Use of the cloud is quickly growing among organisations worldwide and the need to understand the technology and implement governance is vital. Every organisation requires a unique strategy to implement a cloud system, but many don’t realise the need to create a governance plan from the outset – rather than control, it provides the tools needed to optimise applications through cloud technology.
So how do we go about creating governance plans? The IT industry as a whole needs to help highlight relevant tools and best practices for companies looking to transition to cloud platforms. Many methodologies currently exist, but it can be difficult for organisations to choose which one to use, from the highly structured ITIL to the more agile DevOps approach, or any combination in between.
The managed service providers’ ecosystem should continue to build appropriate products and services that help IT organisations implement good cloud governance, something that differs from ‘traditional’ models of IT governance. A key challenge is balancing risk management, cloud governance and compliance, while maintaining the flexibility and agility cloud can provide, which is what many were seeking in the first place when considering cloud!
Would you like to know more about the Cloud?
Then take a look at our whitepaper "Companies in the Cloud".
Here you will find all the important information about cloud computing
and what this technology means for your company.
When entering into cloud computing arrangements, particularly in regulated industries with strict data privacy laws, the location of the stored data must be considered. Just because a business purchases a service that operates in data centres across the globe, doesn’t mean that data can (or should) be sent around the globe. Measures to prevent this problem can be put in place, for example, by using a cloud provider that offers geo-specific services.
Another common problem is the need to use encryption in IT. With more traditional services, alerts and attack prevention techniques are now common. However, in some cloud environments, although the provider may be alerted, it doesn’t mean they will inform their customers to security events. Fortunately, many providers do now offer this option, along with additional tools to monitor particular assets. Businesses can then take evasive action if needed and temporarily take their cloud offline.
Governance in Cloud computing is essential, as it affects core business practices and the increasing risks need to be effectively managed, along with the facilitation of education for users to increase their IT knowledge, which is essential to be able to grow.
There are multiple governance systems to explore for your business. A great example is COBIT. Created by a global task force from ISACA, it is based on five guiding principles to help enterprises maximise the value of their IT investments while minimising any risks and optimising resources. COBIT integrates the latest thinking in governance and management techniques, along with accepted principles, practices, analytical tools and models to help increase the trust in IT. Essentially, such systems connect business goals to IT goals, seamlessly integrating the two.
ITIL is another governance system, enabling management of IT systems across their lifecycle using a highly structured methodology. This looks to increase efficiency while providing statistics for IT operations. ITIL can be difficult for organisations to implement as many specific terms and concepts must be learned to use it effectively, so it’s a steep learning curve. Furthermore, since 2013, ITIL has been owned by AXELOS and run as a for-profit company that provides certifications and license ITIL materials, in contrast to the ownerless DevOps.
A cloud audit and the creation of a governance plan are essential for companies looking to make the migration for a number of reasons. Due to disparate IT systems, merged together over time, frequent changes in company CIO or IT leadership can cause varied approaches to IT infrastructure, which may lead to weak spots.
The variety of departments in an organisation implementing IT, including the marketing departments, can also lead to hidden clouds and IT sprawl, which is not only inefficient for budget management but can lead to silos. It’s this extra level of protection that can help to keep clients’ concerns at ease.
Effective cloud governance helps to promote agility rather than bureaucracy. Security is a key concern when establishing a cloud system, so service providers should include administration on behalf of clients as part of the governance plan to assist with this, taking corrective action when necessary to deal with spam, user errors and security threats.
Cloud governance plans can be created through a self-assessment procedure and a business impact analysis. Alternatively, a professional service provider can be used to perform an audit of the current systems and to develop a governance strategy. Providers are also able to provide cloud readiness assessments and migration plans in order to establish cloud governance smoothly and effectivity.
Got questions about implementing cloud governance?
Get in touch with us.
We are pleased to support you with our Cloud Transformation Service.