The eternal search for IT simplicity
Article by Zscaler regional vice president and country manager for A/NZ Steve Singer.
It was Steve Jobs who once said: “simple can be harder than complex”.
“You have to work hard to get your thinking clean to make it simple,” Jobs told BusinessWeek. “But it’s worth it in the end because once you get there, you can move mountains.”
It’s a familiar challenge for many IT leaders. A decade ago, when IT had much more control over its environment and strategic direction, simplicity (or at least, killing off complexity) was a desirable endgame — if not one that was difficult to achieve.
Through the middle of the last decade, many large organisations embarked on simplification projects, consolidating sprawling app estates to a single company-wide platform running off a single technology stack.
But even these projects ran into complexity. Different business units were notorious for believing their needs to be unique, requiring customisation and deviation from out-of-the-box configurations. Too many of these were delivered too late, and a simple, single-stack structure became complex.
More recently, the cloud and the mass shift to remote working has tipped the scales further from simplicity and back towards complexity. To mitigate this newfound complexity, it’s important first to understand what has caused it.
In the age of the cloud, IT decision-making is no longer the sole preserve of the IT department; decisions now involve many stakeholders.
Often, individual departments make technology decisions centred around the needs of their immediate users, which leads to the creation of silos of divergent technologies within the company. These silos come with their own specific set of requirements, making administration more complex.
Additionally, internal budgets are often allocated on a project-by-project basis, leading to several internal instances of disparate tools that address the same business problem across different departments.
Letting the business make cloud purchases, independent of any overarching strategy, is a bad idea. Instead, companies must switch to an approach covering all the required business cases and bringing all departments together at the same table.
It may still be that running multiple instances of one cloud system is desirable. Multi-instance setups are often necessary to ringfence billable costs incurred on a particular piece of work. But multiple instances will still benefit from a single governance framework as well as a standard configuration, security setup and access controls.
Simplicity, in this context, is achieved at the management layer, even if the environment underneath is somewhat complex.
The changing workplace
Ways of working and workplace setups are now much more complex.
When companies were forced to relocate their employees to home offices, they needed to check who could securely access the applications they needed and from which devices.
Remote access can have a lot of moving parts. For example, end-users often use different devices and setups to gain remote access. There also may not be one team internally that has end-end responsibility or oversight. While this is changing, most organisations still require the input of multiple IT people and teams to set up each employee with high-performing, secure access to the applications they need.
Faced with the need to provide fast and secure access rights, companies are starting to question how they deliver desktop computing services to users — wherever those users happen to be.
Organisations are looking to return to standardised processes that encompass the entire holistic construct of applications and networking and connectivity needs, as well as security. They need to find an alternative that doesn’t simply force them from one complex infrastructure scenario into another.
A two-pronged approach
Simplification involves establishing a direct and secure internet connection between users and applications — regardless of where the application is hosted or how the user is accessing it. Each user is granted access only to the applications they need, rather than the entire network, and access rights are monitored via the user identity and authentication.
Companies should also consider standardising their cloud environments. A cloud security posture management solution can help ensure ‘global’ guidelines are deployed across multiple clouds in a consistent and automated way. This will then allow companies to achieve the degree of standardisation that they are looking for.