In my last post, Pillars of Successful Cloud Solutions – PEOPLE, I discussed how employees fall into one of three groups (Application End Users, Application Administrators and Application Executive Sponsors), the goals, functions and skill sets of those groups, along with the role they play in the PROCESS pillar. Before we get into how PEOPLE interact with PROCESS, let’s define what the PROCESS pillar represents;
Processes are well defined, documented and enforced at all levels, to ensure application availability and data security.
All applications, on premise or in The Cloud, require attention in the following areas:
- User Maintenance (adding, removing and modifying users)
- Security (access, configuration, auditing, etc…)
- Databasesystem maintenance
- Data integrity validation
To keep an application healthy, each area needs to be addressed in a timely manner and by the appropriate people. We will dive deeper into these five areas in my next post, but for now just know they exist.
When processes are clearly understood (well defined), easy to findfollow (documented) and hold everyone accountable (enforced at all levels), the PROCESS pillar shows its strength in bearing the weight of cloud applications. Below I am going to walk through a very typical PROCESS that tends to get overlooked when an application is moved to the Cloud: User Maintenance.
The old CRM system has been on premise for a number of years, uses Window Authentication, the IT department has been responsible for setting up users and maintaining security. When new marketing employees started in the past, the IT department would set up their Active Directory account, email box, local workstation, printers, access to the on premise CRM system and assign them to the appropriate security role within the application. The marketing department decides to move to a Cloud based solution. During implementation, IT assumes it will no longer need to setup users or security since the underlying hardware is not supported by them, the new CRM system will not support local Active Directory authentication and IT was not made aware of this change until after the deal was signed. Marketing was told the system will be accessible from anywhere and all they need to access it is an internet connection and web browser.
After go live, an employee on the marketing team leaves and a new hire is brought on board. This new person is not able to access the application because they do not have credentials. The marketing manager is asking IT to set them up. IT responds that they are unable to do so as they do not have access to the new system. From there the situation deteriorates as Marketing insists IT help them since they have always done the setup, IT digs in their heels, states the application is not administered or supported by them and that marketing should speak with the vendor for help. Meanwhile the new employee is not able to be productive and most likely the old employee still has access to the Cloud CRM system.
A well-defined, documented and enforced at all levels PROCESS could have avoided this situation.
Marketing, along with other key stake holders should have been involved with the selection of the solution. The larger issue here is a lack of an IT Steering committee whose membership includes representatives from several departments. Many organizations have implemented these committees with great success. A committee’s primary functions can be:
- Develop and enforce a strategic technology roadmap across the enterprise, especially with Cloud based applications.
- Advise senior leadership of policy, governance and technology initiative and changes.
- Develop and enforce IT processes and data governance protocols.
- Provide a forum where any department can petition to obtain new technology, specific to their needs, while providing an estimated budget and business justification.
By having a mechanism in place to funnel, discuss, evaluate, implement, test and finally sign off on IT projects, you will get all the right people involved at an early stage. This allows for obvious gaps to be addresses (authentication and support issues on the example above). It keeps stakeholders informed of new technology being brought online, prevents rogue software deployments which could impact data security and clearly defines roles and responsibilities. With Cloud based applications, this becomes even more important. Having a trusted cloud advisor be a part of this committee can help on several fronts including: education of different options, typical pitfalls to avoid, vetting new requests, potential security issues, etc…..
If you are interested in learning more about RSM’s Cloud Computing Rapid Assessment, check out this link.
If you are interested in learning more about RSM Management Consulting practice (help with forming an IT Steering committee), check out this link.