Beruflich Dokumente
Kultur Dokumente
Unit 13
Unit 13
Cloud Governance
Structure:
13.1 Introduction
Objectives
13.2 IT Governance
13.3 Deciding the Governor
13.4 Risk Assessment of Running the Cloud
Understanding the possible risks
Performance monitoring and measurement
Measurement methods
13.5 Working of Governance
Establishment of the governance body
IT service performance monitoring
Cataloging control and compliance data
13.6 Summary
13.7 Terminal Questions
14.8 Answers
13.1 Introduction
When your organization or an individual decides to move the data to the
cloud, the person can be relaxed based on the nature of the data that he is
transferring to the cloud. The mail box data or the archived data can be
handed over to the cloud though this he can relax from the responsibility of
the managing the same. Whereas if an organization is going to hand over
their asset data to the cloud provider, still the person in also responsible to
maintain the datas safety and security. In such sensitive situation the
person or an organization who is taking the service of cloud cannot relax
from their own responsibility. In other words, make sure that your assets are
managed in a way that meets your business objectives. This is where
governance comes in. Ultimately the governance taking good decisions
pertaining to performance predictability and requiring accountability.
Regarding cloud governance an individual will have plenty of questions.
1. How the other member follow the same policies and rules of mine.
2. What will happen if he doesnt know about the policy or if he doesnt
follow same governance?
Cloud DB System
Unit 13
13.2 IT Governance
Governance is all about applying policies relating to using services. Its
about defining the organizing principles and rules that determine how an
organization should behave. The word governance derives from the Latin
word for steering. It is important to have a steering process because, well,
it helps to make sure that you stay on the road before diving in, take a step
back and look at the IT governance process in general because many of the
same principles are relevant to the cloud environment. IT manages a
complex infrastructure of hardware, data, storage, and software
environments. The data center is designed to use all assets efficiently while
guaranteeing a certain service level to the customer. A data center has
teams of people responsible for managing everything from the overall
facility: workloads, hardware, data, software, and network infrastructure. In
addition to the data center itself, your organization may have remote
facilities with technology that depends on the data center. IT management
Cloud DB System
Unit 13
Cloud DB System
Unit 13
Cloud DB System
Unit 13
Performance Improvement
Able to get clarity of whether an IT service or project supports business
as usual or is intended to provide future added value.
Increased transparency will raise the bar for performance, and advertise
that the bar should be continuously raised.
A focus on performance improvement will lead to attainment of best
practices.
Avoid unnecessary expenditures expenditures are demonstrably
matched to business goals.
Increase ability to benchmark.
External Compliance
Supports with an integrated approach to meet external legal and
regulatory requirements.
Self Assessment Questions
1. _______________________ is all about applying policies relating to
using services.
2. Improved contribution to stakeholder returns considered as one of the
benefit of IT governance. State [True/False]
3. __________________ enables an integrated approach to meet
external legal and regulatory requirements.
Cloud DB System
Unit 13
Cloud governance basically covers both the data centers that are governed
by the organization and the cloud support that are not under the control of
organization. For example, your organizations must monitor performance
across all components in a way that reflects the overall impact of all IT
performance on the business. You may not have as much insight into the
cloud environment, which could create challenges when you need to satisfy
governance requirements. Here are two examples of how governance may
become more complicated when you add cloud services into your IT
environment.
First scenario
The organization may move few of their storage and processing to the cloud
platform. He may expect the similar processing time that you realized from
the earlier local data center. Here you will be depending on the virtualized
server supported by the cloud vendors. There may be chances that the user
may not have the good understanding about the environment where and
how the processing is happening.
Following are the points need to be taken care from perspective of cloud
governance
Is it possible to expect the same availability policy with the cloud
provider also?
Whether the cloud provider have the monitoring mechanism that allow
the user to verify expected target is been achieved?
Your cloud provider may be meeting predefined service levels, but will
the provider communicate this information to you?
Second scenario
In this scenario the consumer wanted to create a new application in the
cloud platform. For this action he may require some set of supportive
services from the vendor. The user may decide to the develop application
environment around with the same set of services. You can see the below
listed are the challenging issues needs to be addressed.
Does your cloud provider have a service registry or catalog that enables
you to have good visibility into the management and availability of
services?
Whether the service catalog will have the set of services that you
require?
Sikkim Manipal University
Cloud DB System
Unit 13
Will all the services in the catalogue will be readily available when ever
require?
Does your cloud provider have a policy for enforcing the service you
want to be maintained and available in the service catalog?
Cloud DB System
Unit 13
In software development, there are risks associated with getting the product
out in the market on time. The healthcare industry has patient privacy
concerns. For example, suppose you have a corporate policy that states
that no data from a credit card system can be used by the companys
marketing analysis systems. If the CIO later discovers that this information
has been used by the system, the business is put at risk and IT governance
has failed. Others besides the CIO needed to know that this information was
not to be used by marketing because of privacy concerns.
