Originally IT in a bigger organization has been typically responsible for „all about software“ – todays software, app and platform market makes it impossible to have governance and support the huge variety and dynamic of tools, the business needs.

Software as a service and cloud products reduce administration, but also eliminate options to „manage“ features, processes or adaptations.

Also external partners demand own colleagues into platforms and tools, which can no longer be centrally handled – but how to keep the organization safe, secure, managed, supported…

How could a IT concept or strategy look like, that balances risk reduction and innovation, allows fast usage of modern tools without lacking data protection, cyber security and other relevant responsibilities (cost, education, change, integration…)

Here is a concept, I have tested and built together with our colleagues:

Full Service Layer (Status Quo)

• Complete IT ownership and governance of all systems
• Comprehensive security controls and compliance monitoring
• Full technical support with dedicated service desk
• Centralized procurement and licensing management
• Regular patching and updates managed by IT
• Standardized application portfolio with strict change management
• Complete data backup and disaster recovery solutions
• Enterprise-grade SLAs with vendors
• Thorough testing prior to deployment
• Comprehensive documentation and training

Social Service Layer (Community-Based)

• Hybrid governance model with shared responsibilities
• Risk-based security approach focusing on critical controls
• Peer support networks supplemented by expert escalation paths
• Community-based knowledge sharing via ESN (Enterprise Social Networks)
• Self-guided social learning with curated resources
• Managed cloud services with some user configuration freedom
• Approved application catalog with flexibility for business needs
• Lightweight change management focused on critical systems
• Data classification determining backup/recovery priorities
• Flexible vendor management with streamlined procurement

Self-Service Layer (User Responsibility)

• Clear acceptable use policies with minimal governance
• Self-attestation for security and compliance requirements
• Knowledge base and community forums as primary support
• User-managed cloud services and subscriptions
• Self-selected applications with business justification
• Personal responsibility for data backup and recovery
• Direct vendor relationships for support and licensing
• Shadow IT recognition with minimal security guardrails
• API-driven integration capabilities for user customization
• Cost transparency with business unit chargebacks

more details will follow soon – what is your first reaction?