There are a lot of experts and process gurus who are more qualified than I to tell you how to manage change. They will offer a great deal of high level advice such as “define the vision,” “create a change proposition,” “promote staff input to shape the solution.” And these are very wise nuggets of advice. And we (in IT) are at a crossroads for change. The landscape of the role, the challenges of the responsibilities, the tools of the trade are all evolving.
Much of the change revolves around the migration to cloud-based solutions. For going on a dozen years, SaaS applications have ingrained themselves in most IT architectures-from ERP/CRM to payroll to security-as-a-service. Without extolling the virtues of the cloud solutions themselves, what this has done is transformed and upgraded the value of the IT professional. Whereas there is a sincere appreciation for the professional who writes code, manages a help desk and installs and maintains computed assets, I am speaking more of the sea change from a person plugging in cables to an analyst; from a compiler of stacks to a broker of business needs.
From a business standpoint, think of the value of an employee who enables your best practices and workflows, monitors your progress, and manages various business needs. The cloud provides this opportunity. Instead of writing that code for an application, you simply subscribe and acquire the functionality. Instead of moving from endpoint to endpoint, the provisioning and ongoing maintenance is instantaneous. Instead of infrastructure-based, you get to be information-centric. And as such you get to make better decisions, faster.
The evolution of security issues is no different. The cloud has matured to the point where solutions such as SIEM. Log Management, Single Sign On, Identity and Access management are not just viable options managed from the cloud, but in many cases, provide greater bandwidth, power, agility and versatility than can be managed on premise. With cloud-based security you divest the bulk of programming and day-to-day high resource/limited return activities while gaining the ability to instantly analyze evaluate and act. In short, you become a catalyst for change management and risk mitigation.
The residual benefit of cloud security is that IT no longer has to be in the Identity Management business, but still reap all the benefits and efficiencies. No more time dedicated to resetting passwords or setting up role based access every time someone is hired, fired or moved. It doesn’t have to be in the log monitoring business, but still is effectively and securely protected from intrusion and attack with 24/7/365 monitoring. IT department is no longer a compiler of data, but a conduit of information and evaluator of compliance audits and reports that meet the various industry standards and government requirements. The rethought IT department now gets to be in the business of integrator of business goals.
As a facilitator, IT interfaces with the various departments to understand their objectives and find the best tools to integrate. The cloud allows you to not only deploy instantly, but creates a set of resources at lower costs that help achieve success.
This is not to say a full-scale migration to the cloud is warranted. Every company has unique needs and not all of them are best served through the cloud; whether public, private or hybrid. However, the benefits outweigh the concerns. And if considering options without taking in account the cost benefits, the resource surplus and the ease of management the cloud provides, you do your organization a disservice. The issue of control often comes up in these discussions. Do virtual applications or more specifically, security-as-a-service provide the necessary control for you to transact proprietary or personal information, protect intellectual property? Any vetted solution, like the ones from CloudAccess, does. But control is not about where data is stored, but how it is stored and the rules you apply to manage it. By removing staff from lower level priorities and implementing strong rules, workflows and processes, it should not matter whether a function resides on premise or in the cloud. But when you can divest your staff from the day-to-day lesser priorities, you open up a world of new possibilities and a streamline means of achieving goals for the entire enterprise.
Change is not coming. It’s already here.