Dear Help Desk: What’s Safe To Do In The Cloud?
Wouldn't it be nice if your employees actually asked you this question before they went off and signed up for a cloud service or deployed a new app to a cloud platform? If they did ask, would you know what to tell them? Forrester's research shows that most enterprises wouldn't have a clear response or know where to point the employee for better guidance. Oops.
The answer to this question is actually pretty simple in concept but more difficult than you think in execution — you need a cloud use policy. What should be in this policy? What form should it take? What tone should it carry? Where do I start? All these questions are answered in my latest research report on writing an effective cloud policy. And some of its guidance may feel very counterintuitive. First of all, this will probably be a much softer and more malleable policy than others you have in your company. The cloud is still evolving, and thus your policy will need to do the same. What you might not allow today may be perfectly ok tomorrow. And unlike other IT policies, it's highly likely that IT isn't the most knowledgeable team about cloud within your company. Be prepared to work with the true leaders in crafting this policy — fail this and you shouldn't even try.
It's too late for your policy to say, "The use of cloud services is not allowed," so you need to start from an assumption that it is already happening — and that more of it is happening behind your back than in front of your nose. In fact, any policy that takes a draconianly negative tone probably won't go over very well (it might just be blatantly ignored).
A better approach is to actually encourage its use — in the right way. Your cloud policy needs to present IT as an assistant to the business in the use of cloud and as an advocate for cloud. This will ensure that IT isn't seen as the internal police that you need to hide your business-driven cloud use from. Because your policy should help bring cloud use into the light where it can be monitored, managed, and made better.
This report is the latest in our ever-growing Cloud Playbook — a prescriptive guidance portfolio designed to help ensure a successful transition to the cloud, mature your operational practices, and reduce the risk in your investment strategy. Beyond the core reports in the playbook you will find toolkit items, such as this cloud policy report, that dive deeper into the tactics needed for success. And we don't just guide you in how to write an effective cloud policy, we give you a template to work from as well. This editable Microsoft Word document was derived from over twenty actual in-use policies from your peers (and provides links to many of these so you can read them yourself). We hope it helps get your policy up and running fast.
But don't stop once the policy has been uploaded to your intranet. You'll need to market this new policy for it to be effective. Yep, IT has to grow new marketing muscles to win in an Empowered market.