It goes to the heart of governance within the organisation: who's accountable for the consequences both in the short term and in the long term for that decision being made?
The overall governance in an organisation should balance the demand to meet short-term requirements or issues versus elevating the systemic risk, such as a data breach, degraded data quality, cost issues, etc.
Achieving that balance in organisations is not easy because you are dealing with individuals who maybe do have a more conventional/traditional perspective on their roles, their departments and how the organisation should be run.
The first step is to transform IT into a division that can add transformational value to the organisation and be seen as a peer. Once that occurs, it's then a question of applying the right governance across all the executives [so they] understand that fragmenting and federating systems should be in accordance with a defined understanding of who's accountable for what, and who has jurisdiction over what.
Having everyone buy their own services, getting it in the door quickly, can be sustainable provided the risks don't eventuate. However, a small cloud application, which might just be swiped with a credit card and deployed in a particular part of the business, could contain information which is at serious risk of access by an unauthorised person, which could jeopardise the entire business.
Risks can arise from a lack of integrity of your broader IT systems, which means the ability to connect the system with others, the ability to manage disaster recovery, to ensure compliance with data jurisdiction and the emergence of privacy laws - for example, the new privacy legislation that is coming out in March this year.
Also, if a client wants to log in to a single portal because there's value in having a one-stop shop service, how can that be possible if the underlying databases are all spread across cloud providers, internal data centres, with 10 different systems put in by 10 different departments down the track?
The fundamental issues deal with how coordinated the organisation is and that starts right at the top in terms of the organisation's business plans, strategies and mission. It's about how clearly that is articulated so the common objective and strategy is aligned with all the c-suite, so everyone understands that they are not just looking after their own patch.
It's also making sure that a percentage of everyone's role is to look at what others are doing and how they work together to achieve the common objectives of the organisation instead of protecting their patch or folding their arms and saying 'this is not your job, this is my job'.
Sign up for CIO Asia eNewsletters.