2.1 Data Quality Determines Systems Success and Failure
1. Why was an EIS designed and implemented?
The EIS was designed to provide senior managers with internal and external data and key performance indicators (KPIs) that were relevant to their specific needs. 2. What problems did executives have with the EIS?
The executives found that half of the data generated from their EIS was irrelevant to corporate-level decision making concerning their Strategic Business Units (SBU) and that some of relevant timely data, crucial for decision making, was not available when and how they wanted them. 3. What were the two reasons for those EIS problems?
The application architecture was not designed for customized report generation. In the EIS system, the SBUs were reporting sales and revenue at different timeframes.
In addition, the user interfaces were too complicated to get to the required information; so much so, that the analysts had to first extract KPI-related data and then work on them for producing the information required by the executives. 4. How did the CIO improve the EIS?
The CIO put in place a dedicated team to design and develop a new system with a business-driven architecture instead of a financial reporting-driven architecture. The new system used standardized data formatting across the company, thus eliminating data inconsistencies. 5. What are the benefits of the new IT architecture?
The new system provided reliable KPI reports on inventory turns, cycle times, and profit margins of all SBUs. It was easy to modify reports, eliminating ad hoc analyses. There was a reduction in resources required for maintaining the system. EIS use by executives improved due to relatively reliable underlying data in the system. 6. What are the benefits of data governance?
Data formats are standardized, data inconsistencies eliminated, and therefore high-quality data that employees and business partners can trust and access on demand is provided. Improved data quality can bring benefits such as accurate sales forecasting and order processing, increased sales growth, a better customer experience, and greater customer loyalty and retention.
2.2 EA is Dynamic
2.3 Business Continuity with Virtualization
1. What business risks had Liberty Wines faced?
As their business grew, their IT facility could not handle the increased data volume. The systems were slow and required greater maintenance efforts. This meant loss of employee productivity, thus affecting its core business processes such as order processing and inventory management. By not providing the level of service that customers expect in a fast-paced environment or the ability to accommodate growth, they risked not only loss of future business but also the potential loss of current customers. 2. How does Liberty Wines’ IT infrastructure impact its competitive advantage?
By reducing costs (power, air conditioning, and hardware replacement), improving resilience and stability through a backup system, and speeding up business processes by enabling apps to run faster, the bottom line was improved and employees can provide better customer service with improved productivity. Further, future business growth can be accommodated easily and quickly. Each of these contribute to an advantage over competitors by reducing costs, improving service, and providing for future growth. 3. How did server virtualization benefit Liberty Wines and the environment?
Reducing the number of servers from 10 to 4, one being part of a backup system, caused a cut in power use and air conditioning costs of 60 percent, improving the bottom line and reducing the carbon footprint. Applications ran faster through better utilization which, in turn, resulted in better customer service and inventory management. Hardware replacement costs were cut by $69,500 and servers can be added easily and quickly when needed.
Information management is the use of IT tools and methods to collect, process, consolidate, store, and secure data from sources that are often fragmented and inconsistent. A modern organization needs to manage a variety of information which goes beyond the structured types like numbers and texts to include semi-structured and unstructured contents such as video and sound. The digital library includes content from social media, texts, photos, videos, music, documents, address books, events, and downloads. Maintaining—updating, expanding, porting—an organization’s digital library’s contents on a variety of platforms is the task of Information Management. Specifically, Information Management deals with how information is organized, stored, and secured, and the speed and ease with which it is captured, analyzed and reported.
2. Why do organizations still have information deficiency problems?
Over many decades, changes in technology and the information companies require, along with different management teams, changing priorities, and increases or decreases in IT investments as they compete with other demands on an organization’s budget, have all contributed. Other common reasons include: data silos (information trapped in departments’ databases), data lost or bypassed during transit, poorly designed user interfaces requiring extra effort from users, non-standardized data formats, and fast-moving changes in the type of information desired, particularly unstructured content, requiring expensive investments. 3. What is a data silo?
A data silo is one of the data deficiencies that can be addressed. It refers to the situation where the databases belonging to different functional units (e.g., departments) in an organization are not shared between the units because of a lack of integration. Data silos support a single function and therefore do not support the cross-functional needs of an organization. The lack of sharing and exchange of data between functional units raises issues regarding reliability and currency of data, requiring extensive verification to be trusted. Data silos exist when there is no overall IT architecture to guide IS investments, data coordination, and communication. 4. Explain KPIs and give an example.
