Importance and Elements of Cloud Governance

Cloud adoption is increasing rapidly to accelerate IT modernization. IT spend on cloud is expected to grow more than six times the general IT spend budgeted traditionally. Cloud governance is a foundational element for cloud adoption to scale and be successful.  Cloud adoption without cloud governance leads to failure. This article explains the importance of cloud governance for successful cloud adoption and also explains various elements of cloud governance.

Challenges with Cloud 

Gartner predicts that, through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year. 

Let us consider the following scenario to better understand the need for cloud governance.

Cloud Scenario: A retail organization with eight business units adopted cloud two years ago. Cloud services offered by AWS and Azure are leveraged in business applications. The organization is now facing the following challenges.

• Lack of visibility in understanding who is using what cloud services and from which cloud service provider. Business units are subscribing to multiple services in silos.
• A sudden spike in the cloud subscription bill, with no way to find the root cause.  
• Shadow cloud is putting the organization at risk. While there is a policy to keep certain data only on-premises, business units are unknowingly storing the data in the cloud.
• Unauthorized cloud activities that put the organization at risk.

How Cloud Governance Solves These Challenges

The retail organization decides to implement cloud governance to overcome these challenges. 

• Cloud governance defines a process to be followed when there is a need for cloud service.
• A monitoring mechanism is put in place to monitor cloud usage. The leadership gets a view of current cloud charges, and a notification is sent to them when the limit exceeds
• Policies enforced in using cloud services through governance mechanism 

So what is cloud governance?

Cloud Governance Overview

Cloud governance is a framework to govern the use of cloud services, not block them from using these services. A cloud governance framework encompasses people, processes, and technology while ensuring security, cost management, and deployment acceleration. It helps in regulating and controlling the use of cloud services by defining process, standards, and policies to be followed in planning, on-boarding, operating and managing cloud services. 

Elements of Cloud Governance

Cloud Governance is comprised of the following key components.

1. Cloud Business Office (CBO) ensures alignment of cloud vision with business vision and ensures that governance is enforced across the enterprise. CBO is also responsible for demand management, cost optimization, and prioritization.  
2. Cloud CoE, which is a cross-functional team that defines processes, regulates and standardize cloud adoption, migration and operation across the enterprise.
3. Cloud governance organization structure and roles and responsibilities
4. Cloud governance processes around the cloud service lifecycle 
5. Cloud foundational components like cloud reference architecture, standards, templates, guidelines, best practices and policies

Do Enterprises Need to Implement All of These Elements?

No. The degree of cloud governance depends on degree of cloud adoption. Cloud can be adopted at the project level, unit level or enterprise level. All the above cloud governance elements are applicable for organizations adopting cloud at the enterprise level. An enterprise consuming just one cloud service like Google Maps doesn’t require all these elements of cloud governance to be established. The degree of cloud governance depends upon the degree of cloud adoption within the enterprise. 

Establishing Cloud Governance

Cloud governance is an extension of IT governance. The existing process is enhanced to govern cloud environment and services. The following are some of the IT governance frameworks available in the industry.

• The COBIT framework is focused more on risk. Enterprise willing to govern risk should adopt the COBIT framework.
• The ITIL framework is focused more on process. Enterprise struggling to control usage of cloud service should choose the ITIL process framework and implement a governance process on top of it.
• The CMMI framework is focused more on maturity. Enterprises willing to mature in the cloud at an enterprise level has to grow in all dimensions and should adopt this framework. 

All of these frameworks are optional. Most of the enterprises establish cloud governance by creating their own framework/model.

Cloud governance is established in the following three phases described in the table below. 

Summary

Enterprises are moving towards hybrid cloud environments and accessing multiple cloud services from multiple cloud service providers. It is important for enterprises to establish robust cloud governance to control and standardize the use of cloud services while ensuring security, compliance, and cost optimization. A cloud adoption strategy needs to consider a strategy for cloud governance during the planning phase itself. The degree of cloud governance depends upon the degree of cloud adoption within the enterprise.