One of the first things to understand when moving to the cloud is that IT management responsibilities for particular tasks and processes will vary depending on which type of cloud service a company is deploying. Let’s take a look at each of the three main types of services.
With IaaS, the physical layer of the IT infrastructure goes away for the customer. But IT is still responsible for operating systems, including settings and configurations, as well as the management of business applications and data.
IT needs to monitor and patch all of the operating systems in place to make sure they continue to comply with governance and client hardening standards. IT also is typically responsible for data protection, disaster recovery and data governance at all layers.
Given the critical nature of all of these functions to the enterprise, you can see how dangerous it could be for any IT organization to assume cloud providers are taking over all management responsibilities.
PaaS presents some different management responsibilities for IT. With these services, cloud providers deliver hardware and software tools to clients via the internet — typically for application development. The provider hosts hardware and software on its own IT infrastructure, so companies using these services don’t need to install their own hardware or software.
As with IaaS, PaaS service providers handle the management of cloud networks, servers, virtualization and storage systems, and they also manage operating systems.
IT is responsible for connectivity, data and applications, as well as the security of the environment. That includes areas such as data protection, disaster recovery and data governance.
Although cloud providers might provide vulnerability and penetration testing on the cloud network, internal IT and security are responsible for protecting data and code. Penetration and vulnerability testing, scanning, monitoring, reporting and remediation remain the responsibility of IT and cybersecurity functions in organizations.
With SaaS, service providers host applications on their own servers and make them available to customers as needed over the internet. When using these services, IT no longer needs to buy, install and run applications on its own data center systems. Nor does it need to worry about software licensing, installation or support.
But IT remains responsible for a number of management functions. For instance, IT continues to handle application administration and configuration, and also must map business workflows to leverage the SaaS offerings. In addition, internal IT handles reporting and the management of application data.
IT leaders are also responsible for data governance and cybersecurity functions such as identity management, controlling who has access to application data and how changes in data access should be audited. Finally, IT handles the integration of SaaS offerings into existing on-premise systems.
As you can see, regardless of the type of cloud service a company deploys, IT still has its hands full. Unfortunately, a lot of IT executives will need to redefine various roles and responsibilities when adopting a cloud environment. That needs to change, or the move to the cloud might not be a pleasant journey.