Architecture Corner: We are special – Seven Deadly Sins of IT

Episode 6 of this season of Architecture Corner is out (I made a guest appearance in episode 1, “Good at Innovation”). In this installment, the CIO is a glutton for new data center capacity.

Chris the CEO (Casimir Artmann) and John the CIO (Greger Wikstrand) are convinced that “we are special”. Can Ann the CFO (Christina Lundström) and a cloud computing expert convince them to explore the alternative to an expensive new data center?

Storm Clouds: DropBox’s Back to the Future Moment

Rembrant's Christ in the Storm on the Lake of Galilee

One of the big news items from last week was DropBox’s announcement that it had brought its file storage infrastructure in-house, moving (mostly) away from AWS:

Years ago, we called Dropbox a “Magic Pocket” because it was designed to keep all your files in one convenient place. Dropbox has evolved from that simple beginning to become one of the most powerful and ubiquitous collaboration platforms in the world. And when our scale required building our own dedicated storage infrastructure, we named the project “Magic Pocket.” Two and a half years later, we’re excited to announce that we’re now storing and serving over 90% of our users’ data on our custom-built infrastructure.

Given both the massive scope of the endeavor and the massive repudiation of what’s becoming more and more common infrastructure practice, Wired.com‘s article is appropriately titled: “The Epic Story of Dropbox’s Exodus From the Amazon Cloud Empire”. According to that article:

In essence, they built their own Amazon S3—except they tailored their software to their own particular technical problems. “We haven’t built a like-for-like replacement,” (Dropbox engineering VP Aditya) Agarwal says. “We’ve built something that is customized for us.”

Did DropBox make the right decision?

Only time will tell. In truth, it will probably be easier to tell if it was the wrong decision than if it was the right one. Poor choices tend to be more absolute, good choices less clear-cut.

DropBox has also spent more than two years developing and proving their infrastructure accord to their announcement. Given that file storage is DropBox’s core business and recognizing the scale they operate at (500 million users and 500 petabytes of data according to an article on CIO.com), the idea that they should control their own infrastructure makes sense. This is particularly true given Agarwal’s statement that “We’ve built something that is customized for us.” While I can’t say whether the decision is right, I can say that it is a reasonable one.

That’s not the same, however, as saying that everyone should operate the own infrastructure. Context matters. Simon Wardley‘s tweet sums it up nicely (where “nicely” is defined as “snarkily”):

Emulating DropBox when you’re not in the storage business, when you don’t have the volume (nor, most likely, the budget), and when you haven’t done the homework to prove it out, makes no sense. It would be like rowing a dinghy out into a stormy ocean because the oil tanker that just left port is doing fine.

Context matters.

Deja Vu All Over Again

Thus, history repeats itself. MIS, as it was called a generation ago, thumbed its nose at all of the new-fangled personal computers that started mysteriously appearing on desktops throughout the corporate world. Those new microcomputers were there for one specific reason: business was tired of white-coated, non-responsive arrogance from its centralized computer department, so used the new systems to get things done.

(From Cloud Computing Journal, “Cloud:Biz & IT Not on the Same Page”)

A new study conducted by Forrester Consulting for BMC Software has received a lot of attention this week. Although the full results will not be available until the end of April, the findings published in a March 21 press release indicate that business leaders are using cloud computing as a way to bypass IT constraints. Just as the proliferation of smart phones and tablets has generated a substantial guerilla movement to force support of those devices in spite of IT opposition, cloud computing seems poised to join in. Unfortunately, as the quote above points out, this is reminiscent of the days when PCs began their invasion of the corporate space and we all know how that turned out.

Computer Weekly’s “Executives using public cloud to dodge IT rules” highlighted the initial results of the study:

  • Three out of four CIOs believe that business executives view cloud computing as a means to circumvent IT control.
  • Although only 36% of businesses have policies allowing for use of public cloud resources for mission critical work, 58% are doing so, with a planned increase to 79% within the next two years.
  • IT executives see the unmanaged use of cloud services as a factor adding complexity to their operations.

Earlier this month, Steve Ranger writing for TechRepublic noted that even IT staff can be the source of covert cloud computing. Some are using cloud resources to meet business needs and submitting expense reports for the costs.

Shadow IT is a fact of life. Frequently, it can be a valuable source of innovation. However, when major business functions drop off the grid, it should be seen as a red flag. When your customers are going out of their way to avoid you, you have two problems: first is the loss of trust on the part of the business unit that sees you as an impediment and second is the potential loss of support from upper management. Unless there is a legal or regulatory issue, circumventing IT rules will likely get tacit support if the unit is making money. Complaints from IT may even convert that unofficial tolerance into official approval.

Like a turtle in the middle of a busy road, CIOs face a dilemma with no easy answers. The CIO must answer to both individual business units and the enterprise as a whole. Frequently, the needs of one group may not align perfectly with the rest of the company. Too little control allows costs to spiral out of control while too much stifles innovation.

Collaboration, making the business a partner in meeting their needs, will be far more likely to work than attempting to dictate and veto. Fostering innovative efforts puts IT in a better position to mitigate risks than a prohibition policy which encourages hiding of projects until it’s too late for IT to stop them.

A little over thirty years ago, rogues began sneaking non-standard IT solutions into enterprises to meet needs that IT did not. It’s been a rocky road, but we all know how that turned out.