160 likes | 435 Views
Cloud Governance. Atos Sphere ™ Advisory services: Cloud Governance. Introduction. Cloud Governance must be aligned to an organisation’s broader IT and corporate governance, and consider the features and benefits that are unique to cloud.
E N D
Atos Sphere™ Advisory services: Cloud Governance
Introduction Cloud Governance must be aligned to an organisation’s broader IT and corporate governance, and consider the features and benefits that are unique to cloud. • Cloud Governance will become an essential component of the overarching corporate and IT governance framework. This will become especially important as services are multi-sourced across a wider pool of providers. • Different types of cloud will require different types of governance according to the services being provided. It is the Service Aggregator that orchestrates delivery across these services. • In developing the approach to Cloud Governance, consideration needs to be made to: • what remains the same • what will change • what is completely new • Atos Consulting can support clients in establishing appropriate Cloud Governance with respect to: • identifying candidate services for the cloud • transitioning services to the cloud • delivering services in the cloud Customer Organisation Value Creation Resource Management Service Aggregator Cloud Governance Cloud Governance Risk Management Performance Measurement External Managed Service Service Providers BPaaS On Premise PaaS SaaS Internal Managed Service IaaS
Challenges • The application of governance needs to consider the full services lifecycle - design, build and operate. This will include: • Identifying candidates for the cloud • Transitioning services to the cloud • Delivering services in the cloud • There are also unique nuances of cloud that create new challenges: • Avoiding legal, commercial and technical lock-in to service providers • Ensuring continued compliance to regulatory requirements • Ensuring that opportunities for cost reduction are not achieved at the expense of reduced service quality or increased service risk • The need for the internal IT function to demonstrate its value to a more empowered business • The need to balance the need for business agility against a cohesive, consistent approach to the use of IT services and resources • Operating in an evergreen environment • Organisations will likely have a greater number of suppliers and hence will need to increase capability in terms of multisourcing • These challenges require a change in focus in how one looks at IT service delivery and the governance required for that.
Cloud: Governance and control As control passes from organisations to external parties, organisations lose the ability to influence directly how those services are delivered. Organisations must shift their attention from how to deliver a service to how to ensure a service is delivered well. Inputs Outputs Outcomes Measure Type Controls Governance Inputs Architecture definition Capacity planning Configuration management Change management Application management Outputs Product configuration Service definition Service Level Agreements Contractual terms and conditions Outcomes Quality of service delivery Cost of provision Speed of provision Control and Governance Measures Cost of delivery High Low Saas or BPaaS External Private Cloud On Premise External Managed Service IaaS or PaaS Internal Private Cloud Internal Managed Service Services Level of direct control High Low
Governance Themes It is essential that the governance put in place for cloud is aligned with and embedded in the wider IT and corporate governance approach. Below are the four main themes for consideration in Cloud Governance. Value Creation Resource Management What can cloud do for us? How can we do it? Cloud Governance Risk Management Performance Measurement What could stop it working? How well is it working?
Cloud Governance Performance Measurement Value Creation What could we do? – Which services are candidates for the cloud? • Principles • Cloud strategy needs to be aligned with and embedded in the broader IT strategy • The impact of procuring a particular cloud service must be considered alongside other integrated services to ensure that benefits are net positive for the end-to-end delivery of those services • Services will typically be delivered using a hybrid cloud delivery model, possibly in tandem with a conventional managed service delivery model • Every service to be delivered via cloud infrastructure must have a clearly reasoned business case to justify the method of delivery • Delivering services through the cloud will impact the dynamic between the business and IT. Cloud services offer an opportunity for the business to bypass the IT function if they do not perceive IT to be adding value • Considerations • Partnering agreements across multiple vendors will need to be established, challenging the traditional customer/supplier model • Does the nature of cloud offer specific value to the service in question, such as: • Direct competitive advantage • Ability to innovate • Delivery at a lower cost Value Creation Resource Management Risk Management
Resource Management Cloud Governance Performance Measurement Resource Management How can we do it? – How will we transition effectively to the cloud? • Principles • Outcomes must be continually managed to ensure that a service is meeting: • the benefits detailed in the business case • remains aligned to the business need • remains the best solution in the market place to satisfy the business need • Greater emphasis is placed on a Service Aggregator role to integrate multi-sourced best-of-breed services • Greater significance is placed on commercial and service management skills to manage the mixed ecosystem that cloud represents • Considerations • Charging services back to the business must be transparent and fair, and the methods must be agreed between the business and IT, particularly if total accuracy is to be sacrificed for ease of operation • Where services are charged based on demand, due to the elasticity of cloud services, IT must ensure that demand patterns are forecast in advance so that expenditure does not exceed budgetary constraints • Demand management also has increased importance in supporting the benefit of increased agility – it must be possible to make rapid changes, and where necessary quickly provision new services or decommission redundant services Value Creation Risk Management
