Governance in the Cloud: Why It’s Still Important

Has anyone ever told you that the move to cloud makes governance unnecessary?  If you don’t think about it too long that may sound pretty reasonable. You’re using a highly standardized service after all, with the same standard SLAs that everyone else gets, the same generic agreement, the same processes, etc. If nothing about the service is customized, then what is there to govern?

Well the devil, of course, is in the details.  The word “cloud” encompasses many different types of services, and both the service model (IaaS, PaaS, SaaS) and the delivery model (Private vs. Public, off-site vs. on-site) you choose will have significant impacts on how much and what kind of governance you need.  Even the word “governance” means different things to different people, so let’s cast a broad net and look at the various types of governance processes that may or may not be relevant to cloud:

Governance Process

Level of Relevance

In-House

Private On-Site or Non-Cloud

Private Off-Site IaaS / PaaS

Public/Virtual Private IaaS / PaaS

SaaS

HR Mgmt.

High

High

Medium

None

None

Asset & Configuration Mgmt.

High

High

High

None

None

Request Mgmt.

High

High

High

None

Low

Demand Mgmt.

High

High

High

High

Low

Change Mgmt.

High

High

Medium

Low

Low

Performance Mgmt.

Medium

High

High

High

High

Relationship Mgmt.

None

High

High

Medium

Medium

Issue Mgmt.

High

High

High

High

High

Financial Mgmt.

Medium

High

High

High

High

Contract Mgmt.

None

High

High

None

None

Strategy & Innovation

High

High

High

Low

Low

 

Sure, you can probably quibble with a few of these based on what’s more or less important to you personally, to your application or to the organization you work for, but here are a few key takeaway points:

  1. When someone says, “Governance doesn’t matter in the cloud,” they are probably thinking mostly about public or virtual private cloud, including commercial SaaS offerings, and only about Human Resource Management, Asset Management, Contract Management and perhaps Request Management.  That’s because these standardized cloud solutions move the focus to “what” is being delivered from “how” it is being delivered.  You don’t care what people or assets are delivering the service because that’s all going on behind the curtain, and the contract is just a standard piece of paper that everyone signs.  As long as you are getting good performance for a good price you should be happy.
  2. Other types of governance, such as Issue Management and Financial Management, are always important, however, and cloud doesn’t change that one bit.  You always need to know that issues like disagreements, disappointments or dissatisfaction with the service are going to be addressed fairly and effectively.  You always need to be able to ensure that your bills are fair and accurate, to have a reasonable way to project your costs and to understand your options if the service isn’t meeting your financial goals.  Any external provider has different financial goals than the customer does, and that means management is required.
  3. Some governance processes may change completely in the cloud, in some ways becoming even more important than they were before.  For example, though public cloud customers must expect to perform most Demand Management functions themselves, the reports and tools that track and analyze patterns of consumption are critical to the customer’s ability to manage demand.  This increases in importance when pricing is usage-based, as spikes in consumption can significantly drive costs.

So, is governance still important in the cloud?  Yes!  You just need to change the way you think about it.