cloud governance. 2 coe it leadership – cloud governance atos sphere advisory services sap...

Cloud Governance

2 CoE IT Leadership – Cloud Governance

Atos Sphere

Advisory Services

SAP Regression

Testing (SaaS)

Product Lifecycle Mgmt.

(PLM) on Demand

Data Mgmt. on demand (PaaS)

Atos in a box Workplace

(DaaS)

Infra-structure Services (IaaS)

Atos Worldline (BPaaS)

Opportunity Assessment

Awareness Workshop

Security and Compliance

Business Case

Pilot Project

Governance

Business Innovation

Transition

Atos Sphere™ Advisory services:Cloud Governance


Introduction

ValueCreation

ResourceManagement

RiskManagement

PerformanceMeasurement

CloudGovernance

Customer Organisation

Service Providers

Service Aggregator

Cloud Governance must be aligned to an organisation’s broader IT and corporate governance, and consider the features and benefits that are unique to cloud.

IaaS

PaaS

SaaS

BPaaS

External Managed Service

On Premise

Internal Managed Service

» Cloud Governance will become an essential component of the overarching corporate and IT governance framework. This will become especially important as services are multi-sourced across a wider pool of providers.

» Different types of cloud will require different types of governance according to the services being provided. It is the Service Aggregator that orchestrates delivery across these services.

» In developing the approach to Cloud Governance, consideration needs to be made to:

what remains the same what will change what is completely new

» Atos Consulting can support clients in establishing appropriate Cloud Governance with respect to:

identifying candidate services for the cloud transitioning services to the cloud delivering services in the cloud

» Cloud Governance will become an essential component of the overarching corporate and IT governance framework. This will become especially important as services are multi-sourced across a wider pool of providers.

» Different types of cloud will require different types of governance according to the services being provided. It is the Service Aggregator that orchestrates delivery across these services.

» In developing the approach to Cloud Governance, consideration needs to be made to:

what remains the same what will change what is completely new

» Atos Consulting can support clients in establishing appropriate Cloud Governance with respect to:

identifying candidate services for the cloud transitioning services to the cloud delivering services in the cloud

CloudGovernance


Challenges

» The application of governance needs to consider the full services lifecycle - design, build and operate. This will include:

Identifying candidates for the cloud Transitioning services to the cloud Delivering services in the cloud

» There are also unique nuances of cloud that create new challenges:

Avoiding legal, commercial and technical lock-in to service providers Ensuring continued compliance to regulatory requirements Ensuring that opportunities for cost reduction are not achieved at the expense of reduced

service quality or increased service risk The need for the internal IT function to demonstrate its value to a more empowered

business The need to balance the need for business agility against a cohesive, consistent approach

to the use of IT services and resources Operating in an evergreen environment Organisations will likely have a greater number of suppliers and hence will need to increase

capability in terms of multisourcing

» These challenges require a change in focus in how one looks at IT service delivery and the governance required for that.


Cloud: Governance and controlC

ontr

ol a

nd G

over

nanc

e M

easu

res

Inputs

Controls Governance

Outputs Outcomes

As control passes from organisations to external parties, organisations lose the ability to influence directly how those services are delivered. Organisations must shift their attention from how to deliver a service to how to ensure a service is delivered well.

Cost of delivery

Inputs

Architecture definitionCapacity planning

Configuration managementChange management

Application management

Outputs

Product configurationService definition

Service Level AgreementsContractual terms and conditions

Outcomes

Quality of service deliveryCost of provision

Speed of provision

Mea

sure

Ty

pe

High

Saas or BPaaS

Ser

vice

s

IaaS or PaaS

ExternalPrivate CloudInternal

Private Cloud


On PremiseInternal

Managed Service

Low

Level of direct controlHigh Low


Governance Themes

It is essential that the governance put in place for cloud is aligned with and embedded in the wider IT and corporate governance approach. Below are the four main themes for consideration in Cloud Governance.

What can cloud do for us?

How can we do it?

How well is it working?

What could stop it working?

ValueCreation

ResourceManagement

RiskManagement


CloudGovernance


Value Creation

Principles

» Cloud strategy needs to be aligned with and embedded in the broader IT strategy

» The impact of procuring a particular cloud service must be considered alongside other integrated services to ensure that benefits are net positive for the end-to-end delivery of those services

» Services will typically be delivered using a hybrid cloud delivery model, possibly in tandem with a conventional managed service delivery model

» Every service to be delivered via cloud infrastructure must have a clearly reasoned business case to justify the method of delivery

» Delivering services through the cloud will impact the dynamic between the business and IT. Cloud services offer an opportunity for the business to bypass the IT function if they do not perceive IT to be adding value

Considerations

» Partnering agreements across multiple vendors will need to be established, challenging the traditional customer/supplier model

» Does the nature of cloud offer specific value to the service in question, such as: Direct competitive advantage Ability to innovate Delivery at a lower cost

What could we do? – Which services are candidates for the cloud?ValueCreation

ResourceManagement

RiskManagement


CloudGovernance


Resource Management

Principles

» Outcomes must be continually managed to ensure that a service is meeting: the benefits detailed in the business case remains aligned to the business need remains the best solution in the market place to satisfy the business need

» Greater emphasis is placed on a Service Aggregator role to integrate multi-sourced best-of-breed services

» Greater significance is placed on commercial and service management skills to manage the mixed ecosystem that cloud represents

