Exploring the Cloud Governance                  Lifecycle™       Accelerating the Transition to a Cloud-Centric           ...
Executive SummaryCloud computing is high on the Gartner Group hype cycle for many reasons. The good reasons focus on theco...
always missing. And finally, Enterprise IT governance processes tend to strain or fracture with the rise of newtechnologie...
a hybrid approach that leverages the best of both worlds, you must still understand the complete cloudgovernance lifecycle...
Resource Provisioning and Management: This tier of Cloud governance focuses on the processes and policiessurrounding requi...
Cloud Strategy & PlanningThe Cloud Strategy and planning process, at a high level involves making clear choices about what...
The primary thrust of Cloud Acquisition and Contracting governance is to bring discipline and proactivecontracting process...
here should also address continuity of operations (COOP), disaster recovery (DR) scenarios, back-up procedures,and other r...
demand paradigm. Based on the Business/Mission Relationship Management role described above, ITLeadership can begin to dev...
relationship manager and integrated services broker for internal, 3rd party and all IT services. While the        Cloud im...
    Fourth, you should implement an appropriate Cloud computing platform to enable integrated         management and prov...
Upcoming SlideShare
Loading in …5

AgilePath WhitePaper Cloud Gov Lifecycle


Published on

This new whitepaper provides an overview of the impact of Cloud
computing on IT governance, and develops the concept of a Cloud Governance Lifecycle

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

AgilePath WhitePaper Cloud Gov Lifecycle

  1. 1. Exploring the Cloud Governance Lifecycle™ Accelerating the Transition to a Cloud-Centric Leadership Organization™ An IT Executive Perspective™ from AgilePath Corporation January 24, 2011AGILEP ATH CORPORATION38 MERRIMAC. STREETNEWBURYPORT, MA 01950“Accelerating Enterprise Agility”
  2. 2. Executive SummaryCloud computing is high on the Gartner Group hype cycle for many reasons. The good reasons focus on thecompelling benefits offered by Cloud computing to adopters, regardless of the public-private-hybrid Clouddeployment scenarios, and regardless of the pattern of Cloud desired. The benefits will ultimately be realized asthis technology matures and becomes mainstream. However, a number of Cloud obstacles remain to beaddressed, including the security concerns, the lack of industry standards for APIs, and ensuring cloudportability, interoperability and integration.However, a larger challenge remains, which is the topic of focus in this whitepaper: Cloud Governance.AgilePath feels that a Cloud Governance framework will not only help large enterprises make the best strategicand architectural choices with respect to Cloud, but will provide a next generation IT resource managementmodel that will pave the way for the future of IT organizations going forward.For Commercial and Federal Government organizations, Cloud computing and Cloud governance will bringimportant changes to the ways in which IT resources and capabilities are specified, architected, acquired,implemented, integrated, managed, provisioned, consumed, and ultimately retired. This whitepaper offers notonly an end-to-end view of Cloud governance, but it paints a future vision for Information Technology that willhelp it remain relevant in an age where, increasingly, IT organizations are disintermediated from their businesscustomers by global forces of outsourcing, managed services and public Clouds, while demand for customerservice, reliability, performance and results remains high. IT must adapt to these forces, and the CloudGovernance Lifecycle offers a way out of the quandary. We call organizations that adopt this approach Cloud-Centric Leadership Organizations.Cloud-Centric Leadership organizations have an opportunity to be proactive with Cloud computing, both from atechnical and architecture perspective, but more importantly from an acquisition, governance and managementperspective. This whitepaper details a course of action that is both daring yet pragmatic, and offers a vision forthe IT organization of the future.The Cloud Governance Lifecycle offers a pathway to an integrated model for managing, provisioning andgoverning for all IT resources, whether they are internal resources, 3rd party managed services, or public cloudresources. An integrated Cloud resource management framework will allow consistent strategy, architectureacquisition and resource provisioning, supported by IT policies, for the consumption of resources, with thesupport of a new IT governance capability. Fortune favors the bold. IT leadership must act quickly anddecisively to establish an integrated model for IT resource management, and provide a means to optimize totallifecycle costs for all IT resources.IntroductionEvery new technology trend usually creates a vacuum in the form of key IT disciplines that will help with theadoption, insertion and value creation from that new technology. Information Technology (IT) acquisitionprocesses tend to be strained with new technologies. There is typically a lack of industry standards for the newtechnologies. Proven methodologies and guidance as to how best to adopt these new technologies are almost 2
