Is Cloud Computing Centralized Or Decentralized

Most large Information technology organizations, at some point, have to brand decisions most what to centralize and what to decentralize. Some organizations make up one’s mind to create a shared services group; others look to centralize governance over security and architecture, or to centralize procurement and financial management. When done poorly, the centralized functions can become frustrating bottlenecks, and the interactions between shared services and decentralized teams can pb to administrative waste. How should enterprises decide what to centralize, and how can they best organize the centralized services and their interactions with decentralized units to reduce waste?

Every bit the CIO of ane of the component agencies of the Department of Homeland Security (DHS), I considered myself the victim of burdensome centralization. Whenever we wanted new servers or changes in the datacenter, nosotros had to appeal to the DHS contracting organization, which oversaw the contractor that managed the datacenter. Our network infrastructure was shared with other DHS components and managed centrally, so making even minor network changes required paperwork, reviews, and long timeframes. For IT projects, we had to follow the onerous requirements of DHS’southward oversight framework MD-102 (yes, that’south the ane I make fun of oft in my books and speeches), which was designed to oversee the building of Declension Baby-sit cutters (the Coast Guard is also part of DHS). Information technology also governed the delivery of software systems and was consequently oriented effectually huge capital investments and physical objects. Centralization seemed to get in the style of everything nosotros wanted to accomplish.

Today’s digital ways of working telephone call for decentralized, empowered, democratic teams. This is difficult to reconcile with centralized functions and governance! On the other manus, there are some functions that just cannot exist decentralized or that introduce inefficiencies when they are. In our case, DHS headquarters was responsible for security across the entire enterprise, and negotiating vendor contracts centrally allowed us to leverage our purchasing volume for improve discounts.

The tension between centralizing and decentralizing is at the core of today’due south digital IT surroundings. Unsurprisingly, it comes up in one form or some other in most conversations I take with enterprise leaders.

To become a handle on how to manage the tradeoff, I like to start from the principle that speed and innovation are critical in today’s surroundings. They are all-time facilitated by decentralizing authority, by working in those autonomous, empowered, cross-functional teams. The teams tin can remain shut to the customer, hands sense changes in the market, incubate ideas with cantankerous-functional participation, and execute piece of work with no handoffs between functional silos—that is to say, quickly. When an autonomous squad depends on a centralized function, it slows them down, adds administrative overhead, and imposes bureaucracy that tends to limit innovation.

That’s my starting betoken, merely the question demands a more nuanced treatment. In what cases
should
you lot centralize functions? My beginning answer is: Only when information technology actually speeds up those decentralized teams and supports their innovation. If the centralized organization provides services that would otherwise take the teams time to provide themselves, and does then without administrative overhead that would slow the teams down, then it is good. For case, take DHS’s oversight of the contract for managing the datacenter. As it was ready, it slowed our teams down when they needed infrastructure. If, even so, the centralized team had prepare up the contract, pre-negotiated, with fast processes for teams to get their own infrastructure when they needed information technology, then it would accept saved time for the teams and would therefore take been beneficial.

Of form, we don’t accept to worry virtually datacenters anymore because we have the cloud. Imagine, now, a centralized cloud platform team that provides software delivery teams with a prepared infrastructure on which they can piece of work. The teams tin self-provision any infrastructure they need, without waiting for the platform squad to exercise it. Instead, the platform team has ready up the platform in such a way that when the teams self-provision their infrastructure, they automatically utilise cloud resources that the security team has vetted and configured and that the finance team has approved for cost-effectiveness. Now the central platform system is really making things
faster
for the delivery teams, because they don’t accept to assess the security of those resources, don’t have to practice any supplemental security engineering, and don’t have to justify the cost-effectiveness of the resource they are using. And there’s no boosted administrative overhead, because they can still provision their own infrastructure.

In this instance, the centralized office has actually sped up the decentralized teams—a large win! Observe the dissimilarity with my earlier DHS examples where the centralized functions acquired delays and frustration considering they involved gatekeeping and an actual handoff to another team.

So, you should certainly centralize functions when doing then adds speed. Merely that’south still not the whole story. Another reason why organizations centralize is to provide governance and oversight for the unabridged enterprise. At DHS, headquarters needed to oversee security and spending, and therefore had centralized organizations attending to these things. How tin those needs be met without slowing things down?

First, we should enquire whether that central governance is really necessary. In my books, I suggest caution about the knee-jerk standardization impulse in It—we often assume that standards are needed, when conscientious analysis would prove that the business concern value of that standardization
might
not justify the additional cost or slowness of the governance mechanisms that ensure standards are followed. I besides similar to bespeak out the tradeoff between oversight through governance and oversight through management. Governance makes rules and introduces enforcement mechanisms, with consequent costs. But often you can accomplish the same or better results simply through good management. Governance, for example, might force teams to use the standardized software delivery platform. Management, on the other hand, might inquire a squad that didn’t use a standard platform why they did so. Were they really keeping the company’s best interests at middle when they decided not to? You don’t necessarily need rules and enforcement to get skilful behavior; frequently, competent direction solves the problem.

But let’s say that you do need centralized governance. The good news is that today, information technology can often exist accomplished with automation, through guardrails that don’t tiresome down the decentralized teams or add overhead for them. I sometimes talk about “automating your hierarchy.” Today we tin exercise “compliance as code,” “policy equally code,” or “auditing as code.” Your bureaucracy doesn’t interfere with speed and creativity, it just aligns them within guardrails.

I’ve already given an example of automated hierarchy: the platform team that provides only vetted resources for teams to utilize in their cocky-provisioning. The security team’s governance is already embedded in the selection of components that are available. They don’t need to interfere whatsoever further. Another example: Nosotros had the security team create automated tests that checked for compliance with their policies for all of the other It teams to utilize. By making sure their lawmaking passed the security tests, delivery teams could move at top speed independently—merely, through the tests, the security squad provided governance. Similarly, you can automate financial controls, perhaps shutting down resources that aren’t being used, perhaps stopping teams from using resources that aren’t toll constructive, or perhaps notifying finance if a team plans to do something potentially expensive. All of these automated mechanisms enforce centrally adamant governance controls, but don’t wearisome down teams, interfere with their creativity, or add administrative overhead.

So here are my rules of thumb for managing the centralization/decentralization tradeoff:

• Decentralize past default
• Centralize when information technology will speed up the decentralized units
• Centralize when governance is necessary, only exercise so in an automatic style that doesn’t create dependencies

—Mark