KPIs are performance measurements. These measures demonstrate the effectiveness of a business process at achieving organizational goals. KPIs present data in easy-to-comprehend and comparison-ready formats. KPIs help reduce the complex nature of organizational performance to a small number of understandable measures. Examples of key comparisons are actual vs. budget, actual vs. forecasted, and this year vs. prior years. 5. What three factors are driving collaboration and information sharing?
Forrester (forrester.com) identified three factors driving the trend toward collaboration and information sharing technology. These are:
Global, mobile workforce (a growing number of employees telecommute)
Mobility-driven consumerization (cloud-based collaboration solutions are on the rise)
Principle of any (there is growing need to connect anybody anytime anywhere and on any device)
6. What are the business benefits of information management?
The following four benefits have been identified:
Improves decision quality (due to timely response using reliable data)
Improves the accuracy and reliability of management predictions (“what is going to happen” as opposed to financial reporting on “what has happened.”)
Reduces the risk of noncompliance (due to improved compliance with regulation resulting from better information quality and governance), and
Reduces the time and cost of locating relevant information (due to savings in time and effort through integration and optimization of repositories)
2.2 Enterprise Architecture and Data Governance
1. Explain the relationship between complexity and planning. Give an example.
As enterprise information systems become more complex, the importance of long-range IT planning increases dramatically. Companies cannot simply add storage, new apps, or data analytics on an as needed basis and expect those additions to work with the existing systems.
The relationship between complexity and planning is easier to see in physical things such as skyscrapers and transportation systems. If you are constructing a simple cabin in a remote area, you do not need a detailed plan for expansion or to make sure that the cabin fits into its environment. If you are building a simple, single-user, non-distributed system, you would not need a well-thought out growth plan either. Therefore, it is no longer feasible to manage big data, content from mobiles and social networks, and data in the cloud without the well-designed set of plans, or blueprint, provided by EA. The EA guides and controls software add-ons and upgrades, hardware, systems, networks, cloud services, and other digital technology investments. 2. Explain Enterprise architecture.
Enterprise architecture (EA) is the way IT systems and processes are structured. EA is an ongoing process of creating, maintaining, and leveraging IT. It helps to solve two critical challenges: where an organization is going and how it will get there. EA helps, or impedes, day-to-day operations and efforts to execute business strategy.
There are two problems that the EA is designed to address:
IT systems’ complexity. IT systems have become unmanageably complex and expensive to maintain.
Poor business alignment. Organizations find it difficult to keep their increasingly expensive IT systems aligned with business needs.
EA is the roadmap that is used for controlling the direction of IT investments and it is a significant item in long-range planning. It is the blueprint that guides the build out of overall IT capabilities consisting of four sub-architectures (see question 3). EA defines the vision, standards, and plan that guide the priorities, operations, and management of the IT systems supporting the business.
3. What are the four components of EA?
The four components are:
Business Architecture (the processes the business uses to meet its goals);
Application architecture (design of IS applications and their interactions);
Data architecture (organization and access of enterprise data);
Technical architecture (the hardware and software infrastructure that supports applications and their interactions)
4. What are the business benefits of EA?
EA cuts IT costs and increases productivity by giving decision makers access to information, insights, and ideas where and when they need them. EA determines an organization’s competitiveness, flexibility, and IT economics for the next decade and beyond. That is, it provides a long-term view of a company’s processes, systems, and technologies so that IT investments do not simply fulfill immediate needs.
EA helps align IT capabilities with business strategy—to grow, innovate, and respond to market demands, supported by an IT practice that is 100 percent in accord with business objectives. EA can reduce the risk of buying or building systems and enterprise apps that are incompatible or unnecessarily expensive to maintain and integrate. 5. How can EA maintain alignment between IT and business strategy?
EA starts with the organization’s target–where it is going—not with where it is. Once an organization identifies the strategic direction in which it is heading and the business drivers to which it is responding, this shared vision of the future will dictate changes in business, technical, information, and solutions architectures of the enterprise, assign priorities to those changes, and keep those changes grounded in business value. EA guides and controls software add-ons and upgrades, hardware, systems, networks, cloud services, and other digital technology investments which are aligned with the business strategy. 6. What are the two ways that data are used in an organization?