  3. 3. always missing. And finally, Enterprise IT governance processes tend to strain or fracture with the rise of newtechnologies.The new IT buzz centers on Cloud computing. Cloud computing will challenge existing IT management andgovernance paradigms much as previous technology trends did. This white paper explores the impact of Cloudcomputing on IT governance, and develops the concept of a Cloud Governance Lifecycle. In reality, Cloudcomputing requires a lifecycle of lifecycles, depending on the approach an organization pursues with Cloud. Asthis exciting technology trend accelerates, the governance issues will become increasingly critical.Definition of Cloud GovernanceCloud Governance is a new concept, and so we must spend some time on terminology. Cloud Governancerefers to the decision making processes, criteria and policies involved in the planning, architecture, acquisition,deployment, operation and management of a Cloud computing capability.Cloud governance in many respects resembles SOA governance, except that Cloud is focused on a different typeof enterprise resources, or Services, that may or may not overlap with SOA services. Both SOA and Cloudcomputing are service-oriented architectures at their core. Both have Consumers and Providers, connectedtogether by a service contract and service-level agreements (SLA). Both are trust-based resource models, inwhich consumers have a dependency on the provider to ensure reliably and assurance that the neededresources will be there when they are needed.SOA capabilities can be embedded in and delivered by a Cloud architecture, or Cloud can be applied to theinfrastructure services of a SOA strategy. Of course, combinations of both can also be contemplated. However,the relative newness of Cloud demands more focused attention on its unique governance requirements. To thatend, we have developed a Cloud Governance Lifecycle model.The proposed Cloud Governance Lifecycle™ describes the end-to-end requirements of Cloud Governance, fromplanning, architecture and deployment to bursting, switching Cloud providers, and offboarding from a Cloud inthe event an organization chooses to move capabilities back in-house from a public Cloud, or even migrate themto dedicated infrastructure resources.Framing the Cloud Governance ChallengeDeveloping a Cloud computing governance lifecycle requires some work to frame the scope of the problem,especially given the immaturity of Cloud computing and the broad range of solutions it encompasses. WithNIST’s simple model of Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service(SaaS), we can frame the discussion at a fundamental level. However, given that there are many variations ofclouds, or cloud patterns, that can be created and deployed based on a rich set of potential business use cases,we need an extensible approach that can cover them all. While NIST’s model is a start, it by no means reflectsthe richness and variety of Cloud patterns in the industry.The choice of Cloud deployment patterns also adds a layer of complexity on the Cloud Governance Lifecyclediscussion. Whether you deploy an internal private Cloud, or leverage public cloud service offerings, or go with 3
  4. 4. a hybrid approach that leverages the best of both worlds, you must still understand the complete cloudgovernance lifecycle requirements. There is no free lunch, as they say, but there may be a different or a betterlunch, or you may eat in or dine out. Someone must take responsibility for the intersections of the variousCloud governance requirements.Introducing the Cloud Governance LifecycleThe Cloud Governance Lifecycle encompasses five broad categories of requirements, as illustrated in Figure 1below: Figure 1: Cloud Governance CategoriesThese Cloud governance categories are described in the sections that follow.Cloud Strategy and Planning: Describes the processes and policies that relate to Cloud strategy development,planning, business case development, analysis of alternatives, go/no go criteria, and related Cloud planningsteps.Cloud Architecture, Design and Deployment: Describes the processes and policies relating to development of aCloud Reference Model, a supporting Cloud Reference Architecture, and ultimately the design and deploymentof a Cloud (Internally) or to a Cloud (externally) based on Cloud use cases, documentation of appropriate Cloudenablement and deployment patterns. Also included in this section are Cloud security models and architectures,which will be critical to success of all Cloud deployments.Cloud Acquisition, Vendor Selection and Negotiation: Describes the processes and policies focused on Cloudacquisition, vendor evaluation, comparison and selection, and contract negotiations, which must include SLAdefinition, Quality of Service definition, and appropriate security, business assurance and operationalrequirements. 4
  5. 5. Resource Provisioning and Management: This tier of Cloud governance focuses on the processes and policiessurrounding requirements for resource enablement, installation and readiness, provisioning and management.These activities are all about establishing the Cloud resource pool, providing access to and provisioning thoseresources, and ultimately managing the Cloud resources.Cloud Operations and Runtime Management: Describes the processes and policies focused on the operationalmanagement of a Cloud, including the monitoring, network and systems management functions, capabilitymonitoring, alarming and fault notification, and all related operational and runtime management processes.Taken together, these five areas of Cloud Governance can be represented as an end-to-end set of connectedprocesses that should be considered when determining what a particular organization’s Cloud GovernanceLifecycle should be. The end-to-end view of the Cloud Governance Lifecycle is described below.The Detailed End-to-End Cloud Governance LifecycleThe detailed Cloud Governance Lifecycle is illustrated in Figure 2 below. While the chevrons denote high-levelactivities of the Cloud Governance Lifecycle, in reality there are many fine-grained details required to design andimplement a robust end-to-end Cloud Governance model. Figure 2: Detailed Cloud Governance Lifecycle OverviewThe major activities of the Cloud Governance Lifecycle are explored in the sections below. 5
