The software and services market is changing at a rapid pace. The question I get most often is ”what should CEOs & CIOs be thinking about now to prepare for and ideally outpace that shift?”
C level executives are going to be dealing with many of the same decisions and challenges they have faced for the last dozen years, but the context from which to make these decisions has changed. Their new vantage point will not only be located on campus but also above campus…in the cloud. And from above, everything looks different.
They will be dealing with:
- Risk – defined as operational capability and talent management
- Security – another risk-based topic, but much broader in scope when cloud or outsourced solutions enter the discussion,
- Budget – examining all angles of operational and capital cost models, and
- Governance – management and oversight of vendors, integrations, etc.
We’ll call the above a 4-legged stool, a very sturdy structure on which to build the future.
Leg One: Risk
There is an incorrect belief that moving to some of the new cloud technologies reduces reliance on technology or operations. Instead, what CIOs need to realize is that the risk shifts in two places: (1) to the cloud based provider and (2) onto other required skillsets in the organization focused on integration, application functionality (e.g. analysts), and reporting. Most organizations are not prepared for these additional responsibilities and end up underestimating, some by quite a large margin, the costs to budget and the business units when expectations are not met. Examples include the adoption of new, and often extremely complex integration solutions, retraining or replacing resources and building new reporting mechanisms to handle consolidated reporting issues from of multiple cloud systems.
Higher Education is especially susceptible to consolidated reporting challenges because of state and federal requirements. Some of this risk can be mitigated in the short term by forming strategic relationships with firms, like Sierra-Cedar, that provide application management and integration services, enabling on-demand support when and where needed while internal resources ramp up for their new responsibilities and sharpen their skillsets. But, long-term costs need to be built into the planning process.
Leg Two: Security
Another risk that deserves its own category is security. As software and services strategies are being developed, CEOs and CIOs must develop strategies and positions as to which data should be placed into a cloud-based application or delivery mechanism. There are evolving audit and legislative requirements that require certain controls around personal and financial data, including HIPPA, PCI, SOXX, FERPA and many others. If these requirements are an afterthought, they can have huge cost and business implications. How data is treated once in the cloud is also important. The security of data at rest and in transit is a component of early development strategy that can make or break a budget if not handled correctly.
Leg Three: Budget
Cost or budget tied to moving to one of the new applications or frameworks in the cloud is a frequent motivator for C Level executives. These platforms may very well achieve significant savings and at the same time deliver new innovations for the organization and its communities, but this is not always the case. There are many cases in which these platforms actually cost significantly more over a 4 to 6 year period of time, with the outsourcing cost, labor and ancillary costs such as integration and security. And, remember that the most valuable commodity in the relationship is the data itself, not the application. So, when looking at the short- and long-term budget, C level executives will need to challenge their departments to make sure the right call is being made.
Leg Four: Governance
Last but not least, there is governance. Most Higher Education organizational structures support decentralized IT solution decision making. This is important because it ensures that learning departments build the technology needed to support their curricula into their budgets, However, the resulting governance model for campus-wide technology and solution management is often far from what it really needs to be.
Currently the data and risks involved with data movement are manageable within the campus walls, but cloud applications and deployment require new contractual relationships, security audit rules, SLA adherence and integration technology requirements. CEOs and CIOs must work together to ensure that a strong governance model is in place. Governance that addresses a 2013 and beyond solution and data model. Governance that is as heterogeneous as the student base.
So, there’s your four-legged stool. C level executives need to evaluate the operational risks, security risks, budget and governance goals for each new project both as separate components and as a whole. Can a project succeed without one of these four? Sure. But, the underlying structure will be wobbly and you’re not going to want to build on it.
Join me at Alliance 2013 where I will be co-presenting with Florida A&M University CIO Michael James on
Hop, Straddle or Jump? Questions to Ask When Considering a Hosting Solution
Session Number: 31524
March 19, 2013