+ All Categories
Transcript
Page 1: AgilePath WhitePaper Cloud Gov Lifecycle

Exploring the Cloud Governance Lifecycle™

Accelerating the Transition to a Cloud-Centric

Leadership Organization™

An IT Executive Perspective™ from AgilePath Corporation

January 24, 2011

AGILEPATH CORPORATION 38 MERRIMAC. STREET NEWBURYPORT, MA 01950

“Accelerating Enterprise Agility”

Page 2: AgilePath WhitePaper Cloud Gov Lifecycle

2

Executive Summary Cloud computing is high on the Gartner Group hype cycle for many reasons. The good reasons focus on the

compelling benefits offered by Cloud computing to adopters, regardless of the public-private-hybrid Cloud

deployment scenarios, and regardless of the pattern of Cloud desired. The benefits will ultimately be realized as

this technology matures and becomes mainstream. However, a number of Cloud obstacles remain to be

addressed, including the security concerns, the lack of industry standards for APIs, and ensuring cloud

portability, interoperability and integration.

However, a larger challenge remains, which is the topic of focus in this whitepaper: Cloud Governance.

AgilePath feels that a Cloud Governance framework will not only help large enterprises make the best strategic

and architectural choices with respect to Cloud, but will provide a next generation IT resource management

model that will pave the way for the future of IT organizations going forward.

For Commercial and Federal Government organizations, Cloud computing and Cloud governance will bring

important changes to the ways in which IT resources and capabilities are specified, architected, acquired,

implemented, integrated, managed, provisioned, consumed, and ultimately retired. This whitepaper offers not

only an end-to-end view of Cloud governance, but it paints a future vision for Information Technology that will

help it remain relevant in an age where, increasingly, IT organizations are disintermediated from their business

customers by global forces of outsourcing, managed services and public Clouds, while demand for customer

service, reliability, performance and results remains high. IT must adapt to these forces, and the Cloud

Governance Lifecycle offers a way out of the quandary. We call organizations that adopt this approach Cloud-

Centric Leadership Organizations.

Cloud-Centric Leadership organizations have an opportunity to be proactive with Cloud computing, both from a

technical and architecture perspective, but more importantly from an acquisition, governance and management

perspective. This whitepaper details a course of action that is both daring yet pragmatic, and offers a vision for

the IT organization of the future.

The Cloud Governance Lifecycle offers a pathway to an integrated model for managing, provisioning and

governing for all IT resources, whether they are internal resources, 3rd party managed services, or public cloud

resources. An integrated Cloud resource management framework will allow consistent strategy, architecture

acquisition and resource provisioning, supported by IT policies, for the consumption of resources, with the

support of a new IT governance capability. Fortune favors the bold. IT leadership must act quickly and

decisively to establish an integrated model for IT resource management, and provide a means to optimize total

lifecycle costs for all IT resources.

Introduction Every new technology trend usually creates a vacuum in the form of key IT disciplines that will help with the

adoption, insertion and value creation from that new technology. Information Technology (IT) acquisition

processes tend to be strained with new technologies. There is typically a lack of industry standards for the new

technologies. Proven methodologies and guidance as to how best to adopt these new technologies are almost

Page 3: AgilePath WhitePaper Cloud Gov Lifecycle

3

always missing. And finally, Enterprise IT governance processes tend to strain or fracture with the rise of new

technologies.

The new IT buzz centers on Cloud computing. Cloud computing will challenge existing IT management and

governance paradigms much as previous technology trends did. This white paper explores the impact of Cloud

computing on IT governance, and develops the concept of a Cloud Governance Lifecycle. In reality, Cloud

computing requires a lifecycle of lifecycles, depending on the approach an organization pursues with Cloud. As

this exciting technology trend accelerates, the governance issues will become increasingly critical.

Definition of Cloud Governance Cloud Governance is a new concept, and so we must spend some time on terminology. Cloud Governance

refers to the decision making processes, criteria and policies involved in the planning, architecture, acquisition,

deployment, operation and management of a Cloud computing capability.

Cloud governance in many respects resembles SOA governance, except that Cloud is focused on a different type

of enterprise resources, or Services, that may or may not overlap with SOA services. Both SOA and Cloud

computing are service-oriented architectures at their core. Both have Consumers and Providers, connected

together by a service contract and service-level agreements (SLA). Both are trust-based resource models, in

which consumers have a dependency on the provider to ensure reliably and assurance that the needed

resources will be there when they are needed.

