Cloud Computing Governance
What is Cloud Computing Governance?
Cloud computing governance is a method of information and technology (I&T) governance focused on accountability, defining decision rights and balancing benefit, risk and resources in an environment that embraces cloud computing. ... Enterprises should begin by establishing cloud computing governance principles. [1]
At the most abstract level, governance seeks to ensure that what we are governing is doing the right things right:
- Are we doing the right things?
- Are we doing them the right way?
- How do we know?
Cloud computing governance is a view of IT Governance focused on accountability, defining decision rights and balancing benefit or value, risk, and resources in an environment embracing cloud computing. Cloud computing governance creates business-driven policies and principles that establish the appropriate degree of investments and control around the lifecycle process for cloud computing services.
Why is Cloud Governance Important?
The goal of cloud governance is to enhance data security, manage risk, and enable the smooth operation of cloud systems. [2] Cloud computing governance ensures all enterprise expenditures related to cloud are aligned with the business objectives, promote data integrity across the enterprise, encourage innovation, and mitigate the risk of data loss or non-compliance with regulations. It recognizes that cloud computing increases the pervasive nature of IT and ensures enterprise-level decision-makers are able to address the overall IT investment, resource requirements, opportunities for value, and implications of risk – regardless of organization or delivery provider. [3]
The cloud makes it easier than ever for teams within the organization to develop their own systems and deploy assets with a single click. While this promotes innovation and productivity, it can also cause issues like:[4]
- Poor integration between cloud systems, even within the same organization
- Duplication of effort or data between different parts of the organization
- Lack of alignment between cloud systems and business goals
- New security issues—for example, the risk of deploying cloud systems with weak or lacking access control
Cloud governance ensures that asset deployment, system integration, data security, and other aspects of cloud computing are properly planned, considered, and managed. It is highly dynamic, because cloud systems can be created and maintained by different groups in the organization, involve third-party vendors, and can change on a daily basis.
Cloud governance initiatives ensure this complex environment meets organizational policies, security best practices and compliance obligations.
Cloud governance can benefit an organization running critical services in the cloud:
- Improves Cloud Resource Management
- Reduces Shadow IT
- Reduces Administrative Overhead
- Improves Cloud Security Issues
Cloud Governance Model Principles
The following give principles are a good starting point for building your cloud governance model:
- Compliance with policies and standards—cloud usage standards must be consistent with regulations and compliance standards used by your organization and others in your industry.
- Alignment with business objectives—cloud strategy should be an integral part of the overall business and IT strategy. All cloud systems and policies should demonstrably support business goals.
- Collaboration—there should be clear agreements between owners and users of cloud infrastructure, and other stakeholders in the relevant organizational units, to ensure they make appropriate and mutually beneficial use of cloud resources.
- Change management—all changes to a cloud environment must be implemented in a consistent and standardized manner, subject to the appropriate controls.
- Dynamic response—cloud governance should rely on monitoring and cloud automation to dynamically respond to events in the cloud environment.
See Also