May 18, 2016

Governance in the Cloud: Four Policies to Insist Upon in Securing Your Enterprise

203 Views

Like a boat without a rudder, or an elevator without buttons, business practices – without guidelines – can also be a very direction less exercise. Though many people enjoy circling aimlessly, or relish the feelings of repeated ups and downs, most corporate entities insist on structure, clarity, and direction in ensuring uniformity across its departments, and among its associates.

Governance – the process of assuring cohesive practices in an enterprise – has never been more critical – particularly as it relates to cloud computing. The most popular cloud suite, Office 365, recently surpassed Salesforce as the most deployed cloud app in enterprises, according to a study. Given this reality, it’s time to better understand the benefits of good governance – including increased profitability, according to MIT Sloan Center for Information Systems Research.

The Four Pillars of Governance

When looking “cloud ward,” we find that breaking our governance activity into four distinct pillars can help to ensure the right strategic approach, handling, and outcomes. They are:

  •  Business Governance.
  •  Technology Governance.
  •  Information Architecture Governance.
  •  Content Governance.

Though we will cover these in more detail shortly, it’s important to understand why enterprises have to think differently about governance in the cloud than with traditional infrastructure:

  • Today, an IT request for cloud-based infrastructure can be fulfilled in lightning speed. A request for a new virtual server with a SharePoint image, for example, can be running in minutes, rather than in days or weeks.
  • The act of subscribing to a cloud service – like Dropbox, Google Drive or Marketo – is so simple that in fact most IT representatives are left out of the process. But this can lead to the exposure of proprietary data, security breaches and other unintended negative consequences.
  • Given that Cloud-based systems are managed entirely by unseen personnel, the role of the IT professional is forced to evolve.

Let’s take a closer look at our four-part governance framework that can help avert such dangerous breaches:

Business Governance:

All governance fails if business governance is not put appropriately in place. It acts as the “glue” that brings all other components of governance together. Business governance consists of:

  • A governing body focused on managing and monitoring overall governance.
  • A well-defined charter for governance that includes criteria for success.
  • Resources that are allocated appropriately to fund the team’s activities.
  • Senior level buy-in for success.

The role of the business governance group is to enable other governing groups; and, depending upon the size of the company, this group can either be a hands-on working group, or can simply serve to provide oversight.

Technology Governance

Technology governance is the part of the framework that has been most impacted by the arrival of Cloud. A tidal wave of change has swept over their role, leaving in its wake a set of new tasks, procedures and system maintenance that are wholly different than in the past. These tasks include:

  • Ensuring appropriate configuration of the Office 365 environment to fulfill the company’s requirements;
  • Maintaining a proper reporting environment, including the delivery of:
  1. Usage Reports to maximize the use of licensed resources and,
  2. Permissions reporting to underscore management capabilities
  • Ensuring the capability to monitor cloud activities;
  • Keeping an eye out for system alerts;
  • Maintaining appropriate procedures for onboarding and off-boarding;
  • Managing the release of new features by the cloud provider.

Information Architecture Governance

Many organizations consider information architecture governance as part of either technology governance or part of content governance. In our experience in working with customers, we find that keeping it separate derives maximum benefit.

Information architecture governance includes things like branding, templates, and structure. For example, if you are considering governance for SharePoint Online, putting rules around who can create a site collection, how can a site be created, what template to use, and where can a site be created are all things that need to be answered.

Content Governance:

Effective content governance requires a specialized approach, with the ability to sort the content down by common factors (the adjacent triangle gives you a good head start) and to implement different rules for each type.

Dire consequences can result if you strong governance strategies for your business and infrastructure processes, but fail to consider the importance of governing your content flow.

For more on the subject of content governance, click here.

Conclusion

Though this blog represents just a surface-level overview of the status of today’s cloud governance requirements, we will soon bring you more information about the ways that you can best equip your enterprise for the challenges that lie ahead.

We also invite you to view this webinar, which offers some tips and thoughts on what to consider in implementing a governance process.

Leave a Reply

Your email address will not be published. Required fields are marked *