In part 1 of innovation and risk in the clouds, I focused on the alignment between strategy, organizational culture, innovation, and cloud computing. In part 2 we will discuss some of the risks and challenges cloud computing presents.
Do you remember the last time you took a risk? The first time? Do you remember the first time you saw your company take a meaningful risk?
In business there are some very memorable moments in risk taking. Which ones do you recall? One of my favorites is the Apple, Xerox, Microsoft, and IBM story told in the Pirates of Silicon Valley docudrama.
It’s a classic tale of a large enterprise not fully recognizing the value of technology, and a smaller organization being sufficiently bold and nimble to capitalize on that mistake.
As a former project manager, one of the activities I enjoyed most when managing projects was risk planning. It slowed us down and forced us to think through our activities, identify risks, analyze the risks, and plan appropriately. Some believe the speed of being a first mover, and its advantage, is enough, but it’s not simply the fastest car that wins the Indianapolis 500, the 24 Hours of Le Mans and the Monaco Grand Prix; it’s the team that best manages the risks inherent in participating at such events. The risk of a tire blowout is very real, and is a risk that needs to be properly managed.
Similarly, organizations need to be structured with the people, resources, processes, and strategic focus to adopt risk-taking endeavors in an acceptable and measured way.
The discipline of risk management focuses on addressing organizational risk inherent in its people, process, systems, and external environment. Some of those areas of risk include:
- Strategic (M&A),
- Regulatory Compliance,
- Financial (Cashflow) and Operational (IT systems, Supply Chain)
- Environmental, Political, Economic, Technological, and Competitive
Corporate transformation to a more creative culture leveraging the latest cloud computing model is not without risk. The consequences of the transition, chance of success, and impact on the business needs to be weighed, and planned for appropriately.
The good news is that cloud computing represents a positive risk shared with the cloud service provider, enhanced with key partnerships, and exploited for corporate benefit while leveraging service level agreements (SLAs) to mitigate risks. Risks, such as, hardware and software technological obsolescence, are transferred; although many considerations, including security, interoperability, lock-in, business process governance, and management remain, and need to be properly evaluated.
Security: I have heard it said that up to 70% of security threats are from unauthorized access by internal employees, so perhaps the focus on external attacks in a cloud computing environment should be re-evaluated.
Enterprise security, governance, risk management, and compliance has enabled many large government and financial service organizations to meet their audit requirements while reducing risk and improving operational efficiency. I have no reason to believe that cloud service providers (CSPs) meeting the same audit criteria will fare worse in this regard.
Lock-In: The risk of vendor lock-in given the lack of interoperability standards, while real, should be kept in context. Is the absence of lock-in worth an expensive choice of multiple hardware and software providers? Are you willing to pay a multiple to not be locked-in? Interoperability will eventually come to the cloud, while legacy service providers are moving to their own solution bundles given the acquisitions we have seen – Oracle/Sun, Dell/Perot, HP/EDS.
Business Process Governance: In this area, Salesforce.com announced the Force.com Visual Process Manager, and Makara announced its cloud application deployment and management platform, you can expect many developments here as organizations race to provide a variety of solutions in this area. I have written on this topic before, the original blog entry is found here.
Management: Ultimately, for some, managing Clouds will offer the appearance of control – dashboards, and real-time reporting mechanisms, all provided by Cloud Service Providers with the degree of detailed monitoring determining the costs incurred by the client.
For others, that will build and support their own enterprise cloud environments, the dynamic nature of cloud computing – with servers, networks, and storage dynamically showing up and disappearing from the environment, it will be a difficult and challenging model to manage; particularly if the organization does not adapt its legacy business management culture and approach, for the new environment.
Though by far, the greatest risk that I see is the failure to recognize the potential that lies within cloud computing to transform organizations.
In part 3 we will discuss the organizational challenges of innovation in the cloud.
-Tune The Future-