“IT agility” has become the Holy Grail for CIOs and IT leadership, usurping even the longstanding top priority of cost reduction. For the last three years, every client organization I’ve worked with has focused its sourcing efforts on gaining agility. But even when doing everything possible to be responsive to business needs, CIOs tell me their business units and senior business executives continue to view IT as a hindrance to corporate agility.
Working with clients to develop and implement sourcing strategies gives me a behind-the-scenes view into the daily life of IT. Based on this experience, I’ve concluded that what many call IT’s “unresponsiveness” is often due to factors completely outside of IT. Specifically, the two most common roadblocks to IT agility are risk management (including security) and legal approval for contracts and operational policies.
Here’s a real-world example:
A multinational enterprise wanted to upgrade its global network. IT developed a network upgrade plan, secured approval and started execution. The upgrade in the company’s Asia region hinged on contracting for a co-location site in that region. IT selected a metropolitan location in Southeast Asia and a well-known colo provider, at which point the contract went to the company’s legal department. The co-lo service provider expected the multinational to mark up its standard agreement, but the multinational’s legal department insisted on using its own. Signing the contract took more than 18 months, in spite of IT’s continued request to legal to expedite completion.
Although IT leaders and CIOs are unfairly held accountable for unresponsiveness that is beyond their direct control, they must address the agility problem head on. Today, the culprit that most often causes legal and security roadblocks is cloud services.
The fact is, legal and security organizations have decades of experience with contractual and operational issues related to implementing managed services and staff augmentation. But that experience is lacking with cloud services, which represent new ground. As such, these organizations are rightfully concerned that agreements and security requirements properly protect the company. And every new data breach reported in the media only heightens their concern.
Here are two steps IT leaders can take to eliminate or mitigate roadblocks:
First, initiate a cross-functional project to streamline approval of cloud agreements by reaching out to the organization’s legal and risk management leadership. The “win” will be an efficiency improvement in dealing with cloud services. Work with legal and security to develop a proposal for corporate funding to develop reusable evaluation frameworks and policies for cloud services. Include a high-level business case showing the savings from efficiencies and highlight the major risks that have been mitigated. Use upcoming cloud agreements or renewals as “platforms” for this policy development so that costs are incremental to work already planned.
Second, jointly pitch the cloud streamlining proposal to senior management - the stakeholder most likely to be frustrated by an apparent lack of agility and efficiency in IT and other organizations. If the company has already committed to business programs that rely on cloud-based technologies, show senior management specific agreements that need to be put into place to make these work. Be sure the project sponsorship is cross-functional and identify benefits to already-approved corporate plans involving cloud solutions.
Since legal and risk issues of increasing IT agility reach across domains, addressing the IT agility challenge is an excellent opportunity for CIOs to demonstrate business savvy and prove themselves as effective leaders of corporate change.
The good news for CIOs is that guidelines for cloud agreements are emerging, and ISG has considerable experience helping enterprises develop contracting frameworks and policies for cloud services. Please contact us for additional details and to discuss your situation.