An overhaul of your IT governance framework can be fun and profitable. This may sound a little far-fetched, but bear with me.
IT leaders, including chief information officers (CIOs), must ensure proper governance over all aspects of the IT estate. IT governance focuses on five core principles, according to the ISACA's COBIT 5 framework:
- Meeting stakeholders' needs
- Covering the enterprise end-to-end
- Applying a single integrated framework
- Enabling a holistic approach
- Separating IT governance from management
The problem with the IT governance model is that the first principle is often a victim of the requisite processes and policies for the other four. This focus on how to implement the governance framework to control and reduce risk has a problem -- it makes IT unwieldy and unable to meet the needs of stakeholders.
The governance of IT investments is a mess, and IT governance is killing enterprise innovation, according to a Harvard Business Review report. That's a bit heavy-handed, but the core premise of the article is correct: Far too many IT investments are tactical and not driven by value creation for the business.
Where IT is -- and should be -- investing funds
IT projects that could create new channels for revenue, that could dramatically change the underlying cost drivers, or drive market entry opportunities are often underfunded. Instead, uninspiring, incremental changes divert capital, dramatically reducing the IT team's ability to add value for the enterprise.
Let's get a bit more tactical. Key levers for governance reside in the management of IT operations and in information security practices. IT refers to them as "guardrails" -- they help the business operate without driving into a ditch. Business users, however, call them barriers to innovation.
The IT culture has an image as the "No" team: "No, you can't use that device"; "No, you can't access that website"; "No, you can't implement that Software as a Service tool that works 10 times better than the crap we built for you six years ago and have failed to maintain"; "No, you can't use the cloud because it's not secure or can't be managed the same way we manage everything else."
All of these "No you can't" decisions are well-intentioned -- or at least aren't meant to be capricious -- but the perspective is wrong. When IT teams seek to control and govern IT use, they fear the unknown: "If I don't understand it, how can I let you use it?"
The way things were in the enterprise data center
Many enterprises' IT department's current methods were implemented over strenuous objections, barriers and processes that only delayed the inevitable. The existing IT governance model said, "No," but as the new technology or approach became the norm, IT relented and allowed it.
Examples abound: Traders implemented SQL databases in Wall Street trading rooms to get real-time position and risk information -- over the objections of IT; Salesforce.com got into businesses through the sales door and was forced on IT after implementation; Modern application architectures are copied from consumer Web examples, often years after they have been proven at a scale that IT never has to face. In one personal example, I saw a team that was delayed from implementing a single workload on a public cloud because of an 800-person IT operations group that threw up barrier after barrier via their IT governance framework.
It's this controlling orientation of IT governance models that keeps IT off the innovation bandwagon. And it's also fear -- fear of losing control or relevance.
Rather than ask, "How can IT control this stuff," the right question for CIOs and IT leadership is: "How can I change our IT governance process to truly meet the needs of stakeholders and obliterate barriers?"
Cloud computing is changing the way data center teams should think about IT governance. In the second part of this column, John Treadway discusses how following a new IT governance model works when embracing cloud computing.
About the author:
John Treadway is a senior vice president at Cloud Technology Partners and is based in Boston.