Cloud Source
Showing results for 
Search instead for 
Do you mean 

Respond to Shadow-IT, source services from external providers

on ‎06-27-2013 08:58 AM

Source: FCW.comLet’s continue our journey discussing the five use cases helping you embark on the journey to cloud. Use case four is probably one of the most interesting ones and directly responds to the pressure put on the CIO to try keeping IT under control.

Indeed, if you listen to most of the users, they will tell you IT does not respond fast enough to their requests. And in this digital day and age, they will act. They’ll consume what is getting known in the IT jargon as “shadow-IT”.  Such approach often leads to potential security risks and lack of compliance. Interestingly enough a recent study quoted by Forbes Magazine points out that 7 out of 10 applications sourced from the cloud are not sanctioned by IT. How to make sure the company is not put at risk unnecessarily? CIOs may take one of three actions.

  • They can try control it through cutting off access to external environments, leaving users frustrated and searching for alternative solutions under the IT radar
  • They can do nothing, hoping for the best
  • They can try to understand what the users actually want and find ways to provide it to them. They may develop or acquire the appropriate software, but that is often just too slow. So, they may choose an external provider, agree on how the service will be provided, and offer the users an easy access to the service.

The latter is fundamentally use case four. And in a nutshell it describes the three key processes the IT department will have to implement to deliver what users want:

  1. A governance process identifying and prioritizing users’ needs
  2. A procurement process finding, screening and reaching an agreement with the appropriate service provider
  3. An integration process to integrate the external service with the internal IT environment

Let’s look at each of those three processes in a little bit more details.


Governance process

The first thing is to understand is what the users are looking for. Which functionality do they require, how will that functionality fit in with the existing environment, what data will be used and how sensitive is the data? These are key requirements that need to be looked at.


But more importantly, as user demand often exceeds available budgets, the prioritization of user demand is critical. This

should not be done by IT, but by a governance board including both IT and business people to avoid conflicts and criticism. Using portfolio management tools can be a good way to establish an objective management of the user requirements, leading to maximum satisfaction for the decision process.


IT is often seen as a black box, difficult to understand and where the actual decision criteria are all but easily understood. Building a proper governance model and making it visible to the whole organization is a way to integrate IT more in the business. It is the role of the CIO to foster this collaboration and set-up the processes and tools to facilitate the transfer of requirements.


Once defined which requirements will be addressed, a key decision has to be taken. Is this a critical functionality we need to keep in house or not? And here we go back to the core versus context criteria I have described at multiple occasions in this blog. You may need to develop the requirements further before you can take the decision and this should be done by a mixed business/IT team, probably using the user that initiated the request.


If the requested service is core, IT has to decide whether it can buy a package performing the functionality or has to develop the software. Development should only be done for functionality that cannot be found externally and/or that differentiate fundamentally the way the company does business, as it implies long term commitments around support and evolution.


Let’s now look at the sourcing of external services. This is actually a new field for many IT departments.


Procurement process

Whether it is the acquisition of a package, or the sourcing of a service provided by an external provider, IT now has to turn itself into a procurement department. And this is new for most IT teams. Yes, some have had the support of procurement teams working on their behalf and acquiring infrastructure and potentially software packages, negotiating the lowest cost for the organization. This experience is applicable to the acquisition of a software package, but not to the sourcing of external services, typically known as SaaS (Software as a Service) offerings.


When choosing a partner for cloud services you might want to look at my little cheat sheet. I published it nearly 18 months ago, but still stand fully behind the points made in it. Make sure you look at the quality of your supplier, and actually not just your supplier, but all the companies involved in delivering the service you want to source. Often there is a “supply chain” involved in the delivery of a service. This is particularly true for SaaS services. You are dealing with the company that provides the actual functionality, but on whose cloud does it run, is there a disaster recovery function available, and in that case, who is providing that, is there a data back-up function, provided by whom, how is support provided, and by whom? You get my point. Remember, a supply chain is only as strong as its weakest link. Unfortunately, most often, this information is not published, making it difficult for you to assess the weakest link, so you may have to be a little persuasive.


