Protect yourself from the coming cloud crack-up

The cloud is a virtual vending machine for Web applications, but helter-skelter adoption does not yield a healthy enterprise. Here's how to avoid the pitfalls

1 2 Page 2
Page 2 of 2

Learning the SaaS lesson
Fortunately, the first wave of SaaS applications provides a model for solving the silo problem. For example, years ago, Salesforce snuck into enterprises at the departmental level, but today for most customers Salesforce is part of the furniture and integrated with core, on-premises enterprise applications.

The challenge is to extend and accelerate that absorption to embrace an explosion of new cloud and mobile apps and services.

Take cloud security. The No. 1 problem is that you don't want employees who leave a company to continue to have, say, a Workday account any more than you'd want them to keep their email account. Mature SaaS applications make integrating their access control with Active Directory pretty simple, so it's easier to deprovision employee accounts at will.

How do you scale that to dozens or perhaps hundreds of cloud and mobile apps of varying sophistication? One answer is to adopt a SaaS gateway, such as Citrix's NetScaler. Of course, enterprises can deploy their own, internal app stores.

But IT should not fool itself into believing users will refrain from going off-menu. Nor should they -- there's an explosion of innovation in the cloud and you don't want to prevent your most creative people from experimenting.

If IT wants the business to comply with cloud guidelines, the first step is to support user empowerment and make the freedom to experiment explicit. From PaaS to Web applications to mobile apps, users should be able to explore to their heart's content as long as they observe common-sense cloud security practices.

In exchange for that empowerment, users must agree that as soon as a cloud engagement gets serious and an app is used to collect data important to the company, that application must be evaluated by IT and -- if it passes muster -- brought into the fold. On a larger scale, business stakeholders cannot shift their spend willy-nilly to outside providers for quick time-to-market solutions without observing crucial guidelines.

When things get serious, cloud providers should be subject to the same vetting as any outside contractor or provider -- with all due diligence to ensure you're not dealing with a fly-by-night operation or one with sloppy security. But nearly as important, you need to ensure that the cloud application you adopt, or have an outside provider create, has APIs rich enough to ensure integration with your on-premises systems of record.

Integration to the rescue
Cloud data integration is at a fledgling phase. As we know from the early days of enterprise application integration, point-to-point data integration does not scale very well. Sure, Salesforce has mature APIs -- more mature than a lot of COTS enterprise apps -- but when you're talking about integrating dozens or hundreds of cloud apps, there's a limit to what IT can do, let alone maintain over time.

A number of providers have emerged to help IT implement, scale, and manage cloud integration, including Cordys, Dell Boomi, IBM Cast Iron, Informatica, Layer 7, MuleSoft, and SnapLogic. Your business is going to delve deeper into the cloud whether you like it or not, so if you haven't already, it's time to start vetting these solutions to determine which may be best for you. Well-planned cloud integration is the only way to avoid slipping into the modern, miserable version of the siloed enterprise.

There's a lot of muddled thinking related to the cloud going on right now. A certain segment of the business community is rubbing its hands together and saying, "Great! We never understood what those IT idiots were nattering about anyway -- now we can get instant gratification from a cloud provider." At the other end of the hall, reactionary IT people are trying slam the door on the cloud or pretend it doesn't exist.

IT and business management can't afford to go at cross-purposes, particularly in times of disruption like this. Nobody has all the answers. IT needs to be open to experimentation and businesspeople need to respect the basic rules of security and integration. With the right collaborative spirit, there's a real opportunity to leap ahead.

This article, "Protect yourself from the coming cloud crack-up," originally appeared at Read more of Eric Knorr's Modernizing IT blog. And for the latest business technology news, follow InfoWorld on Twitter.

Copyright © 2013 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
How to choose a low-code development platform