Cloud governance is a general term for applying specific policies or principles to the use of cloud computing services.
In other terms we can say that cloud governance refers to the decision making processes, criteria and policies involved in the planning, architecture, acquisition, deployment, operation and management of a cloud computing capability.
The goal of cloud governance is to secure applications and data when they are located remotely.
There are five reasons of cloud governance:
- Enable “business at cloud speed” and establish a cloud centric IT operating model based on the speed, agility and cost of cloud computing.
- Enable appropriate cloud decision making without friction.
- Integrated with existing Enterprise IT Governance processes, policies, boards and tools.
- Balanced appropriate coverage for key decisions, Investments and risks while achieving the benefits of clouds.
- Proactive to anticipate and prevent shadow clouds and unauthorized cloud activities that expose organizational risks.
We can define cloud governance as the framework to:
- Convert rules, decisions and rights for the usage of IT resources into policies.
- Ensure that cloud resource accessibility, provisioning, security, and operating procedures are executed in accordance with policies.
- Provide automatic altering mechanism and remediation responses if policies are violated.
- Provide capability to track policy changes and generate audit trails.
Effective governance tools are necessary to avoid careless or unauthorized use of cloud based IT resources, which includes the practice known as “shadow IT”.
The governance is applied in cloud for:
- Setting company policies in cloud computing.
- Risk based decision which cloud provider, if any, to engage.
- Assigning responsibilities for enforcing and monitoring of the policy compliance.
- Set corrective action for non-compliance.
Cloud Governance model example:
Microsoft’s Cloud Governance Model.