Forrester defines cloud governance as “the ability to provide strategic direction, track performance, allocate resources, and make adjustments to ensure that organizational objectives are met without breaching the parameters of risk tolerance or compliance obligations.”
Simply put, it is a framework of a set of policies and standards to help companies with their cloud infrastructure operations and security. As we see more and more companies move their workloads to the cloud, it is crucial to create a robust cloud governance framework and enforce the policies so that the cloud environment does not spiral out of control.
The Cloud Governance Framework policies typically cover three core areas - Cloud Financial Management, Cloud Operations and Cloud Security/Compliance. The Cloud Financial Management processes should ensure that the various groups within the organization have financial accountability of their cloud consumption and that the TCO of the cloud is predictable and accountable.
The Cloud Operations policies should ensure that the usage of cloud follows a consistent pattern, is operationally efficient and provides optimum performance returns. The Cloud Security/Compliance policies should ensure compliance with the company's security standards and that the user rights setup is strong enough to handle internal and external threats.
With an increasing number of companies opting for multi-cloud environments, a comprehensive cloud governance framework becomes imperative to manage cloud resources well and improve efficiency.
Why do we need Cloud Governance?
Studies have found that, on average, as much as 35% of public cloud spend is going to waste because companies choose the wrong service or pricing plan, or leave resources idle or forgotten, racking up unwanted charges each month.
Cloud service providers give the developers an array of powerful tools and platforms. It is easy to get carried away when you have such powerful tools and technologies available. For instance, using the auto-scaling feature, the developers can programmatically procure new resources quickly and automatically. Leaving such processes ungoverned can lead to significant excess spending.
It is important to know that you are only one data load away from receiving a huge bill, an incorrect IAM role setting away from a security breach and one incorrect setup away from a performance failure. Leaving the cloud environments ungoverned can increase the overall TCO or even failure to comply with security/compliance regulations.
As per an IDC survey report, on average, organizations expect to move 50% of their public cloud applications to hosted private or on-premises locations over the next two years. Security, cost and performance were the top three reasons for this move.
How do we ensure that the companies migrating their workloads to the cloud do not face security, cost and performance issues? The answer lies in a cloud governance strategy and operating model which help setup governance policies and standards to monitor the cloud and take corrective action.
How to establish a Cloud Governance Framework/Model?
As with any operating model, the Cloud Governance Framework/Model also comprises people, process and technology aspects.
People - Companies migrating to the cloud should set up a Cloud COE (CCOE), sponsored and supported by the CIO Office. The CCOE team composition and the model (centralized or loosely federated) depend on the size and structure of the organization. The responsibilities of the CCOE team include setting up the governance processes and ensuring their implementation. They also need to identify a set of metrics to measure the efficiency and performance of the cloud platform, and periodically review the policies and standards to make sure that the metrics meet the benchmark/target levels.
Process - In traditional on-premise ecosystems, the infrastructure procurement was done by the infrastructure teams. Fast forward to cloud environments, assisted by dev-ops models, developers can programmatically create new virtual machines and data stores. We need proper governance processes and audit mechanisms with clear and well defined roles and responsibilities (RACI) to ensure optimum governance of the cloud environment.
Cloud governance processes include various activities that need to be performed at periodic intervals in order to ensure optimum performance of the cloud platform. They also include monitoring the financial reports in order to monitor the costs and to prevent leakage due to faulty design or coding. Reports and dashboards also need to be produced and monitored for compliance and audit impact of cloud usage. These processes should be developed by the CCOE in consultation with the cloud migration team, and should have a concrete RACI matrix clearly describing the responsibilities of the parties involved.
Technology - All cloud service providers have a set of tools and technologies which help in providing a detailed analysis of the utilization of the cloud resources along with their performance, financial and audit/compliance impact. CCOE should have a detailed discussion with their internal stakeholders, cloud partners and service providers, and come up with a list of metrics to be monitored with their frequencies. Intelligent dashboards and triggers can be built using the tools and data provided by the cloud service providers to monitor the metrics and take corrective action when there are any red flags.
Forrester states in its report that the lack of cloud governance framework and strategy jeopardizes cloud transitions and the use of cloud. It is thus important for organizations to establish a cloud governance foundation and create an effective execution plan.
Cloud governance needs are unique to each organization. Continued cloud adoption with a sound governance strategy improves operational efficiency. At Quantiphi, we not only help organizations migrate their workloads to the cloud, but also help them establish an effective Cloud Governance Model, customized as per the need, culture and structure of the organization, thus enabling them to reap maximum benefits from their cloud investments. Get in touch with our cloud experts to learn more.