Also, make sure you understand clearly the terms and conditions, the service level agreement clauses, the responsibilities accepted by the supplier, etc. If the sourced functionality is important for your company, make sure you build a relationship with your supplier in the same way the procurement department does with its key suppliers. You want to make sure you understand the direction your supplier is taking; you want to be able to get in contact with somebody when things go awfully wrong. And that can only be achieved through personal contact, regardless of how digital our relationship with our supplier is becoming.



Now, you know what your users want, you have found a potential service provider, the last question is how you will integrate the service with the remainder of your environment. Fundamentally there are two aspects to this. First, how do you integrate access to the service from your enterprise portal and second, how do you ensure the data is integrated?


As you develop cloud services, you will establish a service catalog. Make sure the associated provisioning automation is capable of provisioning services from external sources. This will allow you to integrate the external service with the remainder of your enterprise offerings. Ideally you want the orchestration environment to also retain the credentials to access the external service so you provide the user with single sign-on capabilities.


More importantly, the user will store information in the service you have sourced. Is this information related to other information within your enterprise? Let me give you an example. If you use a CRM SaaS service, you will store opportunity data in the external service. When the order comes in, you will enter the order in our legacy SAP system for example, how do I get the appropriate opportunity data transferred to the in-house SAP environment? Don’t forget to look at this aspect of things, as forcing your users to retype the information is very irritating. The use of external services disperses data. The implications have to be taken into account.



In its quest to respond to user requests, IT has to learn new skills and change its way of operations. Frankly, I believe this is a great opportunity for IT professionals although it may bring them in unknown territory. Remember, there are other people in the organization that built experience in those spaces and you may call upon for coaching. The advantage is that it will help you acquire a wider spectrum of skills, most of which will become even more important in the future, as new was of consuming IT become the norm.


HP’s Orchestration tool with SaaS brokering capabilities: Cloud Service Automation



0 Kudos
About the Author


on ‎06-27-2013 05:10 PM

Christian - Your points seem right on the money!  In fact the process you have described (especially the Governance and Procurement aspects) seem to fit well with the approach prescribed by my company, SelectHub to our end-users and customers.


However I have some questions: with IT turning itself into a procurement department, how do you view the role of the existing "IT Procurement" team changing? Typically the latter reports into the office of the Controller/CFO with dotted line reporting to the CIO. How will the associated political dynamics shake out with the scenario you are describing? 


And I gotta say, your term "legacy SAP system" produced a chuckle! Smiley Happy  

on ‎06-27-2013 10:48 PM

As the transition to cloud will take time and as larger companies still expect to use private cloud for quite a while, the time where the IT department will just be focused on procurement is still quite some time away in my mind. However, you pose a good question. Many IT procurement teams are looking more at the financials then at the functionality provided, at least in my experience. They need to change their attitude and look at providing the services the end-users are asking for. I believe this can only be achieved when they are more integrated with the IT department. So, will the IT procurement team disappear or be integrated with the remainder of IT. I rather believe in the latter scenario.

on ‎07-18-2013 02:18 PM

Christian, I am curious about your take on the relationships of general Multi-supplier Service Integration (MSI) and maybe even more in respect to HP Service Integration and Management (SIAM) with your article. The governance and procurement dimensions of your post seem very aligned.


And nice post - interesting and timely!


Chuck Darst

on ‎07-22-2013 08:13 PM



To respond to your first question, we have a lot to learn from direct procurement. Managing supplier relations is a full-time job actually and should be handled accordingly. In particular with cloud, you have the issue of the services "supply-chain". The first issue with that is the lack of transparency in public cloud, making it difficult to properly manage all the players in the services supply. This is why transparency becomes so important. Your service is only as robust as the "weakest link" in the supply chain. But you don't know who that link is because you do not have visibility of who plays in the supply chain. You see were I'm going.


Regarding SIAM, fully aligned with SIAM. Actually if you look at our Functional Reference Model, you will find some of the SIAM aspects embedded into it. But we have done it in such a way both the cloud and traditional environments are managed by the same SIAM model, as this is key for proper integrated management. Hope this helps.

Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all