A Ponemon Institute survey recently piqued my interest. In the 2010 Access Governance Trends Survey, 87 percent of respondents said too many employees were able to access information that should have been out of reach. And guess what? Cloud computing was a factor -- 73 percent of respondents said that cloud-based applications were enabling business users to skirt organizational controls.
The core issue is IT's loss of control over its assets, including data. Let's face it -- departments are sick of waiting for development and deployment of core business applications or infrastructure services, and they're going directly to a cloud computing provider to get what they need. Think of it as a kind of technological infidelity.
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in the InfoWorld's 21-page Cloud Computing Deep Dive PDF special report, featuring an exclusive excerpt from David Linthicum's new book on cloud architecture. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]
Going around IT and straight to the cloud has become common practice in the last few years. Salesforce.com built its business selling directly to the sales staff rather than to IT; eventually, IT was forced to accept SaaS (software as a service) after the fact. I've watched those battles firsthand.
Today, things are even worse. Now you can get storage as a service, database as a service, and even complete application servers and app dev platforms that are delivered on-demand. With such endless resources available, corporate fiefdoms are creating so-called rogue clouds -- their own array of cloud computing services, including data repositories, that they alone control. IT may not have a clue about what's going on.
The trouble with the rogue approach is that there's no way to ensure that data is handled in accordance with corporate policies. Worse, that data may come with compliance issues, including personal medical or financial information where the law dictates how the data is handled and where it can reside.