Designing and Implementing

Cloud Governance:
Cloud, and Cloud Governance, are
Emerging Capabilities

Eric Marks
President & CEO
AgilePath Corporation
[email protected]
Designing and Implementing Cloud
Governance
Cloud Governance Introduction and Overview
• Cloud Governance Defined
• Cloud Governance in a Cloud Architecture Roadmap
• Cloud Governance in the Enterprise
• Cloud Governance High-Level Requirements

Cloud Governance Lifecycle Overview

• Key Dimensions of Cloud Governance
• A Closer Look at Cloud Governance Activities

Cloud Governance: Avoiding IT Disintermediation

• How Can IT Organizations Remain Relevant in the Age of Cloud?
• A New Role for IT Organizations?
• Cloud-Centric Leadership Principles Supporting IT in the Age of Cloud
Cloud Architecture and
Interoperability Roadmap
Cloud Governance Lifecycle
Cloud Evolution &
Sustainment
Governance
Model
Cloud Transition
Cloud Vision Architecture
& Strategy

Interoperability &
Portability Model

Cloud Implementation
Reference & Deployment
Model
Cloud
Reference Cloud
Architecture Prescriptive
Architecture

3
Cloud Computing
Adoption Model™
Cloud POC/Pilot Cloud Strategy & Cloud Modeling Cloud Implementation Cloud
Project Roadmap & Architecture Planning Implementation
Cloud Bus. Cloud Modeling Cloud Provider
Cloud POC/Pilot Cloud Reference
Discovery & (Cloud Ref Model & Analysis &
Implementation Implementation
Assessment Ref Architecture) Selection
Most Industry segments
Cloud Early Cloud Cloud Deployment Implement Cloud
Cloud Strategy
are& in
Learning early stages of
& Planning
Deployment & Governance &
Strategy Input Model Provisioning Plan Security
Cloud Adoption
Cloud Implement
Cloud Program Cloud Program Cloud
Governance & Mgt, Monitoring
Go/No Go Go/No Go Architecture
Lifecycle Planning & Support

Cloud Mobilization Cloud Ecosystem Feedback,

Cloud Program
& Transition Development & Metrics, Strategy
Go/No Go
Planning Sustainment Evaluation

Cloud Cloud Cloud Cloud

Expansion Integration Collaboration Maturity
Cloud Program Cloud Integration Cloud Collab,
Cloud Steady
(Cloud Program & Composition &
State
& Mult. Projects) Interoperability Choreography
 Five Reasons for
Cloud Governance
• Enable “Business at CloudSpeed” and establish a Cloud-
Centric IT operating model based on the speed, agility
and cost of Cloud computing
• Enable appropriate Cloud decision-making without
friction
• Integrated with existing Enterprise IT Governance
processes, policies, boards and tools
• Balanced – appropriate coverage for key decisions,
investments and risks while achieving the benefits of
Clouds
• Proactive to anticipate and prevent Shadow Clouds and
Unauthorized Cloud activities that expose organizational
risks
Definitions

• Cloud Governance refers to the decision

making processes, criteria and policies
involved in the planning, architecture,
acquisition, deployment, operation and
management of a Cloud computing
capability

• The Cloud Governance Lifecycle describes

the end-to-end requirements of Cloud
Governance, from planning, architecture and
deployment to bursting, switching Cloud
providers, and offboarding from a Cloud
A Cloud Computing Reference
Model (CC-RM) Overview
• CC-RM framework for discovering repeatable
Cloud Patterns that address mission needs
based on Cloud-enabled resources
• A robust framework for Cloud Modeling and
Architecture efforts
• Four supporting sub-Models
– Cloud Enablement Model
– Cloud Deployment Model
– Cloud Governance and Operations Model
– Cloud Ecosystem Model
• Applied in Federal Government, DoD and
Commercial Clients
Cloud Governance Lifecycle
& Operations Model

8
Risks of Poor/No
Cloud Governance
• Cloud Security Risks
• Cloud Proliferation and Sprawl (vs. VM Sprawl)
• Cloud Integration (post proliferation)
• Cloud Portability & Interoperability
• Cloud Vendor Lock-In
• Cloud Applications Governance – designing and
migrating applications to appropriate Cloud pattern(s)
• Lack of Incentives for Consumers to Onboard/Consume
Cloud resources
• Shadow IT and Hidden Clouds
Cloud in an Enterprise Governance
Framework Context

10
Challenge: Inserting Cloud Governance into
Existing Enterprise Governance Models

Corporate Governance

Cloud Governance
Enterprise/Strategic Governance

New Governance Bus. Ops

Requirement(s) IT Governance
Governance

Cloud Governance Domain Governance

SOA Governance
New compliance requirements
Revised Investment Planning process
Lifecycle/Systems Engineering
Governance

