Solita Cloud Buyer's Guide

5. Pay attention to cloud strategy and governance

Don't skip cloud strategy and governance phases! They are crucial to successful cloud transformation.

5. Pay attention to cloud strategy and governance

Strategy enables you to be business driven and have a clear focus. It helps to communicate internally to stakeholders what your organization is aiming to achieve with the cloud. Governance then defines on a more detailed level the management model and design principles for cloud and application functions.

Transition to the cloud involves many elements that either were not relevant or even existed in private cloud or on-premises options. Thus, you should pay attention to them. Some key items to cover are listed here.

  • Cloud Center of Excellence (CCoE) team roles and responsibilities

    Define the roles. Ensure you have enough leadership and technical expertise in CCoE. This ensures a mandate over the decisions made to help the organization on its cloud transformation journey. Don’t forget to strengthen your CCoE team expertise with cloud partner’s advisory expertise. Ensuring successful cloud transformation requires co-operation between organization and partner since cloud is developing rapidly.

    Regular meeting cadence, minutes of the meeting, decision making and communication are a central part of running CCoE.

  • Cloud account management

    Define what is your organization’s cloud account/subscription and resource group/project architecture. We recommend following cloud provider best practices to avoid any issues later in your cloud architecture.

  • Identity and access management

    Identities and access are crucial parts of security. Define how your identity management is integrated with cloud. Favor cloud native approach to avoid legacy restrictions that again will slow down developer velocity.

  • Logging and monitoring

    Defining logging requirements and monitoring guidelines helps cloud and application teams to consistently follow your organization requirements. Favor centralized solutions when appropriate.

  • Networks

    Cloud Internal network, IP address management and external connectivity to on-premises or between clouds need to be addressed here.

  • Tools and technologies

    Define which clouds are in use and for what kind of purposes or use cases. Cover also topics like version control and repository management, continuous integration and deployment (CI/CD), any security scanning and so on.

  • Security

    The principle of ‘shared responsibility’ is important to understand. With the cloud, you cannot outsource all your responsibilities. Well, with on-premise you have all responsibilities anyway. Cloud therefore offers the hugely important advantage that part of it is with the cloud provider.

    Centralized policies help manage the cloud and ensure the right level of governance.

    We could add that the customer’s information security responsibilities (and maintenance tasks) will be reduced as the solutions become more packaged in the cloud. However, this will also reduce the transparency of technical solutions and details, along with the ability to influence them. The customer will need to trust the supplier’s description of the service content. This requires change in culture and mindset and many times it is challenging for people and takes time. Remember to support people since there will be resistance for change.

  • Disaster recovery

    Define requirements for application criticality rating. These will put requirements on application and infrastructure architecture, backup requirements, RTO (Recovery Time Objective), RPO (Recovery Point Objective) and so on. Also disaster recovery rehearsal needs to be addressed.

  • Sustainability

    A final element that we like to include in this governance section is sustainability. After all, it is a topic that is becoming increasingly important in companies (and for a good reason).

    Cloud computing can help reduce a company’s CO2 footprint. After all, you do not always have to have the maximum computing capacity available, just because it is easy to upscale and downscale.

    Yet it is not so straightforward. Indeed, it is important to have sufficient knowledge of the cloud to make this process run as efficiently as possible. Perhaps the comparison with hybrid cars is appropriate here. If you don’t use them properly and only drive them on petrol, you are actually doing more harm than good. After all, because of the batteries, the car is heavier and more polluting.

Solid foundation ensure scalability

Cloud foundation means necessary things you need to build in the cloud but they do not directly relate to applications in the cloud. Some of the key areas to consider when building the foundation include:

  • Fast and automated delivery of environments to application teams
  • Centralized policy and governance management
  • Proactive cost monitoring and holistic follow-up of cloud spending
  • Platform wide monitoring of health and notifications
  • Scaling built-in to avoid growth pains later
  • Cloud Center of Excellence leading the cloud adoption since day one

Once you have a solid foundation in place it enables you to better deal with the issues that arise once your cloud use increases. A few things to consider are:

  • Give the dev teams design principles and guidelines with a clear onboarding process
  • Favor central or shared infrastructure implementation
  • Promote self-service capabilities and avoid the IT team becoming a bottleneck

When these are in place, you are good to go with application development or application migration. In order to run newly developed applications in the cloud, cloud foundation is not enough. You also need to build the infrastructure and applications with the chosen deployment model: IaaS, CaaS, FaaS or PaaS.