cloud governance. 2 coe it leadership – cloud governance atos sphere advisory services sap...
TRANSCRIPT
Cloud Governance
2 CoE IT Leadership – Cloud Governance
Atos Sphere
Advisory Services
SAP Regression
Testing (SaaS)
Product Lifecycle Mgmt.
(PLM) on Demand
Data Mgmt. on demand (PaaS)
Atos in a box Workplace
(DaaS)
Infra-structure Services (IaaS)
Atos Worldline (BPaaS)
Opportunity Assessment
Awareness Workshop
Security and Compliance
Business Case
Pilot Project
Governance
Business Innovation
Transition
Atos Sphere™ Advisory services:Cloud Governance
3 CoE IT Leadership – Cloud Governance
Introduction
ValueCreation
ResourceManagement
RiskManagement
PerformanceMeasurement
CloudGovernance
Customer Organisation
Service Providers
Service Aggregator
Cloud Governance must be aligned to an organisation’s broader IT and corporate governance, and consider the features and benefits that are unique to cloud.
IaaS
PaaS
SaaS
BPaaS
External Managed Service
On Premise
Internal Managed Service
» Cloud Governance will become an essential component of the overarching corporate and IT governance framework. This will become especially important as services are multi-sourced across a wider pool of providers.
» Different types of cloud will require different types of governance according to the services being provided. It is the Service Aggregator that orchestrates delivery across these services.
» In developing the approach to Cloud Governance, consideration needs to be made to:
what remains the same what will change what is completely new
» Atos Consulting can support clients in establishing appropriate Cloud Governance with respect to:
identifying candidate services for the cloud transitioning services to the cloud delivering services in the cloud
» Cloud Governance will become an essential component of the overarching corporate and IT governance framework. This will become especially important as services are multi-sourced across a wider pool of providers.
» Different types of cloud will require different types of governance according to the services being provided. It is the Service Aggregator that orchestrates delivery across these services.
» In developing the approach to Cloud Governance, consideration needs to be made to:
what remains the same what will change what is completely new
» Atos Consulting can support clients in establishing appropriate Cloud Governance with respect to:
identifying candidate services for the cloud transitioning services to the cloud delivering services in the cloud
CloudGovernance
4 CoE IT Leadership – Cloud Governance
Challenges
» The application of governance needs to consider the full services lifecycle - design, build and operate. This will include:
Identifying candidates for the cloud Transitioning services to the cloud Delivering services in the cloud
» There are also unique nuances of cloud that create new challenges:
Avoiding legal, commercial and technical lock-in to service providers Ensuring continued compliance to regulatory requirements Ensuring that opportunities for cost reduction are not achieved at the expense of reduced
service quality or increased service risk The need for the internal IT function to demonstrate its value to a more empowered
business The need to balance the need for business agility against a cohesive, consistent approach
to the use of IT services and resources Operating in an evergreen environment Organisations will likely have a greater number of suppliers and hence will need to increase
capability in terms of multisourcing
» These challenges require a change in focus in how one looks at IT service delivery and the governance required for that.
5 CoE IT Leadership – Cloud Governance
Cloud: Governance and controlC
ontr
ol a
nd G
over
nanc
e M
easu
res
Inputs
Controls Governance
Outputs Outcomes
As control passes from organisations to external parties, organisations lose the ability to influence directly how those services are delivered. Organisations must shift their attention from how to deliver a service to how to ensure a service is delivered well.
Cost of delivery
Inputs
Architecture definitionCapacity planning
Configuration managementChange management
Application management
Outputs
Product configurationService definition
Service Level AgreementsContractual terms and conditions
Outcomes
Quality of service deliveryCost of provision
Speed of provision
Mea
sure
Ty
pe
High
Saas or BPaaS
Ser
vice
s
IaaS or PaaS
ExternalPrivate CloudInternal
Private Cloud
External Managed Service
On PremiseInternal
Managed Service
Low
Level of direct controlHigh Low
6 CoE IT Leadership – Cloud Governance
Governance Themes
It is essential that the governance put in place for cloud is aligned with and embedded in the wider IT and corporate governance approach. Below are the four main themes for consideration in Cloud Governance.
What can cloud do for us?
How can we do it?
How well is it working?
What could stop it working?
