Enterprise Cloud Governance is the specification of policies and procedures for cloud solutions and services for the organization.
Many organizations struggle with having silos of clouds without a coherent approach for governance. It is very tempting for departments or groups to go and buy new services and try to plug them and then play to see how they work.
If specific services have their own individual policies and procedures, this can lead to problems due to lack of centralized management. Without proper alignment with enterprise architecture and security, this can lead to spaghetti like conglomeration of Cloud services without proper attention to interoperability and service management. With enterprise-level solutions that leverage hybrid services, the situation can quickly spin out of control. It is extremely important to have a strategy and vision in place to address important elements such as policy management, service management, interactions between applications and data, availability, performance and control related to services.
Organizations should develop sound service level agreements based on overall objectives. The service agreements should outline service operations and what happens if these operations are not fulfilled. The service levels should be regularly monitored and updates should be made based on service monitoring. In addition, there have to be proper change management processes and procedures to make sure any cloud service provider changes do not adversely impact operations. This may occur if the provider upgrades the service or components on their end and these updates are not compatible with internal capabilities.
Management aspects such as access, update, tracking policies for cloud related resources should also be specified. Data protection and security mechanisms should be defined to prevent the data from being compromised. A Cloud catalog that contains all available services and supporting mechanisms should be in place to facilitate effective service management.
Departments or groups that go out and buy new Cloud software as a service solutions without engaging enterprise architecture or security teams may be moving along a dangerous path. The reasoning may be "It's just a service, like an outsourced email provider or document management provider it is not infrastructure or platform as a service" However, this may lead to data redundancy and serious integration issues down the road.
The assessment of impacts and dependencies with existing and proposed services and applications is crucial. In addition, even though the data is stored by the provider, any data compromise is the organization's responsibility. Hence organizations should spend time to establish, monitor and enforce sound policies and procedures for cloud services and solutions at the enterprise level.