The acquisition of cloud-based services easily happens outside of the control of the IT organization. This increases the risks for the organization, and an optimum balance needs to be agreed, between agility and control.
In the last few years, the usage of cloud services by companies in Europe has increased, primarily in medium and large companies. One of the drivers is the quick delivery time of infrastructure and services, leading to the adoption of cloud-based solutions, in detriment of internal IT offerings, which are typically more controlled and slower to deliver.
On the other hand, there is a lack of checks and balances for these services that are essential to the execution of the functions of the company, jeopardizing the application of controls (eg, GDPR, COBIT), incurring the risk of potential security breaches or not meeting regulatory obligations. Traditionally the IT departments have presented resistance to change, moved some of the internal, commodity services to the cloud (email being the typical example), but haven’t supported the move of core business functions. As such, requirements that need to be met quickly may easily end up delivered outside the scope of the IT department.
One example would be the launch of a new website, supporting a specific marketing campaign, contracted directly, outside of the control of the IT department. As such the costs are not properly accounted and regulatory concerns easily end up overlooked.
Incorporation of cloud offerings in the service catalog
One option is to embrace the change, incorporate the cloud offers in the catalog of services provided by the IT department, and to enable digital transformation.
This allows the needs of the organization to be met, with agility but also control, such as:
Mapping of the resources and their costs to the appropriate cost centers, service provided and responsible organization
Adoption of standard architectures and technologies for deployment, leveraging internal knowhow
Utilization of vetted cloud providers, which can meet the organization requirements
Allows the implementation of policies regarding security, data protection and business continuity in a single repository of external services
Allows negotiation of better rates with the providers, as the whole company is represented instead of small individual entities
Best practices on the management of cloud services
The methodologies themselves have evolved. An example of this is the ITIL framework which on its latest iteration embraces the DevOps movement.
Standard architectures such as IT4IT™ allow building a governance system, which builds on the existing, disperse data, and adds context to it, allowing the identification of where the business value exists. This way it’s possible to ensure that the IT organization meets the needs of the company, ensuring that costs don’t go out of the control through the different lifecycle stages of the product. Full lifecycle analysis is required, including the conception, design, implementation and maintenance stages of the IT services, to be able to properly analyze the costs and benefits.
Of course, as different organizations have different needs, either due to the organization size, regulatory environment or business area, the details of the processes need to be adapted to their specific needs. It is not expected or desirable that a small company, working on a non-regulated market needs to implement the same controls as a large multinational working on a heavily regulated industry.
TheGovernance.Business solution enables the implementation of IT management processes, including portfolio management, project management, service catalog and service management features. These processes have been designed to support companies in the process of digital transformation and paradigm shift.
Discover Governance.Business - IT Governance Solution!
IT Governance solution offers end-to-end IT governance capabilities so IT can be managed as a business. The solution enables a structured approach to managing IT portfolios, including formulating strategy and business priorities, monitoring implementation of project portfolio investments, and managing operational and financial aspects of IT.