Governance in the Cloud Era

The many advantages of cloud computing include the vast and limitless diversity of offerings, nearly frictionless solution development, and rapid and highly scalable deployments. Yet, the seeming simplicity of the cloud can also lead to an uncontrolled sprawl of resources, which can lead to unnecessarily high costs, complex management, compliance issues and security vulnerabilities.

To rein in these challenges, governance has emerged as a critical function for mastering the complexity of the cloud. Governance ensures proper prioritization, resources and backing to achieve an organization’s cloud goals of accelerating cloud adoption, achieving desired business results and transforming culture.

Far from slowing development, governance — through standardized processes, reusable patterns, and approved technologies — can accelerate innovation. Instead of focusing on team and organizational redundancies, governance enables you to leverage common patterns and practices so you can focus on business problems instead. This blog post provides our high-level approach to cloud governance, organizational structures and the processes we’ve found to be effective with clients.

The Cloud Business Office (CBO)

Ideally, governance is driven by an organization’s C-suite and executive leadership, as well as those leading the risk, privacy, auditing, infrastructure and human resource departments. The CBO meets frequently to review milestones, set priorities, assign budgets and manage resources needed by delivery teams.

The Cloud Center of Enablement (CCoE)

The CCoE provides oversight and facilitation of “on-the-ground” governance for cloud initiatives mandated by the CBO. It comprises leaders and experts who represent each of the major functional IT domains and is responsible for:

• Tracking progress against milestones
• Handling requests and exceptions
• Providing reports and maintaining transparency between teams and the CBO
• Coordinating the activities of working groups

Three working groups (WGs) collaborate in a matrixed fashion to provide specific, actionable standards, policies and guidelines upon which the CCoE enacts decisions. These groups are the Architecture, Cloud Transformation and Governance WGs. 

Architecture Working Group: Building Platforms & Technologies

The Architecture WG, often led by the CTO, ensures standards of practice and technological consistency across application and infrastructure portfolios. Key deliverables of the Architecture WG include architecture standards and blueprints, reference architectures, architectural patterns and recommended cloud services (e.g., which cloud database should be used for different application types).

For example, zero trust has emerged as a key approach in reducing the attack surface of cloud solutions; however, implementing zero trust requires a consistent, thoughtful approach. Patterns developed by security teams can greatly assist application developers by saving time, improving security and accelerating delivery pipelines.

Similarly, data integration can take a wide variety of forms, from ETL to pub/sub buses to event-based RPC. The Architecture WG provides tested and proven patterns that reduce development effort and, more importantly, reduce the overall complexity of the organization’s cloud application portfolio.

The Architecture WG also helps various teams adopt DevOps in a streamlined and cloud-native development methodology. This approach takes advantage of automated pipelines which immediately run test suites and security analyses upon code check-in. DevOps enables not only greater development agility but also deployments that are more reliable, predictable, and secure.

Cloud Transformation Working Group: Managing Change

Organizational change is inherent in cloud adoption and the overall design of the organization must evolve during transformation. Existing IT processes must be updated and will require your teams to adopt new technical skills. Legacy IT functions, such as data center management, are de-emphasized in favor of cloud native approaches.

Managing this transformation carefully is key. Clear and frequent communication to senior management and the organization of status and objectives streamlines the process of internal change. Human resources and IT teams can leverage all communication methods at their disposal, such as all-hands meetings, collaboration tools (e.g., Microsoft Teams, Slack, Zoom, SharePoint, etc.), performance reviews, and career ladders to ensure that all employees understand where the organization is in its journey, what its goals are, and how everyone can contribute to collective objectives.

Governance Working Group: Developing Operating Models

Organizations today are faced with an array of business risks, including: 

• Increasing data privacy concerns among consumers
• Ever-changing industry standards and regulatory landscape 
• Evolving security threats and sophisticated attack vectors

A key part of developing a cloud operating model is ensuring that appropriate processes are in place to reduce such risks. The Governance WG helps teams that require legal compliance for their applications by providing policy and managing patterns and technologies (e.g., data anonymization) to help make systems compliant. These procedures ensure the appropriate audit and reporting capabilities are in place and enforce key security standards (e.g., multifactor identity authentication). 

Additionally, cost management is a central component of the cloud operating model. As cloud pricing is driven by utilization and consumption, it can be very easy for costs to unexpectedly spiral out of control. Governance WGs can ensure that costs are mitigated by:

• Setting targets by solution and organizational unit (OU)
• Ensuring that incurred costs can be traced back to the appropriate OU (e.g., by assigning accounts/subscriptions or by using “tags” assigned to each cloud resource)
• Using tools to track cloud costs on a granular and frequent basis
• Working with teams to reduce the number and amount of cloud resources used 

The key concept of Governance WGs should be a “scale to zero” culture. A solid framework is the unifying model for the organization to innovate with cost focused processes of development, implementation deployment and operational support. 

Cloud Governance is Essential

Governance has always been a critical component of any mature IT organization. As organizations increasingly take advantage of the many exciting resources available in the cloud, the necessity of a robust governance system only increases, and as shown, can improve the agility, reliability, compliance and costs of managing a cloud estate.