If his experience is in line with what I have heard from CIO’s at similar enterprises, then he may well be blind sighted. For example, many businesses find that while their centralized governance processes are effective at improving security, there may also be some unintended consequences. While the CIO directs his team to implement policies to monitor the flow of information between internal users, customer, and partners, there may be some people in the company who are undermining his efforts. Tighter control at the corporate level may lead to longer approval processes for IT resources. And departments that need to complete a project quickly have never been very patient. As a result, developers and business unit analysts are leveraging cloud delivery models for quick and cost effective access to computing resources even if it means bypassing CIO instituted governance policies. Right now, the usage of cloud computing is small and is not impacting security or the expense structure in any significant way. However, I expect that as his company becomes more involved in cloud commuting this CIO will need to pay more attention to controlling the costs of cloud services and the management of cloud security.
Blogged with the Flock Browser