SOA capabilities can be embedded in and delivered by a Cloud architecture, or Cloud can be applied to the

infrastructure services of a SOA strategy. Of course, combinations of both can also be contemplated. However,

the relative newness of Cloud demands more focused attention on its unique governance requirements. To that

end, we have developed a Cloud Governance Lifecycle model.

The proposed Cloud Governance Lifecycle™ describes the end-to-end requirements of Cloud Governance, from

planning, architecture and deployment to bursting, switching Cloud providers, and offboarding from a Cloud in

the event an organization chooses to move capabilities back in-house from a public Cloud, or even migrate them

to dedicated infrastructure resources.

Framing the Cloud Governance Challenge Developing a Cloud computing governance lifecycle requires some work to frame the scope of the problem,

especially given the immaturity of Cloud computing and the broad range of solutions it encompasses. With

NIST’s simple model of Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service

(SaaS), we can frame the discussion at a fundamental level. However, given that there are many variations of

clouds, or cloud patterns, that can be created and deployed based on a rich set of potential business use cases,

we need an extensible approach that can cover them all. While NIST’s model is a start, it by no means reflects

the richness and variety of Cloud patterns in the industry.

The choice of Cloud deployment patterns also adds a layer of complexity on the Cloud Governance Lifecycle

discussion. Whether you deploy an internal private Cloud, or leverage public cloud service offerings, or go with

Page 4: AgilePath WhitePaper Cloud Gov Lifecycle

4

a hybrid approach that leverages the best of both worlds, you must still understand the complete cloud

governance lifecycle requirements. There is no free lunch, as they say, but there may be a different or a better

lunch, or you may eat in or dine out. Someone must take responsibility for the intersections of the various

Cloud governance requirements.

Introducing the Cloud Governance Lifecycle The Cloud Governance Lifecycle encompasses five broad categories of requirements, as illustrated in Figure 1

below:

Figure 1: Cloud Governance Categories

These Cloud governance categories are described in the sections that follow.

Cloud Strategy and Planning: Describes the processes and policies that relate to Cloud strategy development,

planning, business case development, analysis of alternatives, go/no go criteria, and related Cloud planning

steps.

Cloud Architecture, Design and Deployment: Describes the processes and policies relating to development of a

Cloud Reference Model, a supporting Cloud Reference Architecture, and ultimately the design and deployment

of a Cloud (Internally) or to a Cloud (externally) based on Cloud use cases, documentation of appropriate Cloud

enablement and deployment patterns. Also included in this section are Cloud security models and architectures,

which will be critical to success of all Cloud deployments.

Cloud Acquisition, Vendor Selection and Negotiation: Describes the processes and policies focused on Cloud

acquisition, vendor evaluation, comparison and selection, and contract negotiations, which must include SLA

definition, Quality of Service definition, and appropriate security, business assurance and operational

requirements.

Page 5: AgilePath WhitePaper Cloud Gov Lifecycle

5

Resource Provisioning and Management: This tier of Cloud governance focuses on the processes and policies

surrounding requirements for resource enablement, installation and readiness, provisioning and management.

These activities are all about establishing the Cloud resource pool, providing access to and provisioning those

resources, and ultimately managing the Cloud resources.

Cloud Operations and Runtime Management: Describes the processes and policies focused on the operational

management of a Cloud, including the monitoring, network and systems management functions, capability

monitoring, alarming and fault notification, and all related operational and runtime management processes.

Taken together, these five areas of Cloud Governance can be represented as an end-to-end set of connected

processes that should be considered when determining what a particular organization’s Cloud Governance

Lifecycle should be. The end-to-end view of the Cloud Governance Lifecycle is described below.

The Detailed End-to-End Cloud Governance Lifecycle The detailed Cloud Governance Lifecycle is illustrated in Figure 2 below. While the chevrons denote high-level

activities of the Cloud Governance Lifecycle, in reality there are many fine-grained details required to design and

implement a robust end-to-end Cloud Governance model.

Figure 2: Detailed Cloud Governance Lifecycle Overview

The major activities of the Cloud Governance Lifecycle are explored in the sections below.

