BPM and the cloud: Steve Weissman goes beyond the hype
By Peter Schooff, Contributing Editor, ebizQ
Editor's Note: In this Q & A, consultant Steve Weissman talks with ebizQ's Peter Schooff about roles, responsibilities and other management issues involved in moving to cloud-based BPM. Weissman is principal analyst at the Holly Group, a consulting firm specializing in content, process and information management. The Q & A, excerpted from a longer podcast, has been edited for clarity, length and editorial style.
ebizQ: What are some of the opportunities and challenges that you've come across associated with using cloud-based BPM tools and platforms?
The opportunities there sound like a marketing brochure because that's really what it's about. Looking to the cloud for solutions is really a good idea. It's a great way to save money, time and effort when it comes to managing systems and the administering them, so that's sort of the usual pattern.
The challenge, though, is still the same challenge that it's always been in my mind, which is really understanding what the cloud is and what it isn't, so that you match it up with your own needs. I'd like to say that's the usual information management pattern, the way the other is the usual cloud pattern. But I still see many, many disconnects where organizations tend to think the cloud is the answer to all their issues when, in fact, they really haven't got their arms around what their issues are--so nothing, really, would be a great solution.
ebizQ: What are some of the best practices for managing BPM in the cloud? Would you say they're very different from on-site BPM, standard BPM?
No, they've got to be virtually the same. I say that because they're your
business processes. They're not the cloud vendor's. They're not anybody else's. They're yours. No one's going to understand them better than you do. Nobody is going to suffer the fallout from something going awry the way you will.
So whether the system that's managing this is in the cloud or on the ground, as I guess you'd call it, you have to approach it the same way. You have to understand the roles and responsibilities of the people that you're trying to enable. You have to understand the business rules they need to adhere to, which are the business rules of your organization. And you have to orchestrate the system to match all that.
It all sounds really easy. But it's why I make a living doing training because, in practice, it's different from one organization to the next.
ebizQ: How would you define the roles and responsibilities involved with doing BPM in the cloud?
Well, again, it's the same as doing it on the ground. You have to understand what people you have and what they do, what they are tasked with doing, maybe what you want them to be doing.
[For example,] do you want them to do other things so that allowing them to get their usual jobs done more effectively would allow more time for that? Do the jobs need to be assigned to individuals? Or can they be parsed out according to the roles those individuals play--for instance, at a help desk or customer service organization? [In such cases,] the calls come in and whoever's free gets the next call because that's very much done by function rather than individual.
There are responsibilities to the organization, [so] we need to talk a little bit about governance. There is also an added wrinkle, though, when you're talking about things in the cloud; it has to do with managing the relationship with the cloud service provider.
It's a little bit different than dealing with your own IT group. Even though the issues may be the same, the fact that they're not under your direct control can sometimes present situations that need to be dealt with differently because you can't necessarily just issue an order to your provider the way you would your IT director.
ebizQ: How about policies? What types of policies do you think need to be enforced?
As part of the training course I'm developing right now, I'm actually wrestling with that very thing--about how to chunk this up into bite-size bits. That's because it can be quite overwhelming and it's hard to separate the threads.
Fundamentally, this is all about protecting and securing both systems and data. Especially in the cloud, the privacy issues surrounding the movement of data become that much more acute. The enforcement of the policies [addresses questions such as] who gets access to systems under what circumstances...[and]whether [the data] is allowed to leave the organization or not.
If the answer is "No, it has to stay in-house"-well, does that make the cloud service provider part of your in-house operation? It does, but it's not really your in-house operation, so there's an extra wrinkle there, too. If there's a security breach at the cloud provider, you may have a policy that says "we have taken certain steps to ensure that that can't happen and here's what happens if it does." Well, [the cloud provider] isn't you--so who's ultimately responsible?
Things like that get a little trickier when you're talking about using the cloud. But the fundamental need for policy is identical, so part of what we're wrestling with here is how to do what you need to do--but somehow have it take effect for things beyond your own borders.
Have you moved your processes to the cloud? If so, which ones? If not, why not? ebizQ's editors would love to hear about your experiences with cloud-based BPM. Please contact Site Editor Anne Stuart at email@example.com.
About the Author
Peter Schooff is a former contributing editor for ebizQ, where he also managed the ebizQ Forum for several years. Previously, Peter managed the database operations for a major cigar company, served as writer/editor of an early Internet entertainment site and developed a computer accounting system for several retail stores. Peter can be reached at firstname.lastname@example.org.More by Peter Schooff
ebizQ is the insiderís guide to next-generation business process management. We offer a growing collection of independent editorial articles on BPM trends, issues, challenges and solutions, all targeted to business and IT BPM professionals.
We cover BPM standards, governance, technology and continuous process improvement, as well as process discovery, modeling, simulation and optimization, among many other areas. We follow case management, decision management, business rules management, operational intelligence, complex event processing and other related topics. We closely track important trends such as the rise of social BPM, mobile BPM and BPM in the cloud. We also explore BPMís use in functional areas, such as supply chain and customer management, and in key verticals, such as financial services, health care, insurance and government.
ebizQ's other BPM-oriented content includes podcasts, webcasts, webinars, white papers, a variety of expert blogs, a lively online forum and much more.