1.

It governance definition:

IT governance (ITG) is the process of managing and controlling key IT

capability decisions to improve IT management, ensure compliance, and
increase value from IT technology investments. IT governance centers
around making sure the organization knows what impact IT decisions
have on business value.

2. cloud governance definition:

Cloud governance is a set of rules and policies adopted by companies that
run services in the cloud. The goal of cloud governance is to enhance data
security, manage risk, and enable the smooth operation of cloud systems.

Cloud Governance Framework

The Cloud Computing Governance Framework will include the decision
rights and accountability of the business related to cloud computing.
It includes
 Scope & Stakeholders
 Policies & Processes
 Organization
 Tools and Enabling Technologies
Scope and Stakeholders: The scope of a cloud enterprise transformation
must be defined as a priority. Concerning the stakeholders, as I stated
before, it is necessary to understand who would own your cloud. Who is
accountable for the decisions, the architecture, the deployment and the
operations.

Cloud Policies (Decision Criteria): It is necessary to work in the

following areas:
Strategic guidance (formal strategy and roadmap)
Enterprise Architecture & Technology policies
Security and Privacy, Compliance
Cloud Operational Policies: Access, Consumption, Bursting,
Management, Monitoring

Cloud Governance Processes: Cloud governance processes should be

mapped to the governance life cycle. It should focus on defining strategy
and the planning of the governance. Process definition would also require
architecture standards and technical processes. Other focus areas would
include:

Deployment and Onboarding Processes

Access, Resource Management, Provisioning, Operational processes
Runtime Processes: SLA management, fault alerts, monitoring, alarms,
etc.

Governance Organization: It is recommended to form a consumer

stakeholder board to obtain input for requirements, cloud services,
pricing, accounting and charge back models, as well as a cross functional
IT paradigm to ensure IT governance and oversight of cloud (end-to-end).
It is imperative to form the cloud operations team for day- to-day
operations, management, resource management, provisioning, etc.

Tools of Cloud Governance: This would include:

 Cloud Portal and Self-Service Access

 Cloud Service Catalogue
 Cloud Billing and Accounting modules
 Cloud Lifecycle Management Tooling
 Cloud Services Portfolio and Contracts Management Tools
 Cloud Management & Monitoring Tools
 Application Design and Development for Cloud
 Q & A and Testing for Clouds and Cloud-centric Applications
 SOA Management Tools
Private Cloud Governance Consideration: The transition from
an IT Shop to a Cloud Service Provider is not easy. There are several
vital aspects to be taken care of. For internal cloud governance, it is
crucial to consider:

 Internal Service Provider dynamics, e.g. creating service catalogues,

behaving like a "true" Service Provider vs serving "captive" IT
consumers
 Defining SLAs, QoS terms and Service contracts for
 Internal IT/Business consumers
 Establishing incentive models to come to the Cloud
 Implementing chargebacks, the fee for service models, and other cost
recovery models
 Provisioning resources to internal project teams
 Migrating legacy capabilities to the Cloud

Public Cloud Governance Requirements:

 The highest priority should be security
 Contract terms, SLA and QoS definition
 Access to and consumption of a variety of Cloud resources per
Contract
 Business assurance, continuity of operations, failover
 Support, Reliability and Trust
 Portability, Cloud APIs, Interoperability, Integration with other
internal IT capabilities and resources

Hybrid Cloud Governance Considerations:

 Integrating Cloud resources from multiple Cloud providers (In- ternal,

external, et al.)
 API Compatibility, Cloud Platform Compatibility, Portability &
Interoperability
 Contract T&Cs, SLA and QoS management
 Robust Security Management
 Bursting criteria, Switching, Portability, Interoperability and
Integration
 Management, monitoring and business assurance across the entire
hybrid cloud environment