Page 6: AgilePath WhitePaper Cloud Gov Lifecycle

6

Cloud Strategy & Planning The Cloud Strategy and planning process, at a high level involves making clear choices about what Cloud

computing means to an organization, what mission, business and IT challenges are making you consider Cloud

solution, and formally documenting a Cloud strategy that enables the enterprise. The high-level steps involved

in this strategic level of Cloud governance are illustrated below.

The governance requirements here focus on a business- and mission-aligned Cloud strategy, with explicit formal

documentation of what a Cloud strategy will do for the enterprise in cost savings, mission enablement, IT

operating efficiencies, optimization of resources, and more. Ultimately, the governance decision at this level is

whether to formally pursue Cloud computing, or to wait and see. A bridging tactic might be to experiment with

Proof of Concepts and Pilots, which will help make the strategic decisions about Cloud less risky.

Cloud Architecture, Design and Deployment The Cloud Architecture, Design and Deployment processes involve critical governance requirements related to

Cloud Reference Model and Reference Architecture development, alignment to key Cloud industry standards

(which are admittedly immature), Cloud solution design (for your unique Cloud enablement and deployment

pattern requirements), Cloud security, Cloud integration, interoperability and portability, and also Cloud testing,

quality assurance. The key activities are illustrated below.

The Cloud Architecture, Design and Deployment activities must explicitly address Cloud security, should

embrace the lack of mature Cloud standards until they mature, and must also investigate models for distributed

testing of Cloud-enabled capabilities for the diverse range of Cloud enablement patterns and deployment

patterns. Cloud architecture governance is very important in the early stages of adoption!

Cloud Acquisition and Contracting Cloud Acquisition and Contracting governance activities focus on Cloud acquisition, vendor evaluation,

comparison and selection, and contract negotiations, which must include SLA definition, Quality of Service

definition, and appropriate security, business assurance and operational requirements. Key activities are

illustrated below.

Page 7: AgilePath WhitePaper Cloud Gov Lifecycle

7

The primary thrust of Cloud Acquisition and Contracting governance is to bring discipline and proactive

contracting processes to bear on the emerging Cloud domain, especially given that many organizations are using

public Clouds to bypass their current slow and outdated IT acquisition and governance processes to meet

market place and business demands.

Resource Provisioning and Management Cloud Resource Provisioning and Management governance processes center on requirements for capacity

planning, ensuring the Cloud resource pool is elastic and dynamically provisionable, and that you can plan

capacity ahead of demand for that capacity. Just-in-time capacity, in a Cloud-centric world, is too late. The

Cloud business and operating model must be anticipatory and proactive. Key activities for this group of

requirements are illustrated below.

These activities are all about establishing the Cloud resource pool, ensuring it is dynamically provisionable, that

it not only meets mission and business needs but anticipates them. These processes must provide access to and

provision those resources, and ultimately manage the Cloud resources per the Cloud strategy and operating

model that is desired. Other key activities here include Cloud monitoring, management, operations and

support, maintenance, versioning and sustainment of the Cloud environment on behalf of its consumers.

Cloud Contingency Planning and Resource/Provider Management Cloud Contingency Planning and Resource/Provider Management focuses on the governance processes and

activities that enable a robust, reliable and agile Cloud environment to be established. The major types of

activities for Cloud contingency planning are illustrated below.

The Cloud contingency planning requirements include explicit plans for Cloud busting, or leveraging public Cloud

resources in times of peak demand, switching Cloud service providers, migrating from private to public and back,

as needed, and even offboarding from a public Cloud back to your internal Cloud. Governance requirements

Page 8: AgilePath WhitePaper Cloud Gov Lifecycle

8

here should also address continuity of operations (COOP), disaster recovery (DR) scenarios, back-up procedures,

and other related needs.

Implications for IT Leadership and Cloud-Centric Leadership Organizations The Cloud Governance Lifecycle above provides a structured basis for CIOs, CTOs and Chief Architects to plan,

architect, acquire and operate a Cloud-enabled environment in support of their business, mission and IT

objectives. However, the greater opportunity for IT leaders is to establish an integrated Cloud management and

governance framework, layered over a hybrid or private-hybrid Cloud architecture, and begin to define and

implement the IT organizational and operating model of the future. This approach is the pathway to becoming a

Cloud-Centric Leadership Organization.

