Reading the recent Gartner report “Improve ITAM Controls Now or Face Unbudgeted Costs” I realized they were only seeing part of the picture.  The report clearly articulates the need for effective asset and software license controls for enterprises embarking on a Cloud strategy. For me, the key statement is “Sourcing decisions aren’t necessarily made by IT teams or even with their knowledge.”  You have to ask “Why not?”  Would, for instance, the marketing department think it was a good idea to go out and negotiate their own electricity supply contract? Or the CIO engage a PR company?

These concerns are amplified by the lack of visibility into service delivery associated with Cloud based services.  While traditional services may be considered ‘above the line’ in that their constituent configuration items (CIs), and their interrelationships, are visible the same is not true of Cloud based services.  Not only are the subsidiary CIs ‘below the line’ the relationships between them and traditional elements of the organisation’s IT service are not clear either.  Rather, a set of generic many-to-one relationships must be established between ‘above the line’ CIs and the Cloud based service.   How well this services end-to-end service performance management will depend on the level of investment made in management tools and the disparate data made available by Cloud providers.

IT organisations are no longer an adjunct to ‘the business’, they are an inextricable and core part of it and need to start behaving as such.  They have a corporate responsibility to exercise proper governance over their area of interest and act in the best interests of the enterprise as a whole.  If that means taking action to shut down access to services that have been acquired in a non-compliant manner then that is what they should do.  Yes, it might cause some confrontation internally but it protects the organization from financial, legal and compliance exposure.  It might also prevent a data loss or Data Protection issue with the reputational and business ramifications those entail.