11
Cloud Governance SPOT Framework

Cloud
• Scope & Stakeholders Governance
• Policies & Processes
• Organizations
• Tools and Enabling
Technologies
Scope & Stakeholders

• Scope: Is the Cloud enterprise, business

unit, a project-level requirement?
• Stakeholders: Who “owns” your Cloud?
Who is accountable for the decisions, the
architecture, the deployment, the
operations?
• Stakeholders: Business, IT, joint? How are
they represented in the requirements,
onboarding, access/consumption,
management?
Cloud Policies (Decision Criteria)

• Strategic guidance (formal strategy and

roadmap)
• Enterprise Architecture & Technology policies
• Acquisition, Contracts & Legal, Vendor
Management
• Security and Privacy, Compliance
• Cloud Operational Policies: Access,
Consumption, Bursting, Management,
Monitoring
Cloud Governance Processes

• Map to Cloud Governance Lifecycle Model

• Strategy & Planning Governance
• Architecture, Technical and EA
Processes
• Deployment and Onboarding Processes
• Access, Resource Management, Provisioning,
Operational processes
• Runtime Processes: SLA management, fault
alerts, monitoring, alarms, etc.
 Governance Organizations

• Consumer Stakeholder Board (Cloud Steering

Group?)
– Obtain input for requirements, Cloud services,
pricing, accounting and chargeback models
• IT Executive Team?
– Cross-functional IT construct to ensure IT
governance and oversight of Cloud (end-to-end)
• Cloud Operations Team
– Day to day operations, management, resource
management, provisioning, etc.
• Cloud Working Group?
– Initial start-up activities, R&D/POC
– Begins the Cloud adoption process prior to
formalization of strategy
Tools of Cloud Governance

• Cloud Portal and Self-Service Access

• Cloud Service Catalog
• Cloud Billing and Accounting modules
• Cloud Lifecycle Management Tooling
• Cloud Services Portfolio and Contracts
Management Tools
• Cloud Management & Monitoring Tools
• Application Design and Development for Cloud
• QA and Testing for Clouds and Cloud-centric
Applications
New Tools of Cloud Governance

• Cloud Lifecycle Management Tooling

• Cloud Services Portfolio and Contracts Management
Tools
• Cloud Management Tools
• Cloud Monitoring Tools
• SOA Management Tools
• Application Design and Development for Cloud
• QA and Testing for Clouds and Cloud-centric
Applications
Cloud Governance Decomposition

Cloud Strategy and Planning

Cloud Architecture, Design and Deployment

Consumers

Providers
` Cloud Acquisition, Vendor Selection & Contract Negotiation `

Resource Provisioning & Management

Cloud Operations & Runtime Management

Cloud Governance Lifecycle Overview
Cloud Strategy and Planning
Start

Cloud Strategy & Cloud Business Cloud Pilot or Cloud Program

Planning Case POC Go/No Go

Cloud Cloud
Architecture & Cloud
Solution Security QA & Test
Standards Integration
Design Model

Vendor & Contract T&Cs, Deployment

Acquisition & Access &
Solution SLA, QoS and/or
Contracts Consumption
Selection Defined Onboarding

Capacity Resource Mgt. Metering, Maintenance,

Cloud Mgt & Ops &
Planning & & Billing & Versioning &
Monitoring Support
Dmd Mgt Provisioning Accounting Sustainment

Cloud Cloud
Cloud Provider
Contingency Cloud Bursting Migration (Pub Offboarding
Switching
Planning to Priv)
Finish
Cloud Architecture, Solution Design,
Integration, Security & Test
Start

Cloud Strategy & Cloud Business Cloud Pilot or Cloud Program

Planning Case POC Go/No Go

Cloud Cloud
Architecture & Cloud
Solution Security QA & Test
Standards Integration
Design Model

Vendor & Contract T&Cs, Deployment

Acquisition & Access &
Solution SLA, QoS and/or
Contracts Consumption
Selection Defined Onboarding

Capacity Resource Mgt. Metering, Maintenance,

Cloud Mgt & Ops &
Planning & & Billing & Versioning &
Monitoring Support
Dmd Mgt Provisioning Accounting Sustainment

Cloud Cloud
Cloud Provider
Contingency Cloud Bursting Migration (Pub Offboarding
Switching
Planning to Priv)
Finish
Cloud Vendor Management,
Acquisition, Contracts & SLAs
Start

Cloud Strategy & Cloud Business Cloud Pilot or Cloud Program

Planning Case POC Go/No Go

Cloud Cloud
Architecture & Cloud
Solution Security QA & Test
Standards Integration
Design Model

Vendor & Contract T&Cs, Deployment

Acquisition & Access &
Solution SLA, QoS and/or
Contracts Consumption
Selection Defined Onboarding