IT Leadership must begin to proactively acquire and broker IT resources, as a set of integrated, managed Cloud-

enabled resources, and provision them in the “capacity-ahead-of-demand” model described above. IT

Leadership must create an environment where it can manage all IT resources – infrastructure, data center,

application middleware, application platforms, and even SaaS-based applications – through a singular IT

governance construct, and essentially empower their internal business consumers to self-service access to IT

resources and capabilities. An integrated Cloud management and governance framework will enable Cloud

resource consumers to compare prices, evaluate offerings, service levels, and ultimately consume only the IT

resources they want, when they want, yet in a proactive model that is established, managed and maintained by

the IT organization. IT organizations of the future must act as the relationship manager to all business units and

consumers of IT resources. IT organizations must once again become the trusted acquisition agent, broker and

provisioner of all IT resources, regardless of whether they are internal, external or managed services from

trusted suppliers.

IT Leadership must envision and realize the processes of the Next Generation of IT. The new role of IT

Leadership is illustrated in the figure below, and each of these requirements is explained in the sections that

follow.

Enterprise Services Computing Strategy: IT Leadership must define a comprehensive framework for Enterprise

Services Computing, which includes SOA, Cloud and all managed services, again irrespective of whether they are

internal, external or managed services provided by trusted partners.

Business/Mission Relationship Management: IT Leadership must define processes and roles to become a

trusted advisor, partner and relationship manager for its business units, key programs and projects, and IT

resource consumers. As with the IT organization of the future, in order to avoid disintermediation, IT

organizations must be relevant and proactive on behalf of its consumers.

IT Resources Acquisition & Contracts Management: IT Leadership must proactively establish relationships,

acquisition processes, contracts and SLAs with potential IT resource providers, again, in a capacity-ahead-of-

Page 9: AgilePath WhitePaper Cloud Gov Lifecycle

9

demand paradigm. Based on the Business/Mission Relationship Management role described above, IT

Leadership can begin to develop the acquisition and contracts necessary to support anticipatory provisioning of

Cloud services and other IT resources to its business and mission consumers.

IT Resource Portfolio Management: IT Leadership must develop an integrated portfolio of Enterprise

computing resources, including Cloud services, infrastructure services, SOA services, managed services and

other, and allow the transparent comparison of the prices, SLAs, availability, and other terms and conditions,

such that the consumers can easily access, consume and manage based on a self-service, self-governance

model. IT Leadership will manage investments in the portfolio, optimize choices and drive standardization, and

in this way achieve tremendous savings in IT spending.

IT Resources Brokering: IT Leadership must use the Cloud governance concepts in this whitepaper to create an

IT resource brokering role , supported by self-service portals, Cloud management and governance processes,

policies and technologies. In this manner, IT Leadership can become the master service broker to its business

partners and end-users in a proactive fashion.

Integrated IT Resources Management: IT Leadership must implement a framework in which it can manage all IT

services as integrated capabilities, acquired and deployed, managed and provisioned, accessed and consumed,

and versioned and maintained using an integrated resources management model. This approach includes Cloud

governance lifecycle processes, technical capabilities, and a new approach to managing IT resources.

A Cloud-Centric Leadership Vision for IT Based on the model above, IT Leadership can achieve this vision of the IT organization of the future. If IT

leadership chooses to pursue this model, the following vision statements might become reality.

Cloud-Centric Leadership Organizations will redefine the role of the CIO and the IT organization based

on a model of integrated resource management, Cloud-centric governance lifecycle principles, and the

relationship management/resource broker model. This model is the future, and it is closer to reality

than many would care to admit.

Cloud-Centric Leadership Organizations will achieve better optimization of their IT spending on all IT

resources and services, from internal providers, external/3rd party providers, and trusted managed

services and solution partners. This will enable competition and price comparisons, which will create a

consumer-friendly environment while encouraging a cost-optimized environment.

Cloud-Centric Leadership Organizations will establish internal benchmarks for Cloud services to

compare with those of internal and third party public Cloud service providers, which will create a

transparent model by which it can manage IT spending. IT resource providers in this equation will

include any internal or external entity that provides IT resources.

