CIO

Cloud Apps Soar, CIOs Take on New Role

The explosion of cloud apps in the enterprise, largely happening outside the CIO's purview, threatens to rattle companies in many ways. Highly regulated companies can find themselves suddenly out of compliance. Business-critical cloud apps can fail to deliver adequate service. Then there's the ever-looming security risk.

A swath of market research studies is highlighting this problem:

For starters, the public cloud market will reach $191 billion by 2020, up from $58 billion last year, according to Forrester. Cloud platforms will generate $44 billion, and cloud business services will hit $14 billion.

Netskope's cloud report shows enterprises having an average 461 cloud apps running in their organizations -- nine to 10 times the number IT departments estimate.

Cloud-based file-sharing services present a particularly tricky problem. Employees might store corporate data on personal cloud services beyond the reach of IT and backup devices. When those employees leave the company, IT doesn't have any idea what data has been lost.

Cloud Disaster Looms Without CIOs Involvement

Spiceworks, a network for IT professionals, surveyed 500 IT pros, and nearly half said employees are using cloud-based file storage, sharing, and synchronization services that get around IT-owned systems. While 31 percent discourage the use of such services only 4 percent actually block employees from using them at all.

There's no question cloud apps are booming, while IT stands mostly on the sidelines. Now there are signs of a fallout when the CIO isn't involved, such as a pharmaceutical company foolishly sending HIPAA data to a cloud service provider. When business leaders sign on with a cloud service provider without the CIO vetting the provider, assessing risk, monitoring and managing service level agreements (SLAs), trouble can arise quickly.

[Related: Why CIOs Shouldn't Block Rogue Cloud Apps]

It gets worse. On behalf of Compuware APM, Research in Action conducted a survey of more than 740 senior IT professionals about their concerns over cloud computing adoption. The shocking finding: Nearly three out of four respondents fear cloud service providers are hiding problems that can impact performance.

"The vast majority of CIOs are dissatisfied with their cloud SLAs, feeling that they are too simplistic, do not address the risks of operating in the cloud and do not provide adequate visibility," says Mike Masterson, director of cloud solutions at Compuware APM. "Less than one-quarter of those surveyed are happy with their cloud assurance and, having handed control over to their cloud providers, are now biting their nails thin while looking for ways to regain control."

Today's CIO Is Tomorrow Cloud Services Broker

But a new role of the CIO is emerging: the cloud services broker. More than one-third of IT departments already act primarily as services brokers, and this model is expected to expand rapidly in the next 12 months, according to new research commissioned by Avanade, a managed services provider.

[Related: CIOs to Become In-House Brokers -- and That's a Good Thing]

As cloud services brokers, CIOs can push cloud service providers to deliver detailed SLAs. In Research in Action's survey, the top three metrics that respondents would like to see in a cloud service provider's SLA are response time and quality for every end user interaction, availability based on deep, continuous monitoring, and real-time SLA reporting.

Bottom line: Like any broker with expertise in the minutia of a contract with large dollars at stake, the CIO understands the importance of the SLA and other technical requirements that ensure compliance, security, reliability and performance. A good SLA benefits the business as well as the end users.

Tom Kaneshige covers Apple, BYOD and Consumerization of IT for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Tom at tkaneshige@cio.com

Read more about cloud computing in CIO's Cloud Computing Drilldown.