I have a client who is concerned with some of their departments bypassing the organization’s traditional IT resource acquisition process, and going directly to cloud vendors for their IT resource needs. Not really unique, as the cloud computing industry has really disrupted IT provisioning processes, not to mention near complete loss of control over configuration management databases and inventories.
IT service disintermediation occurs when end users cut out the middleman when procuring ICT services, and go directly to the service provider with an independent account. Disintermediation normally occurs when one of the following conditions exist:
- The end user desires to remain independent, for reasons of control, use of decentralized budgets, or simply individual pride.
- The organizational service provider does not have a suitable resource available to meet the end user’s needs
- The end user does not have confidence in the organizational service provider
- The organizational service provider has a suitable service, however is not able or willing to provision the service in order to meet the end user’s demands for timing, capacity, or other reasons. This is often the result of a lengthy, bureaucratic process which is not agile, flexible, or promotes a “sense of urgency” to complete provisioning tasks.
- The organizational service provider is not able to, or is unwilling to accommodate “special” orders which fall out of the service provider’s portfolio.
- The organizational service provider does not respond to rapidly changing market, technology, and usage opportunities, with the result of creating barriers for the business units to compete or respond to external conditions.
The result of this is pretty bad for any organization. Some of the highlights of this failure may include:
- Loss of control over IT budgets – decentralization of IT budget which do not fall within a strategic plan or policy cannot be controlled.
- Inability to develop and maintain organizational relationships with select or approved vendors. Vendors relish the potential of disrupting single points of contacts within large organizations, as it allows them to develop and sustain multiple high value contracts with the individual agencies, rather than falling within volume purchasing agreements, audits, standards, security, SLAs, training, and so on.
- Individual applications will normally result in incompatible information silos. While interoperability within an organization is a high priority, particularly when looking at service-orientation and organizational decision support systems, systems disintermediation will result in failure, or extreme difficulty in developing data sharing structure.
- Poor Continuity of Operations and Disaster Management. Undocumented, non-standard systems are normally not fully documented, and often are not made available to the Organization’s IT Management or support operations. Thus, when disasters occur, there is a high risk of complete data loss in a disaster, or inability to quickly restore full services to the organization, customers, and general user base.
- There is also difficulty in data/systems portability. If/when a service provider fails to meet the expectation of the end user, decides to go out of business, or for some reason decides not to continue supporting the user, then the existing data and systems should be portable to another service provider (this is also within the NIST standard).
While there are certainly other considerations, this covers the main pain points disintermediation might present.
The next obvious question is how to best mitigate the condition. This is a more difficult issue than in the past, as it is now so easy to establish an account and resources through cloud companies with a simple credit card, or aggressive sales person. In addition, the organizational service provider must follow standard architectural and governance processes, which includes continual review and improvement cycles.
As technology and organization priorities change, so must the policies change to be aware of, and accommodate reasonable change. The end users must be fully aware of the products and services IT departments have to offer, and of course IT departments must have an aggressive sense of urgency in trying to respond and fulfill those requirements.
Responsibility falls in two areas; 1) Ensuring the organizational service provider is able to meet the needs of end users in a timely manner to assist the end user>, and 2) develop policies and processes which not only facilitate end user acquisition of resources, but also establishes accountability when those policies are not followed.
In addition, the organizational service provider must follow standard architectural and governance processes, which includes continual review and improvement cycles. As technology and organization priorities change, so must the policies change to be aware of, and accommodate reasonable change. The end users must be fully aware of the products and services IT departments have to offer, and of course IT departments must have an aggressive sense of urgency in trying to respond and fulfill those requirements.
