QUERCUS BLOG
Industry Insights from Our Experts

Creating a Governance Model for Public Cloud Security

Filed under Cloud Practice

(re-post from the blog of PaulSPatterson.com)

What does public cloud governance mean to you?

Their are obvious opportunities that the public cloud offers, and while the rewards far outweigh the risks, there are still risks. Applying governance to your cloud strategy will set you in a better position to realize value, within the levels of risk that you are willing to accept.

The flexibility of today’s cloud services, especially public cloud services, provides for very convenient and easy ways of “spinning up” services on demand. Just like the way grocery store candy and magazine stands serve customer impulse buying tendencies, so do the offerings of some public cloud services. It is very easy to provision a new service in the public cloud. With Windows Azure for example, I can fire up a full blown 8 server infrastructure, complete with networking and integrated services, in a matter of twenty minutes. That simple convenience makes it easy to cater to impulse tendencies.

Policies and procedures are meant to ensure that activities are executed in way that are in the best interest of the organization. Additional governance processes specifically for cloud services ensures that those services are used in a controlled way, so that the interests of the organization are maintained. Creating and deploying a cloud based server farm that includes virtual networking connected to your on-premise infrastructure, for example, presents risks. With a set of governed practices, that cloud based deployment will meet the expectations of the organization, and thus make your CIO sleep better at night.

Is governance for cloud services needed? Well, let’s try and answer the questions that help determine if your use of cloud services should be governed in some what or another.

What returns do you expect to receive from public cloud services? What opportunities will be lost of you don’t adopt a cloud strategy?

Again, the risk of using public cloud services are likely insignificant compared to the opportunities that will be lost.  Operational efficiencies. Improved customer service and satisfaction. Sales and revenue. There are plenty of opportunities in adopting a public cloud strategy. Planning and executing on a sound cloud strategy can enabled an organization to realize a return from new opportunities.

Policies and practices will typically guide how public cloud services will provide value.  Governed cloud services are expected meet organizational expectations, with goal being that the services used will return value and  realize new opportunities.

If you used a cloud service today, is there clear direction and does that direction align with strategic objectives?

Cloud services are not the means to an end. Cloud services are simply another mechanism for enabling and delivering business value. Your current internal data center, or your “private cloud”, was created for a reason; to deliver value to the organization.  Decisions on IT spending are ultimately measured against strategic objectives. The decisions made to use cloud services should be traced back to clearly defined, accepted, and measured organizational priorities.

Do you have a cloud strategy for your organization? If so, does that strategy include plans to meet enterprise goals and objectives?

Are you ready for the cloud? How do you feel when someone starts talking to you about public cloud services?

Some organizations are not ready for the public cloud, or cloud computing in general for that matter. There is a lot of publicized hype and marketing about cloud services. The cloud computing landscape can be confusing and intimidating at best. Being ready for the public cloud means being comfortable about what the public cloud offers, and what risks are, and are not.

An organizations’ readiness for public cloud services can be gauged by the following:

  • The amount of public cloud knowledge in the enterprise.
  • Organizational attitude towards the public cloud, and does the organizations’ culture support public cloud opportunities.
  • Existing strategies conflict with using public cloud services.
  • What does your gut say?

Determining an organizations readiness for adopting a Public Cloud strategy is critical in identifying adoption pressure points. Rather than brute force the implementation of a strategy, due diligence will hash out and prioritize the opportunities that will bring the organization to a state of Public Cloud readiness. Risks should be identified with existing organizational culture, knowledge, and policies and practices. A readiness assessment can then created and vetted.

What else?

Some resource that I have found of interest (so far)…

Hey, this is just one of many topics I am discovering  in my never ending public cloud security journey. I likely just touched the surface on this particular topic and if you have any insight, opinions, or whatever, please let me know. The more discussion the better.

Cheers!

Copyright 2017 by Quercus Solutions
Login