SlideShare une entreprise Scribd logo

Getronics - Governance and the Cloud

Maurice Remmé
Maurice Remmé

Governance and the Cloud After a few years of hype, Cloud is now becoming part of the mainstream enterprise IT landscape. As with any technology or technology model, uptake demands compliance mechanisms. If you rely on something, you must have the rules and metrics required to set the standards of performance, usage and return. In this white paper, Getronics examines cloud governance, with particular focus on how cloud-specific governance becomes an integral element of overall IT and business governance models.

BusinessTechnologie
1  sur  13
Télécharger pour lire hors ligne
GOVERNANCE AND THE CLOUD
INTRODUCTION AFTER A FEW OF YEARS OF HYPE, CLOUD IS NOW BECOMING PART OF THE MAINSTREAM ENTERPRISE IT LANDSCAPE. AS WITH ANY TECHNOLOGY OR TECHNOLOGY MODEL, UPTAKE DEMANDS COMPLIANCE MECHANISMS. IF YOU RELY ON SOMETHING, YOU MUST HAVE THE RULES AND METRICS REQUIRED TO SET THE STANDARDS OF PERFORMANCE, USAGE AND RETURN. In this white paper, Getronics examines cloud governance, with particular focus on how cloud-specific governance becomes an integral element of overall IT and business governance models. For many, the barrier to cloud-adoption has been largely about trust. Different organizations will always need to decide which IT delivery models are most suited to their own circumstances. Hopefully, Getronics’ analysis of cloud governance will at least, help to bring clarity to this essential aspect of cloud decision- making. WHO IS THIS PAPER FOR? Getronics hopes that this paper will be useful to IT managers, and especially to those with a professional interest in govern- ance. The paper is not overly technical, and also covers topics which members of Legal and Procurement teams in particular may find interesting. On a more general level, we highlight the importance of being able to measure the effectiveness of cloud delivery in terms of operational and business value, and in that respect, there may be members of operations and business development who will also find interest here. Getronics has a number of governance specialists who are specifically focused on the impact of cloud, and if you are interested in discussing any of the ideas raised in this paper, do feel free to contact us directly via Maurice Remmé at maurice.remme@getronics.com or look at www.getronics.com. CLOUD – DEFINITION AND STRATEGY We will start with a formal definition. Getronics finds the National Institute of Standards and Technology (NIST I) defini- tion serves well: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
BROAD ON-DEMAND RAPID ELASTICITY MEASURED SERVICE NETWORK ACCESS SELF-SERVICE ESSENTIAL CHARACTERISTICS RECOURCE POOLING SOFTWARE AS A PLATFORM AS A INFRASTRUCTURE AS A SERVICE SERVICE (SaaS) SERVICE (PaaS) SERVICE (IaaS) MODELS DEPLOYMENT PUBLIC PRIVATE HYBRID COMMUNITY MODELS Figure 1 Visual model of NIST working definition of cloud computing For a non-IT audience, we can make this a bit less formal: The need to balance promise and control is complicated by the “By using applications and resources that are delivered over the fact that the cloud, for the first time, puts the service consumer internet, cloud computing gives enterprises and individuals in the driving seat. When a business user can buy access to a access to resources as required - paying for use not ownership.” cloud-based service “on expenses”, the landscape of control changes. For this reason, the IT governance model must Over the last twelve months, Getronics has seen cloud rise to respect this new agility without abandoning traditional the top of the agenda in discussions with clients, and with this, management responsibility. a desire to develop more formal and more structured cloud strategies and governance frameworks. To resolve this dilemma, organizations first need to understand what they expect from cloud, and must then follow through We have also seen that for many, cloud computing presents a with strategy, policy and design architecture. The approach to dilemma: IT decision-makers need to balance the promised cloud must be in tune with the organization’s business strategy, benefits on the one hand, with the need for control on the and this demands that cloud governance is fully and clearly other: integrated with their overall IT governance structure. • Promise - zero CapEx, scalability, agility and the chance to respond rapidly to changing behavior • Control - enterprise-wide governance, compliance, cost- effectiveness, co-existence with existing IT infrastructure and service level control.
GOVERNANCE – TERMS OF REFERENCE THE CHARTERED INSTITUTE OF MANAGEMENT ACCOUNTANTS EMPHASIZES THAT THERE ARE TWO DIMENSIONS OF ENTERPRISE GOVERNANCE - CONFORMANCE AND PERFORMANCE - AND THAT THESE TWO DIMENSIONS NEED TO BE IN BALANCE. ENTERPRISE GOVERNANCE BUSINESS CORPORATE GOVERNANCE GOVERNANCE I.E. CONFORMANCE I.E. PERFORMANCE ACCOUNTABILITY VALUE CREATION ASSURANCE RESOURCES UTILISATION Figure 2 The Enterprise Governance Framework - CIMAII • Conformance covers issues such as governance structures As IT and business strategies become increasingly enmeshed, and the assignment of accountability. It focuses on so IT governance increases in importance - and as cloud conformity and control, on legal adherence and liability. becomes increasingly mainstream, so its own governance • Performance covers strategy definition and value creation. framework comes to have a direct impact on both IT and Also known as business governance, this activity must business performance. deliver the evidence a board of directors needs to set strategy, and to define both the levels of acceptable risk and the key performance drivers. AND IT GOVERNANCE? As a subset of enterprise governance, IT governance mirrors exactly these dimensions of conformance and performance. In this respect, there are two reasons why IT governance matters: • It ensures that IT resources and practices are managed responsibly • It ensures that IT resources and practices are fit-for-purpose, and aligned with the overall business needs of the organiza- tion they serve
The IT Governance Institute identifies five domainsIII which must be covered if IT is to support business goals and deliver shareholder value, and each one of these applies to both traditional and cloud-based approaches. Some are primarily strategic, some operational, and some both: Domain Focus Strategic (S) Operational (O) 1 Strategic alignment Focus on aligning IT and business strategies - S collaborative solutions feature prominently. 2 Value delivery Focus on the cost of IT and on measuring its business S value. 3 Risk Focus on safeguarding IT assets, disaster recovery S/O Management and continuity. 4 Resource Management Focus on knowledge and IT infrastructure. Spans O acquisition, development and management of IT resources (including cloud services) from the pers- pective of people, process, and technology. 5 Performance Management Focus on tracking project delivery, execution and O monitoring of the IT services that support the business. Figure 3 shows how in a traditional IT governance model, these five domains relate to each other in the overall objective of contributing to the enterprise goal of shareholder value. SHAREHOLDER ENTERPRISE GOALS VALUE STRATEGY VALUE STRATEGIC ALIGNMENT DELIVERY RISK MANAGEMENT OPERATIONAL PERFORMANCE RESOURCE MANAGEMENT MANAGEMENT Figure 3 IT Governance model
For Getronics, these five domains remain the foundation of IT governance. The emergence of cloud does, however, change the orientation of the model. This change is shown in Figure 4, in which performance, resource and risk management all take on a new tactical importance. SHAREHOLDER ENTERPRISE GOALS VALUE STRATEGY VALUE STRATEGIC ALIGNMENT DELIVERY RISK MANAGEMENT TACTICAL PERFORMANCE RESOURCE MANAGEMENT MANAGEMENT PUBLIC CLOUD OPERATIONAL PERFORMANCE RESOURCE MANAGEMENT MANAGEMENT PRIVATE CLOUD Figure 4 IT Governace influenced by public cloud The hierarchical governance flow remains unchanged, as it With an IT governance model influenced by cloud, the control cascades from enterprise to corporate and then to IT. As cloud model becomes particularly important. Getronics sees three becomes an integral component of the governance framework, flavors of control model: it blurs the separation between pure IT and business opera- • Centralized tions. This is thanks, in part, to the fact that cloud models can • Decentralized to a large extent be driven by business service delivery rather • Hybrid. than by the ownership of IT assets. The choice of model will be made according to the best organizational fit, and will be influenced by culture, market and maturity. The key variations in these control models are shown in the following table: Model Local Authority Define Policies & Rules Monitoring & Reviewing Centralized Low Council Council Hybrid Mid Combined Combined Decentralized High Organizational Unit/Location Organizational Unit/Location Table 1 Governance models
CLOUD AND IT GOVERNANCE: TOGETHER OR APART? Getronics believes strongly that although the cloud is maturing, effective cloud governance will only be achieved if it is treated as an integral element of IT governance. In that position, like the overall IT governance structure, it will have a particularly close relationship with Security Governance. The overall governance framework is shown in Figure 5, below. BUSINESS GOVERNANCE ENTERPRISE SECURITY GOVERNANCE IT GOVERNANCE CLOUD GOVERNANCE GOVERNANCE CORPORATE GOVERNANCE Figure 5 Governance framework This integration will require a new governance council to be The regulatory and statutory requirements affecting cloud established within the control model. It will need to reflect the strategy will need particular attention. Depending on sector cloud strategy of the individual organization, and will need to and on geography, for example, the law regarding the physical mirror cloud usage according to infrastructure, platform and location of storage and service provision will dictate the cloud applications. options. Sitting within IT governance, the cloud governance council will Risk management and continuity will also be affected. need to set and define: How, for example, will your governance framework prepare for • Cloud service policies and processes contingency and continuity in scenarios in which a provider of • Quality of Service standards and SLA levels with regard to: cloud-services ceases to trade, or is acquired by a third party? - Infrastructure - Platform - Applications • Cloud security with regard to: - Confidentiality, integrity, and availability - Identity and access management
All cloud governance also needs to be able to operate in “run time”. Because cloud delivery is, by definition, on-demand, the associated governance model must be able to accommodate instant changes in usage volumes or in switches of delivery routing, storage or processing. CLOUD COMPUTING STRATEGIC VALUE RISK RESOURCE PERFORMANCE DOMAINS FOR IT ALIGNMENT DELIVERY MANAGEMENT MANAGEMENT MANAGEMENT GOVERNANCE Figure 6 Cloud Domains for IT Governance STRATEGIC ALIGNMENT Just as IT governance must be tuned to enterprise strategy, so it is for cloud governance. Cloud vision and strategy can only be meaningful if choices are made according to strategic enterprise requirement. The strategic alignment domain is the foundation for every- thing else, and it needs to be right. It will evolve, as the cloud itself evolves. Most importantly the governance council will need to check the model continually against the wider IT and corporate governance framework: changes there will mean changes here. Managing Architecture and Functionality The reference cloud architecture must be aligned with the business, and must respect industry, regulatory and company standards. It must place even more emphasis on business objectives than traditional non-cloud architectures. It must also take into full account all aspects of integration and interoperability with existing IT usage. Security, availability and contingency are high on the agenda, and must take into full consideration the impact of a change in service provider. Cloud governance will also require new skills, and the model must consider roles and responsibilities, particularly relating to provisioning, security, and operations. Sourcing needs particular attention. As cloud-based services can be purchased without the need for specialist IT knowledge, relationships between business purchasers and IT functions need special consideration. Cloud-based services can be highly-configured according to different professional and functional need. Strategic alignment must take this into account, making it possible for the enter- prise to build a clear picture of requirement, and to track changes in need and use. How this is done will depend on the culture of individual organizations: some will be proscriptive, others will not.
