As we all know, the migration from IT operating in traditional data centers to cloud services adoption has been an ever-increasing topic of discussion. For the past decade, the concept of the cloud has been evolving into a more palatable alternative for many organizations. Data centers were initially the core of everything IT. This is now changing as companies have truly discovered the benefits of using cloud services and dispelled the myths around the aspect of security when referencing cloud adoption.
Because of the increasing use of cloud technology, the business of IT from a process perspective is changing. Though the same roles are still applicable, the way in which these core responsibilities are carried out has altered. It is insufficient to have only a documented cloud strategy. Moreover, organizations need to define the governance that will control how they will operate in the cloud.
The Importance of Defining Your Cloud Governance
Cloud technology has facilitated creating and managing product change. The idea of Continuous Delivery/Continuous Integration (CI/CD) is possible by various cloud-based technologies. This ease of development, testing, and deployment has enabled the immense power of many profitable startups. Cloud technology enabled these companies to begin their software development lifecycles virtually immediately and have products to customers in a fraction of the time it would take with traditional IT.
Establishing a governance framework as an integral part of a cloud strategy provides clarity as cloud technology matures.
This almost instant return on investment is a major reason that cloud technology adoption is a great fit from a financial perspective. However, the almost instant return does have its drawback. How to audit and control the effort needed to make things happen can sometimes be an afterthought. As many of us have determined, the longer we use cloud platforms, the more we learn and refine the associated processes.
The Cloud Governance Framework
The governance framework can offer many vantage points. My focus will be regarding local IT processes – sustainment and change management. This is where most organizations discover their need to implement a governance framework. Daily operational processes will change after completed transition from the data center into a particular cloud service provider (CSP). Additionally, the increased granularity offered by most CSP Identity and Access Management (IAM) features opens the door to increased access control and separation of duties more than ever. Here is where local IT roles and responsibilities are overlaid with country laws, governing body directives, and organizational policies.
A governance framework or model should be established that can be repeated at every organizational level. Changed only by the context in which the model or framework is applied. The objective of cloud adoption should be not only to derive as much freedom from the instant ability to enact but also integrate governance into that same freedom. In a perfect cloud world, doing is only free to occur if it meets previously defined parameters. Activities such as sustainment and change management should be governed by already established policies. That means the organizational policies that found the governance framework should be established from the start.
Applying the Framework Going Forward
Creating a governance framework is easily attainable. There are many resources that can assist you in defining your specific use case. Starting with a basic framework is the optimal approach. A more organizational specific and detailed framework can be established from the basic model. The diagram below depicts a basic governance model that can be used to iterate into a more detailed, repeatable framework.
Though highly simplified, this model can provide a foundation that any organization could apply to their specific use case. By taking each area in the model and expanding upon it, an organization could establish a well-defined governance framework. The benefits of completing this exercise in addition to a cloud strategy are enormous and will provide a solid foundation for cloud governance. As an added bonus, it could also eliminate some major process changes as an organization’s cloud adoption matures.
Additional Cloud Governance Resources
For further investigation, check out this excellent video by Skyhigh Networks now owned by McAfee. It is an excellent walkthrough on implementing cloud governance.
