Elements of Cloud Governance

This is the first post in a series of posts detailing our shared experience in developing and implementing Cloud Governance models.

Digital Transformation and Cloud Adoption

Over the past few years, the importance of data for businesses around the globe has been rapidly increasing. Small and large companies are relying on information about how their customers purchase, how their warehouse and facilities operate, how their staff performs, etc., to support the decision-making process and optimize their business in an increasingly competitive landscape.

Naturally, as the value of data increases, so does the value of the tooling and infrastructure associated with gathering, storing, and analyzing it in all levels of business. This digital transformation process became a necessity for businesses to remain competitive and, with the looming threat of COVID-19, an urgency.

The specifics of the digital transformation process are intrinsic to each company, however, one step that is invariably part of this process for most businesses is embracing cloud computing technologies as the tool of choice for providing IT services, from data storage to identity management.

The advantages of cloud services are plenty, the ability to deploy globally, high-availability and scalability options, and a plethora of managed services that reduce administrative overhead. These are, by themselves, strong arguments for considering adopting cloud technologies in an organization. However, it’s the multiplier effect of cloud computing within the process of digital transformation that is pushing more and more companies to start the adoption process, with the cloud industry projected to grow two-fold within the next 5 years.

  • Reduced IT overhead costs by offloading some administrative concerns to the cloud provider via managed services;
  • Scaling IT workloads up or down as needed without the need for procuring or managing Data-center infrastructure;
  • Ability to meet business needs with sophisticated solutions such as machine-learning services;
  • Self-servicing capabilities, enabling teams to safely operate independently from the IT operators.

Elements of Cloud Governance

One could argue that cloud governance is a set of rules that apply to an organization’s everyday cloud operations. However, although there is a shred of truth to this statement, it is over-restrictive in the sense that it omits other equally important aspects of a good governance model. An analogy that I like to make when explaining cloud governance to customers and co-workers is that if cloud adoption was a train, cloud governance would be the track. Following this analogy, it is correct to say that the track sets the boundaries under which the train is allowed to run, but, perhaps more importantly, it also defines direction and destination.

Elements of Cloud Governance

There is a certain, almost artistic, subtlety in codifying an organization’s vision for its digital transformation into a cloud governance model. But it’s utilizing governance as a strategic enabler that is the big differentiator and determines its success and adherence. One of the first few questions I ask IT executives when starting a cloud governance project is: “where do you see your company in 5 years”. The answer to which gives me not only a summary of what the vision is for their digital transformation but also, when combined with an understanding of the status quo of the company, how governance can be used to achieve it.

A successful cloud governance model should be built around three core elements: the stakeholders involved with the operation and management of the IT efforts and implementation of the governance policies; the current technology and processes that are used to maintain current IT operations; and the organization’s planned outcomes from the cloud adoption effort. The main challenge of a successful cloud governance initiative is in balancing these three core elements, and therefore understanding them prior to any cloud governance work is key.

Stakeholders & Roles

Governance is written for people. More often than not the target audience of governance aren’t CIOs or CTOs but instead the IT operators and managers that handle the daily cloud operations. Understanding the target audience as well as their current processes and know-how is a key element in achieving a governance/organization fit.

Getting to know the stakeholders can be a challenge. More often than not they are split across multiple departments and have diverging processes and tools that need to be taken into consideration when defining policies and designing their implementation. There are three key messages that need to be transmitted to the involved stakeholders during the initial meetings:

  • The goal of cloud governance is to help and enable them, not to limit or control them. Understanding their needs, know-how, and existing processes will be central to developing a governance model.
  • All governance work will be presented to them before reaching a final state.
  • They are welcomed to suggest any changes or participate in any part of the development process.

Technology & Processes

Drawing the line where cloud governance stops and general IT governance begins is not easy. More often than not the boundaries aren’t well defined and the responsibilities are intertwined. Cloud governance should cover the gaps between existing IT policies and the usage of the cloud and, whenever possible, it should reuse existing processes, tools, and knowledge instead of requiring or assuming new skills.

Governance is very obviously tied to technology. What is perhaps less obvious but a key element in developing an effective cloud governance model is how the existing internal processes of a company can and should be reused and adapted for the cloud.

When people are the center focus of the creation of a governance model, the technical decisions made in the process are taken based on the existing organizational knowledge. If a tool is already being used to manage on-prem systems, perhaps that is the ideal tool to manage the cloud-based ones, should it be possible.

Business & Strategy

The final element that is a pillar to achieving a governance fit is equating the organization’s own strategy for digital transformation within the governance model. If the goals for starting the cloud adoption journey are to decentralize IT management, then governance should include a strong identity module that defines roles and is permissive of multi-user management. On the other hand, if the key goal for cloud adoption is to increase reliability across the board, then governance should include architectural specific policies that set the baseline for business-critical services.

Other business-related concerns play a role in governance. Budgeting concerns can limit the tools available for implementation, planned departmental changes could change the stakeholder structure, and so on. These need to be discovered early on and be reflected in the governance work.

In Conclusion

Each company can have drastically different realities for each of the core elements of governance. This necessarily means that each company needs a different governance model to support their cloud adoption goals and there is no copy-pasteable template that can be transferred between companies and considered the first draft. Instead, an effective cloud governance model should be tailor-made to the context it resides in.