VALUE DELIVERY As a result, cloud governance models must be able to assess Value delivery must define, implement and manage the risk from this entirely new perspective. processes which underpin cloud strategy. It must translate cloud strategy into a program of tactical and operational action. RESOURCE MANAGEMENT This will include the processes for service acquisition, integra- tion, and provisioning and will embrace the management of Cloud Sourcing legal, technical and organizational risk. Directory services, Sourcing models can differ greatly with cloud: public, private along with identity management and usage metrics are also and hybrid cloud approaches need us to think differently about critical: because cloud is based on consumption – it is essen- governance. tial that you can monitor and measure what is being consumed, in what quantity and by whom. With regard to sourcing, cloud governance must consider vendor continuity, quality-of-service, business reporting and This domain is closely linked to the performance domain – compliance, cost modeling and more besides. it is through effective monitoring that the priorities for change become evident. Cloud cuts across such a broad spectrum of activities which previously sat within the IT governance framework. Because of this, it is necessary to develop new rules and new metrics built RISK MANAGEMENT around service provision and validation. Just as with IT governance, risk management in cloud governance must fulfill three functions: The promise of a shift from CapEx to OpEx is held up as a major • Assessing risk incentive to shift to cloud. This does, however, raise questions • Mitigating risk, and around sourcing governance. Where models are “pay-per-use”, • Measuring the success of that assessment and mitigation it becomes difficult to undertake cost and quality comparisons either between cloud-based and traditional models, or indeed This is not a static scenario. Risk shifts continually, and the between different cloud models. cloud governance model must be able to track these shifts. Cloud sourcing governance, also needs to take into account, Even though much of the terminology of cloud is new, the the ease with which cloud services can be purchased directly on technology is rooted in well-established virtualization prac- departmental budgets, or even on individual expense accounts. tices. What is new, are the service delivery and commercializa- tion models, and as with any untested area, these require Application portfolio planning & lifecycle particular attention with relation to risk. Even when cloud becomes fully established, most enterprises will continue to rely on a combination of traditional and cloud- Thomas J. Betcher establishes a clear analysis of risk and based applications. cloud in Cloud Computing: Key IT-Related Risks and Mitigation Strategies for Consideration by IT Security Practitioners: Here again, comparison becomes a challenge. Rather than focusing on the cost of managing the application portfolio, • Policy and Organizational risks: Lock-in, loss of governance, cloud sourcing governance focuses more on consumption and compliance challenges, loss of business reputation, cloud fitness-for-purpose: the actual cost of management becomes service termination or failure. indivisible from the cost of consumption. • Technical Risks: Availability of service, resource exhaustion, intercepting data in transit, data transfer bottlenecks, New applications and new functions, however, must be sourced distributed denial of service. as required, and the cloud governance sourcing model must • Legal Risk: Subpoena and e-discovery, changes of jurisdic- make it possible to analyze requests in terms of current usage, tion, data privacy, licensing. and to safely allocate development, testing and distribution in a way that can be subsequently re-charged according to usage. One particularly important observation in the Betcher report relates to risk and frequency. Many traditional IT governance Reporting transparency and business analysis are two particu- models are designed around IT life-cycles of around three larly interesting aspects of cloud sourcing governance. years. Within these cycles, IT audit leaves a detailed trail of Because both access to applications and usage visibility become version and upgrade information. instant across the enterprise, it becomes far easier both to promote common usage, and to amortize development and With the cloud, this changes. Not only does the cycle shrink management costs. massively (change can now be measured in hours and weeks rather than in years), but the actual versioning of the technology behind the service can remain completely hidden from the consumer.
People and skills to the tactical layer of the governance framework, at least The skills profile of an enterprise is central to IT governance – when shared and public cloud services are consumed. it is not just the technology which must be fit for purpose, but the professional capabilities of the people who manage it. These KPIs and thresholds should be defined to reflect busi- ness rather than technology performance, and for this reason, Cloud has a high impact here. Over the last five years, Getronics this domain is especially closely tied to strategy alignment. has moved rapidly from being a traditional IT service provider to becoming a services aggregator, and the emergence of cloud Good reporting is the foundation of both effective performance has had a major influence in this shift. Getronics has witnessed management and substantiated improvement initiatives. at first hand a reduction in demand for hardware and product- Two things happen in parallel here, as monitoring performance specific skills along with a corresponding increase in the becomes twinned with monitoring conformance. This can be importance of skills in managing a partner eco-system. seen clearly, for example, when analyzing usage in the light of This skill shift must also be considered in the context of data protection regulation. governance models for sourcing. The cloud control framework is closely related to corporate or IT control frameworks such as CobiT, and is used both to define PERFORMANCE MANAGEMENT and measure conformance. Getronics uses the cloud control This domain sets the KPIs and thresholds for the usage and matrix from The Cloud Security AllianceIV as a foundation for its provision of cloud services. As indicated previously, Getronics cloud control framework. The Cloud Control Matrix is part of the sees resource and performance management moving upward CSA GRC Stack. Control Area Control Control Specification Cloud Service Delivery Scope Applicability ID Model Capability SaaS PaaS IaaS Service Customer Provider Information IS 32 Policies and procedures shall be established Security and measures implemented to strictly limit Portable/ access to sensitive data from portable and Mobile mobile devices, such as laptops, cell phones, X X X X X Devices and personal digital assistants (PDAs), which are generally higher-risk than non portable devices (e.g. desktop computers at the organization’s facilities). Information IS 33 User access to program source code shall be Security restricted to authorize personnel. – Source X X X X Code Access Restriction Information IS 34 The use of utility programs that might be Security capable of overriding system and application – Utility controls shall be restricted. X X X X X Programs Access Legal – LG 01 Requirements for confidentially or non Non Disclo- disclosure agreements reflecting the organiza- X X X X X sure Agree- tion’s needs for the protection of data shall be ments identified and reviewed at planned intervals. Legal – LG 02 Agreements with third parties accessing, Third Party processing, communicating or managing the Agreements organization’s information assets, or adding products or services to information assets shall cover all relevant security requirements. X X X X Agreements provisions shall include security (e.g. encryption, access controls, and leakage prevention) and integrity controls for data exchanged to prevent improper disclosure alteration or destruction. Figure 7 Illustrative extract of the CSA Cloud Control Matrix
IT GOVERNANCE COUNCIL Before considering ensuing actions for cloud governance, we the existing charter, and to ask how the new cloud mandate is will take a moment to consider a possible organizational going to be represented within it. structure. As mentioned previously, Getronics firmly believes that an effective cloud governance model must be fully Clarity and focus are the watchwords, and hopefully you will integrated with IT governance, and will, as a result, be organ- find the five domains outlined in this paper a useful guide in ized in an IT governance council. considering the precise focus and pointer to the required roles and responsibilities. The council for cloud governance will, as a result, be embedded within the IT governance council, and will share the same The figure below, shows the structure of Getronics’ own IT obligations in terms of alignment with corporate and enterprise governance council, indicating how cloud has been embedded governance and, in particular, with security governance. within it. Note how the Cloud Innovation Council is formally integrated in the IT Governance Council, and in turn, is posi- The council’s charter becomes its most fundamental tool. If you tioned to draw on business and technology expertise from are establishing a cloud council within your existing IT govern- across the organization. The Portfolio Board are particularly ance council, it will be important to take a thorough review of influential. SENIOR EXECUTIVE(S) FINANCE INTERNAL AUDIT DEPARTMENT DEPARTMENT IT GOVERNANCE COUNCIL • CISO, CIO, CCO PORTFOLIO BOARD OF • BUSINESS EXECUTIVES BOARD DIRECTORS • PROCESS MANAGERS • IT & OPERATIONS • CLOUD INNOVATION COUNCIL LEGAL EXTERNAL DEPARTMENT PARTIES BUSINESS IT DEPARTMENT OPERATIONS EXECUTIVE(S) EXECUTIVES EXECUTIVES MANAGERS, MANAGERS, MANAGERS, TEAM LEADERS TEAM LEADERS TEAM LEADERS Figure 8 IT Governance Council
RECOMMENDATIONS Getronics has already adopted cloud-based delivery for a large REFERENCES proportion of its own infrastructure, platform and services. I NIST, National Institute of Standards and Technology Special We have invested significantly in the development and imple- Publication 800-145 (Draft) 7 pages (January. 2011), mentation of our cloud governance model as a result. http://csrc.nist.gov/publications/drafts/800-145/Draft- SP-800-145_cloud-definition.pdf We see traditional and cloud-based services running concur- II The CIMA Strategic Scorecard, March 2005. rently in most enterprises for many years to come, and do not http://www.cimaglobal.com/Documents/ImportedDocuments underestimate the corporate responsibility of addressing cloud /tech_dispap_CIMA_strategic_scorecard_0305.pdf governance as both a strategic and operational priority. III Board Briefing On IT Governance 2nd edition, 2003 , IT Governance Institute, Early excursions into cloud for many organizations were not http://www.isaca.org/Knowledge-Center/Research/ particularly formal – that’s normal. There is a risk, however, Documents/BoardBriefing/26904_Board_Briefing_final.pdf of allowing informal interest to gather momentum without IV Cloud Security Alliance, control, and it is important to build monitoring into the loop. http://www.cloudsecurityalliance.org/cm.html As always, the longer you leave it, the tougher it gets. ABOUT THE AUTHOR Getronics recommends its clients to formally task its own IT Maurice Remmé is responsible for Getronics Data Center and governance professionals with the assessment of cloud and Cloud initiatives worldwide and has a primary focus on vision, governance. It recommends that this is done as an integral strategy and portfolio development. Maurice has over 10 years element of overall IT governance, and that it is done while of experience in the ICT industry and at this moment is actively embracing both security and enterprise strategy. involved in the development and implementation of Getronics’ Services Aggregator strategy. If you would like to discuss any of these ideas or objectives with our own cloud compliance specialists, please do contact us. maurice.remme@getronics.com
getronics.nl

