On the other hand, there is a lack of checks and balances for these services that are essential to the execution of the functions of the company, jeopardizing the application of controls (eg, GDPR, COBIT), incurring the risk of potential security breaches or not meeting regulatory obligations. Traditionally the IT departments have presented resistance to change, moved some of the internal, commodity services to the cloud (email being the typical example), but haven’t supported the move of core business functions. As such, requirements that need to be met quickly may easily end up delivered outside the scope of the IT department.
One example would be the launch of a new website, supporting a specific marketing campaign, contracted directly, outside of the control of the IT department. As such the costs are not properly accounted and regulatory concerns easily end up overlooked.

Incorporation of cloud offerings in the service catalog

One option is to embrace the change, incorporate the cloud offers in the catalog of services provided by the IT department, and to enable digital transformation. This allows the needs of the organization to be met, with agility but also control, such as:

• Mapping of the resources and their costs to the appropriate cost centers, service provided and responsible organization
• Adoption of standard architectures and technologies for deployment, leveraging internal knowhow
• Utilization of vetted cloud providers, which can meet the organization requirements
• Allows the implementation of policies regarding security, data protection and business continuity in a single repository of external services
• Allows negotiation of better rates with the providers, as the whole company is represented instead of small individual entities

Best practices on the management of cloud services

The methodologies themselves have evolved. An example of this is the ITIL framework which on its latest iteration embraces the DevOps movement.
Standard architectures such as IT4IT™ allow building a governance system, which builds on the existing, disperse data, and adds context to it, allowing the identification of where the business value exists. This way it’s possible to ensure that the IT organization meets the needs of the company, ensuring that costs don’t go out of the control through the different lifecycle stages of the product. Full lifecycle analysis is required, including the conception, design, implementation and maintenance stages of the IT services, to be able to properly analyze the costs and benefits.
Of course, as different organizations have different needs, either due to the organization size, regulatory environment or business area, the details of the processes need to be adapted to their specific needs. It is not expected or desirable that a small company, working on a non-regulated market needs to implement the same controls as a large multinational working on a heavily regulated industry.
The Governance.Business solution enables the implementation of IT management processes, including portfolio management, project management, service catalog and service management features. These processes have been designed to support companies in the process of digital transformation and paradigm shift.