Capacity Resource Mgt. Metering, Maintenance,

Cloud Mgt & Ops &
Planning & & Billing & Versioning &
Monitoring Support
Dmd Mgt Provisioning Accounting Sustainment

Cloud Cloud
Cloud Provider
Contingency Cloud Bursting Migration (Pub Offboarding
Switching
Planning to Priv)
Finish
Cloud Operations,
Management & Support
Start

Cloud Strategy & Cloud Business Cloud Pilot or Cloud Program

Planning Case POC Go/No Go

Cloud Cloud
Architecture & Cloud
Solution Security QA & Test
Standards Integration
Design Model

Vendor & Contract T&Cs, Deployment

Acquisition & Access &
Solution SLA, QoS and/or
Contracts Consumption
Selection Defined Onboarding

Capacity Resource Mgt. Metering, Maintenance,

Cloud Mgt & Ops &
Planning & & Billing & Versioning &
Monitoring Support
Dmd Mgt Provisioning Accounting Sustainment

Cloud Cloud
Cloud Provider
Contingency Cloud Bursting Migration (Pub Offboarding
Switching
Planning to Priv)
Finish
Cloud Contingency, Migration
Planning & Provider
Start

Cloud Strategy & Cloud Business Cloud Pilot or Cloud Program

Planning Case POC Go/No Go

Cloud Cloud
Architecture & Cloud
Solution Security QA & Test
Standards Integration
Design Model

Vendor & Contract T&Cs, Deployment

Acquisition & Access &
Solution SLA, QoS and/or
Contracts Consumption
Selection Defined Onboarding

Capacity Resource Mgt. Metering, Maintenance,

Cloud Mgt & Ops &
Planning & & Billing & Versioning &
Monitoring Support
Dmd Mgt Provisioning Accounting Sustainment

Cloud Cloud
Cloud Provider
Contingency Cloud Bursting Migration (Pub Offboarding
Switching
Planning to Priv)
Finish
Cloud Governance Includes Many
Diverse Requirements
Private Cloud Governance
• Internal Service Provider dynamics, e.g. creating service
catalogs, behaving as a “true” Service Provider vs. serving
“captive” IT consumers
• Defining SLAs, QoS terms and Service contracts for
Internal IT/Business consumers
• Establishing incentive models to come to the Cloud
• Implementing charge backs, fee for service models, other
cost recovery models
• Provisioning resources to internal project teams
• Migrating legacy capabilities to the Cloud

The transition from an IT Shop to a Cloud Service

Provider is not an easy transition.
Public Cloud Governance
Requirements
• Security, Security and Security
• Contract terms, SLA and QoS definition
• Access to and consumption of a variety of
Cloud resources per Contract
• Business assurance, continuity of operations,
failover
• Support, Reliability and Trust
• Portability, Cloud APIs, Interoperability,
Integration with other internal IT capabilities
and resources
 Hybrid Cloud Governance

• Integrating Cloud resources from multiple

Cloud providers (Internal, external, et al)
• API Compatibility, Cloud Platform
Compatibility, Portability & Interoperability
• Contract T&Cs, SLA and QoS management
• Security, Security and Security
• Bursting criteria, Switching, Portability,
Interoperability and Integration
• Management, monitoring and business
assurance across entire hybrid Cloud
environment
Hybrid Cloud - IaaS

Internal Cloud Internal IT External Cloud

Consumer Organization Provider

Burst?

Compute Compute

Storage Storage

Internal IT Infrastructure Acquisition,

Provisioning and Configuration
Management Process
IT Disintermediation?
Business Bypasses IT
Internal Cloud IT Organization External Cloud Service
Consumer Provider

Software
(aaS)
Compute

Platform
Storage (aaS)

Compute
IT Disintermediation

Business Consumers bypass IT governance, Storage

infrastructure provisioning and acquisition
processes
Avoiding Disintermediation:
The IT Organization of the Future
• IT must behave as a broker and integrator of IT
resources and capabilities
– External Cloud resources
– Internal IT services
– Outsourcing services
• IT must transition into a true business relationship
manager working to deliver best-in-class services,
solutions and resources regardless of provider
• IT must be unafraid of external service provider
comparisons, and must benchmark against them
• IT must become a true trusted advisor to the business
New Role of IT Leadership:
IT Resource Broker
Internal IT/Cloud
Provider

IT Resource Broker & Compute

Business Relationship
Internal Cloud Manager
Consumer Storage

External Cloud Provider

SaaS Compute

PaaS Storage
 Future IT & Cloud Governance Lifecycle
Requirements: A New Role for IT?