Recommandé

SOA Governance in the Cloud Webinar Slides
SOA Governance in the Cloud Webinar Slides SOA Governance in the Cloud Webinar Slides
SOA Governance in the Cloud Webinar Slides WSO2
 
Cloud computing innovation council - Overview
Cloud computing innovation council - OverviewCloud computing innovation council - Overview
Cloud computing innovation council - OverviewShrinath V
 
Orsyp presentation bnl_2013_def
Orsyp presentation bnl_2013_defOrsyp presentation bnl_2013_def
Orsyp presentation bnl_2013_defAnne Plancius
 
From ITOM to DevOps v1
From ITOM to DevOps v1From ITOM to DevOps v1
From ITOM to DevOps v1Malcolm Ryder
 
Cloud Strategy First
Cloud Strategy First Cloud Strategy First
Cloud Strategy FirstAmazon Web Services
 
Business-Driven Automation
Business-Driven AutomationBusiness-Driven Automation
Business-Driven AutomationCarl Terrantroy
 
The IT Process Trap
The IT Process TrapThe IT Process Trap
The IT Process TrapCarl Terrantroy
 
Ronald Schmelzer Keynote Address
Ronald Schmelzer Keynote AddressRonald Schmelzer Keynote Address
Ronald Schmelzer Keynote AddressNathaniel Palmer
 

Recommandé

SOA Governance in the Cloud Webinar Slides
SOA Governance in the Cloud Webinar Slides SOA Governance in the Cloud Webinar Slides
SOA Governance in the Cloud Webinar Slides WSO2
 
Cloud computing innovation council - Overview
Cloud computing innovation council - OverviewCloud computing innovation council - Overview
Cloud computing innovation council - OverviewShrinath V
 
Orsyp presentation bnl_2013_def
Orsyp presentation bnl_2013_defOrsyp presentation bnl_2013_def
Orsyp presentation bnl_2013_defAnne Plancius
 
From ITOM to DevOps v1
From ITOM to DevOps v1From ITOM to DevOps v1
From ITOM to DevOps v1Malcolm Ryder
 
Cloud Strategy First
Cloud Strategy First Cloud Strategy First
Cloud Strategy FirstAmazon Web Services
 
Business-Driven Automation
Business-Driven AutomationBusiness-Driven Automation
Business-Driven AutomationCarl Terrantroy
 
