Considerations for Cloud Governance
Governance is continually evolving, as it should. With constantly changing laws and regulations, the advancement of technology, and evolving partner and customer requirements, the ways in which organizations manage their systems and processes must also adapt. With this in mind, as organizations make the shift from primarily on-premises platforms and customized tools toward software-as-a-service (SaaS) and cloud-based, often distributed infrastructure models, governance strategies must also change. This is especially true in the adoption of Microsoft’s Office 365 communication and collaboration platform.
Ask ten people to define governance, and you’ll receive ten varying answers. Over the past several years, Microsoft and members of the MVP community have attempted to clarify what governance means within the Office 365 ecosystem. According to Microsoft MVP and independent consultant Nick Brattoli (@Byrdttoli):
Governance is the rules, policies, procedures, and responsible parties that dictate how to operate, maintain, and expand a given area of technology.
Within IT organizations, governance is more specifically applied to the management of intellectual property (IP), corporate information assets, and data. To be effective, a governance policy must drive personnel behaviors and actions, including that of senior management. Stacy Deere-Strole (@sldeere), a Microsoft MVP and founder of Focal Point Solutions with more than a decade of experience building out on-premises SharePoint environments, has shifted her consulting business in recent years to the cloud and Office 365. Stacy shares that she has seen the real-world benefits of a strong governance model, and the importance of making governance a part of the organizational culture:
Governance is all about the company culture, no two companies have the same company culture. The culture can change; a company does something always one way but doesn’t mean can’t change to have more effective governance. As time and technology changes, your culture changes as well: prepare your users for that. If culture changes in the background and users don’t see it as a big culture shock or change then it becomes part of a normal process and less disruptive.
Planning for the Cloud
The cloud offers a number of benefits for companies, from reduced capital budgets and headcount expenses to web platform elasticity that allows you to quickly spin up and scale out cloud platforms and solutions to meet rapidly changing customers needs. However, many organizations are jumping directly into the cloud without fully understanding the impacts.
As many of your favorite technology solutions transition toward the cloud, companies need to also make some adjustments to their expectations about how they manage these services — and how management differs from on premises solutions where you own the hardware and maintain the software directly. The key to taking advantage of the cloud is to understand and align your business requirements with the cloud in mind. Understand that not every workload (such as email, team collaboration, ticketing, etc) can be moved immediately into the cloud. Instead, many of your business-critical systems should be transitioned over time (called the ‘hybrid’ model) to ensure that data security, compliance and sovereignty issues are being met.
Most technology mistakes are made when you do not adequately understand your business requirements, and therefore do not fully understand the risks of taking action (and of not taking action).
Take a look at the tools and systems you use today, and figure out which ones could save you time and money by moving them to the cloud. Focus first on moving mature solutions to the cloud (minimizing the risk of moving), then investigate new capabilities not already in-house (minimizing the cost of trying new solutions). Leave the high risk, in-house solutions until last. As you look at vendors, look carefully at what they office, who they support, and how long they’ve been in business. Look for partners with the strongest service level agreements (SLAs). And always look for specialization.\
As you prepare to move key workloads to the cloud, there are some governance considerations which can be applied to most tools and systems:
- What happens to your existing reporting and metrics?
- Do the same KPIs apply to your new cloud components, or do they need to be reevaluated?
- Are there any changes to your ability to manage permissions across your on prem and cloud components? Are the methods different?
- Do your existing policies remain in effect, or do you need to adjust for two models (old system and new)?
- Can you maintain visibility into and control over your information architecture?
- Are you able to track storage usage and growth?
- What happens to your auditing and compliance monitoring capability? Can you still see what is being accessed, and by whom?
- With your social capabilities, how much visibility do you have into how users are interacting, where content is being shared, and how well collaboration is being achieved?
- If moving content and users between platforms, how much visibility will you have around storage, content, and user activity?
- Are you able to setup management policies and procedures that span the various systems?
- Are you able to organize and automate complex preventive and responsive actions?
While moving core components of your IT infrastructure to the cloud may make financial sense, it is important to understand the impact to your governance model, and your ability to actively manage and administer your environments — whether in a hybrid model, or when moving entirely to the cloud. Few vendors offer a “federated” view between old on premises solutions and new cloud solutions, requiring you to maintain separate reporting, compliance, and auditing plans for each. Understand the overhead of managing a hybrid model, and what changes if you move entirely into the cloud.
Prioritizing Governance Planning
As you begin to consider moving aspects of your IT systems to the cloud, make governance a priority. You need to look at your systems holistically (with a business perspective) regardless of where your servers sit. Document your business requirements — clarify and permissions, information architecture, templates, taxonomy — and ownership of each. Define what policies, procedures, and metrics are needed to manage your environment, and then look at what is possible across your cloud and on premises instances. As Stacy Deere-Strole states:
Governance consists of the processes and procedures that an organization needs to follow to ensure that the users are being taken care of in a good time frame, and to follow established security protocols and consistent processes. Consistency is the biggest thing regarding governance; you need to have everything documented the same way, which helps you better define the return on investment (ROI) of the platform, as well as a stronger ability to meet time frames and complete tasks when delivering and supporting Office 365.
For more guidance on the topic of Office 365 governance, download a copy of the free whitepaper “Improving Governance in Office 365” with research conducted by CollabTalk and the Marriott School of Management at Brigham Young University, and sponsored by Spanning, Rencore, tyGraph, and Microsoft.