For many organizations, governance and data control remain one of the last roadblocks to a cloud migration. According to RightScale’s 2017 State of the Cloud Survey, reported cloud challenges declined across the board, with the exception of governance/control. This fact is unsurprising: at Hanu, we find that aligning IT and business strategies around data governance to be one of the hardest hurdles to jump for new cloud adoptees.
But while some applications will likely have to remain on-premises, the cloud has evolved to the point where most companies can feel comfortable housing their data in it. At Hanu, we have found that an understanding of the IT governance in the cloud that aligns with business strategy and IT is at the core of cloud success.
What Exactly is IT Governance in the Cloud?
In its most basic form, IT governance is an agreed upon framework that ensures IT endeavors support business objectives. Ideally, the IT governance framework serves the interests of stakeholders by providing staff with direction and procedures.
How this framework is determined will be unique to each business and their respective needs. However, one of the primary purposes of IT governance infrastructures is to comply with the ever-expanding number of regulations that protect data. This data includes confidential customer information, financial records, and backup and disaster recovery files. Failure to comply with legal regulations can result in thousands in fines and have caused smaller businesses to go bankrupt.
How to Begin Setting up an IT Governance Program in the Cloud
While some organizations can get away without a formal framework, larger companies—or just those that are more heavily regulated—will require a fully-fledged IT governance program.
The easiest way to get started is to review popular frameworks that have been created by industry experts. These include:
- ITIL: With a focus on IT service management, ITIL is designed to ensure all actions of the IT department support core business processes. ITIL accomplishes this by employing five sets of best-practices for design, operation, service strategy, personnel transition, and improvement of service.
- FAIR: A relatively new model, Factor Analysis of Information Risk (FAIR) is designed to quantify cybersecurity and operation risk. FAIR has already been put to use by many Fortune 500 companies.
- COSO: taken from the Committee of Sponsoring Organizations of the Treadway Commission (COSO), COSO concentrates less on IT and more on preventing fraud and enterprise risk management.
- CMMI: Using a 1-5 scale, CMMI seeks to gauge and improve an organization’s performance, profitability, and quality maturity level. The Capability Maturity Model Integration (CMMI) was developed by the Software Engineering Institute.
- COBIT: Created for management and governance of enterprise IT, COBIT is widely used for risk management and mitigation purposes. COBIT is comprised of globally accepted practices, analytical tools, and models.
Choosing the right framework is not a simple task. When reviewing, it is crucial not only to keep your business goals in mind but also your corporate culture. The framework that seems like the best fit with your stakeholders or IT management, probably is. And don’t forget: you can always work with more than one framework, should that be to your advantage.
If this IT governance in the cloud seems overwhelming, you don’t have to go it alone. Cloud managed service providers are stepping up to offer custom-made IT governance solutions. To learn more, contact Hanu today.