The IT Process Trap
The IT Process TrapThe IT Process Trap
The IT Process TrapCarl Terrantroy
 
Ronald Schmelzer Keynote Address
Ronald Schmelzer Keynote AddressRonald Schmelzer Keynote Address
Ronald Schmelzer Keynote AddressNathaniel Palmer
 
Ca Virtualisation Management
Ca Virtualisation ManagementCa Virtualisation Management
Ca Virtualisation ManagementCarl Terrantroy
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
DevOps Transformation Approach - Addteq
DevOps Transformation Approach - AddteqDevOps Transformation Approach - Addteq
DevOps Transformation Approach - AddteqAddteq
 
Cloud governance - theory and tools
Cloud governance - theory and toolsCloud governance - theory and tools
Cloud governance - theory and toolsAntti Arnell
 
Cloud First Architecture
Cloud First ArchitectureCloud First Architecture
Cloud First ArchitectureCameron Vetter
 
Andy chatha - arc advisory group - rethinking it and automation solutions
Andy chatha - arc advisory group - rethinking it and automation solutionsAndy chatha - arc advisory group - rethinking it and automation solutions
Andy chatha - arc advisory group - rethinking it and automation solutionsARC Advisory Group
 
Dennis Wisnosky Keynote Address
Dennis Wisnosky Keynote AddressDennis Wisnosky Keynote Address
Dennis Wisnosky Keynote AddressNathaniel Palmer
 
Cloud Adoption Plan - Strategy phase
Cloud Adoption Plan - Strategy phaseCloud Adoption Plan - Strategy phase
Cloud Adoption Plan - Strategy phaseAnthony Clendenen
 
Cloud Adoption and Risk Report 2019
Cloud Adoption and Risk Report 2019Cloud Adoption and Risk Report 2019
Cloud Adoption and Risk Report 2019CompatibL Technologies ltd
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecurestorm
 
Softchoice Discovery Series: Cloud Cost Governance
Softchoice Discovery Series: Cloud Cost GovernanceSoftchoice Discovery Series: Cloud Cost Governance
Softchoice Discovery Series: Cloud Cost GovernanceSoftchoice Corporation
 
Cloud Program for resellers, ISP, integrators
Cloud Program for resellers, ISP, integratorsCloud Program for resellers, ISP, integrators
Cloud Program for resellers, ISP, integratorsLiubov Belousova
 
BSM for Cloud Computing
BSM for Cloud ComputingBSM for Cloud Computing
BSM for Cloud ComputingBMC Software
 
Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...
Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...
Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...SlideTeam
 
NetOne Draft Presentation (2)
NetOne Draft Presentation (2)NetOne Draft Presentation (2)
NetOne Draft Presentation (2)Carl Terrantroy
 
Analysts Brief VMware and CA on Enterprise Management Challenges
Analysts Brief VMware and CA on Enterprise Management Challenges Analysts Brief VMware and CA on Enterprise Management Challenges
Analysts Brief VMware and CA on Enterprise Management Challenges Carl Terrantroy
 
Corporate Overview Presentation
Corporate Overview PresentationCorporate Overview Presentation
Corporate Overview Presentationepenedos
 
Cloud Strategy
Cloud Strategy Cloud Strategy
Cloud Strategy Alessandro Guli
 
Architecting your Cloud Strategy - Part One.vsdx
Architecting your Cloud Strategy - Part One.vsdxArchitecting your Cloud Strategy - Part One.vsdx
Architecting your Cloud Strategy - Part One.vsdxGareth Llewellyn
 
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...Antoine Vigneron
 
Capturing The Potential Of Cloud
Capturing The Potential Of CloudCapturing The Potential Of Cloud
Capturing The Potential Of CloudIBM India Smarter Computing
 
Capturing the potential of cloud
Capturing the potential of cloudCapturing the potential of cloud
Capturing the potential of cloudIBM India Smarter Computing
 

Contenu connexe

Tendances

Ca Virtualisation Management
Ca Virtualisation ManagementCa Virtualisation Management
Ca Virtualisation ManagementCarl Terrantroy
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
DevOps Transformation Approach - Addteq
DevOps Transformation Approach - AddteqDevOps Transformation Approach - Addteq
DevOps Transformation Approach - AddteqAddteq
 
Cloud governance - theory and tools
Cloud governance - theory and toolsCloud governance - theory and tools
Cloud governance - theory and toolsAntti Arnell
 
Cloud First Architecture
Cloud First ArchitectureCloud First Architecture
Cloud First ArchitectureCameron Vetter
 
Andy chatha - arc advisory group - rethinking it and automation solutions
Andy chatha - arc advisory group - rethinking it and automation solutionsAndy chatha - arc advisory group - rethinking it and automation solutions
Andy chatha - arc advisory group - rethinking it and automation solutionsARC Advisory Group
 
Dennis Wisnosky Keynote Address
Dennis Wisnosky Keynote AddressDennis Wisnosky Keynote Address
Dennis Wisnosky Keynote AddressNathaniel Palmer
 
Cloud Adoption Plan - Strategy phase
Cloud Adoption Plan - Strategy phaseCloud Adoption Plan - Strategy phase
Cloud Adoption Plan - Strategy phaseAnthony Clendenen
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecurestorm
 
Softchoice Discovery Series: Cloud Cost Governance
Softchoice Discovery Series: Cloud Cost GovernanceSoftchoice Discovery Series: Cloud Cost Governance
Softchoice Discovery Series: Cloud Cost GovernanceSoftchoice Corporation
 
Cloud Program for resellers, ISP, integrators
Cloud Program for resellers, ISP, integratorsCloud Program for resellers, ISP, integrators
Cloud Program for resellers, ISP, integratorsLiubov Belousova
 
BSM for Cloud Computing
BSM for Cloud ComputingBSM for Cloud Computing
BSM for Cloud ComputingBMC Software
 
Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...
Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...
Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...SlideTeam
 
NetOne Draft Presentation (2)
NetOne Draft Presentation (2)NetOne Draft Presentation (2)
NetOne Draft Presentation (2)Carl Terrantroy
 
Analysts Brief VMware and CA on Enterprise Management Challenges
Analysts Brief VMware and CA on Enterprise Management Challenges Analysts Brief VMware and CA on Enterprise Management Challenges
Analysts Brief VMware and CA on Enterprise Management Challenges Carl Terrantroy
 
Corporate Overview Presentation
Corporate Overview PresentationCorporate Overview Presentation
Corporate Overview Presentationepenedos
 
Architecting your Cloud Strategy - Part One.vsdx
Architecting your Cloud Strategy - Part One.vsdxArchitecting your Cloud Strategy - Part One.vsdx
Architecting your Cloud Strategy - Part One.vsdxGareth Llewellyn
 
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...Antoine Vigneron
 

Tendances (20)

Ca Virtualisation Management
Ca Virtualisation ManagementCa Virtualisation Management
Ca Virtualisation Management
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
 
DevOps Transformation Approach - Addteq
DevOps Transformation Approach - AddteqDevOps Transformation Approach - Addteq
DevOps Transformation Approach - Addteq
 
Cloud governance - theory and tools
Cloud governance - theory and toolsCloud governance - theory and tools
Cloud governance - theory and tools
 
Cloud First Architecture
Cloud First ArchitectureCloud First Architecture
Cloud First Architecture
 
Andy chatha - arc advisory group - rethinking it and automation solutions
Andy chatha - arc advisory group - rethinking it and automation solutionsAndy chatha - arc advisory group - rethinking it and automation solutions
Andy chatha - arc advisory group - rethinking it and automation solutions
 
Dennis Wisnosky Keynote Address
Dennis Wisnosky Keynote AddressDennis Wisnosky Keynote Address
Dennis Wisnosky Keynote Address
 
Cloud Adoption Plan - Strategy phase
Cloud Adoption Plan - Strategy phaseCloud Adoption Plan - Strategy phase
Cloud Adoption Plan - Strategy phase
 
Cloud Adoption and Risk Report 2019
Cloud Adoption and Risk Report 2019Cloud Adoption and Risk Report 2019
Cloud Adoption and Risk Report 2019
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - Checklist
 
Softchoice Discovery Series: Cloud Cost Governance
Softchoice Discovery Series: Cloud Cost GovernanceSoftchoice Discovery Series: Cloud Cost Governance
Softchoice Discovery Series: Cloud Cost Governance
 
Cloud Program for resellers, ISP, integrators
Cloud Program for resellers, ISP, integratorsCloud Program for resellers, ISP, integrators
Cloud Program for resellers, ISP, integrators
 
BSM for Cloud Computing
BSM for Cloud ComputingBSM for Cloud Computing
BSM for Cloud Computing
 
Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...
Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...
Cloud Computing Roadmap Public Vs Private Vs Hybrid And SaaS Vs PaaS Vs IaaS ...
 
