An interesting article over in Tech Republic about the trend of companies to outflank their internal IT organisations in decisions regarding the shift towards cloud computing.
My first reaction, as often (given my background), is to clarify terms: What is a “CIO”? Or do you mean CTO?
This disambiguation is important: there is a lot of muddle around the titles of CIO and CTO. Often times, when the term “CIO” is used, what is actually meant is the person responsible for the IT infrastructure – and managing that technology as a corporate asset – this I would call a CTO. A CIO, on the other hand, is responsible for managing the information and data of a company as a corporate asset, irrespective of the technology.
Using these definitons helps: if a CIO under this definition is bypassed in considerations of moving to the cloud, then that shouldn’t be such a major issue, as their role is essentially one of defining policies regarding the management and governance of information assets.
A CTO however should not be bypassed – not only should they be included in considerations such as total cost of ownership – but the CTO also does the job around *implementing* corporate policies regarding information security, access control, privacy, etc. – and they should be instrumental in defining the criteria by which a company can judge whether cloud offerings comply with the policies that the CIO will have determined as necessary for the company’s asset protection. For example: is anyone else, other that the CTO, going to run an assessment of ISO 27001 compliance of a cloud service provider, let alone have the competence to do so?
As companies migrate to the cloud, the operational functions and responsibilities of a CTO will dimish – that’s partly the point – but they should still retain the overall responsibility of governance of their XaaS assets: there will be a distinct shift in work load away from operations and towards governance. The CIO’s role, on the other hand, should not change with the migration to the cloud – the responsibilities remain the same. In many companies, the two roles are munged together – and even if they are both performed by the same person or team, disambiguating the roles and responsibilities will help a great deal in assessing the RoI and cost/effectiveness of a move to the cloud.