Our three-part guide to cloud governance has so far explained the importance of implementing a cloud governance operating model, discussed how to develop policies, and suggested how best to enforce them (you can find part one here and part two here).
This final section of our guide bridges the gap between enforcing your governance policies and making sure your broader governance and automation strategy aligns with your organization’s broader business objectives.
Integrating your cloud governance strategy with your business objectives
The process of integrating your cloud governance strategy with your organization’s broader business objectives is a natural progression from taking control of a decentralized cloud environment. As metrics are gathered, reported, and compared to benchmarks taken before your cloud governance operating model was adopted, you can track the effectiveness of your automated policies, as well as flag—and adjust—policies and/or process changes that have had negative or unintended consequences (e.g. some governance policies meant to tighten security in the development process have in fact slowed down productivity for specific engineering teams).
As the cloud evolves and new opportunities arise, such as meeting new compliance requirements or realigning to revised business objectives based on changes in your organization’s GTM strategy, your organization—and more specifically the Cloud Center of Excellence (CCoE)—will be ready to react quickly. This agility will allow your organization to reposition cloud governance policies as needed to stay flexible and adapt to new circumstances, all while ensuring the cloud strategy still benefits the needs of the business.
Overcoming obstacles with implementing cloud governance policies
There will be obstacles to overcome in order to have a streamlined approach to cloud governance and automation. With cloud governance policies in particular, the weakest link could be any of the technologies, people, or processes, in place—which is why it’s important to revisit these guardrails periodically to see where problems are occurring.
Are you having trouble with team compliance and overall adoption of new processes? This could mean a refocus on education and enablement so that teams understand the long-term benefits, both in their individual, day-to-day tasks and to the broader organization as a whole. It might be that things start breaking down on a process and/or individual policy level? Perhaps a cloud governance policy created by the security team has negatively impacted the developers working in a staging environment or has created inefficiencies in a engineering team’s sprint cycle—causing teams to go off the books in order to get their jobs done.
The responsibility for overcoming obstacles lies primarily with the Cloud Center of Excellence. The team tasked with leading the organizational transformation cannot only focus on the technology and ensuring strategies are aligned at the highest level, but also has to focus on addressing the obstacles that arise on a department, team, and individual practitioner’s level—another good reason for creating a cross-functional team with representatives from different areas of the organization.
Setting up for sustaining governance success
The key to achieving and sustaining an effective cloud governance operating model is planning for long-term success from the start. This involves selecting trusted and influential people to be part of the Cloud Center of Excellence, giving the team total visibility into on-premises and cloud IT operations, and providing support from the top of the organization downwards.
In return, the Cloud Center of Excellence should communicate its successes and failures, produce frequent reports on the progress it has made towards the alignment of the organization’s cloud governance strategy with top-level business objectives, and ask for help when help is needed. This help may take the form of third party advisors, HR intervention to deal with change management, or an alternative technology solution.
To sustain success over the long-run, communication becomes even more important. There should be frequent reviews of the operating model, a mechanism in place to log improvement actions, and occasional “what if we hadn’t” scenarios—in which the current state is compared to where the organization might be if there had been no cloud governance put in place (this also helps to further document success or see where adjustments might need to be made).
Cloud governance isn’t easy to start, but pays off in the long run
We wrote in the opening to part 1 of our cloud governance guide that organizations often only start looking for solutions once they have lost control of their cloud environment. That’s not necessarily a bad thing because at least they have had experience of what can go wrong in the cloud—but a more proactive approach to cloud governance can help bypass a lot of early governance mistakes (although you should still expect some trial and error along the way).
Regardless of where your business falls in the cloud maturity model, cloud governance is not easy. It requires a combination of technology, people, and processes working together to achieve a positive outcome. However, a positive outcome is worth pursuing because not only will the organization more easily achieve its business objectives, it will also be capable of sidestepping many of the challenges organizations are facing in the cloud today (lack of management around a decentralized IT infrastructure, increasing cloud budgets, struggle scaling teams and workflows in the cloud, etc.). Thoughtful work and practice in the beginning will pay off huge in the end.
Learn more about how to build a successful cloud governance practice in our white paper: Building a Successful Cloud Operations and Governance Practice