The unkept promise – Cloud Strategy / Cloud Governance
Let me take you back to your first days of your cloud journey in medieval times. It was a tough time and decision had to be made quickly. Maybe you had one of those big consulting firms on your side praying unisono the same mantra : “You have to move to the cloud”. Digital factories / companies had to be created to get the first steps done. All without any rules and boundaries. It was a time of quick decisions, but you delivered and launched successfully your first digital products. Fortunately, those days are over now and you’ve been able to smooth out many of those first rash steps. You installed a CCoE (Cloud Center of Excellence) that is now handling all of the migrations and creation of new cloud applications. It has somehow taken over the responsibility for the public cloud.
But do you remember that those consulting companies had something up their sleeves that they used to bring you through those first days called Cloud Adaption Framework (CAF)? The development of a “Cloud Strategy” and the creation of a “Cloud Governance” were two parts of these cloud adaptation frameworks, where even the consulting companies said that it would be no problem to add them at a later stage without a big impact. The effort versus benefit was simply not justified at that time. Those two items are still on your to-do list, right? They are your unkept promise.
But those days are long gone and with the outlook to a CCoE 2.0, now is the time to put them back on the to-do list. Even if you’re already far along in your cloud journey, it’s still possible to accomplish them without causing much impact. With this article I’ll help you to redeem your unkept promise.
Cloud Adaption Frameworks
The following Cloud Adaptation Frameworks are the industry relevant papers for your reference
| Name | Vendor | Link |
|---|---|---|
| Azure Cloud Adaption Framework | Azure | https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ |
| AWS CAF | Amazon Webservices | https://aws.amazon.com/cloud-adoption-framework/ |
| Google Cloud Adaption Framework | Google Cloud | https://cloud.google.com/adoption-framework |
Cloud Strategy
We now know why there was no cloud strategy to begin with, but why is it so hard to develop one at the stage most companies are at now? The answer is simple: Most CEOs / CIOs / CTOs are afraid to endanger the current state or halt progress by proclaiming a cloud strategy. Everything works perfectly well without a cloud strategy.
I do not share this reluctance and strongly recommend developing a strategy that incorporates the status quo and is oriented strategically forward. A recent CIO magazine article “Everything is nothing without strategy” conducted a study to find out that “A clear strategy is one of the key factors for a continuous successful cloud migration”.
If that still hasn’t convinced you, I’m giving away this free tip. If you don’t want to develop a comprehensive cloud strategy, you should at least create a consumption policy. (see example below)
After the proclamation of this consumption guideline you together with the CCoE would be able to steer new business use cases in the right direction. What kind of IT landscape do you want to have in the future for e.g. more SaaS than IaaS. And since the consumption policy is only valid for new business cases you do not break the status quo. So don’t wait any longer and cross this off your to-do list.
Cloud Governance
The creation of digital factories / companies and the rush in the first days of cloud migration led to the emergence of individual islands with their own rules and governance. Nonetheless, it remains your IT, your risks and your landscape and you have to manage it as one Enterprise IT.
I would love to tell you that it would be effortless to create a Cloud Governance but that is unfortunately not the case. But I will provide you with valuable insights I’ve gained through years of experience on this subject.
Who are the right persons / groups
- Cloud Center of Excellence (CCoE)
They should be responsible for creating your Cloud Governance and be the main actor - Information Security
Information security experts should be consulted and existing guidelines should be integrated into or even extended by your Cloud Governance - Data Privacy Department
Data privacy experts should be consulted and existing guidelines should be integrated into or even extended by your Cloud Governance - Controlling
The Cloud Governance should encompass budgeting, approval procedures, cost allocation processes, and measures to mitigate cost overruns - Architecture / Enterprise Architecture
The Cloud Governance should comply with all existing architecture and software governance guidelines and if available support existing architecture processes
Valuable advice
- Check if it would make sense to start with a “Cloud terms of use” instead of a full blow “Cloud Governance”
- Use frameworks instead of reinventing the wheel
BSI C5:2020
ISO 27001
ISO 38500 – Governance of IT for the organization - When you create guidelines, start from the as-is situation and build up towards your ideal situation. This way the Cloud Governance is valid on day one
- Define the target group for your Cloud Governance
- SaaS Governance and AI Governance should only be linked but not part of your “Cloud Governance”
- Important: Only work with generalists who possess the capability to conceptualize, strategize, and govern at a strategic level
Useful Chapters of a “Cloud Governance”
- Introduction with definitions and classifications (e.g. SaaS classification)
- Cloud Responsibilities and Roles – Clear definition of ownership, roles and how they apply to cloud provider accounts
- Cloud Security – Using one of the above mentioned frameworks
- Cloud Cost Management – Cloud Processes around cost management and approvals
- Cloud Data Protection + Compliance – Data classification and measurements on how to protect data based on the classification including compliance procedures
- Cloud Architecture – architecture and software governance guidelines and processes
Consult me
If this still do not feel comfortable to redeem your unkept secret feel free to consult me. I specialize in assisting companies during their cloud migration, guiding them towards a feasible Cloud Strategy and Cloud Governance
One thought on “Evolution of your Cloud Center of Excellence – The unkept promise”