Cloud-Centric Leadership Organizations will deploy hybrid or private-hybrid Clouds that will establish

the technical resource delivery framework for such a model, essentially becoming an internal

Page 10: AgilePath WhitePaper Cloud Gov Lifecycle

10

relationship manager and integrated services broker for internal, 3rd party and all IT services. While the

Cloud implementation is critical to enabling this integrated resource management and governance

model via the Cloud Governance Lifecycle, you must remember that implementation of the supporting

Cloud management and governance framework is equally critical to the aggregation and integrated

management and provisioning of all IT and Cloud resources.

Cloud-Centric Leadership Organizations can manage and provision highly differentiated business and

IT services and provide them to external consumers, essentially creating new revenue opportunities

and new pathways to innovation. Cloud computing will introduce a new innovation engine by lowering

the threshold and eliminating barriers to IT capabilities. Internal innovation and rapid time to market

will be the result when IT resources are unshackled from outdated IT governance processes that

emphasized “slow” and “no” over “Why not?” and “How fast would you like it?” Cloud-Centric

Leadership Organizations will become enablers to internal innovation by unleashing its IT capacity from

legacy constraints.

Cloud-Centric Leadership Organizations will proactively define and implement the Cloud Governance

Lifecycle framework for integrated services management, procurement, provisioning, cost

allocation/chargeback, resource management and brokering, and in doing so will leap ahead of its

competitors and peers with the vision, processes and capabilities to realize the benefits of a Cloud-

centric enterprise.

This Cloud-Centric vision of the future can be amplified and expanded, but the key points have been made. Your

IT future is here, and you can embrace the opportunity or stand pat with a status quo approach. Again, fortune

favors the bold.

A Cloud-Centric Leadership Action Plan Should your organization choose to act on these concepts, the following activities might be considered as a high-

level action plan that will transition you to a Cloud-Centric Leadership Organization:

First, you must define the Cloud management and governance strategy, architecture and business case

(Cloud focus, metrics, savings and synergies) quickly to understand the investments, savings, and

operating model of this approach.

Next, you must define your Cloud Management and Governance (CMaG) Lifecycle processes, by

adapting the Cloud Governance Lifecycle above to your needs and requirements, and integrating it into

current Enterprise and IT governance processes.

Third, you must select and deploy a Cloud Management platform to integrate, manage, broker and

provision Integrated Cloud Resources per the model above. This will require vendor evaluation,

selection, pilots/proof of concepts, and the normal due diligence to ensure fit to the vision we have

described above.

Page 11: AgilePath WhitePaper Cloud Gov Lifecycle

11

Fourth, you should implement an appropriate Cloud computing platform to enable integrated

management and provisioning of internal and external resources. Whether you choose a hybrid

Cloud, or a private-hybrid Cloud, depending on your security requirement and business objectives, keep

in mind that the Cloud is an enabler, while the Cloud Management and Governance model is the secret

sauce. Integrated Cloud management and governance will enable the transition to the Cloud-Centric

Leadership Organization we have described above.

Next, you must integrate the Cloud Governance Lifecycle into your Acquisition, IT Governance and

Program Management Processes, which will enable the proactive, IT resources brokering construct to

become reality.

Finally, you must gather empirical data and metrics to validate the business model for integrated

Cloud management and governance according to your version of the Cloud Governance Lifecycle. You

must have the data and metrics to enable transparent comparison of products/IT capabilities, prices,

SLAs, availability, performance metrics for all internal and external IT resources. This will create a Cloud

resource marketplace that ensures your business customers have choices and transparent pricing to

make the best decisions, all within a model proactively created by the Cloud-Centric Leadership

Organization of the future.

Summary This whitepaper establishes the foundation of a Cloud Governance Lifecycle, which is the basis for not only

managing and governing your current or future Cloud, but for transitioning into a Cloud-Centric Leadership

Organization. The Cloud Governance Lifecycle must be adapted to your enterprise, and integrated into existing

IT governance processes. However, do not hamstring your future Cloud governance requirements by anchoring

them to an outdated and inefficient legacy IT governance model. Remember, Cloud is an agility-enabling

capability, and should not be bolted onto an inherently cumbersome and slow legacy IT governance model. To

accelerate the transition to a Cloud-Centric Leadership Organization, leverage the action plan above and make it

work for your enterprise. In parallel with planning your Cloud, plan the Cloud Governance Lifecycle that you

need to manage and govern your Cloud. Remember, Cloud computing is the enabler, while Cloud management

and governance is the secret sauce!

For more information please contact:

Sandra G. Callahan

[email protected]


Top Related