  6. 6. Cloud Strategy & PlanningThe Cloud Strategy and planning process, at a high level involves making clear choices about what Cloudcomputing means to an organization, what mission, business and IT challenges are making you consider Cloudsolution, and formally documenting a Cloud strategy that enables the enterprise. The high-level steps involvedin this strategic level of Cloud governance are illustrated below.The governance requirements here focus on a business- and mission-aligned Cloud strategy, with explicit formaldocumentation of what a Cloud strategy will do for the enterprise in cost savings, mission enablement, IToperating efficiencies, optimization of resources, and more. Ultimately, the governance decision at this level iswhether to formally pursue Cloud computing, or to wait and see. A bridging tactic might be to experiment withProof of Concepts and Pilots, which will help make the strategic decisions about Cloud less risky.Cloud Architecture, Design and DeploymentThe Cloud Architecture, Design and Deployment processes involve critical governance requirements related toCloud Reference Model and Reference Architecture development, alignment to key Cloud industry standards(which are admittedly immature), Cloud solution design (for your unique Cloud enablement and deploymentpattern requirements), Cloud security, Cloud integration, interoperability and portability, and also Cloud testing,quality assurance. The key activities are illustrated below.The Cloud Architecture, Design and Deployment activities must explicitly address Cloud security, shouldembrace the lack of mature Cloud standards until they mature, and must also investigate models for distributedtesting of Cloud-enabled capabilities for the diverse range of Cloud enablement patterns and deploymentpatterns. Cloud architecture governance is very important in the early stages of adoption!Cloud Acquisition and ContractingCloud Acquisition and Contracting governance activities focus on Cloud acquisition, vendor evaluation,comparison and selection, and contract negotiations, which must include SLA definition, Quality of Servicedefinition, and appropriate security, business assurance and operational requirements. Key activities areillustrated below. 6
  7. 7. The primary thrust of Cloud Acquisition and Contracting governance is to bring discipline and proactivecontracting processes to bear on the emerging Cloud domain, especially given that many organizations are usingpublic Clouds to bypass their current slow and outdated IT acquisition and governance processes to meetmarket place and business demands.Resource Provisioning and ManagementCloud Resource Provisioning and Management governance processes center on requirements for capacityplanning, ensuring the Cloud resource pool is elastic and dynamically provisionable, and that you can plancapacity ahead of demand for that capacity. Just-in-time capacity, in a Cloud-centric world, is too late. TheCloud business and operating model must be anticipatory and proactive. Key activities for this group ofrequirements are illustrated below.These activities are all about establishing the Cloud resource pool, ensuring it is dynamically provisionable, thatit not only meets mission and business needs but anticipates them. These processes must provide access to andprovision those resources, and ultimately manage the Cloud resources per the Cloud strategy and operatingmodel that is desired. Other key activities here include Cloud monitoring, management, operations andsupport, maintenance, versioning and sustainment of the Cloud environment on behalf of its consumers.Cloud Contingency Planning and Resource/Provider ManagementCloud Contingency Planning and Resource/Provider Management focuses on the governance processes andactivities that enable a robust, reliable and agile Cloud environment to be established. The major types ofactivities for Cloud contingency planning are illustrated below.The Cloud contingency planning requirements include explicit plans for Cloud busting, or leveraging public Cloudresources in times of peak demand, switching Cloud service providers, migrating from private to public and back,as needed, and even offboarding from a public Cloud back to your internal Cloud. Governance requirements 7