Data are used in an organization for running the business (transactional or operational use) and for improving the business (analytic use.) 7. What is the function of data governance?
Data governance is the process of creating and agreeing to standards and requirements for the collection, identification, storage, and use of data. The success of every data-driven strategy or marketing effort depends on data governance. Data governance policies must address structured, semi-structured, and unstructured data (discussed in Section 2.3) to ensure that insights can be trusted. Data governance allows managers to determine where their data originates, who owns them, and who is responsible for what—in order to know they can trust the available data when needed. Data governance is an enterprise-wide project because data cross boundaries and are used by people throughout the enterprise. 8. Why has interest in data governance and MDM increased?
As data sources and volumes continue to increase, so does the need to manage data as a strategic asset in order to extract its full value. Making business data consistent, trusted, and accessible across the enterprise is a critical first step in customer-centric business models. With appropriate data governance and MDM, managers are able to extract maximum value from their data, specifically by making better use of opportunities that are buried within behavioral data. Strong data governance is needed to manage the availability, usability, integrity, and security of the data used throughout the enterprise so that data are of sufficient quality to meet business needs. 9. What role does personal conflict or politics play in the success of data governance?
There may be a culture of distrust between technology and employees in an organization. To overcome this, there must be a genuine commitment to change. Such a commitment must come from senior management. A methodology, such as data governance, cannot solve people problems. It only provides a framework in which such problems can be solved.
2.3 Information Systems: The Basics
1. Contrast data, information, and knowledge.
Data, or raw data, refers to a basic description of products, customers, events, activities, and transactions that are recorded, classified, and stored. Data are the raw material from which information is produced and the quality, reliability and integrity of the data must be maintained for the information to be useful. Information is data that has been processed, organized, or put into context so that it has meaning and value to the person receiving it. Knowledge consists of data and/or information that have been processed, organized, and put into context to be meaningful, and to convey understanding, experience, accumulated learning, and expertise as they apply to a current problem or activity.
Define TPS and give an example. 2. Define TPS and give an example.
Transaction processing systems are designed to process specific types of data input from ongoing transactions. TPSs can be manual, as when data are typed into a form on a screen, or automated by using scanners or sensors to capture data.
Organizational data are processed by a TPS--sales orders, payroll, accounting, financial, marketing, purchasing, inventory control, etc. Transactions are either:
Internal transactions: Transactions that originate from within the organization or that occur within the organization. Examples are payroll, purchases, budget transfers, and payments (in accounting terms, they’re referred to as accounts payable).
External transactions: Transactions that originate from outside the organization, e.g., from customers, suppliers, regulators, distributors, and financing institutions.
TPSs are essential systems. Transactions that do not get captured can result in lost sales, dissatisfied customers, and many other types of data errors having financial impact. For example, if accounting issues a check as payment for an invoice (bill) and that check is cashed, if that transaction is not captured, the amount of cash on the financial statements is overstated, the invoice continues to show as unpaid, and the invoice may be paid a second time. Or if services are provided, but not recorded, the company loses that service revenue. 3. When is batch processing used?
Batch processing is used when there are multiple transactions which can be accumulated and processed at one time. These transactions are not as time sensitive as those that need to be processed in real time. The transactions may be collected for a day, a shift, or over another period of time, and then they are processed. Batch processing often is used to process payroll in a weekly or bi-weekly manner. Batch processing is less costly than real-time processing. 4. When are real-time processing capabilities needed?
Online transaction processing (OLTP), or real-time processing, is used when a system must be updated as each transaction occurs. The input device or website for entering transactions must be directly linked to the transaction processing system (TPS). This type of entry is used for more time sensitive data, such as reservation systems in which the user must know how many seats or rooms are available. 5. Explain why TPSs need to process incoming data before they are stored.
Processing improves data quality, which is important because reports and decisions are only as good as the data they are based on. As data is collected or captured, it is validated to detect and correct obvious errors and omissions. Data errors detected later may be difficult to correct or time-consuming. You can better understand the difficulty of detecting and correcting errors by considering identity theft. Victims of identity theft face enormous challenges and frustration trying to correct data about them. 6. Define MIS and DSS and give an example of each.