NetOne Draft Presentation (2)
NetOne Draft Presentation (2)NetOne Draft Presentation (2)
NetOne Draft Presentation (2)
 
Analysts Brief VMware and CA on Enterprise Management Challenges
Analysts Brief VMware and CA on Enterprise Management Challenges Analysts Brief VMware and CA on Enterprise Management Challenges
Analysts Brief VMware and CA on Enterprise Management Challenges
 
Corporate Overview Presentation
Corporate Overview PresentationCorporate Overview Presentation
Corporate Overview Presentation
 
Cloud Strategy
Cloud Strategy Cloud Strategy
Cloud Strategy
 
Architecting your Cloud Strategy - Part One.vsdx
Architecting your Cloud Strategy - Part One.vsdxArchitecting your Cloud Strategy - Part One.vsdx
Architecting your Cloud Strategy - Part One.vsdx
 
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
 

Similaire à Getronics - Governance and the Cloud

Capturing the Potential of Cloud
Capturing the Potential of CloudCapturing the Potential of Cloud
Capturing the Potential of CloudNone
 
Understanding_IT_Assets_Today
Understanding_IT_Assets_TodayUnderstanding_IT_Assets_Today
Understanding_IT_Assets_TodayDavid Messineo
 
Organizing Asset Management Today
Organizing Asset Management TodayOrganizing Asset Management Today
Organizing Asset Management TodayDavid Messineo
 
Expanding Role of ITSM
Expanding Role of ITSMExpanding Role of ITSM
Expanding Role of ITSMwdpowel
 
Why EA's must drive cloud strategy
Why EA's must drive cloud strategyWhy EA's must drive cloud strategy
Why EA's must drive cloud strategyMike Walker
 
Concerto Whitepaper
Concerto WhitepaperConcerto Whitepaper
Concerto Whitepapersanjayraina
 
ItSMF 23 November 2012 - GREENCLOUDS - Cloud Service Brokerage
ItSMF 23 November 2012 - GREENCLOUDS - Cloud Service BrokerageItSMF 23 November 2012 - GREENCLOUDS - Cloud Service Brokerage
ItSMF 23 November 2012 - GREENCLOUDS - Cloud Service BrokerageGreenclouds
 
Data center flexibility and efficiency: increasing the business value of IT
Data center flexibility and efficiency: increasing the business value of ITData center flexibility and efficiency: increasing the business value of IT
Data center flexibility and efficiency: increasing the business value of ITIBM India Smarter Computing
 
RightIT™ Maximizing Government IT Efficiency
RightIT™ Maximizing Government IT EfficiencyRightIT™ Maximizing Government IT Efficiency
RightIT™ Maximizing Government IT EfficiencyBooz Allen Hamilton
 
Luis lima v3
Luis lima v3Luis lima v3
Luis lima v3EuroCloud
 
Cloud The Future Of The IT Department
Cloud The Future Of The IT DepartmentCloud The Future Of The IT Department
Cloud The Future Of The IT DepartmentIBM
 
Hybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have RequirementsHybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have RequirementsJamcracker Inc
 
Making IT Talent Work SFIA
Making IT Talent Work SFIAMaking IT Talent Work SFIA
Making IT Talent Work SFIASFIA User Forum
 
BMC - Business Service Management Overview
BMC - Business Service Management OverviewBMC - Business Service Management Overview
BMC - Business Service Management Overviewmartincbrennan
 
Bobby.german
Bobby.germanBobby.german
Bobby.germanNASAPMC
 
White Paper: The Benefits of An Outsourced IT Infrastructure
White Paper: The Benefits of An Outsourced IT InfrastructureWhite Paper: The Benefits of An Outsourced IT Infrastructure
White Paper: The Benefits of An Outsourced IT InfrastructureAsaca
 
Strengthening Employees Responsibility To Enhance Governance Of It Cobit Ra...
Strengthening Employees Responsibility To Enhance Governance Of It Cobit Ra...Strengthening Employees Responsibility To Enhance Governance Of It Cobit Ra...
Strengthening Employees Responsibility To Enhance Governance Of It Cobit Ra...guest418d60a0
 
Rethink IT. Reinvent Business. - Dharanibalan Gurunathan
Rethink IT. Reinvent Business. - Dharanibalan GurunathanRethink IT. Reinvent Business. - Dharanibalan Gurunathan
Rethink IT. Reinvent Business. - Dharanibalan GurunathanJyothi Satyanathan
 

Similaire à Getronics - Governance and the Cloud (20)

Capturing The Potential Of Cloud
Capturing The Potential Of CloudCapturing The Potential Of Cloud
Capturing The Potential Of Cloud
 
Capturing the potential of cloud
Capturing the potential of cloudCapturing the potential of cloud
Capturing the potential of cloud
 
Capturing the Potential of Cloud
Capturing the Potential of CloudCapturing the Potential of Cloud
Capturing the Potential of Cloud
 
Understanding_IT_Assets_Today
Understanding_IT_Assets_TodayUnderstanding_IT_Assets_Today
Understanding_IT_Assets_Today
 
Organizing Asset Management Today
Organizing Asset Management TodayOrganizing Asset Management Today
Organizing Asset Management Today
 
Expanding Role of ITSM
Expanding Role of ITSMExpanding Role of ITSM
Expanding Role of ITSM
 
Why EA's must drive cloud strategy
Why EA's must drive cloud strategyWhy EA's must drive cloud strategy
Why EA's must drive cloud strategy
 
Concerto Whitepaper
Concerto WhitepaperConcerto Whitepaper
Concerto Whitepaper
 
ItSMF 23 November 2012 - GREENCLOUDS - Cloud Service Brokerage
ItSMF 23 November 2012 - GREENCLOUDS - Cloud Service BrokerageItSMF 23 November 2012 - GREENCLOUDS - Cloud Service Brokerage
ItSMF 23 November 2012 - GREENCLOUDS - Cloud Service Brokerage
 
Data center flexibility and efficiency: increasing the business value of IT
Data center flexibility and efficiency: increasing the business value of ITData center flexibility and efficiency: increasing the business value of IT
Data center flexibility and efficiency: increasing the business value of IT
 
RightIT™ Maximizing Government IT Efficiency
RightIT™ Maximizing Government IT EfficiencyRightIT™ Maximizing Government IT Efficiency
RightIT™ Maximizing Government IT Efficiency
 
Luis lima v3
Luis lima v3Luis lima v3
Luis lima v3
 
Cloud The Future Of The IT Department
Cloud The Future Of The IT DepartmentCloud The Future Of The IT Department
Cloud The Future Of The IT Department
 
Hybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have RequirementsHybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have Requirements
 
Making IT Talent Work SFIA
Making IT Talent Work SFIAMaking IT Talent Work SFIA
Making IT Talent Work SFIA
 
BMC - Business Service Management Overview
BMC - Business Service Management OverviewBMC - Business Service Management Overview
BMC - Business Service Management Overview
 
Bobby.german
Bobby.germanBobby.german
Bobby.german
 
White Paper: The Benefits of An Outsourced IT Infrastructure
White Paper: The Benefits of An Outsourced IT InfrastructureWhite Paper: The Benefits of An Outsourced IT Infrastructure
White Paper: The Benefits of An Outsourced IT Infrastructure
 
Strengthening Employees Responsibility To Enhance Governance Of It Cobit Ra...
Strengthening Employees Responsibility To Enhance Governance Of It Cobit Ra...Strengthening Employees Responsibility To Enhance Governance Of It Cobit Ra...
Strengthening Employees Responsibility To Enhance Governance Of It Cobit Ra...
 
Rethink IT. Reinvent Business. - Dharanibalan Gurunathan
Rethink IT. Reinvent Business. - Dharanibalan GurunathanRethink IT. Reinvent Business. - Dharanibalan Gurunathan
Rethink IT. Reinvent Business. - Dharanibalan Gurunathan
 

Dernier

Customizable Contents Restoration Training
Customizable Contents Restoration TrainingCustomizable Contents Restoration Training
Customizable Contents Restoration TrainingCalvinarnold843
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Jiastral oracle
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerAggregage
 
Jewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreJewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreNZSG
 
How to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHow to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHelp Desk Migration
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...Operational Excellence Consulting
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifeBhavana Pujan Kendra
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 
MEP Plans in Construction of Building and Industrial Projects 2024
MEP Plans in Construction of Building and Industrial Projects 2024MEP Plans in Construction of Building and Industrial Projects 2024
MEP Plans in Construction of Building and Industrial Projects 2024Chandresh Chudasama
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingrajputmeenakshi733
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Data Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesData Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesAurelien Domont, MBA
 
Features of a Call Recorder Spy App for Android.pdf
Features of a Call Recorder Spy App for Android.pdfFeatures of a Call Recorder Spy App for Android.pdf
Features of a Call Recorder Spy App for Android.pdfOne Monitar
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers referencessuser2c065e
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesDoe Paoro
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...SOFTTECHHUB
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 

Dernier (20)

Customizable Contents Restoration Training
Customizable Contents Restoration TrainingCustomizable Contents Restoration Training
Customizable Contents Restoration Training
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon Harmer
 
Jewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreJewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource Centre
 
How to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHow to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your Business
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in Life
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 
MEP Plans in Construction of Building and Industrial Projects 2024
MEP Plans in Construction of Building and Industrial Projects 2024MEP Plans in Construction of Building and Industrial Projects 2024
MEP Plans in Construction of Building and Industrial Projects 2024
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketing
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors Data
 
Data Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesData Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and Templates
 
Features of a Call Recorder Spy App for Android.pdf
Features of a Call Recorder Spy App for Android.pdfFeatures of a Call Recorder Spy App for Android.pdf
Features of a Call Recorder Spy App for Android.pdf
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers reference
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic Experiences
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 

Getronics - Governance and the Cloud

  • 2. INTRODUCTION AFTER A FEW OF YEARS OF HYPE, CLOUD IS NOW BECOMING PART OF THE MAINSTREAM ENTERPRISE IT LANDSCAPE. AS WITH ANY TECHNOLOGY OR TECHNOLOGY MODEL, UPTAKE DEMANDS COMPLIANCE MECHANISMS. IF YOU RELY ON SOMETHING, YOU MUST HAVE THE RULES AND METRICS REQUIRED TO SET THE STANDARDS OF PERFORMANCE, USAGE AND RETURN. In this white paper, Getronics examines cloud governance, with particular focus on how cloud-specific governance becomes an integral element of overall IT and business governance models. For many, the barrier to cloud-adoption has been largely about trust. Different organizations will always need to decide which IT delivery models are most suited to their own circumstances. Hopefully, Getronics’ analysis of cloud governance will at least, help to bring clarity to this essential aspect of cloud decision- making. WHO IS THIS PAPER FOR? Getronics hopes that this paper will be useful to IT managers, and especially to those with a professional interest in govern- ance. The paper is not overly technical, and also covers topics which members of Legal and Procurement teams in particular may find interesting. On a more general level, we highlight the importance of being able to measure the effectiveness of cloud delivery in terms of operational and business value, and in that respect, there may be members of operations and business development who will also find interest here. Getronics has a number of governance specialists who are specifically focused on the impact of cloud, and if you are interested in discussing any of the ideas raised in this paper, do feel free to contact us directly via Maurice Remmé at maurice.remme@getronics.com or look at www.getronics.com. CLOUD – DEFINITION AND STRATEGY We will start with a formal definition. Getronics finds the National Institute of Standards and Technology (NIST I) defini- tion serves well: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
  • 3. BROAD ON-DEMAND RAPID ELASTICITY MEASURED SERVICE NETWORK ACCESS SELF-SERVICE ESSENTIAL CHARACTERISTICS RECOURCE POOLING SOFTWARE AS A PLATFORM AS A INFRASTRUCTURE AS A SERVICE SERVICE (SaaS) SERVICE (PaaS) SERVICE (IaaS) MODELS DEPLOYMENT PUBLIC PRIVATE HYBRID COMMUNITY MODELS Figure 1 Visual model of NIST working definition of cloud computing For a non-IT audience, we can make this a bit less formal: The need to balance promise and control is complicated by the “By using applications and resources that are delivered over the fact that the cloud, for the first time, puts the service consumer internet, cloud computing gives enterprises and individuals in the driving seat. When a business user can buy access to a access to resources as required - paying for use not ownership.” cloud-based service “on expenses”, the landscape of control changes. For this reason, the IT governance model must Over the last twelve months, Getronics has seen cloud rise to respect this new agility without abandoning traditional the top of the agenda in discussions with clients, and with this, management responsibility. a desire to develop more formal and more structured cloud strategies and governance frameworks. To resolve this dilemma, organizations first need to understand what they expect from cloud, and must then follow through We have also seen that for many, cloud computing presents a with strategy, policy and design architecture. The approach to dilemma: IT decision-makers need to balance the promised cloud must be in tune with the organization’s business strategy, benefits on the one hand, with the need for control on the and this demands that cloud governance is fully and clearly other: integrated with their overall IT governance structure. • Promise - zero CapEx, scalability, agility and the chance to respond rapidly to changing behavior • Control - enterprise-wide governance, compliance, cost- effectiveness, co-existence with existing IT infrastructure and service level control.
  • 4. GOVERNANCE – TERMS OF REFERENCE THE CHARTERED INSTITUTE OF MANAGEMENT ACCOUNTANTS EMPHASIZES THAT THERE ARE TWO DIMENSIONS OF ENTERPRISE GOVERNANCE - CONFORMANCE AND PERFORMANCE - AND THAT THESE TWO DIMENSIONS NEED TO BE IN BALANCE. ENTERPRISE GOVERNANCE BUSINESS CORPORATE GOVERNANCE GOVERNANCE I.E. CONFORMANCE I.E. PERFORMANCE ACCOUNTABILITY VALUE CREATION ASSURANCE RESOURCES UTILISATION Figure 2 The Enterprise Governance Framework - CIMAII • Conformance covers issues such as governance structures As IT and business strategies become increasingly enmeshed, and the assignment of accountability. It focuses on so IT governance increases in importance - and as cloud conformity and control, on legal adherence and liability. becomes increasingly mainstream, so its own governance • Performance covers strategy definition and value creation. framework comes to have a direct impact on both IT and Also known as business governance, this activity must business performance. deliver the evidence a board of directors needs to set strategy, and to define both the levels of acceptable risk and the key performance drivers. AND IT GOVERNANCE? As a subset of enterprise governance, IT governance mirrors exactly these dimensions of conformance and performance. In this respect, there are two reasons why IT governance matters: • It ensures that IT resources and practices are managed responsibly • It ensures that IT resources and practices are fit-for-purpose, and aligned with the overall business needs of the organiza- tion they serve
  • 5. The IT Governance Institute identifies five domainsIII which must be covered if IT is to support business goals and deliver shareholder value, and each one of these applies to both traditional and cloud-based approaches. Some are primarily strategic, some operational, and some both: Domain Focus Strategic (S) Operational (O) 1 Strategic alignment Focus on aligning IT and business strategies - S collaborative solutions feature prominently. 2 Value delivery Focus on the cost of IT and on measuring its business S value. 3 Risk Focus on safeguarding IT assets, disaster recovery S/O Management and continuity. 4 Resource Management Focus on knowledge and IT infrastructure. Spans O acquisition, development and management of IT resources (including cloud services) from the pers- pective of people, process, and technology. 5 Performance Management Focus on tracking project delivery, execution and O monitoring of the IT services that support the business. Figure 3 shows how in a traditional IT governance model, these five domains relate to each other in the overall objective of contributing to the enterprise goal of shareholder value. SHAREHOLDER ENTERPRISE GOALS VALUE STRATEGY VALUE STRATEGIC ALIGNMENT DELIVERY RISK MANAGEMENT OPERATIONAL PERFORMANCE RESOURCE MANAGEMENT MANAGEMENT Figure 3 IT Governance model
  • 6. For Getronics, these five domains remain the foundation of IT governance. The emergence of cloud does, however, change the orientation of the model. This change is shown in Figure 4, in which performance, resource and risk management all take on a new tactical importance. SHAREHOLDER ENTERPRISE GOALS VALUE STRATEGY VALUE STRATEGIC ALIGNMENT DELIVERY RISK MANAGEMENT TACTICAL PERFORMANCE RESOURCE MANAGEMENT MANAGEMENT PUBLIC CLOUD OPERATIONAL PERFORMANCE RESOURCE MANAGEMENT MANAGEMENT PRIVATE CLOUD Figure 4 IT Governace influenced by public cloud The hierarchical governance flow remains unchanged, as it With an IT governance model influenced by cloud, the control cascades from enterprise to corporate and then to IT. As cloud model becomes particularly important. Getronics sees three becomes an integral component of the governance framework, flavors of control model: it blurs the separation between pure IT and business opera- • Centralized tions. This is thanks, in part, to the fact that cloud models can • Decentralized to a large extent be driven by business service delivery rather • Hybrid. than by the ownership of IT assets. The choice of model will be made according to the best organizational fit, and will be influenced by culture, market and maturity. The key variations in these control models are shown in the following table: Model Local Authority Define Policies & Rules Monitoring & Reviewing Centralized Low Council Council Hybrid Mid Combined Combined Decentralized High Organizational Unit/Location Organizational Unit/Location Table 1 Governance models
  • 7. CLOUD AND IT GOVERNANCE: TOGETHER OR APART? Getronics believes strongly that although the cloud is maturing, effective cloud governance will only be achieved if it is treated as an integral element of IT governance. In that position, like the overall IT governance structure, it will have a particularly close relationship with Security Governance. The overall governance framework is shown in Figure 5, below. BUSINESS GOVERNANCE ENTERPRISE SECURITY GOVERNANCE IT GOVERNANCE CLOUD GOVERNANCE GOVERNANCE CORPORATE GOVERNANCE Figure 5 Governance framework This integration will require a new governance council to be The regulatory and statutory requirements affecting cloud established within the control model. It will need to reflect the strategy will need particular attention. Depending on sector cloud strategy of the individual organization, and will need to and on geography, for example, the law regarding the physical mirror cloud usage according to infrastructure, platform and location of storage and service provision will dictate the cloud applications. options. Sitting within IT governance, the cloud governance council will Risk management and continuity will also be affected. need to set and define: How, for example, will your governance framework prepare for • Cloud service policies and processes contingency and continuity in scenarios in which a provider of • Quality of Service standards and SLA levels with regard to: cloud-services ceases to trade, or is acquired by a third party? - Infrastructure - Platform - Applications • Cloud security with regard to: - Confidentiality, integrity, and availability - Identity and access management
  • 8. All cloud governance also needs to be able to operate in “run time”. Because cloud delivery is, by definition, on-demand, the associated governance model must be able to accommodate instant changes in usage volumes or in switches of delivery routing, storage or processing. CLOUD COMPUTING STRATEGIC VALUE RISK RESOURCE PERFORMANCE DOMAINS FOR IT ALIGNMENT DELIVERY MANAGEMENT MANAGEMENT MANAGEMENT GOVERNANCE Figure 6 Cloud Domains for IT Governance STRATEGIC ALIGNMENT Just as IT governance must be tuned to enterprise strategy, so it is for cloud governance. Cloud vision and strategy can only be meaningful if choices are made according to strategic enterprise requirement. The strategic alignment domain is the foundation for every- thing else, and it needs to be right. It will evolve, as the cloud itself evolves. Most importantly the governance council will need to check the model continually against the wider IT and corporate governance framework: changes there will mean changes here. Managing Architecture and Functionality The reference cloud architecture must be aligned with the business, and must respect industry, regulatory and company standards. It must place even more emphasis on business objectives than traditional non-cloud architectures. It must also take into full account all aspects of integration and interoperability with existing IT usage. Security, availability and contingency are high on the agenda, and must take into full consideration the impact of a change in service provider. Cloud governance will also require new skills, and the model must consider roles and responsibilities, particularly relating to provisioning, security, and operations. Sourcing needs particular attention. As cloud-based services can be purchased without the need for specialist IT knowledge, relationships between business purchasers and IT functions need special consideration. Cloud-based services can be highly-configured according to different professional and functional need. Strategic alignment must take this into account, making it possible for the enter- prise to build a clear picture of requirement, and to track changes in need and use. How this is done will depend on the culture of individual organizations: some will be proscriptive, others will not.
  • 9. VALUE DELIVERY As a result, cloud governance models must be able to assess Value delivery must define, implement and manage the risk from this entirely new perspective. processes which underpin cloud strategy. It must translate cloud strategy into a program of tactical and operational action. RESOURCE MANAGEMENT This will include the processes for service acquisition, integra- tion, and provisioning and will embrace the management of Cloud Sourcing legal, technical and organizational risk. Directory services, Sourcing models can differ greatly with cloud: public, private along with identity management and usage metrics are also and hybrid cloud approaches need us to think differently about critical: because cloud is based on consumption – it is essen- governance. tial that you can monitor and measure what is being consumed, in what quantity and by whom. With regard to sourcing, cloud governance must consider vendor continuity, quality-of-service, business reporting and This domain is closely linked to the performance domain – compliance, cost modeling and more besides. it is through effective monitoring that the priorities for change become evident. Cloud cuts across such a broad spectrum of activities which previously sat within the IT governance framework. Because of this, it is necessary to develop new rules and new metrics built RISK MANAGEMENT around service provision and validation. Just as with IT governance, risk management in cloud governance must fulfill three functions: The promise of a shift from CapEx to OpEx is held up as a major • Assessing risk incentive to shift to cloud. This does, however, raise questions • Mitigating risk, and around sourcing governance. Where models are “pay-per-use”, • Measuring the success of that assessment and mitigation it becomes difficult to undertake cost and quality comparisons either between cloud-based and traditional models, or indeed This is not a static scenario. Risk shifts continually, and the between different cloud models. cloud governance model must be able to track these shifts. Cloud sourcing governance, also needs to take into account, Even though much of the terminology of cloud is new, the the ease with which cloud services can be purchased directly on technology is rooted in well-established virtualization prac- departmental budgets, or even on individual expense accounts. tices. What is new, are the service delivery and commercializa- tion models, and as with any untested area, these require Application portfolio planning & lifecycle particular attention with relation to risk. Even when cloud becomes fully established, most enterprises will continue to rely on a combination of traditional and cloud- Thomas J. Betcher establishes a clear analysis of risk and based applications. cloud in Cloud Computing: Key IT-Related Risks and Mitigation Strategies for Consideration by IT Security Practitioners: Here again, comparison becomes a challenge. Rather than focusing on the cost of managing the application portfolio, • Policy and Organizational risks: Lock-in, loss of governance, cloud sourcing governance focuses more on consumption and compliance challenges, loss of business reputation, cloud fitness-for-purpose: the actual cost of management becomes service termination or failure. indivisible from the cost of consumption. • Technical Risks: Availability of service, resource exhaustion, intercepting data in transit, data transfer bottlenecks, New applications and new functions, however, must be sourced distributed denial of service. as required, and the cloud governance sourcing model must • Legal Risk: Subpoena and e-discovery, changes of jurisdic- make it possible to analyze requests in terms of current usage, tion, data privacy, licensing. and to safely allocate development, testing and distribution in a way that can be subsequently re-charged according to usage. One particularly important observation in the Betcher report relates to risk and frequency. Many traditional IT governance Reporting transparency and business analysis are two particu- models are designed around IT life-cycles of around three larly interesting aspects of cloud sourcing governance. years. Within these cycles, IT audit leaves a detailed trail of Because both access to applications and usage visibility become version and upgrade information. instant across the enterprise, it becomes far easier both to promote common usage, and to amortize development and With the cloud, this changes. Not only does the cycle shrink management costs. massively (change can now be measured in hours and weeks rather than in years), but the actual versioning of the technology behind the service can remain completely hidden from the consumer.
  • 10. People and skills to the tactical layer of the governance framework, at least The skills profile of an enterprise is central to IT governance – when shared and public cloud services are consumed. it is not just the technology which must be fit for purpose, but the professional capabilities of the people who manage it. These KPIs and thresholds should be defined to reflect busi- ness rather than technology performance, and for this reason, Cloud has a high impact here. Over the last five years, Getronics this domain is especially closely tied to strategy alignment. has moved rapidly from being a traditional IT service provider to becoming a services aggregator, and the emergence of cloud Good reporting is the foundation of both effective performance has had a major influence in this shift. Getronics has witnessed management and substantiated improvement initiatives. at first hand a reduction in demand for hardware and product- Two things happen in parallel here, as monitoring performance specific skills along with a corresponding increase in the becomes twinned with monitoring conformance. This can be importance of skills in managing a partner eco-system. seen clearly, for example, when analyzing usage in the light of This skill shift must also be considered in the context of data protection regulation. governance models for sourcing. The cloud control framework is closely related to corporate or IT control frameworks such as CobiT, and is used both to define PERFORMANCE MANAGEMENT and measure conformance. Getronics uses the cloud control This domain sets the KPIs and thresholds for the usage and matrix from The Cloud Security AllianceIV as a foundation for its provision of cloud services. As indicated previously, Getronics cloud control framework. The Cloud Control Matrix is part of the sees resource and performance management moving upward CSA GRC Stack. Control Area Control Control Specification Cloud Service Delivery Scope Applicability ID Model Capability SaaS PaaS IaaS Service Customer Provider Information IS 32 Policies and procedures shall be established Security and measures implemented to strictly limit Portable/ access to sensitive data from portable and Mobile mobile devices, such as laptops, cell phones, X X X X X Devices and personal digital assistants (PDAs), which are generally higher-risk than non portable devices (e.g. desktop computers at the organization’s facilities). Information IS 33 User access to program source code shall be Security restricted to authorize personnel. – Source X X X X Code Access Restriction Information IS 34 The use of utility programs that might be Security capable of overriding system and application – Utility controls shall be restricted. X X X X X Programs Access Legal – LG 01 Requirements for confidentially or non Non Disclo- disclosure agreements reflecting the organiza- X X X X X sure Agree- tion’s needs for the protection of data shall be ments identified and reviewed at planned intervals. Legal – LG 02 Agreements with third parties accessing, Third Party processing, communicating or managing the Agreements organization’s information assets, or adding products or services to information assets shall cover all relevant security requirements. X X X X Agreements provisions shall include security (e.g. encryption, access controls, and leakage prevention) and integrity controls for data exchanged to prevent improper disclosure alteration or destruction. Figure 7 Illustrative extract of the CSA Cloud Control Matrix
  • 11. IT GOVERNANCE COUNCIL Before considering ensuing actions for cloud governance, we the existing charter, and to ask how the new cloud mandate is will take a moment to consider a possible organizational going to be represented within it. structure. As mentioned previously, Getronics firmly believes that an effective cloud governance model must be fully Clarity and focus are the watchwords, and hopefully you will integrated with IT governance, and will, as a result, be organ- find the five domains outlined in this paper a useful guide in ized in an IT governance council. considering the precise focus and pointer to the required roles and responsibilities. The council for cloud governance will, as a result, be embedded within the IT governance council, and will share the same The figure below, shows the structure of Getronics’ own IT obligations in terms of alignment with corporate and enterprise governance council, indicating how cloud has been embedded governance and, in particular, with security governance. within it. Note how the Cloud Innovation Council is formally integrated in the IT Governance Council, and in turn, is posi- The council’s charter becomes its most fundamental tool. If you tioned to draw on business and technology expertise from are establishing a cloud council within your existing IT govern- across the organization. The Portfolio Board are particularly ance council, it will be important to take a thorough review of influential. SENIOR EXECUTIVE(S) FINANCE INTERNAL AUDIT DEPARTMENT DEPARTMENT IT GOVERNANCE COUNCIL • CISO, CIO, CCO PORTFOLIO BOARD OF • BUSINESS EXECUTIVES BOARD DIRECTORS • PROCESS MANAGERS • IT & OPERATIONS • CLOUD INNOVATION COUNCIL LEGAL EXTERNAL DEPARTMENT PARTIES BUSINESS IT DEPARTMENT OPERATIONS EXECUTIVE(S) EXECUTIVES EXECUTIVES MANAGERS, MANAGERS, MANAGERS, TEAM LEADERS TEAM LEADERS TEAM LEADERS Figure 8 IT Governance Council
  • 12. RECOMMENDATIONS Getronics has already adopted cloud-based delivery for a large REFERENCES proportion of its own infrastructure, platform and services. I NIST, National Institute of Standards and Technology Special We have invested significantly in the development and imple- Publication 800-145 (Draft) 7 pages (January. 2011), mentation of our cloud governance model as a result. http://csrc.nist.gov/publications/drafts/800-145/Draft- SP-800-145_cloud-definition.pdf We see traditional and cloud-based services running concur- II The CIMA Strategic Scorecard, March 2005. rently in most enterprises for many years to come, and do not http://www.cimaglobal.com/Documents/ImportedDocuments underestimate the corporate responsibility of addressing cloud /tech_dispap_CIMA_strategic_scorecard_0305.pdf governance as both a strategic and operational priority. III Board Briefing On IT Governance 2nd edition, 2003 , IT Governance Institute, Early excursions into cloud for many organizations were not http://www.isaca.org/Knowledge-Center/Research/ particularly formal – that’s normal. There is a risk, however, Documents/BoardBriefing/26904_Board_Briefing_final.pdf of allowing informal interest to gather momentum without IV Cloud Security Alliance, control, and it is important to build monitoring into the loop. http://www.cloudsecurityalliance.org/cm.html As always, the longer you leave it, the tougher it gets. ABOUT THE AUTHOR Getronics recommends its clients to formally task its own IT Maurice Remmé is responsible for Getronics Data Center and governance professionals with the assessment of cloud and Cloud initiatives worldwide and has a primary focus on vision, governance. It recommends that this is done as an integral strategy and portfolio development. Maurice has over 10 years element of overall IT governance, and that it is done while of experience in the ICT industry and at this moment is actively embracing both security and enterprise strategy. involved in the development and implementation of Getronics’ Services Aggregator strategy. If you would like to discuss any of these ideas or objectives with our own cloud compliance specialists, please do contact us. maurice.remme@getronics.com