In today’s ever-changing world it is imperative to understand the importance of cloud governance. There are multiple articles that have been written on the topic, but it still seems that most organisations confuse cloud governance for cloud management. So, what is the difference and why do we need cloud governance?
Often these days, I hear the phrase “cloud governance” being used in general to describe both governance and management of the cloud, however there is a very clear distinction between these concepts. In short, cloud governance sets the cloud computing direction and establishes the enabling systems within an organisation. Cloud management uses these systems to execute on the direction set by governance.
The picture below explains the key difference regarding the topic of cloud governance.
In a world where more and more organisations are considering and or moving to the cloud, it is imperative to have a Cloud Governance Framework. In a Cloud Infrastructure Governance survey conducted in 2017 among 300 IT Professionals the following was concluded:
- In an ever-increasing number of security breaches, 28% of IT Professionals are not confident that their IT Infrastructure is secure.
- 62% rely on manual reviews before cloud infrastructure is provisioned.
- 42% have no cloud infrastructure governance processes in place.
- 68% rely on paper-based checklists for infrastructure policies.
- 31% of application developers either don’t understand infrastructure risk or don’t know what to do to mitigate it.
In the late 90’s Bill Gates authored a book called Business @ the Speed of Thought. In the book he discusses how business and technology are integrated and goes on to explain how digital infrastructures and information networks help customers to get a competitive edge. To further emphasise the point, Eric Marks made the case for cloud governance in 2011 at a Cloud Leadership Forum. In his presentation he highlighted 5 key reasons for a Cloud Governance Framework. They are:
- Enable “Business at CloudSpeed” and establish a Cloud Centric IT operating model based on the speed, agility and cost of cloud computing.
- Enable appropriate cloud decision-making without friction.
- Integrate cloud governance with existing Enterprise IT Governance processes, policies, forums and tools.
- Taking a balanced approach – appropriate coverage for key decisions, investments and risks while achieving the benefits of the cloud.
- Proactively anticipating and preventing Shadow Clouds – exposing unauthorised cloud activities that could have financial and reputational risks.
As always, there are risks associated with not having good cloud governance. These include, but are not limited to the following:
- Audit and Compliance risks – including issues around data jurisdiction, data access control and maintaining an audit trail.
- Security risks – including data integrity, data confidentiality and privacy.
- Performance and availability risks – including availability and performance levels that the business requires to operate.
- Inter-operability risks – that may be associated with developing a service that might be composed of multiple cloud services.
- Contract risk – associated with “not reading between the lines” of your contract.
- Billing risks – associated with ensuring that you are billed correctly for consumed resources in the cloud.
In conclusion, govern your cloud early and often. Establish a clear and measurable business and IT goal for cloud computing. It is critical to align and design your cloud governance model to achieve business goals. The risks of poor cloud governance are dire.
If you would like some assistance with understanding your risk profile with regards to your cloud governance,with us today.