How innovation is changing the relation between business and corporate IT and why corporate IT cannot resist people Power ?
Armed with their smartphones, business people are more and more comfortable with technology than they have ever been. They know what tools they need, where and how to get them to stay on top of their business. They no longer rely solely on the company's IT to give them these tools and often even see corporate IT as over-focused on security and control at the expense of business efficiency. Rather than in-house built solutions, they now prefer standard ones available in the cloud that they can tap into as and when needed without having to wait for traditional IT rollouts of applications and staff to be trained. In fact business people are just people who expect business tools to be as useful and immediately accessible as the applications they enjoy in their personal life. For the last 3 decades, the IT department has been a major driver of change in all areas of business and every corner of companies. Now IT staffs have to face profound change forced unto themselves by the needs and expectations of the business driven by the acceleration of the adoption of technology in everyday life. This is not a change driven by technology (business as usual) but by the expectations that people have in what technology should do for them. Instead of changing how other people do things, IT professionals must accept the power of the people and adapt their jobs accordingly. Let us first look at the jobs and functions that we are disappearing and then the new that will emerge from this transformation and shift of power. No more end-user device management I am referring here to the management and administration of all currently managed operating environment, such as SOEs, all devices mobile or not and all associated systems. With the emergence of individual computers and client server at the end of the 80’s which disrupted the well-established centralized / controlled IT model of mainframe computers we saw a multiplication of end user devices within companies. Companies felt that they needed to be to fully control and managed those devices and spent millions doing it over the past decades encouraged by their corporate IT organisation which implemented a plethora of management tools and the processes which go with them with various level of success. Over time Corporate IT function become more and more involved in trying to protect, control and enforce security rather than focusing on enabling the business to use and leverage the technology available to grow and thrive. In today’s world, knowledge is key to the success of companies and people need the freedom to act and use fitting tools to proactively react to changes in the market, unfortunately management tools are hindering this access. Corporate IT organisations are in needs to reinvent themselves in order to focus on bringing value to the business again and not just implementing controls and systems. I have not seen or heard anybody who confidently can say that they got those to tools to deliver what was expected and extracted value from them for their company. For sure those tools gave you management control over end-user devices but at what cost and effort? If you look at it from the user/customer side you easily understand that it is not control they want, they want quick and easy access to the tools/apps they need to do their job more efficiently and this is what IT should be providing. People’s perception and expectation from devices has changes and what was acceptable yesterday is not today. The tolerance of people for devices which do not work and cannot provide them with what they need is growing very thin. People want flexibility, mobility and choices, something which cannot be provided under the current end-user device management and control model. Corporate IT has been trying to control the uncontrollable and it is getting harder and harder. End user devices are now considered as a commodity and should be treated as such. With today’s rise of mobility and digital it is becoming more and more evident that trying to manage/control end-user devices is an utopia. It professionals and organisation are starting to realise this and the good news is that once they do, they will then be able to focus more on adding value to the business rather than trying to control the uncontrolable. No more “protected” enterprise network. For some time we have considered and created corporate network as isolated pockets of pseudo security from the external world represented by the internet. As for the end-user devices we focused on control and security by implementing protective barriers and systems to try to keep the corporate network safe. When working as infrastructure manager for a large international company I did exactly that and provided a certain level of protection to our internal services and assets. But I quickly realized that those barriers were giving us a false sense of security and encouraged complacency internally. Most of the threats were actually generated from inside this protected network by people delivering poorly designed solution or people taking shortcuts encouraged by this feeling of being protected. Often we saw that despite the amount of money, energy and effort spent trying to keep the corporate network safe people always found ways to, knowingly or not, bypass those protections and exposed internal assets and information to the outside world. Managing and maintaining these infrastructures represent a huge cost and effort for very little or no added value. Additionally those protective barriers at the edge of the corporate network are not helping companies and IT in achieving their mobility agenda. The issue here is not to remove security and protection but to decide where security and protection should be applied and why. If application, data access and security are designed with mobility, direct access from the internet or from un-secure environment in mind there will be no need for a “protected” corporate network as it exist today. The impact of Cloud and other services With the arrival of new technology such as cloud computing, software as a service and mobile applications, today’s “protected” corporate network does not have a future in its current form. The same goes for the people managing this corporate network. They will need to evolve, adapt or disappear. What will happen to the "Network Adminsitrator" or the "Server Specialist"? Will they disappear or simply become "IT Service Engineers"? Corporate IT needs to re-think their corporate “protected” network strategy and its associated infrastructure and support personnels. IT needs to focus on delivering value to the business by adapting to today’s world and by taking advantage of the new technology available. IT needs to concentrate on leveraging technology to achieve the required business outcomes rather than focusing on the technology itself. The same concept can be applied to the data centre. Data