Even after 14 years since the inception of Cloud, Infrastructure & operations (I&O) leaders still struggle to find a balance between agility and cost-control, security & compliance needs. In this 7-part blog series, we aim to resolve this cloud conundrum by detailing the challenges, the need for real governance, and the best practices. We begin this discourse in the backdrop of the rapid emergence of cloud governance.
While Cloud has become a mainstream technology, its adoption models are increasingly becoming sophisticated. Cloud is consumed in a variety of different ways – SaaS, private cloud, hybrid-cloud, multi-cloud, virtual private cloud, and hybrid-multi-cloud. There are several reasons for these adoption patterns – Security, regulatory, latency, and architecture.
Consequently, the modern IT landscapes are becoming increasingly complex. Although the cloud offers tremendous flexibility in design choices, organizations need a proven and consistent methodology for adopting cloud technologies.
Like any other technology, cloud presents the Infrastructure & Operations (I&O) leaders with risk-reward scenarios. To benefit from the myriad of benefits cloud offers, organizations must be aware of the potential challenges and embark on the cloud journey with the right expectations, tools, and processes.
You cannot view Cloud in isolation as one single technology. It is an amalgamation of several services including infrastructure and platform, supporting tools, integrations, processes, and delivery models. Thus, I&O leaders encounter these major challenges in running cloud operations:
- Lean, simpler, and efficient
- Secure and compliant
In fact, one of the main reasons for the repatriation of workloads from the cloud to on-premise infrastructure is because of the above challenges. The only way to overcome these challenges is by defining and implementing a well-thought governance framework which is tailor-made for the organization needs. Forrester defines cloud governance as:
‘The ability to provide strategic direction, track performance, allocate resources, and modify services to ensure meeting organizational objectives without breaching the parameters of risk tolerance or compliance obligations’
The traditional IT governance practices which were used for legacy on-premise infrastructure can't cope with cloud which is more dynamic in nature. Governance of cloud is challenging even with a single cloud and becomes more challenging as enterprises adopt multiple clouds. Any governance solution is only as good as the guardrails you define and implement. As you embark on the governance journey, ask yourself these important questions. Ensure you do this before you jump into discussions around IT systems and tools.
- Cloud is vast. What is that you want to govern and manage?
- What is the ideal outcome expected?
- What would you measure and how?
- What is the allowed tolerance limit?
- What are the key business outcomes expected from the targeted governance?
- What are your current and future governance goals?
The answers to the above questions will serve as a great guiding post in defining the guardrails which matter to your organization. Importantly, to align with the key organization-wide business goals. In our conversations with I&O leaders across different industries globally, leading managed service providers (MSPs), and leading management consulting firms, we often hear business goals such as:
- Optimization of cloud costs
- Increase time to market by promoting organization-wide agility
- Protect customer data
- Gain competitive advantage
- Delight customers with 100% service assurance
- Avoid business damage due to non-compliance
Setting up cloud governance is an immense transformational opportunity. At a strategic level, consider these key points:
Cloud governance should not be a retroactive, afterthought process.
It must not slow down productivity. The aim of governance is to protect the interests of the business and ensure that risk and cost are managed effectively.
Effective governance can be summarized as ‘one size does not fit all’.
It is impossible to eliminate risk 100%. So, it is important to understand the enterprise risk tolerance level and work towards it.
From an implementation perspective, here are the important questions to ask to build a governance strategy that works
- How to nicely balance the agility and autonomy needs of cloud consumers with the organization’s need to protect itself?
- Centralized visibility and control vs. distributed governance centers?
- Preventative guardrails vs. retrospective controls?
- Programmatic controls vs. descriptive policy guidelines? Programmatic governance guarantees enforcement of governance guardrails. Appropriate for critical or high-risk use cases?
- Native cloud governance features vs. third-party tools?
- If third-party tools are considered, which deployment model is suitable – SaaS or an on-premise hosted model?
- Different tools vs. one tool for governing different aspects of the cloud?
Only a formalized cloud governance process can guarantee an organization a cost-efficient, secured, and compliant regime for data, apps, and other resources in the cloud.
In the next blog post in this series, we will focus on the key pillars of cloud governance and the importance of autonomous and continuous governance. Stay tuned by subscribing to the blog below.