Fulton - Cloud Governance and Management Made Simple: Practical Step-by-Step Guide for Small and Mid-Sized Organizations

CloudGovernance & Management Made Simple

PracticalStep-by-Step Approach for Small & Mid-Sized Organizations

ByLita Fulton

Copyright2015 by Right Solution, Inc.

All rights reserved. No part ofthis publication may be reproduced, distributed or transmitted in any form orby any means, including photocopying, recording, or other electronic ormechanical methods, without the prior written permission from the publisher,except in case of brief quotations embodied in critical reviews and certainother noncommercial uses permitted by copyright law. For permissionrequests, write to the publisher, addressed Attention: CopyrightManagement," at the address below:

Right Solution, Inc.
3213 Duke Street #679
Alexandria, VA 22314
www.rtsicorp.com
inquiry@rtsicorp.com

This book is dedicated to my familyand friends. I love you all, and I am grateful for your love and support.

I would also like to dedicate thiseffort to my many clients over the years for the confidence and trust youplaced in me in helping you to meet your organizational goals andobjectives. This book would not be possible without the many insights,and lessons learned from those engagements.

Table of Figures

Table of Tables

First andforemost I would like to thank God for strength and grace throughout thisprocess.

A specialthank you to my nephew Marcus for his illustrations and constant support.

Thank youto my dear friend Donnellda Rice for your amazing effort and comprehensiveeditorial comments. You are a terrific person, and a true friend. Iappreciate you.

Manythanks to my long-time friend Sadiqq Abdullah foryour commentary and discussion. You brought the appropriate skill mix tothe review process, and your comments were extremely helpful. You aresuch a wonderful person with a great, inviting spirit.

Last, butnot least many thanks to my sister Minda , my parents(Willie and Connie), Aunt Sarah, and to Reggie for being sounding boards for myideas, for your many insights, and for your constant encouragement.

InformationTechnology (IT) related governance is a comprehensive and complexdiscipline. Multiple theories on IT and business alignment, the use ofBalance Score Cards (BSCs) to align goals, analysis of business units andproduct lines in strategy formulation, and an array of standards and frameworksall add to the complexity. These tools and techniques are beneficial andoften necessary for enterprise-level, IT-related governance. Many smalland mid-sized organizations find enterprise-level techniques overwhelming andimpossible to implement given resource constraints. However, theseorganizations still need an effective way to govern and manage IT. Withthe emergence of cloud computing the need for efficacious management andcontrol has taken on an increased significance, particularly for governmentorganizations that have an array of security, privacy and regulatory concerns.

This bookprovides a practical step-by-step approach to constructing and implementing aCloud Governance and Management System (CGMS) that is effective and sizeappropriate. The techniques presented are intended for use by small andmid-sized organizations, both standalone organizations and those within largerenterprises. The goal is to help those organizations prepare for thesuccessful acquisition and oversight of cloud services.

Many ofthe approaches described throughout this book are tried-and-proven practicesimplemented and refined over several years of working with businesses to defineand accomplish technology-related process improvements. Other approachesexpand on or were inspired by the methodologies defined in Control Objectivesfor Information and Related Technology (COBIT) version 5, ISO 38500:2008(Corporate Governance of Information Technology), and the Weill and Rossframework.

This bookis intended for IT Managers and IT Executives within small and mid-sized organizationscharged with governing and managing cloud services.

Much isunsettled and unresolved in industry when it comes to defining andstandardizing cloud computing services and related disciplines. This is duein part to the many nuanced challenges, benefits, and implications of cloudcomputing that are still unfolding. Conversely, a meaningful amount ofstandardization and knowledge exists within the area of IT governance. ITgovernance is the parent governing body for cloud governance. In ITgovernance, there are two widely accepted standards/frameworks COBIT 5 and ISO38500.

Also,included in a shortlist of industry-recognized authorities on IT governance isthe body of work produced by Peter Weill and Jeanne W. Ross at the MIT SloanSchool of Management. Weill and Ross have published several articles anda book, IT Governance: How Top Performers Manage IT Decision Rights forSuperior Results, describing their research findings and relatedanalyses. Weill and Ross (2004) summarize that effective IT governance isthe single most important predictor of the value an organization generates fromIT (Chapter 1, para. 8)

To definecloud governance it is helpful to give it context, starting from anunderstanding of Corporate Governance'' in general and IT Governance inparticular. Cloud governance can be viewed as an extension or componentof IT governance, as illustrated in Figure 1.

Figure1: Context for Corporate, IT and Cloud Governance

In COBIT 5Implementation (ISACA, 2012), Governance is generally defined as ensuringthat stakeholder needs, conditions and options are evaluated to determinebalanced, agreed-on enterprise objectives to be achieved; setting directionthrough prioritization and decision making; and monitoring performance andcompliance against agreed-on direction and objectives (p. 13). COBIT 5goes on to identify scope as being important in determining the focus andsize of a governance initiative.

Weil andRoss (2004) generally define governance as specifying the decision rights andaccountability framework to encourage desirable behavior (Chapter 1, sec. 2,para. 2). The two (Weill and Ross) (2004)provide a more granular andspecific view of Corporate/Enterprise Governance than COBIT 5, by identifyingsix key assets that should be governed human, financial, physical,intellectual property, information and IT, and relationship (Chapter 1, sec. 1,para. 6). Shown in Figure 2, this hierarchy of responsibility,accountability, and governance domains provides a holistic view of thegovernance function and where IT governance fits.

IfFigure 2 were further decomposed it would presumably specify what is beinggoverned within each of the six key assets. Figure 3 takes a closer lookat what is likely governed within Information & IT Assets. As shown,cloud governance can be viewed as a component of infrastructure governance,which in turn is a component of IT governance. It is noteworthy that ITand cloud governance can occur on multiple levels within an organization.