Search your topic here

Cloud governance

RGPV: Cloud Computing: Unit 3


Cloud governance is a general term for applying specific policies or principles to the use of cloud computing services. The goal of cloud governance is to secure applications and data when they are located remotely.

            In other terms we can say that cloud governance refers to the decision making processes, criteria and policies involved in the planning, architecture, acquisition, deployment, operation and management of a cloud computing capability.

There are five reasons of cloud governance:

Ø  Enable “business at cloud speed” and establish a cloud centric IT operating model based on the speed, agility and cost of cloud computing.

Ø  Enable appropriate cloud decision making without friction.

Ø  Integrated with existing Enterprise IT Governance processes, policies, boards and tools.

Ø  Balanced appropriate coverage for key decisions, Investments and risks while achieving the benefits of clouds.

Ø  Proactive to anticipate and prevent shadow clouds and unauthorized cloud activities that expose organizational risks.

Cloud management platforms with enterprise grade governance capabilities will play a critical role in enabling this IT transformation. We can define cloud governance as the framework to:

Ø  Convert rules, decisions and rights for the usage of IT resources into policies.

Ø  Ensure that cloud resource accessibility, provisioning, security, and operating procedures are executed in accordance with policies.

Ø  Provide automatic altering mechanism and remediation responses if policies are violated.

Ø  Provide capability to track policy changes and generate audit trails.

Effective governance tools are necessary to avoid careless or unauthorized use of cloud based IT resources, which includes the practice known as “shadow IT”. Ungoverned IT usage can result in very real and dangerous consequences such as customer and corporate data being exposed, services going down, regulations being violated, backup plans being overlooked, and a myriad of other IT safeguards being ignored.

      A lack of control over who can provision a workload to the cloud, where it can be deployed, for how long, and at what cost or capacity, will not be tolerated by those responsible for managing IT resource consumption in a large enterprise. Cloud governance encompasses not just these risk management concerns, but also significantly impacts overall cloud adoption and the full realization of cloud agility and cost savings benefits. Increasingly, IT organizations are recognizing cloud governance as a top concern for their company’s successful adoption of cloud computing.

      The governance is applied in cloud for:

Ø  Setting company policies in cloud computing.

Ø  Risk based decision which cloud provider, if any, to engage.

Ø  Assigning responsibilities for enforcing and monitoring of the policy compliance.

Ø  Set corrective action for non-compliance.

Many organizations have their own cloud governance model; the Microsoft’s Cloud Governance Model is one of them.

Microsoft’s Cloud Governance Model

Microsoft (2010) also proposes a cloud governance model for its azure cloud platform. The main focus of the governance model from Microsoft is about policy management. The model is composed of three main parts, including design time, run time governance and change management governance.


              Figure: Microsoft’s Cloud Governance Model (Microsoft, 2010)

During design time, it is imperative to define service policies, quality of standards and SLA levels. During runtime, policies are enforced and the application/service performance and compliance are carefully monitored.

Change management governance is set to track the change activities and asset. It is required to provide and manage report, alert, and log at the same time. The three components work together to ensure correct versioning, scale and ensure security compliance.