Skip to main content

The modern information technology ecosystem revolves around ensuring user and business needs are met and creating the best user experience with technology and IT services, but within the confines of business, compliance and market conditions. The ever-changing technology landscape, lean budgets and tightening compliance requirements make these IT goals harder to achieve. There is a risk of stagnation and continuous struggle towards goals unless a culture of continuous improvement (Deming cycle – PDCA, Plan Do Check Act) and innovation is at the core of an IT organization.

Blending in-house capabilities with external capabilities (like cloud computing) offers the best chance and approach for guaranteed IT success. Finding an optimal blend is an art, and a thorough assessment of capabilities and limitations should be conducted with experts and their partners. Understanding the roots of “information” in “information technology” may be a good start. This can help in measuring local capabilities and augment them with acquired ones.

Even though dated, COBIT 4.1® defined the “information criteria” which remains relevant today:

Information criteria 

Goal 

Effectiveness 

Relevant and pertinent information delivered in a timely, correct, consistent and usable manner. 

 

Efficiency 

 

Provision of information technology through the optimal (most productive and cost-effective) use of resources 

Confidentiality 

Concerns the protection of sensitive information from unauthorized disclosure. 

 

Integrity 

 

Relates to the accuracy and completeness of information and its validity in accordance with business values and expectations. 

 

Availability 

 

Information availability at the right place and time. It also concerns the safeguarding of necessary resources and associated capabilities. 

 

Compliance 

 

Deals with internal and external compliance, laws and regulations. 

 

Reliability 

 

Relates to the provision of appropriate information for management to operate the entity and exercise its fiduciary and governance responsibilities.

 Reference: COBIT 4.1 (ISACA Framework) 

There are well established frameworks, best practices, certifications and guidelines to achieve each of the above criteria and goals. These provide a certain level of assurance that IT service goals can be met, hence must be embedded into the IT strategy, delivery and operations. Examples (to name few): ITIL®, ISO/IEC 20000®, ISO 27001® COBIT 2019®, NIST 800-53, TOGAF® and SOC 2®.  

The overall goal is to ensure technology capability is augmented with delivery capability to create the best user experience and business outcomes.

Technology capability: 
Compute, storage, network and devices, etc.

Delivery capability:
Meet all information criteria, service management (
Standards, best practices, compliance, maturity) 

= 

Optimal user-experience 

business alignment 

Cloud computing complements the local information technology (on-premises) capabilities in the areas of technology and delivery. In fact, cloud service providers routinely report and publish evidence of these capabilities. (Example: AWS Artifact Repository and AWS STAR registry). Contractual service level agreements (SLAs), compliance, trust (assurance, transparency and accountability) and continuous improvement are built into well-designed cloud delivery and service models. It is extremely complex, resource intensive and costly for local IT organizations to achieve the same level of maturity and compliance, which is inherent to cloud computing service providers.

As local information technology teams focus on business alignment, converting user needs into technology delivery models and innovation, infusing cloud computing into the delivery of IT capabilities ensures service quality and optimal user experience.

Unfortunately, the DIY model has a higher risk and probability of missed end-user experience goals. The following is a sample of typical IT-centric responses, where user experience is often overlooked in favor of technology and costs:

  • Cloud is expensive, we can do it for less.
  • We have highly qualified technical staff.
  • We already have a large virtualization farm.
  • We get deep vendor discounts for infrastructure.

Keeping user experience and business alignment (information criteria) at the center will help reinforce the strategic decision of blending cloud computing in the local IT ecosystem.

In conclusion, as users’ needs and experiences are at the forefront of every information technology decision, stakeholders must find ways to continuously improve, innovate and leverage proven, flexible, cost effective, compliant, predictable and repeatable computing methods such as cloud computing!

Rajesh Srivastava, CISA, CGEIT, CRISC, PMP, cloud product manager at 3M Health Information Systems.