Impact of the cloud on Service Asset / Configuration Management

Publish date:

Reading the recent Gartner report “Improve ITAM Controls Now or Face Unbudgeted Costs” I realized they were only seeing part of the picture.  The report clearly articulates the need for effective asset and software license controls for enterprises embarking on a Cloud strategy. For me, the key statement is “Sourcing decisions aren’t necessarily made by IT […]

Reading the recent Gartner report “Improve ITAM Controls Now or Face Unbudgeted Costs” I realized they were only seeing part of the picture.  The report clearly articulates the need for effective asset and software license controls for enterprises embarking on a Cloud strategy. For me, the key statement is “Sourcing decisions aren’t necessarily made by IT teams or even with their knowledge.”  You have to ask “Why not?”  Would, for instance, the marketing department think it was a good idea to go out and negotiate their own electricity supply contract? Or the CIO engage a PR company?

These concerns are amplified by the lack of visibility into service delivery associated with Cloud based services.  While traditional services may be considered ‘above the line’ in that their constituent configuration items (CIs), and their interrelationships, are visible the same is not true of Cloud based services.  Not only are the subsidiary CIs ‘below the line’ the relationships between them and traditional elements of the organisation’s IT service are not clear either.  Rather, a set of generic many-to-one relationships must be established between ‘above the line’ CIs and the Cloud based service.   How well this services end-to-end service performance management will depend on the level of investment made in management tools and the disparate data made available by Cloud providers.

IT organisations are no longer an adjunct to ‘the business’, they are an inextricable and core part of it and need to start behaving as such.  They have a corporate responsibility to exercise proper governance over their area of interest and act in the best interests of the enterprise as a whole.  If that means taking action to shut down access to services that have been acquired in a non-compliant manner then that is what they should do.  Yes, it might cause some confrontation internally but it protects the organization from financial, legal and compliance exposure.  It might also prevent a data loss or Data Protection issue with the reputational and business ramifications those entail.

Related Posts

Governance

GRC 101—an Introduction to Governance, Risk Management, and Compliance

S, Lakshmi Narasimhan
Date icon October 24, 2017

GRC helps to avoid the ill effects of silos in the governance, assurance and management of...

AI

AI and blockchain helping streamline identity management

Kurian Kallarakal
Date icon September 26, 2017

AI and blockchain can avoid duplication of work and streamline identity management.

Application Services

Do you embrace challenges?

Nicola Hodkinson
Date icon September 18, 2017

Deals we work on are becoming unusual or non-standard and the roles we now have in response...