Execs to IT: Take these cloud services and manage them

Companies are letting users choose their own cloud services while expecting IT to carry the bag

If the BYOD (bring your own device) trend wasn't flummoxing enough for IT admins, now they're increasingly contending with BYOC (bring your own cloud), where end-users enlist public cloud services -- think Amazon Web Services -- without preliminary input or approval from IT. At the same time, according to the findings of a new BMC-sponsored report by Forrester Research titled "Deliver on High Cloud Expectations," most company leaders agree that IT should be responsible for the security and reliability of those services.

Forrester spoke to 327 enterprise infrastructure executives and architects at organizations around the globe for the study, which will be officially released to the public on April 26. Its major finding: 58 percent of organizations run mission-critical workloads today in the unmanaged public cloud. The problem is that only 36 percent of these organizations have policies that dictate the practice, so lots of business users are making cloud-buying decisions without any knowledge of potential risks. That number is likely to increase, as 79 percent of organizations foresee running mission-critical workloads in the public cloud over the next two years.

One key question: Why are so many end-users turning to public cloud services in the first place? Cost savings isn't the top reason; rather, users like the higher availability, faster delivery, greater agility, and flexibility. Indeed, 72 percent of CIOs view the use of an outside public service as a way to circumvent IT. Dumping a workload into the cloud can be quicker and easier than going through internal channels for authorization and approval to use in-house resources.

Say you're a researcher at a biotech or financial company and you're working on a new project that requires churning through large troves of data on a regular basis. You can choose to work with IT to get your batches of data crunched on in-house equipment, knowing they might be postponed for mission-critical workloads. Or you can hook up with a third-party service to starting analyzing your batches of data the moment you want it.

Not only quicker and more flexible, the public cloud route might even be less expensive -- on paper. Heck, it might even seem like a courtesy to IT: "Hey, you guys are busy, and we can get this taken care of ourselves, so don't worry about it."

Unfortunately, IT could have to worry about the service, and it could become more costly than expected for many reasons that technically unsophisticated business users might not understand. For example, a third-party service can put unexpected strains on in-house resources and impact the performance of other workloads. It might open up a new security hole. It might violate compliance laws because of where it processes or stores data. At any moment, an IT admin might get an angry phone call demanding answers about a slowdown or a breach, and he or she will not be able to easily pinpoint the problem because the offending service is not on his or her radar (or green screen).

IT departments already are feeling the pain, according to the report: When asked to identify the top three contributors to their organization's state of IT complexity, the third highest factor, at 28 percent, was that "users are acquiring public cloud services that are not managed by central IT, require support, and create risk." (No. 1 at 42 percent was "highly connected, mission critical applications" and No. 2 was "technology requirement to maintain legacy applications and systems.")

There are ways for organizations to ease cloud adoption, giving end-users the ability to use third-party services without putting IT or the organization as a whole at risk, according BMC CIO Mark Settle. First, organizations need to recognize that putting the responsibility on IT means involving IT with cloud projects from day one. It also includes developing policies, not only selecting acceptable cloud providers, but also for determining whether a project is better performed by a third party or in-house.

Settle foresees more enterprises developing a bill-back system through which an end-user could quickly and easily determine whether it's more effective to use in-house resources or a third-party service. For example, a business user could enter a request for a data-analysis job and in response receive details regarding the costs and time to complete the task in the company data center compared to an approved outside service. The user could then make an informed decision on whether to go with a slower, cheaper approach or a faster, more expensive path.

This story, "Execs to IT: Take these cloud services and manage them," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.