General purpose reporting systems are referred to as management information systems (MIS). Their objective is to provide reports to managers for tracking operations, monitoring, and control. MIS is used by middle managers in functional areas and provides routine information for planning, organizing, and controlling operations. Types of reports include:
Periodic: reports created to run according to a pre-set schedule, such as daily, weekly, and quarterly. Exception: reports generated only when something is outside the norm, either higher or lower than expected. An example might be increased sales in a hardware store prior to a hurricane.
Ad hoc, or on demand, reports are unplanned reports generated as needed. Decision support systems (DSS) are interactive applications that support decision making. Configurations of a DSS range from relatively simple applications that support a single user to complex enterprise-wide systems. A DSS can support the analysis and solution of a specific problem, to evaluate a strategic opportunity, or to support ongoing operations. These systems support unstructured and semi-structured decisions, such as whether to make-or-buy-or-outsource products, or what new products to develop and introduce into existing markets.
Decision support systems are used by decision makers and managers to combine models and data to solve semi-structured and unstructured problems with user involvement. To provide such support, DSSs have certain characteristics to support the decision maker and the decision making process. Three defining characteristics of DSSs are:
an easy-to-use interactive interface
models that enable sensitivity analysis, what if analysis, goal seeking, and risk analysis
data from multiple sources - internal and external sources plus data added by the decision maker who may have insights relevant to the decision situation.
Having models is what distinguishes DSS from MIS. Some models are developed by end users through an interactive and iterative process. Decision makers can manipulate models to conduct experiments and sensitivity analyses, such as what-if, and goal-seeking. What-if analysis refers to changing assumptions or data in the model to see the impacts of the changes on the outcome. For example, if sales forecasts are based on a 5 percent increase in customer demand, a what if analysis would replace the 5 percent with higher and/or lower demand estimates to determine what would happen to sales if the demands were different. With goal seeking, the decision maker has a specific outcome in mind and needs to figure out how that outcome could be achieved and whether it’s feasible to achieve that desired outcome. A DSS also can estimate the risk of alternative strategies or actions. California Pizza Kitchen (CPK) uses a DSS to support inventory decisions. CPK has 77 restaurants located in various states in the U.S. Maintaining inventory of all restaurants at optimal levels was challenging and time-consuming. A DSS has made it easy for the managers to keep records updated and make decisions. Many CPK restaurants increased sales by 5 percent after implementing a DSS. 7. Why are databases inappropriate for doing data analysis?
Databases are used for recording and processing transactions. Due to the number of transactions, the data in the databases are constantly in a state of change making it difficult to use for complex decision making.
2.4 Data Centers, Cloud Computing, and Virtualization
1. What is a data center?
A data center consists of a large number of network servers (Figure 2.13) used for the storage, processing, management, distribution, and archiving of data, systems, Web traffic, services, and enterprise applications. Data center also refers to the building or facility that houses the servers and equipment. 2. Describe cloud computing.
Cloud computing is the general term for infrastructures that use the Internet and private networks to access, share, and deliver computing resources. 3. What is the difference between data centers and cloud computing?
A main difference between a cloud and data center is that a cloud is an off-premise form of computing that stores data on the Internet. In contrast, a data center refers to on-premises hardware and equipment that store data within an organization’s local network. Cloud services are outsourced to a third-party cloud provider who manages the updates, security, and ongoing maintenance. Data centers are typically run by an in-house IT department. A data center is owned by the company. Since only the company owns the infrastructure, a data center is more suitable for organizations that run many different types of applications and have complex workloads. A data center, like a factory, has limited capacity. Once it is built, the amount of storage and the workload the center can handle does not change without purchasing and installing more equipment. A data center is physically connected to a local network, which makes it easier to restrict access to apps and information by only authorized, company-approved people and equipment. However, the cloud is accessible by anyone with the proper credentials and Internet connection. This accessibility arrangement increases exposure to company data at many more entry and exit points. Cloud computing is the delivery of computing and storage resources as a service to end-users over a network. With cloud computing, shared resources (such as hard drives for storage) and software apps are provided to computers and other devices on-demand, like a public utility. That is, it’s similar to electricity - a utility that companies have available to them on-demand and pay for it based on usage. Cloud systems are scalable. That is, they can be adjusted to meet changes in business needs. A drawback of the cloud is control because a third party manages it. Companies do not have as much control as they do with a data center. 4. What are the benefits of cloud computing?