centre are very expensive to build and maintain, you need building space, infrastructure, connectivity, management tools… and people to make it work. With the fast development of cloud technology and communication services it is now possible to provide similar services without the need of owning a data centre. You can leave the infrastructure management and headaches to the service providers and focus on the applications and solutions to deliver to the business. The next few years should see an increase in the transition from the traditional corporate data centre to cloud based services. So what impacts will those changes have on the current IT methodology, processes and project delivery? Would they apply to tomorrow’s world? Tomorrow is about delivering value and allowing people to make decision faster, it is not about enforcing a process, a methodology or implementing a structure. The value is not in the way it is done but in what it is delivered. While Processes, methodology and framework such as ITIL, Prince2, TOGAF and others have allowed the IT industry to mature and become an industry in its own rights, they are now too often used as weapons against changes the business needs and is asking for. This is particularly noticeable within big established companies whose corporate IT has somehow become over the recent years more of an administrative function rather than an enabling function to the business. New roles for IT professionals So if considering that the end-user device management, the traditional network infrastructure and data centre will disappear, that current processes and methodology will not be relevant anymore what will be left of corporate IT? Will this be only a small group of IT people to be the interface between external service providers and the business? In reality today's roles and functions will still need to exist but the way services will be delivered to an organisation will change and so will the skills of people. The IT organisation will not be required to build and maintain systems and infrastructure to deliver services to the business. These services will be build and maintain by others. The internal functions will be there to make sure those services are delivering value and are meeting the company’s business needs. The value of the internal IT organisation will reside in its ability to piece together and manage efficiently the delivery of those services. The skills and knowledge required will be less technical and more focused on people's ability to deliver value using their experience, expertise and technical knowledge combined with a deep understanding of the company's business and strategy. Everything as a service (no more stealth IT) Today we have already witnessed the emergence of Infrastructure as a Service pushed by the need to reduce cost and by the progress in communication technology. Software as a service (SaaS), when people only pay for what they use and when they use it, is growing trend and is encouraging companies to rethink the way they use applications. Often organisations have believed that to drive value and differentiate themselves from their competitors they needed custom solutions and therefore invested heavily into in-house development and support capabilities. They are now realizing that custom solution might not be the way to go to generate growth and value. While allowing the development of fit for purpose solutions, this belief in custom designed solutions has encouraged the development of a shadow or "Stealth" IT within the organisation along with its associated cost and impact on the ability to quickly adjust to market changes. Adopting SaaS requires from an organisation to first realize that the value is not in the solution but in the way the solution is used. This is in contradiction with a commonly shared belief that custom solutions drive value. More and more enterprises are now realising this and are moving to SaaS. They use standard application delivered as services over the internet and are moving away from building this IT organisation dedicated to maintain and support the custom applications. A market analysis by International Data Corporation (IDC), a global provider of market intelligence, predict that the SaaS market will grow from US$ 22.6 Billion in 2013 to $50.8 Billion in 2018 and will be representing 27.8% of the worldwide enterprise applications market. A new kid on the block People are also talking about identity as a service (IDaaS) which would free us from the need to remember multiple and complicated username and password to secure our access to a wide range of application and services. This explosion of digital identities is mainly due to the growing use of the Internet and its services. To secure and simplify access to those services some solutions are now emerging like using a social media account such as Google or Facebook to login and use services from other providers. Internally most organisation uses solutions such as Directories and other credential management systems to secure and provide access to applications and resources for their employees but this has a huge administrative burden and is mainly limited to internal users. As the world is becoming more and more inter-connected and with the rise of the “internet of things” the perimeter of an organisation is expanding beyond the organisation itself and its borders are becoming blurred. This organisation perimeter now includes external parties such as business partners, clients, suppliers and even the public itself making it more and more difficult and costly to manage those identities using the traditional models. Once again the evolution of people and business needs is pushing for a new model. Will IDaaS be the answer or just a step towards a completly new model? What will be the role or influence corporate IT on this new model? Conclusion Technology is now an integral part of our day-to-day life and it is changing the way we behave, interact and what we expect from IT in the work environment. The Internet had revolutionized the world and is pocking holes in the traditional barriers, models and controls set up to protect companies from the outside world. The clear separation between corporate and the outside world is fading. Companies and their IT organisations are facing a huge challenge and need to embrace the changes brought by technology and people expectations or will become irrelevant. The organisational structure of corporate IT will evolve and we will see the creation of new roles and functions, which do not yet exist. Today, we are already seeing the emergence of a new corporate IT working closely with the business and focused on delivering value and outcome with technology. Could this be a sign of maturity for the IT function or is this just a "cosmetic" adjustment to a changing environment and market? Are those the premises of radical changes when Corporate IT will cease to exist on its own because of being fully integrated into the business? Only time will tell.