  8. 8. here should also address continuity of operations (COOP), disaster recovery (DR) scenarios, back-up procedures,and other related needs.Implications for IT Leadership and Cloud-Centric Leadership OrganizationsThe Cloud Governance Lifecycle above provides a structured basis for CIOs, CTOs and Chief Architects to plan,architect, acquire and operate a Cloud-enabled environment in support of their business, mission and ITobjectives. However, the greater opportunity for IT leaders is to establish an integrated Cloud management andgovernance framework, layered over a hybrid or private-hybrid Cloud architecture, and begin to define andimplement the IT organizational and operating model of the future. This approach is the pathway to becoming aCloud-Centric Leadership Organization.IT Leadership must begin to proactively acquire and broker IT resources, as a set of integrated, managed Cloud-enabled resources, and provision them in the “capacity-ahead-of-demand” model described above. ITLeadership must create an environment where it can manage all IT resources – infrastructure, data center,application middleware, application platforms, and even SaaS-based applications – through a singular ITgovernance construct, and essentially empower their internal business consumers to self-service access to ITresources and capabilities. An integrated Cloud management and governance framework will enable Cloudresource consumers to compare prices, evaluate offerings, service levels, and ultimately consume only the ITresources they want, when they want, yet in a proactive model that is established, managed and maintained bythe IT organization. IT organizations of the future must act as the relationship manager to all business units andconsumers of IT resources. IT organizations must once again become the trusted acquisition agent, broker andprovisioner of all IT resources, regardless of whether they are internal, external or managed services fromtrusted suppliers.IT Leadership must envision and realize the processes of the Next Generation of IT. The new role of ITLeadership is illustrated in the figure below, and each of these requirements is explained in the sections thatfollow.Enterprise Services Computing Strategy: IT Leadership must define a comprehensive framework for EnterpriseServices Computing, which includes SOA, Cloud and all managed services, again irrespective of whether they areinternal, external or managed services provided by trusted partners.Business/Mission Relationship Management: IT Leadership must define processes and roles to become atrusted advisor, partner and relationship manager for its business units, key programs and projects, and ITresource consumers. As with the IT organization of the future, in order to avoid disintermediation, ITorganizations must be relevant and proactive on behalf of its consumers.IT Resources Acquisition & Contracts Management: IT Leadership must proactively establish relationships,acquisition processes, contracts and SLAs with potential IT resource providers, again, in a capacity-ahead-of- 8
  9. 9. demand paradigm. Based on the Business/Mission Relationship Management role described above, ITLeadership can begin to develop the acquisition and contracts necessary to support anticipatory provisioning ofCloud services and other IT resources to its business and mission consumers.IT Resource Portfolio Management: IT Leadership must develop an integrated portfolio of Enterprisecomputing resources, including Cloud services, infrastructure services, SOA services, managed services andother, and allow the transparent comparison of the prices, SLAs, availability, and other terms and conditions,such that the consumers can easily access, consume and manage based on a self-service, self-governancemodel. IT Leadership will manage investments in the portfolio, optimize choices and drive standardization, andin this way achieve tremendous savings in IT spending.IT Resources Brokering: IT Leadership must use the Cloud governance concepts in this whitepaper to create anIT resource brokering role , supported by self-service portals, Cloud management and governance processes,policies and technologies. In this manner, IT Leadership can become the master service broker to its businesspartners and end-users in a proactive fashion.Integrated IT Resources Management: IT Leadership must implement a framework in which it can manage all ITservices as integrated capabilities, acquired and deployed, managed and provisioned, accessed and consumed,and versioned and maintained using an integrated resources management model. This approach includes Cloudgovernance lifecycle processes, technical capabilities, and a new approach to managing IT resources.A Cloud-Centric Leadership Vision for ITBased on the model above, IT Leadership can achieve this vision of the IT organization of the future. If ITleadership chooses to pursue this model, the following vision statements might become reality.  Cloud-Centric Leadership Organizations will redefine the role of the CIO and the IT organization based on a model of integrated resource management, Cloud-centric governance lifecycle principles, and the relationship management/resource broker model. This model is the future, and it is closer to reality than many would care to admit.  Cloud-Centric Leadership Organizations will achieve better optimization of their IT spending on all IT resources and services, from internal providers, external/3rd party providers, and trusted managed services and solution partners. This will enable competition and price comparisons, which will create a consumer-friendly environment while encouraging a cost-optimized environment.  Cloud-Centric Leadership Organizations will establish internal benchmarks for Cloud services to compare with those of internal and third party public Cloud service providers, which will create a transparent model by which it can manage IT spending. IT resource providers in this equation will include any internal or external entity that provides IT resources.  Cloud-Centric Leadership Organizations will deploy hybrid or private-hybrid Clouds that will establish the technical resource delivery framework for such a model, essentially becoming an internal 9
