Cloud Governance means many things to many people. Heck, just the word cloud means different things depending on who you are talking to. While definitions can vary, controlling access to cloud resources is invariably a central piece of any governance program.
Enterprise cloud computing has transformed IT. Cloud computing decreases time-to-market, improves agility by allowing businesses to adapt quickly to changing market demands, and, ultimately, drives down costs.
The ease of deploying and scaling cloud services, along with their low cost of acquisition, has resulted in increasingly decentralized IT, or what is referred to as “shadow IT.” This helps organizations become more agile, but it also increases security threats due to the absence of governance, uniform information security, and adherence to regulatory compliance requirements.
Central IT has since reasserted itself in its domain, acting as a cloud broker to the enterprise. Moreover, citing security and budget issues, most organizations now require their departments to go through central IT to gain access to cloud services. Given the inconvenience of managing services, many departments are happy to cede control and service-management responsibilities to IT.
Ad-hoc adoption of clouds by departments, lines of business, and individual employees is putting pressure on enterprise IT administrators and CIOs.
According to Gartner, 42% of IT-related spending is now funded outside the standard IT budget. For many CIOs/CISOs, this raises significant concerns regarding governance:
Compliance: IT's visibility as to the location of corporate data and its ability to control access policies
Auditability: policy enforcement, traceability, and optimization of license management
Accountability: the ability to track and control cloud spend by implementing enterprise-wide licensing and departmental chargeback capabilities across all external and internal services used by the organization
Supportability: enabling provisioning, administration, and support for external services that are procured directly from external providers without IT involvement
Accessibility: implementing roles-based access control and enabling automated provisioning via services catalogs
Security: enforcing corporate password policies and limiting the proliferation of passwords by employees (and ex-employees) for the use of public cloud services purchased by departmental users
The Need for Cloud Services Governance and Management
Today’s cloud-enabled CIO understands that taking advantage of cloud services is a matter of serving the business effectively, not working around IT. By leveraging cloud services, firms can help ensure that business operations are not impeded by CIOs and central IT. Moreover, central IT should be promoting business agility, not standing in its way.
As IT organizations evolve to a centralized IT-as-a-service provider model, they will need a common framework for delivering and managing distributed cloud services across the enterprise, including:
Implementing consistent governance, risk, and compliance frameworks
Tracking and monitoring cloud spend management.
Monitor and track cloud operation services, SLAs, and cloud operations management
Fragmented IT poses a challenge for achieving end-to-end visibility and control, even with today’s infrastructure.
A New Model: IT as a Service
In the next phase of the transformation to cloud-enabled IT, the lines between cloud and conventional IT services are beginning to blur. As businesses encounter increasing demand for cloud-based services, they need to be clear about roles within the IT cloud model, as well as where and with whom they will partner. IT organizations are becoming internal service providers, deploying, managing, and delivering their own cloud services alongside external cloud offerings.