The cloud has so far caused huge upheaval in the IT world and it’s easy to see why. After all, who doesn’t like the idea of a more flexible IT infrastructure, services on demand and a corresponding reduction in IT costs?

Perhaps most compellingly the cloud makes it even easier to outsource IT services, gaining flexible access to capabilities that would be difficult to implement in-house, secure in the knowledge that a trusted party will have a lot of the complex management under control.

Of course, this isn’t always the case: any failure of a cloud-based service can have huge repercussions for the IT department. One only needs to look at the chaos caused by the April 2011 Amazon Cloud outage or the more recent failure of Microsoft Azure, where a large number of organisations were suddenly and massively left to fend for themselves.

Instances such as this, whilst rare, can have a profound effect on the IT department. While the fault may lie with a service provider, users will only see one place to lay the blame and take out their frustrations on the IT department itself.

The golden rule

This is due to one simple rule: you can outsource almost anything except for responsibility. As a result, IT departments need to be sure that they still have control over and visibility of any services they outsource to the cloud. They must see exactly what is being delivered, where and to whom, and what weaknesses might exist in the supply chain.

At the same time they must be able to cope in the event of a loss of service. This means the IT department is not technically removing its management burden by outsourcing. Instead it’s shifting the burden, from managing in-house IT assets to managing its suppliers.

Making a virtuous circle

This continuing burden of management means IT departments need to be careful about what they move to a cloud-based service. If a department has difficulty managing a service that it currently offers in-house, how can it guarantee a decent level of service from an outsourcer when it doesn’t know what to look for to ensure that a good service is being provided? Instead IT departments should only outsource services that they are already fully in control of.

While this might seem counter-intuitive, it means that the department will very easily be able to ensure it receives the service it needs while also making it much more prepared to deal with any outages or other incidents. In the meantime managing the outsourced service will still require less time than managing it in-house, meaning that the department can concentrate on improving its ability to manage those services it is less sure of or even develop new ones. This can then result in a virtuous circle: as more services can be outsourced so the IT department frees up more time to improve others, bringing them to a level where they can be outsourced if desired.

Supporting evolution

Essentially, outsourcing to the cloud is a defined step on the evolutionary process of providing IT services, rather than a missing link that allows other steps to be skipped entirely. As a result, there are a number of relatively simple checks the IT department can perform to ensure it has control over its IT.

First, are the services well defined and managed effectively by internal IT? If the department is following a best practice framework such as ITIL, or a standard such as ISO 20000, and services are under the control of demand, availability and capacity management, this is a good sign that the service is healthy.

Second, can it predict or explain all events and outages in the service? A service outage should hardly ever be an unexpected event and, on those rare occasions, the department should be able to show the root cause and measures that have been taken to prevent recurrence.

Third, how well are changes to the service supported? If the IT department can’t guarantee fast, effective upgrades and support for users then the service needs more attention.

And perhaps most importantly, are user expectations managed? End users need to know exactly what to expect from their services, how they will be accessed and who to contact when things go wrong. They should be given warning of and information on both planned and unplanned disruptions to the service so that their work isn’t disrupted.

And the IT department should remember that, regardless of how it provides its services, it will remain the primary point of contact and focus of attention in the minds of users. As a result, it needs to be 100% confident that it can address any issues as the buck very definitely stops there. Regardless of how much they outsource and with whom, IT departments need to remember the golden rule: technology and services may reside pretty much anywhere but ownership, responsibility and management can only ever be in one place.