  10. 10. relationship manager and integrated services broker for internal, 3rd party and all IT services. While the Cloud implementation is critical to enabling this integrated resource management and governance model via the Cloud Governance Lifecycle, you must remember that implementation of the supporting Cloud management and governance framework is equally critical to the aggregation and integrated management and provisioning of all IT and Cloud resources.  Cloud-Centric Leadership Organizations can manage and provision highly differentiated business and IT services and provide them to external consumers, essentially creating new revenue opportunities and new pathways to innovation. Cloud computing will introduce a new innovation engine by lowering the threshold and eliminating barriers to IT capabilities. Internal innovation and rapid time to market will be the result when IT resources are unshackled from outdated IT governance processes that emphasized “slow” and “no” over “Why not?” and “How fast would you like it?” Cloud-Centric Leadership Organizations will become enablers to internal innovation by unleashing its IT capacity from legacy constraints.  Cloud-Centric Leadership Organizations will proactively define and implement the Cloud Governance Lifecycle framework for integrated services management, procurement, provisioning, cost allocation/chargeback, resource management and brokering, and in doing so will leap ahead of its competitors and peers with the vision, processes and capabilities to realize the benefits of a Cloud- centric enterprise.This Cloud-Centric vision of the future can be amplified and expanded, but the key points have been made. YourIT future is here, and you can embrace the opportunity or stand pat with a status quo approach. Again, fortunefavors the bold.A Cloud-Centric Leadership Action PlanShould your organization choose to act on these concepts, the following activities might be considered as a high-level action plan that will transition you to a Cloud-Centric Leadership Organization:  First, you must define the Cloud management and governance strategy, architecture and business case (Cloud focus, metrics, savings and synergies) quickly to understand the investments, savings, and operating model of this approach.  Next, you must define your Cloud Management and Governance (CMaG) Lifecycle processes, by adapting the Cloud Governance Lifecycle above to your needs and requirements, and integrating it into current Enterprise and IT governance processes.  Third, you must select and deploy a Cloud Management platform to integrate, manage, broker and provision Integrated Cloud Resources per the model above. This will require vendor evaluation, selection, pilots/proof of concepts, and the normal due diligence to ensure fit to the vision we have described above. 10
  11. 11.  Fourth, you should implement an appropriate Cloud computing platform to enable integrated management and provisioning of internal and external resources. Whether you choose a hybrid Cloud, or a private-hybrid Cloud, depending on your security requirement and business objectives, keep in mind that the Cloud is an enabler, while the Cloud Management and Governance model is the secret sauce. Integrated Cloud management and governance will enable the transition to the Cloud-Centric Leadership Organization we have described above.  Next, you must integrate the Cloud Governance Lifecycle into your Acquisition, IT Governance and Program Management Processes, which will enable the proactive, IT resources brokering construct to become reality.  Finally, you must gather empirical data and metrics to validate the business model for integrated Cloud management and governance according to your version of the Cloud Governance Lifecycle. You must have the data and metrics to enable transparent comparison of products/IT capabilities, prices, SLAs, availability, performance metrics for all internal and external IT resources. This will create a Cloud resource marketplace that ensures your business customers have choices and transparent pricing to make the best decisions, all within a model proactively created by the Cloud-Centric Leadership Organization of the future.SummaryThis whitepaper establishes the foundation of a Cloud Governance Lifecycle, which is the basis for not onlymanaging and governing your current or future Cloud, but for transitioning into a Cloud-Centric LeadershipOrganization. The Cloud Governance Lifecycle must be adapted to your enterprise, and integrated into existingIT governance processes. However, do not hamstring your future Cloud governance requirements by anchoringthem to an outdated and inefficient legacy IT governance model. Remember, Cloud is an agility-enablingcapability, and should not be bolted onto an inherently cumbersome and slow legacy IT governance model. Toaccelerate the transition to a Cloud-Centric Leadership Organization, leverage the action plan above and make itwork for your enterprise. In parallel with planning your Cloud, plan the Cloud Governance Lifecycle that youneed to manage and govern your Cloud. Remember, Cloud computing is the enabler, while Cloud managementand governance is the secret sauce!For more information please contact:Sandra G. Callahanscallahan@agile-path.com 11