None So then we begin the education process of what security means for our business, how do we get there, the solutions that we provide.
That becomes quite a big conversation, because ultimately at the end of the day, we deal with matters that can be quite sensitive and quite confidential. So security has to be a forefront for us. It's an education process that we face every day to make sure they understand that just because something is quick and easy, it does not necessarily mean it meets the expectations of our business or our clients.
Andries van der Westhuizen,general manager, information systems and technology, National Institute of Water and Atmospheric Research : From my experience, people sign up for a cloud solution because they can access that through the Internet and you cannot block everything. You need to be an educator and let people understand IT governance because if you are very strict, you become the department of 'no'.
On the rare occasion, people might go to the cloud without our prior knowledge. But as soon as we become aware of it, rather than block them, we assess if there are any issues, highlight these and work with them to resolve it.
Then we start to bring the cloud service under our sphere. One way of doing so is to incorporate the cloud service data into business intelligence. We take the information, present the report to them and also potentially work on its integration with the other systems.
Phil Goodwin: Business unit expectations are being fuelled by consumerisation of IT. They know what their peers are doing and know what they can do at home. But often they have no sense of the reality of making this happen in the workplace. IT is coming from the other direction, and are obliged to give reasons for not doing it. Somewhere in between someone has to be the voice of reason, explaining what is achievable, and help the two parties reach consensus.
We have gone through this process with one organisation, where we assisted them as a third party. We interviewed the business users, and the CIO and IT team were at the other side of the table. We got them to agree where they were, their current state, and where they wanted to get to, their target state. Once they agreed, getting a budget, developing a plan and building a roadmap became easier. Having that informed but neutral third party, who knows the challenges and what other organisations are doing, and able to listen to both sides, is important when brokering decisions about technology investments.
Sign up for CIO Asia eNewsletters.