrying and love the cloud

PaaS speeds dev times and lowers risk for new apps -- so why does so much IT bureaucracy stand in the way?

I always enjoy talking to my longtime colleague Sacha Labourey. Sacha is a fellow member of the so-called JBoss Mafia and is now founder/CEO of CloudBees, a public PaaS provider. (Full disclosure: My company just announced a partnership with CloudBees.) Sacha always thinks ahead and sums up elegantly what you have on the tip of your tongue, but can't quite find the words to say.

Recently, we were reviewing some of the challenges surrounding PaaS discussions with what he termed "core IT" -- and the resistance offered by middle and upper management. I asked him how to convince them to consider migrating to PaaS. As usual, his answer shocked me at first, but after the call, I realized he was absolutely right. His take: You don't. PaaS, as it turns out, has other, more willing customers.

[ Which freaking PaaS should you use? InfoWorld helps you decide. | Stay on top of the state of the cloud with InfoWorld's "Cloud Computing Deep Dive" special report. | For the latest news and happenings, subscribe to the Cloud Computing Report newsletter. ]

The PaaS marketplace
Last year, nearly every PaaS vendor without a production release promised (off the record) that it was about to be announced. I foolishly believed them. Fast-forward a few months short of a year, and they are only starting to announce public availability. There have been some shocking collaborations: Cloudbees and Google, Red Hat and Google, and so on.

The "big boy" vendors who already have a relationship with traditional IT are selling traditional virtualization products that have been cloudwashed and rebranded as "on premise" or "private cloud" offerings, while their private PaaS products are largely vapor. I asked Sacha how smaller vendors like Cloudbees were going to compete against the private-to-public full-spectrum option. His reply: They aren't.

Shadow IT, core IT, and fast IT
As Sacha sees things, IT today breaks down to three categories: shadow IT, core IT, and fast IT. Shadow IT is where departments who can't get core IT to do a project go rogue and accomplish their objectives by making an end run around core IT. In other words, they do an IT project without the participation of IT.

Core IT is traditional IT as it exists in most companies. It protects the assets of the company, from ERP to HR software to accounting systems. According to Sacha, "If you're a young startup, obviously you won't have much core IT, so the best thing to do is not to start building it."

Fast IT is where new projects start. The idea is that a project can be initiated cheaply and shut down cheaply. The basic assumption behind core IT is that every project will be successful and every activity will be ongoing. In reality, fast-moving competitive companies and fast-moving competitive business units must be able to start a new activity before the rivals and be able to shut it down just as quickly if it doesn't work.

Core IT's problem with the cloud
Let's face it: Core IT's major problem with PaaS isn't security or maturity or anything like that. It's control -- and control is often a euphemism for job security. You can't sell PaaS with a pitch like "you won't have to stand around installing server stacks by hand anymore" to the guys who make a living by installing server stacks.

There are also some very legitimate objections. Core IT's job is to protect the business or, more particularly, its data and identity. The last thing anyone wants is a sprawl of PaaS, SaaS, and IaaS that doesn't integrate or has a separate authentication scheme -- and core IT gets stuck maintaining.

The conservative bureaucracy that's grown up around IT isn't driving PaaS adoption. Many CIOs that I've talked to believe it is the future, but at the same time seem to feel that "stewardship" is about slowing adoption to a crawl.

1 2 3 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies