Living Scrupulously in The Cloud
Circa 2006, when a project Manager in my organization is tasked with rolling out a Contact Management System for our in-house (outbound) call centre. He diligently negotiates with a software vendor on the functionalities required by the end users, the access levels for different users, etc. He also negotiates to buy the requisite hardware, organizes recruitment and training for appropriate manpower to maintain all the systems and buys data from a bank. These are the major ones among the myriad tasks that the project entails.
Cut to 2016 is when the old system having long reached end of life needs to be replaced with the latest one. The old project manager’s successor, this time around negotiates not with an expert on hardware, software, data or people but an expert on Contact Management. Details like functionality and access levels, etc. are diligently negotiated and closed. This time around the vendor merely provides a list of login credentials, to access which, the end users just need an internet connection, which is readily available. So where have the hardware, software, input data and maintenance people, without whom no system can function, suddenly disappeared? The answer is “INTO A CLOUD”.
In the technical realm, anything sold “As-a-Service” passes of as Cloud Computing. This can be concretized with services such as SaaS, PaaS, IaaS and DaaS.
These services can be deployed in different ways public, private, hybrid and community cloud.
Technology is racing ahead at a humungous pace and it is only natural that spanning from the past decade to the next one, the data recorded in cloud would run into thousands of terabytes. The numbers are huge and the responsibility to secure this data is even bigger. This is where Cloud Governance comes into action. Cloud governance can be passed off as a part of IT governance which in turn is a part of corporate governance and focuses on IT decisions and policies to ensure that IT assets are used according to approved policies and procedures. It also, enables IT to track the flow of this huge quantum of data.
The objectives of cloud governance can be broadly classified as service, policy, risk, and compliance management. Cloud governance highlights the need of the service provider to secure the data from its own people, monitor access control and provide user authentication, prevent people infringing this data from outside, catering to exigencies & outages hence offering a backup of this data and ensuring a seamless and secure means to erase the data in an event that the user discontinues the service. Service providers need to strike the perfect balance between the rewards and the risks of cloud governance.
Across organization’s there will be a variation in the cloud governance strategy. The decision to pick and choose the one that fits your organization can be simplified if the following are answered:
1. What is Cloud according to you?
2. Do you and your organization think, that Cloud is ready for enterprise?
3. Is your company ready for cloud?
4. How to identify applications/services eligible for cloud?
5. How to identify cloud vendor/supplier for respective scope?
6. How to migrate to cloud?
7.How to manage the cloud operations?
8.How/when to exit/transfer from cloud?
Cloud governance ensures that the corporate data, business unit specific data and the external data are in complete sync with one another. In case the cloud governance is not in place it could increase the risk of the company as the business users may not be conversant or well versed in the regulatory requirements. Business need is the main trigger for using the cloud services.
A good cloud governance is pronounced by means of deploying clear accountability mechanisms, effective working across organizational boundaries, comprehensive risk management, strategic planning, performance monitoring, evaluation, compliance & assurance systems.
There is a strong need to constantly develop the cloud governance framework owing to the rapid changes in cloud computing and the growing sophistication of attackers. This framework will control people, data, applications and infrastructure.
Cloud governance does come with its share of challenges. Conventional security methods are difficult to enforce with cloud apps and products. Whilst the importance of encryption cannot be debated upon, very little is being done to protecting apps. Users of cloud computing have very little training on its security aspect.
The reasons are aplenty for the organizations to develop the cloud governance framework and continuously work on its improvement. Having said that; one cannot deny the multiple benefits that come along with the adoption of cloud governance. Cloud governance is here to stay and make its presence felt far and wide with an array of flavors to suit the IT palette. Welcome to the CLOUD.