Realizing IT risk
As we know the IT environment is now dealing with the heterogeneous
groups of services. Obviously it needs to face the more amounts of risk and
struggle to work with multiple tasks. These tasks includes
Satisfying the expectation of customer
Realizing the constraints of resources,
Business goal optimization
Adhering of requirements and rules
When you merge your system with the cloud platform service the system
needs to face further complications since cloud is a yet another resources
needs to be managed by the IT. This shows that the governing body should
take the responsibility to monitor the provider relationship. Of course, the
level of involvement and risk around governance might vary with how your
organization is using the cloud. For example, the cloud can be used in the
following ways, each of which you must evaluate separately to determine
the level of governance that your company feels comfortable with:
For temporary computing power
As a SaaS model
As a platform to build a service
Risk list
Consider these risks as you move into the cloud:
Audit and compliance risks including issues that arise around data
access control, data jurisdiction, and maintaining an audit trail.
Security risks majorly focusing around the data about its confidentiality,
integrity and its privacy.
Cloud DB System
Unit 13
Contract risks are associated with not reading between the lines of your
contract. For example, who owns your data in the cloud? If the service
goes down, how will you be compensated? What happens if the provider
goes out of business?
Billing risks are associated with ensuring that youre billed correctly and
only for the resources you consume.
I would like to recollect the statement that we stated in the introductory part
of this unit, Governance was all about trust. But here the customer needs
to trust the cloud provider also the vendors and other providers that he is
dealing with. Still now there are no standards or laws are generated for the
cloud computing technology. Managing risk cant be emphasized enough;
unlike internal IT governance where all parties work for the same legal
entity, the cloud relationship is with an external provider and governance
agreements need to be contractually stated.
13.4.2 Performance monitoring and measurement
Tool for measuring performance becomes the very important and vital role
for any organization. This helps to measure the process effectiveness,
provides information about how effectively the process activities and their
outputs generated towards the organization goal. This measurement also
indicates the efficiency of the people those who are working on the process
and their roles in the specific task. The performance report gives an insight
to the organization work pattern like, strategic decisions made from top to
lower levels and end process result from lower to upper end and the overall
control monitoring mechanism in the organization etc.
Sikkim Manipal University
Cloud DB System
Unit 13
With the consistent move and positive sign of the effective monitoring
mechanism, it is possible to implement policies, succeeding the goals thus
can improve over all status of the organization.
Following are the points identified that the effective IT performance
measurement system should support us to do
Attention towards the user in order to improve their satisfaction.
Support with preventive mechanism to avoid and protect the process
from the anticipated problems.
Help to understand to reduce the costs
Encourage and facilitate change by obtaining facts about current state,
desired state and the gap that needs to be met
Set realistic benchmarks for comparison
13.4.3 Measurement methods
Generally measurement for an organization can be executed by comparing
their sales, production, stock price and customer satisfaction with the
objective or goal of an organization. The IT performance can be calculated
by comparing server, application, service resolution time, network uptime,
budget allotted and completion date of the project with the organization goal.
These performances and other measures help an organization to selfestimate and grade with the organization that are considered as the
competitors in the market. Based on the output of these analyses the
organization can be ranked in terms of user, customer, partners, vendors
and shareholder satisfaction.
In cloud computing, you need to measure the impact of IT performance on
the business that, by definition, now includes the performance of the cloud
provider. Of course, your own internal governance committee needs to
answer the following questions to get started:
Cloud DB System
Unit 13
Can your company monitor systems proactively so you can make repairs
before faulty services affect rules and regulations?
The cloud provider should have the concern of having governance body
that may take care of infrastructure issues, may rise due to sharing of
resources also the standardization services. From the organization side
there should be an interface to connect with this group. The level of
involvement needs to be balanced on both the side to maintain the
standards.
Also from the organization end there should the strong technological
support to monitor the performance of the cloud providers service.
Cloud DB System
Unit 13
Cloud DB System
Unit 13
13.6 Summary
Cloud DB System
Unit 13
13.8 Answers
Self Assessment Questions
1. Governance
2. True
3. External compliance
4. user of cloud services and cloud provider
5. Key Performance Indicators.
6. Understanding the compliance, Understanding the performance goals
7. regulatory and competitive environment
8. service catalog
9. True
Terminal Questions
1. The word governance derives from the Latin word for steering. It is
important to have a steering process. For more details refer
section 13.2.
2. Transparency, accountability, return on investment and stockholder
value opportunities etc are the few benefits of IT governance. For more
details refer section 13.2.
3. Cloud governance is a shared responsibility between the user of cloud
services and the cloud provider. For more details refer section 13.3.
4. IT and business goals are tightly coupled in a governance strategy, it is
also important for you to look at cloud governance from a holistic
business. For more details refer section 13.4.
5. It is believed that effective cloud management can be achieved partly
through people and processes, and partly through technology. For more
details refer section 13.5.
Cloud DB System
Unit 13
E-References:
http://www.ucisa.ac.uk/~/media/Files/events/ucisa2011/presentations/
richard_eade
http://www.accenture.com/us-en/blogs/accenture-blog-for-internalit/archive/2011/12/12/managing-the-cloud-with-it-governance.aspx
http://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-ofEnterprise-IT/Prepare-for-the-Exam/Study-Materials/Documents/
Developing-a-Successful-Governance-Strategy.pdf