ValueCreation
ResourceManagement
RiskManagement
PerformanceMeasurement
CloudGovernance
7 CoE IT Leadership – Cloud Governance
Value Creation
Principles
» Cloud strategy needs to be aligned with and embedded in the broader IT strategy
» The impact of procuring a particular cloud service must be considered alongside other integrated services to ensure that benefits are net positive for the end-to-end delivery of those services
» Services will typically be delivered using a hybrid cloud delivery model, possibly in tandem with a conventional managed service delivery model
» Every service to be delivered via cloud infrastructure must have a clearly reasoned business case to justify the method of delivery
» Delivering services through the cloud will impact the dynamic between the business and IT. Cloud services offer an opportunity for the business to bypass the IT function if they do not perceive IT to be adding value
Considerations
» Partnering agreements across multiple vendors will need to be established, challenging the traditional customer/supplier model
» Does the nature of cloud offer specific value to the service in question, such as: Direct competitive advantage Ability to innovate Delivery at a lower cost
What could we do? – Which services are candidates for the cloud?ValueCreation
ResourceManagement
RiskManagement
PerformanceMeasurement
CloudGovernance
8 CoE IT Leadership – Cloud Governance
Resource Management
Principles
» Outcomes must be continually managed to ensure that a service is meeting: the benefits detailed in the business case remains aligned to the business need remains the best solution in the market place to satisfy the business need
» Greater emphasis is placed on a Service Aggregator role to integrate multi-sourced best-of-breed services
» Greater significance is placed on commercial and service management skills to manage the mixed ecosystem that cloud represents
Considerations» Charging services back to the business must be transparent and fair, and the methods must be
agreed between the business and IT, particularly if total accuracy is to be sacrificed for ease of operation
» Where services are charged based on demand, due to the elasticity of cloud services, IT must ensure that demand patterns are forecast in advance so that expenditure does not exceed budgetary constraints
» Demand management also has increased importance in supporting the benefit of increased agility – it must be possible to make rapid changes, and where necessary quickly provision new services or decommission redundant services
How can we do it? – How will we transition effectively to the cloud?ValueCreation
ResourceManagement
RiskManagement
PerformanceMeasurement
CloudGovernance
9 CoE IT Leadership – Cloud Governance
Risk Management
Principles» Risk management should be aligned with the broader organisational and IT approach to risk» Standards must be developed to make security and service integration easier to manage
Considerations» Service assurance: the degree of due-diligence that is required before embarking upon a service
transition, which must be proportional to the level of risk involved
» Business impact: the impact of cloud service delivery on the overall IT strategy and business operating model
» Compliance: the impact of regulatory* requirements may not be understood by cloud service providers
» Exit strategy: the contractual provisions and practicalities of terminating the service must be understood prior to finalising the procurement
» Service integration: the feasibility of integrating a particular cloud service to other services, whether they be on-premise or off-premise
» Data location: whether data can be located outside the home country or the European Economic Area
» Evergreen environment: whether an evergreen environment have negative consequences for service delivery
» Service levels: whether the right SLAs will be guaranteed and, if so, what impact this will have on cost
» Business continuity: whether escrow agreements can be made to reduce the impact of a service provider closing down a service or ceasing trading entirely
What could stop it working? – What pitfalls must be avoided?
*Data Protection, Information Governance, Financial Regulation etc.
ValueCreation
ResourceManagement
RiskManagement
PerformanceMeasurement
CloudGovernance
10 CoE IT Leadership – Cloud Governance
Performance Measurement
Principles
» A greater focus must be placed on outcomes rather than inputs because in the cloud a degree of direct influence is lost in return for a lower cost of ownership
» The Service Aggregator is essential in fronting the service portfolio from a delivery and integration perspective
Considerations
» The measures in place, whilst market driven, are essentially at the exclusive discretion of the provider
» Multi-sourcing and the individuality of each provider means establishing a common set of performance measurements will be more difficult
» Influence over the provider is significant but crude, so organisations must have a good appreciation for what steps will be taken to manage breaches in service and ultimately when to invoke their exit strategy
» Checks and measures must be established to determine whether or not the current cloud service remains appropriate
» As the cloud market place evolves organisations must regularly assess whether the current incumbent continues to have the best overall product or service
How well is it working? – How will we know if our service is working as expected?ValueCreation
ResourceManagement
RiskManagement
PerformanceMeasurement
CloudGovernance
11 CoE IT Leadership – Cloud Governance
Service Aggregator
ValueCreation
ResourceManagement
RiskManagement
PerformanceMeasurement
CloudGovernance
Customer Organisation
Service Providers
Service Aggregator
IaaS
PaaS
SaaS
BPaaS
External Managed Service
On Premise
Internal Managed Service
CloudGovernance
The Service Aggregator holds responsibility for the operational management of cloud and IT governance.
» Within the cloud ecosystem there will be more service providers, and greater opportunity for more best of breed services.
» The Service Aggregator will: provide the cohesion across the service
providers and services, against a varied service landscape
Take an end-to-end view of service integration and delivery
Provide service reporting holistically Hold responsibility for ensuring service
continuity and alignment to business need
» Set up appropriately, the Service Aggregator is the lynchpin of the IT services portfolio and is therefore central to effective governance
» Within the cloud ecosystem there will be more service providers, and greater opportunity for more best of breed services.
» The Service Aggregator will: provide the cohesion across the service
providers and services, against a varied service landscape
Take an end-to-end view of service integration and delivery
Provide service reporting holistically Hold responsibility for ensuring service
continuity and alignment to business need
» Set up appropriately, the Service Aggregator is the lynchpin of the IT services portfolio and is therefore central to effective governance
12 CoE IT Leadership – Cloud Governance
Our services
Identifying candidatesfor the cloud
“The Business Advisor”
Transitioning services to the cloud
“The Change Manager”
Delivering servicesin the cloud
“The Trusted Aggregator”
Atos Consulting can support clients from a cloud governance perspective across the full IT service lifecycle -Design, Build and Operate.
Cloud strategy definition
» Readiness
» Governance
» Business case
Business Change Management
Gov
erna
nce
The
mes Transition Advisory
» Commercial assurance
» Technical due diligence
» Transition planning
Operational Assurance
» Cloud alignment
» Market review
» Service assurance
ValueCreation
ResourceManagement
RiskManagement
PerformanceMeasurement
CloudGovernance
13 CoE IT Leadership – Cloud Governance
Summary
» More services will become cloud orientated – therefore we need to think about how these are managed, especially as the nature of cloud leans more towards management than control.
» With the above in mind cloud governance needs to form an integral part of an organisation’s overall corporate and IT governance – successful governance for cloud is the recognition and hence embedding of cloud into an organisation’s existing governance strategies.
» The cloud governance approach must be adjustable to different cloud models, i.e. IaaS, PaaS, SaaS and BPaaS.
» The governance approach needs to consider what remains unchanged, what needs adjustment, and what is new in terms of governance, with respect to the four governance themes of:
Value creation Resource management Risk management Performance management
» Establishing the right governance is fundamental to organisations considering placing services in the cloud. Atos Consulting can help organisations define the right governance framework to ensure that the appropriate candidates for cloud are identified, transition is successful and services are delivered according to agreed criteria.