Cloud Governance Is Manageable

Though cloud computing is now considered a mature technology, executives continue to grapple with its governance. Microsoft defines cloud governance as “defining policies around managing the factors: availability, security, privacy, location of cloud services and compliance and tracking for enforcing the policies at run time when the applications are running.” The core of cloud governance revolves around the relationships between provider and consumer, across different business models. The business model should define the way in which an offer is made and how it is consumed. To function at all cloud levels (Infrastructure as a Service, Platform as a Service, and Software as a Service), the business model should be devoid of the type of resources involved. (Majid Al-Ruithe, et al. “Data Governance Taxonomy: Cloud versus Non-Cloud” 2018)

Photo by Charles Forerunner on Unsplash

Photo by Charles Forerunner on Unsplash

Governance becomes increasingly important the more mature—and widespread—cloud usage becomes. Recall that the ultimate point of technology governance is about business goals: policies ensure consistent usage within defined parameters, systematic measuring capabilities help the business understand return on investment, and risk management helps put technology problem sources in-context, so they can be assessed holistically and addressed systematically.

“Everything changes when you move to the cloud, so you need to address it all again. It is not unmanageable; it is definitely possible. As you move to the cloud, there is more to govern since we have a lot more capabilities; it takes a lot of work and it is on-going work. Governance is not once and done.”
Microsoft MVP Sue Hanley (@susanhanley)

In terms of incorporating cloud into the existing governance approach, it is important to recognize where what is in place already might not be a clean fit—for example, where supporting policies, and the processes/procedures that enforce them, might not address cloud or address it poorly adjustments to governance structures themselves may be needed in order to meet stakeholder needs. This implies that the governance model needs to be at least as agile as the business dynamics being supported. (Marc Vael, “Governance in the Cloud” 2013)

Additionally, organizations need to better understand the impact to existing reporting and administrative tools and solutions that are relied upon for on-premises environments, but which may not be supported in the cloud.

Third-Party Solutions

One area where solutions and business practices from the on-premises world could greatly impact organizations as they move toward the cloud is the use of third-party tools. While there are many solution providers with offerings that can greatly benefit organizations before, during, and after move, far too many organizations rely on solutions already in place today without understanding whether those solutions are still needed (versus out-of-the-box capabilities) or even provide feature-parity between on-prem and cloud, offering the same capabilities, reporting, and administrative features for the cloud as used within existing on-premises environments.

“I’ve seen one or two organizations that had some sort of 3rd-party tool for governance, but they were never used in a good way. The cloud has a lot more governance tools out of the box, which means fewer gaps. However, those gaps still exist if organizations don’t implement any of those tools. Poor governance strategies can lead to extreme sprawl in on-prem, which means a lot more work to consolidate everything when moving to the cloud, especially when nobody has any idea what’s going on. There is a culture shift going along with moving to the cloud where some things are not available anymore, so IT and the company needs to work accordingly. Some of the difficulties in moving from on-premises to the cloud are the lack of the ability to rewrite URLs, do server-side code, and fully custom designs.”
Microsoft MVP Nick Brattoli (@byrdttoli)

Achieving Business Value

The person responsible for cloud governance needs to be as focused on the business issues as they are on the IT ones because this injects a voice of reason into the projects. A frequent issue is when a group starts off with a cloud project and collectively decides it needs everything in the cloud, including redundancy, and some other functions. Then, when the bills roll in, suddenly the whole implementation is drastically scaled back. (Computer Weekly. “Good Governance is Key to Controlling Cloud Costs.” 2018)

To establish a clear direction that is aligned with enterprise strategy, members of the board need to have a clear understanding of cloud computing benefits and how to maximize them through effective end-to-end governance practices. (Vael)

Cloud computing impacts business processes, making governance critical to manage risk, adapt effectively, ensure continuity, communicate enterprise objectives clearly, facilitate continuity of IT knowledge, and handle a multitude of regulations, according to the ISACA guide. (S. Steffee “Cloud Computing Governance Remains Elusive.” 2011)

Cloud Adoption is Increasing

The use of cloud technology is on the rise, as businesses are becoming increasingly aware of the multiple benefits cloud computing can have in terms of efficiency and profitability. Whether it’s private, public, hybrid or a mix of various cloud computing models, the technology is now used by at least 70% of U.S. organizations, according to IDG Enterprise’s 2016 Cloud Computing Executive summary. The figure is expected to grow further, as 56 percent of businesses surveyed said they were working on transferring more IT operations to the cloud. (Forbes Technology Council. “13 Biggest Challenges When Moving Your Business To The Cloud.” 2017)

When survey respondents were asked about their familiarity with Office 365’s overall governance capabilities, the majority (60%) indicated that they were “Extremely” or “Very Familiar.” However, the research team found that within individual interviews, when asking for more detail about cross-workload governance knowledge and practices, respondents seemed less confident that their organizations were aware of the governance capabilities beyond the core tools used, such as Exchange and SharePoint. While anecdotal, this insight is consistent with other recent CollabTalk research showing an over-confidence in security and compliance capabilities for tools and workloads that are less familiar.

Cloud-computing adoption has been increasing rapidly, with cloud-specific spending expected to grow at more than six times the rate of general IT spending through 2020. While large organizations have successfully implemented specific SaaS solutions or adopted a cloud-first strategy for new systems, many are struggling to get the full value of moving the bulk of their enterprise systems to the cloud. (Nagendra Bommadevara, et al. “Cloud adoption to accelerate IT modernization.” McKinsey & Company, 2018)

Enterprise adoption of public cloud is growing to the point that public cloud is an expected approach to IT. But even as the technology matures and adoption increases, long-standing non-technical concerns such as cost and governance continue to muddle the opinions and approaches of infrastructure and operations (I&O) leaders, who, given the impact that cloud computing has on infrastructure, normally drive the cloud IaaS engagement program. In addition to the technical and nontechnical issues that surround cloud adoption, I&O leaders must support the IT financial team to enable this program successfully in the enterprise, because the whole resource sourcing process needs to be reviewed and revised for cloud computing.

To build the justification for cloud migration, you need know which workloads are fit for cloud migration. Identifying the right workload is essential to project scope definition. Because not all workloads are suited for a cloud solution, most businesses will choose hybrid IT — some applications will run on-premises, while other applications will run in the cloud. The cloud providing server, storage and network resources may not be fit for all traditional workloads. (Kevin Ji “Build the Right Justification for Moving to the Cloud.” Gartner Database, 2017)

Christian Buckley

Christian is a Microsoft Regional Director and M365 Apps & Services MVP, and an award-winning product marketer and technology evangelist, based in Silicon Slopes (Lehi), Utah. He is the Director of North American Partner Management for leading ISV Rencore (, leads content strategy for TekkiGurus, and is an advisor for both revealit.TV and WellnessWits. He hosts the monthly #CollabTalk TweetJam, the weekly #CollabTalk Podcast, and the Microsoft 365 Ask-Me-Anything (#M365AMA) series.