easyJet: IT shouldn’t block business users from buying SaaS apps

Bert Craven, enterprise architect at the airline, believes the benefits outweigh the risks

Bert Craven, enterprise architect at easyJet, has said that IT departments should loosen their controls and let business users buy and deploy software-as-a-service (Saas) applications in order to drive innovation.

He believes that IT should always secure and ring-fence core systems that are vital to the business' operations, but it shouldn't block tech-savvy business employees trying to deliver value through the public cloud.

"There have been secret PCs under people's desks as long as there have been PCs - stuff that IT didn't know about. IT has to decide the level of control that it really needs, not the level of control that it wants," Craven told Computerworld UK.

"Lots of IT departments want to control everything, but we should be asking ourselves: what is the bare minimum of control and governance that we need to exert to make sure that nobody gets fired?"

He added: "You can only control so much and ultimately there are very determined people that will find a way around you, because it's getting easier to buy stuff in the cloud. If you give everybody a little bit of freedom it's far more beneficial."

Craven's comments come off the back of a Forrester and Microsoft report that has been released this week that finds that there are an increasing number of cloud projects coming out of businesses that are not driven out of the IT function. The report describes the business people driving these innovative projects as 'change agents', who are finding value for their company independently of IT, in the cloud.

Computerworld UK also spoke to Rob Fraser, CTO of cloud services at Microsoft, who said that these public cloud projects are almost always focused on applications and are important for companies if they want to drive business value.

"We have been finding ourselves engaging with a broader range of characters within the organisation, whether that be CMOs, product designers or heads of business lines," said Fraser.

"Change agents are having an important impact in terms of being able to deliver business transformation and real value in the cloud. SaaS is being used as an important and effective tool in fostering innovation and business transformation in the company."

He added: "These projects are exclusively focused on applications, which reinforces the idea that the business doesn't really care about infrastructure, what they care about is functionality."

easyJet's Craven urged other businesses to consider developing a set of APIs that that allowed 'change agents' to go off and buy SaaS that can be easily integrated into the company's core systems.

"At easyJet there are things that are the absolute crown jewels of the business that are for very good reason completely ring-fenced - for example, our engineering system, our aircraft information management system, our reservation system. These are systems where hours of downtime mean our organisation grinds to a halt," he said.

"If you do these core things well and surround them with a rich set of APIs so that the marketing department can go off and find a third party to build some mobile apps, why shouldn't they? That's not our core business."

He added: "I don't want to go out and hire twenty iPhone developers. We have got a company in Ireland - I'm not even sure who they are - but they turn out a damn good app once a month and we just plug them into our API."

But how does easyJet control this without creating a sprawl of applications in the public cloud that link to its IT estate but isn't being run through the IT department itself? Craven said that easyJet doesn't even have a policy of employees needing to ask the IT department's permission to go to the cloud, but insists that it inevitably ends up getting involved because it has created a culture where business units don't feel scared to tell IT what it is doing.

"We do governance but we do it in the lightest possible way, with a minimum amount of friction placed on the organisation. I've never heard it phrased as 'they've got to come to us first', but they come to us because they know once that the app is up and running, if something goes wrong with it, the end-users will phone the helpdesk. If the helpdesk have never heard of it, that looks bad," he said.

"We have built an ecosystem using cloud that fosters innovation. If you do this then nobody feels the need to bypass you - you are the enabler and not the blocker."

It was revealed last year that EasyJet had completed the roll-out of a new website content management system designed to help convert more website visits to sales and 49 percent of all UK adults with internet access visited the site in the first quarter of 2012.

Join the CSO newsletter!

Error: Please check your email address.

Tags infrastructureapplicationsMicrosoftsecuritysoftwarecloud computinginternetIT Business

More about Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Derek du Preez

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place