Answers may vary. Many IT infrastructures are extremely expensive to manage and too complex to easily adapt. Because cloud computing resources are scalable “on demand”, this increases IT agility and responsiveness. In a business world where first movers gain the advantage, IT responsiveness and agility provide a competitive edge. Access to data in the cloud is possible via any device that can access the Internet, allowing users to be more responsive and productive. Cloud services are outsourced to a third-party cloud provider who manages the updates, security, and ongoing maintenance, including backups and disaster recovery, relieving this burden from the business. The business saves the costs of increased staff, power consumption, and disposal of discontinued hardware. Additionally, cloud services significantly reduce IT costs and complexity through improved workload optimization and service delivery. 5. How can cloud computing solve the problem of managing software licenses?
Cloud computing makes it more affordable for companies to use services that in the past would have been packaged as software and required buying, installing and maintaining on any number of individual machines. A major type of service available via the cloud is called software as a service, or SaaS. Because applications are hosted by vendors and provided on demand, rather than via physical installations or seat licenses (a key characteristic of cloud computing), applications are accessed online through a Web browser instead of stored on a computer. Companies pay only for the computing resources or services they use. Vendors handle the upgrades and companies do not purchase or manage software licenses. They simply pay for the number of concurrent users. 6. What is an SLA? Why are SLAs important?
An SLA is a negotiated agreement between a company and service provider that can be a legally binding contract or an informal contract. An SLA serves “as a means of formally documenting the service(s), performance expectations, responsibilities, and limits between cloud service providers and their users. A typical SLA describes levels of service using various attributes such as: availability, serviceability, performance, operations, billing, and penalties associated with violations of such attributes.” (Cloud Standards Customer Council, 2012, pp. 5–6.) 7. What factors should be considered when selecting a cloud vendor or provider?
From Table 2.5:
Examples of Questions to Be Addressed
What are the estimated server delays and network delays?
What is the volume of data and processing that can be handled during a specific amount of time?
What are the costs associated with workloads across multiple cloud computing platforms?
How are data and networks secured against attacks? Are data encrypted and how strong is the encryption? What are network security practices?
Disaster recovery and business continuity
How is service outage defined? What level of redundancy is in place to minimize outages, including backup services in different geographical regions? If a natural disaster or outage occurs, how will cloud services be continued?
Does the vendor have expertise in your industry or and understanding business processes? Does the vendor understand what you need to do and have the technical expertise to fulfill those obligations?
Insurance in case of failure
Does the vendor provide cloud insurance to mitigate user losses in case of service failure or damage? This is a new and important concept.
Third-party audit, or an unbiased assessment of the ability to rely on the service provided by the vendor
Can the vendor show objective proof with an audit that it can live up to the promises it is making?
8. When are private clouds used instead of public clouds?
Companies or government agencies set up their own private clouds when they need stronger security and control for regulated industries and critical data. 9. Explain three issues that need to be addressed when moving to cloud computing or services.
Issues that need to be addressed when moving to public cloud computing or services include: Infrastructure issues – Cloud computing runs on a shared infrastructure so there is less customization for a company’s specific requirements. The network and WAN (wide area network) become more critical in the IT infrastructure. Network bandwidth is also an issue as enough is needed to support the increase in network traffic. With cloud computing, it may be more difficult to get to the root of performance problems, like the unplanned outages that occurred with Google’s Gmail and Workday’s human resources apps. The trade-off is cost vs. control. Disruption issues – There is a risk of disrupting operations or customers in the process of moving operations to the cloud. Management issues – Putting part of the IT architecture or workload into the cloud requires different management approaches, different IT skills, and knowing how to manage vendor relationships and contracts. (The astute student may also describe the following:
Strategic issues such as deciding which workloads to export to the cloud; which set of standards to follow for cloud computing; how to resolve privacy and security issues; and how departments or business units will get new IT resources.) 10. How does a virtual machine (VM) function?
A virtual machine (VM) is a software layer that runs its own Operating System (OS) and apps as if it were a physical computer. A VM behaves exactly like a physical computer and contains its own virtual (software based) CPU, RAM, hard drive and Network Interface Card. An OS cannot tell the difference between a VM and a physical machine, nor can apps or other computers on a network tell the difference. (See Fig 2.13 for details) 11. Explain virtualization.