Considerations» Charging services back to the business must be transparent and fair, and the methods must be

agreed between the business and IT, particularly if total accuracy is to be sacrificed for ease of operation

» Where services are charged based on demand, due to the elasticity of cloud services, IT must ensure that demand patterns are forecast in advance so that expenditure does not exceed budgetary constraints

» Demand management also has increased importance in supporting the benefit of increased agility – it must be possible to make rapid changes, and where necessary quickly provision new services or decommission redundant services

How can we do it? – How will we transition effectively to the cloud?ValueCreation

ResourceManagement

RiskManagement


CloudGovernance


Risk Management

Principles» Risk management should be aligned with the broader organisational and IT approach to risk» Standards must be developed to make security and service integration easier to manage

Considerations» Service assurance: the degree of due-diligence that is required before embarking upon a service

transition, which must be proportional to the level of risk involved

» Business impact: the impact of cloud service delivery on the overall IT strategy and business operating model

» Compliance: the impact of regulatory* requirements may not be understood by cloud service providers

» Exit strategy: the contractual provisions and practicalities of terminating the service must be understood prior to finalising the procurement

» Service integration: the feasibility of integrating a particular cloud service to other services, whether they be on-premise or off-premise

» Data location: whether data can be located outside the home country or the European Economic Area

» Evergreen environment: whether an evergreen environment have negative consequences for service delivery

» Service levels: whether the right SLAs will be guaranteed and, if so, what impact this will have on cost

» Business continuity: whether escrow agreements can be made to reduce the impact of a service provider closing down a service or ceasing trading entirely

What could stop it working? – What pitfalls must be avoided?

*Data Protection, Information Governance, Financial Regulation etc.

ValueCreation

ResourceManagement

RiskManagement


CloudGovernance


Performance Measurement

Principles

» A greater focus must be placed on outcomes rather than inputs because in the cloud a degree of direct influence is lost in return for a lower cost of ownership

» The Service Aggregator is essential in fronting the service portfolio from a delivery and integration perspective

Considerations

» The measures in place, whilst market driven, are essentially at the exclusive discretion of the provider

» Multi-sourcing and the individuality of each provider means establishing a common set of performance measurements will be more difficult

» Influence over the provider is significant but crude, so organisations must have a good appreciation for what steps will be taken to manage breaches in service and ultimately when to invoke their exit strategy

» Checks and measures must be established to determine whether or not the current cloud service remains appropriate

» As the cloud market place evolves organisations must regularly assess whether the current incumbent continues to have the best overall product or service

How well is it working? – How will we know if our service is working as expected?ValueCreation

ResourceManagement

RiskManagement


CloudGovernance


Service Aggregator

ValueCreation

ResourceManagement

RiskManagement


CloudGovernance

Customer Organisation

Service Providers

Service Aggregator

IaaS

PaaS

SaaS

BPaaS


On Premise

Internal Managed Service

CloudGovernance

The Service Aggregator holds responsibility for the operational management of cloud and IT governance.

» Within the cloud ecosystem there will be more service providers, and greater opportunity for more best of breed services.

» The Service Aggregator will: provide the cohesion across the service

providers and services, against a varied service landscape

Take an end-to-end view of service integration and delivery

Provide service reporting holistically Hold responsibility for ensuring service

continuity and alignment to business need

» Set up appropriately, the Service Aggregator is the lynchpin of the IT services portfolio and is therefore central to effective governance

» Within the cloud ecosystem there will be more service providers, and greater opportunity for more best of breed services.

» The Service Aggregator will: provide the cohesion across the service

providers and services, against a varied service landscape

Take an end-to-end view of service integration and delivery

Provide service reporting holistically Hold responsibility for ensuring service

continuity and alignment to business need

» Set up appropriately, the Service Aggregator is the lynchpin of the IT services portfolio and is therefore central to effective governance


Our services

Identifying candidatesfor the cloud

“The Business Advisor”

Transitioning services to the cloud

“The Change Manager”

Delivering servicesin the cloud

“The Trusted Aggregator”

Atos Consulting can support clients from a cloud governance perspective across the full IT service lifecycle -Design, Build and Operate.

Cloud strategy definition

» Readiness

» Governance

» Business case

Business Change Management

Gov

erna

nce

The

mes Transition Advisory

» Commercial assurance

» Technical due diligence

» Transition planning

Operational Assurance

» Cloud alignment

» Market review

» Service assurance

ValueCreation

ResourceManagement

RiskManagement


CloudGovernance


Summary

» More services will become cloud orientated – therefore we need to think about how these are managed, especially as the nature of cloud leans more towards management than control.

» With the above in mind cloud governance needs to form an integral part of an organisation’s overall corporate and IT governance – successful governance for cloud is the recognition and hence embedding of cloud into an organisation’s existing governance strategies.

» The cloud governance approach must be adjustable to different cloud models, i.e. IaaS, PaaS, SaaS and BPaaS.

» The governance approach needs to consider what remains unchanged, what needs adjustment, and what is new in terms of governance, with respect to the four governance themes of:

Value creation Resource management Risk management Performance management

» Establishing the right governance is fundamental to organisations considering placing services in the cloud. Atos Consulting can help organisations define the right governance framework to ensure that the appropriate candidates for cloud are identified, transition is successful and services are delivered according to agreed criteria.

cloud governance. 2 coe it leadership – cloud governance atos sphere advisory services sap...

Documents