Thursday, November 19, 2015

Hybrid IT Governance: Automation is Key



As cloud computing continues to grow in importance, enterprises are now facing a new realization.  In their almost rampant embrace of cost savings associated with public cloud, many are just now understanding the information technology governance challenge posed by vastly different traditional and cloud computing operational models.  Often referred to as hybrid IT, supporting both models has left many executives trying to cope with a lack of hybrid IT operational experience.  Challenges can also include security concerns, financial management changes and even dramatic cultural changes.   

This myriad of challenges translate into enterprise risk across multiple levels, namely:

  • Organizational management and governance;
  • Accelerating business process speed and scope;
  • Expanding business partner ecosystem; and
  • Broadening enterprise information system user base.

To be successful, organizations should explicitly address these risks with a focused risk management strategy.  This strategy should not only address holistic activities that integrate across the business, but also on coordinated activities for overseeing and controlling high impact and high probability risks.  Some areas may even warrant organizational policy and governance enhancements include:

  •  Delegation of management decision authority to those responsible for everyday interactions with the organizations business ecosystems and IT supply chain
  • Establishment and communication of cloud ecosystem related risk tolerance through Service-Level Agreements (SLA), including delegated authority on decisions that impact the risk tolerance;
  • Near real-time monitoring, recognition, and understanding, of information security risks arising from the operation and/or use of the information system leveraging the cloud ecosystem; and
  • Organizational accountability around incidents, threats, risk management decisions, and solutions.


Figure 1: Risk Management Framework (NIST SP 800-37 Rev. 1)
Specificity around security processes, business resilience and financial management are paramount.  The dynamic and agile nature of modern business also demands using a relatively high degree of
automation in supporting multiple business functions including:

  • Customer demands for multi-channel and multi-device interaction;
  • Expanding dynamic global IT requirements;
  • Operational business decision support;
  • Enforcement of organizational governance;
  • Operational flexibility through business ecosystem API; and
  • Internal demands to deliver on the promise of IT-as-a-Service.

When automating governance and control, organization should, as much as possible, enhance:

  • The discovery and documentation of existing public cloud resources;
  • The enforcement of data and access management security policies;
  • Monitoring and reporting of all governance processes;
  • Cost controls and budget management processes; and
  • Evaluation and selection of application “cloud readiness”.

Companies that fail to automate these key processes, will not realize the operational efficiencies and agility of hybrid IT platforms.  They will also fall behind their competition, eventually to the point of irrelevance.

Exemplary of a successful transition was when a leading, Fortune 500 nutrition, health and wellness company decided to migrate applications from two end-of-life data centers.  During their initial evaluation, the enterprise found that moving to a Hybrid IT model — a mix of private cloud, public cloud and physical assets — would help them solve problems that were hindering their competitiveness.  With the expertise of a top system integrator, the enterprise transitioned to a cloud brokerage solution. This solution automated their IT governance by tying planning, consumption, delivery, and management seamlessly across public, private, virtual, hosted, and on and off premises resources. Gravitant’s cloudMatrix solution was identified as the only purpose-built solution for Hybrid IT.  Using this solution, the enterprise enhanced IT governance, reduced operational risk and transformed its IT services model from a high-cost, inflexible physical data center model into a next generation, pay-per-use model.

In accomplishing this transformation, cloudMatrix provided:

  • A seeded catalog of the industry’s leading cloud infrastructure providers, out-of-the-box without the overhead of custom integration.
  • A marketplace where consumers can select and compare provider services, or add their own IT-approved services for purchasing and provisioning.  Consumers can use a common workflow with full approval processes that are executed in terms of minutes not weeks.
  • Reporting and Monitoring that includes multi-provider consolidated billing estimates, actuals, and usage projections for accuracy and cost assignment.
  • A visual designer that includes sync-and-discover capabilities to pull all assets (VMs) into a single, architectural view and management standard.
  • Integration with service management and ticketing systems through an API framework.

In only six months, the enterprise was able to move its workloads from the existing data centers, to a Hybrid IT (private, public and physical) delivery model and provide self-service IT to business units with cost and usage transparency.  IT cost, which had previously categorized as a general percentage of overall IT spend assignment, is now available by virtual data center, service/application, and usage — permitting reporting and governance at a “cost-per-business unit” level.
 

( This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud Network Partners or any other corporation or organization.)



Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)



Post a Comment