Virtualization is a concept that has several meanings in IT and therefore several definitions. The major type of virtualization is hardware virtualization, which remains popular and widely used. Virtualization is often key part of an enterprise’s disaster recovery plan. In general, virtualization separates business applications and data from hardware resources. This separation allows companies to pool hardware resources—rather than to dedicate servers to applications—and assign those resources to applications as needed. The major types of virtualization are the following:
Storage virtualization is the pooling of physical storage from multiple network storage devices into what appears to be a single storage device that is managed from a central console.
Network virtualization combines the available resources in a network by splitting the network load into manageable parts, each of which can be assigned (or reassigned) to a particular server on the network.
Hardware virtualization is the use of software to emulate hardware or a total computer environment other than the one the software is actually running in. It allows a piece of hardware to run multiple operating system images at once. This kind of software is sometimes known as a virtual machine.
Virtualization increases the flexibility of IT assets, allowing companies to consolidate IT infrastructure, reduce maintenance and administration costs, and prepare for strategic IT initiatives. Virtualization is not primarily about cost-cutting, which is tactical reason. More importantly, for strategic reasons, virtualization is used because it enables flexible sourcing, and cloud computing.
12. What are the characteristics and benefits of virtualization?
Memory-intensive: VMs need a huge amount of RAM (random access memory, or primary memory) because of their massive processing requirements. Energy-efficient: VMs minimize energy consumed running and cooling servers in the data center— representing up to a 95 percent reduction in energy use per server. Scalability and load balancing: Virtualization provides load balancing to handle the demand for requests to the site. The VMware infrastructure automatically distributes the load across a cluster of physical servers to ensure the maximum performance of all running VMs. 13. When is load balancing important?
When a big event happens, such as the Super Bowl, millions of people hit a Web site at the same time. Virtualization provides load balancing to handle the demand for requests to the site. Load balancing is key to solving many of today’s IT challenges.
2.5 Virtualization and VM (Virtual Machines)
1. What is SaaS?
Any software that is provided on demand is referred to as software as a service, or SaaS.
SaaS is a widely used model in which software is available to users as needed. Specifically, in SaaS, a service provider hosts the application at its data center and customers access it via a standard Web browser. Other terms for SaaS are on-demand computing and hosted services. The idea is basically the same: Instead of buying and installing expensive packaged enterprise applications, users can access software apps over a network, with an Internet browser being the only necessity. A SaaS provider licenses an application to customers either on-demand, through a subscription, based on usage (pay-as-you-go), or increasingly at no cost when the opportunity exists to generate revenue from advertisements or through other methods. 2. Describe the cloud computing stack.
The cloud computing stack consists of the following three categories:
SaaS apps are designed for end-users.
PaaS is a set of tools and services that make coding and deploying these apps faster and more efficient.
IaaS consists of hardware and software that power computing resources— servers, storage, operating systems, and networks.
See Figure 2.19 for a graphical representation. 3. What is PaaS?
PaaS provides a standard unified platform for app development, testing, and deployment, thus benefiting software development. This computing platform allows the creation of Web applications quickly and easily without the complexity of buying and maintaining the underlying infrastructure. Without PaaS, the cost of developing some apps would be prohibitive. The trend is for PaaS to be combined with IaaS. 4. What is IaaS?
Infrastructure as a service (IaaS) is a way of delivering cloud computing infrastructure as an on-demand service. Rather than purchasing servers, software, data center space, or networks, companies instead buy all computing resources as a fully outsourced service. 5. Why is DaaS growing in popularity?
The DaaS model is growing in popularity as data become more complex, difficult, and expensive to maintain. Data as a service (DaaS) enables data to be shared among clouds, systems, apps, and so on regardless of the data source or where they are stored. DaaS makes it easier for data architects to select data from different pools, filter out sensitive data, and make the remaining data available on-demand. A key benefit of DaaS is the elimination of the risks and burdens of data management to a third-party cloud provider. 6. How might companies risk violating regulation or compliance requirements with cloud services?
Companies are frequently adopting software, platform, infrastructure, data management and starting to embrace mobility as a service and big data as a service because they typically no longer have to worry about the costs of buying, maintaining, or updating their own data servers. Regulations mandate that confidential data be protected regardless of whether the data are on-premises on in the cloud. Therefore, a company’s legal department needs to get involved in these IT decisions. Put simply, moving to cloud services is not simply an IT decision because the stakes around legal and compliance issues are very high.