Resource Management Cloud Governance Risk Management Performance Measurement Risk Management What could stop it working? – What pitfalls must be avoided? • Principles • Risk management should be aligned with the broader organisational and IT approach to risk • Standards must be developed to make security and service integration easier to manage • Considerations • Service assurance: the degree of due-diligence that is required before embarking upon a service transition, which must be proportional to the level of risk involved • Business impact: the impact of cloud service delivery on the overall IT strategy and business operating model • Compliance: the impact of regulatory* requirements may not be understood by cloud service providers • Exit strategy: the contractual provisions and practicalities of terminating the service must be understood prior to finalising the procurement • Service integration: the feasibility of integrating a particular cloud service to other services, whether they be on-premise or off-premise • Data location: whether data can be located outside the home country or the European Economic Area • Evergreen environment: whether an evergreen environment have negative consequences for service delivery • Service levels: whether the right SLAs will be guaranteed and, if so, what impact this will have on cost • Business continuity: whether escrow agreements can be made to reduce the impact of a service provider closing down a service or ceasing trading entirely Value Creation *Data Protection, Information Governance, Financial Regulation etc.
Performance Measurement How well is it working? – How will we know if our service is working as expected? Resource Management Cloud Governance • Principles • A greater focus must be placed on outcomes rather than inputs because in the cloud a degree of direct influence is lost in return for a lower cost of ownership • The Service Aggregator is essential in fronting the service portfolio from a delivery and integration perspective • Considerations • The measures in place, whilst market driven, are essentially at the exclusive discretion of the provider • Multi-sourcing and the individuality of each provider means establishing a common set of performance measurements will be more difficult • Influence over the provider is significant but crude, so organisations must have a good appreciation for what steps will be taken to manage breaches in service and ultimately when to invoke their exit strategy • Checks and measures must be established to determine whether or not the current cloud service remains appropriate • As the cloud market place evolves organisations must regularly assess whether the current incumbent continues to have the best overall product or service Performance Measurement Value Creation Risk Management
Service Aggregator The Service Aggregator holds responsibility for the operational management of cloud and IT governance. • Within the cloud ecosystem there will be more service providers, and greater opportunity for more best of breed services. • The Service Aggregator will: • provide the cohesion across the service providers and services, against a varied service landscape • Take an end-to-end view of service integration and delivery • Provide service reporting holistically • Hold responsibility for ensuring service continuity and alignment to business need • Set up appropriately, the Service Aggregator is the lynchpin of the IT services portfolio and is therefore central to effective governance Customer Organisation Value Creation Resource Management Service Aggregator Cloud Governance Cloud Governance Performance Measurement Risk Management External Managed Service Service Providers BPaaS On Premise PaaS SaaS Internal Managed Service IaaS
Our services Atos Consulting can support clients from a cloud governance perspective across the full IT service lifecycle -Design, Build and Operate. Identifying candidates for the cloud “The Business Advisor” Transitioning services to the cloud “The Change Manager” Delivering services in the cloud “The Trusted Aggregator” Resource Management Value Creation Cloud Governance Governance Themes • Cloud strategy definition • Readiness • Governance • Business case • Transition Advisory • Commercial assurance • Technical due diligence • Transition planning • Operational Assurance • Cloud alignment • Market review • Service assurance Performance Measurement Risk Management Business Change Management
Summary • More services will become cloud orientated – therefore we need to think about how these are managed, especially as the nature of cloud leans more towards management than control. • With the above in mind cloud governance needs to form an integral part of an organisation’s overall corporate and IT governance – successful governance for cloud is the recognition and hence embedding of cloud into an organisation’s existing governance strategies. • The cloud governance approach must be adjustable to different cloud models, i.e. IaaS, PaaS, SaaS and BPaaS. • The governance approach needs to consider what remains unchanged, what needs adjustment, and what is new in terms of governance, with respect to the four governance themes of: • Value creation • Resource management • Risk management • Performance management • Establishing the right governance is fundamental to organisations considering placing services in the cloud. Atos Consulting can help organisations define the right governance framework to ensure that the appropriate candidates for cloud are identified, transition is successful and services are delivered according to agreed criteria.