The adoption of cloud computing has significantly increased across organizations with a direct impact on internal roles, responsibilities, and processes. To fully experience the benefits of cloud computing, enterprises need to evolve its processes, realign roles, and responsibilities ensuring a ‘fit for purpose’ for application estates sitting on the Cloud. Redefining governance policies & processes will help to manage cloud infrastructure, applications, security & operations efficiently. Limited clarity or lack of governance policies may lead to the enterprise-facing budget overrun, non-compliant processes, and delayed completion in the project.
Various motivators drive implementation of cloud adoption such as agility, improved experience, reduced cost, new business opportunities, and improved productivity. Understanding these drivers forms the foundation of a successful transformation journey. These drivers feed inputs to the process of setting up the cloud governance framework for an organization. This framework establishes guiding principles and policies to run an organization’s cloud-enabled environment. The cloud governance framework broadly defines processes for financial, services, security/compliance, data strategy, architectural & change management.
Cloud governance framework
There are six fundamental elements of a cloud governance framework.
The financial element of any transformation program is vital for its success. Financial governance combines the key performance indicators (KPIs) of the business and cost inputs of the solution in a granular fashion to allow a matrixed approach to review and evaluate their economic benefits. This governance model defines controls for account management focusing on impacted budget areas, current addressable spend, existing return on investment (ROI) and total cost of ownership (TCO), licensing agreements with third-party providers such as Cloud Service Provider (CSP) and delivered outcomes.
Services definition and catalog integration empower an organization’s cloud enablement initiatives. Lightweight public cloud services from different providers offer a multitude of services as different endpoints. Services governance defines the approach to how services are composed, exposed, and managed in line with an organization’s strategic requirements. Additionally, it prioritizes the list of services to enable and define service catalog capabilities and outcomes.
Developing or refining a cloud data management strategy is critical if the business heavily relies on the cloud. The Data Strategy defines the approach to how data is managed, grouped, stored, secured and accessed in the context of the cloud. The data governance process defines how metadata is captured, lineage is tracked, and data compliance is ensured. It also defines cloud foundation for data, which not only addresses data resiliency and storage requirements concerns, but also defines more futuristic capabilities to build data lake for business insight, machine learning and artificial intelligence (AI) for digital transformation.
The Cloud is an open ground and comes with shared responsibilities requirements. The cybersecurity landscape is rapidly changing with new threats and vulnerabilities emerging daily. This makes it critical to define governance processes for protecting data against cyber threats, supporting regulatory compliance, protecting customers’ privacy, and setting authentication rules for individual users and devices. From authenticating access to filtering traffic, cloud security can be configured and managed to support the exact needs of the business, reducing overhead administration costs.
Cloud architecture governance needs to be in place to adopt best practices and should align with enterprise architecture governance. Additionally, there should be a greater focus on whitelisting CSP services to use in applications and identifying a region or zone to host applications based on compliance guidelines.
Change Management Governance
Cloud adoption leads to changes in development, delivery, and operational processes. Traditional development process alternates into to DevSecOps, a delivery model that changes from monolithic to product/services-based delivery to application architecture pattern changes from vertical to horizontal scaling. These changes enforce cohesive responsibility and lead to overlapping roles and increased automation. The governance framework defines processes for responsibilities sharing, skills set to role mapping, automation for configuration changes, deployment (blue/green), testing (canary) and rollback to prevent failure.
It is a best practice to start with a simple governance framework and expand as cloud adoption increases, verifying the framework at each stage. It is important to capture and reuse best practices, processes and communication mechanisms both within the organization and outside of partners and Cloud Service Providers. The governance framework implements actionable policies to run applications across all cloud providers in a hassle-free manner. Cloud governance maturity is defined as the degree of governance enablement across the Cloud life cycle phases – plan, procure, provision & operate. It is measured based on the resulting outcome in the form of cost, resource, risk and value optimization.