Enterprise Svcs Business IT Resources IT Resource Integrated

IT Resources
Computing Relationship Acquisition & Portfolio Resources
Brokering
Strategy Mgt Contracts Mgt Mgt. Management
Avoiding Disintermediation of IT

• How can IT become/remain relevant in the

Age of Cloud?
• How can IT become/remain relevant by
adding value to the business ?
• The Resource/Relationship Broker concept is
an emerging role in “Enterprise Services
Computing”
• Combining Business Relationship
Management, Portfolio Mgt,
Contacts/Acquisition and Resource Mgt into
a new IT Strategic Competency
 Cloud-Centric IT Leadership Principles
• Cloud-Centric Leaders will redefine the role of the IT organization based on a model of
integrated resource management, Cloud-centric governance lifecycle principles, and
the relationship management/resource broker model
• Cloud-Centric IT will redefine its role as a unified broker of IT resources, services and
capabilities, regardless of the source
• Cloud-Centric IT invites comparisons with 3rd party service providers to benchmark
internal IT capabilities, processes, rates and customer satisfaction
• Cloud-Centric Leaders will establish internal benchmarks for Cloud services to
compare with those of internal and third party public Cloud service providers
• Cloud-Centric Leadership Organizations will achieve superior optimization of IT
spending, from internal providers, external/3rd party providers, and trusted managed
services and solution partners
• Cloud-Centric IT will offer highly differentiated business and IT services to internal and
external consumers, essentially creating new revenue opportunities and new pathways
to innovation
• Cloud-Centric IT Leaders will spur innovation within the enterprise by seeking better,
unique and differentiated IT service models, product and services for internal and
external customers
Things to Do Tomorrow
• Establish clear, measurable business and IT goals for
Cloud computing (Cloud Strategy)
• Align and design your Cloud Governance Model to
achieve business goals, e.g. “Business at CloudSpeed”,
cost reductions, efficiencies, agility
• Integrate Cloud Governance with IT governance
processes, policies, organizations and tools (PP/OT)
• Balance your Cloud governance model to achieve speed
and capability enablement, without friction and politics

Govern Clouds early and often. Cloud Governance will ensure

realization of business, IT and operational objectives. Risks of poor
Cloud Governance are dire.
Thank You
Back-ups/Notes
Cloud Strategy and Planning
• Scope & Stakeholders: CIO, Business Stakeholders, CTO, Chief
Architect
• Policies/Decisions
– Should you adopt Cloud? How? When?
– Strategy and Planning Process
– Reference Model and Reference Architecture
– Pilot/POC, Go/No Go Decisions
– Billing, Accounting, Consumption, Chargeback Models (If needed)
• Processes: Strategy development, review and vetting process,
funding and budgeting
• Organizations: OCIO, Enterprise Architecture, Business/IT
Alignment
• Tools: N/A
Cloud Architecture, Solution Design,
Integration, Security & Test
• Scope & Stakeholders: CTO, Chief Architect, Enterprise
Architecture, Infrastructure Engineering,
• Policies/Decisions
– Enterprise Architecture
– Security
– Industry Standards, APIs, Interoperability,
– QA, Testing, Assurance, Certification/Accreditation
• Processes: Enterprise Architecture, technology development,
systems engineering, QA/Test
• Organizations: EA, Cloud Core Team/Working Group
• Tools: Cloud platform(s), Cloud management, QA/Testing
tools
Cloud Vendor Management,
Acquisition, Contracts & SLAs
• Scope & Stakeholders: CIO/CTO, Vendor Mgt,
Contracts/Legal, IT Acquisition
• Policies
– Acquisition & Vendor Management
– Legal & Compliance
– Contracts Management
– SLA definition and conformance
• Processes: Acquisition, Contracts, SLA development,
Deployment/Onboarding
• Organizations: IT Acquisition, Legal, OCIO/OCTO, Chief
Architect, Cloud Working Group
• Tools: N/A
Cloud Operations,
Management & Support
• Scope & Stakeholders: Cloud Operations Team, Cloud
Consumers, OCIO/OCTO, Business Stakeholders
• Policies
– Capacity planning, Demand Management
– Bursting
– Resource acquisition, management, provisioning, capacity management
– Implementation of Accounting, Billing, Chargeback policies
 Processes: SLA monitoring, Cloud Management, Operations and Support,
Escalation processes
• Organizations: Cloud Operations Team, Cloud Help Desk,
Escalation
• Tools: Cloud management & monitoring tools, problem
resolution, case management tools
Cloud Contingency, Provider
& Migration Planning
• Scope & Stakeholders: Cloud Operations Team, Cloud Steering
Group, OCIO/OCTO
• Policies
– Bursting, switching and consumption policies
– Capacity pricing strategy and authorization levels
– Provider management, provider migration, offboarding
• Processes: Cloud operations processes, capacity management,
bursting processes, oversight and escalation processes
• Organizations: Cloud Operations Team, Cloud IT Team, Cloud
Steering Group
• Tools: Cloud monitoring, management, capacity planning,
bursting support