Cloud computing represents great deal of opportunities for business and IT. The rapid adoption, flexibility, and elasticity of cloud computing have enabled companies to realize benefits such as time to market and cost saving. However, cloud computing presents various challenges for IT service management and increases the company’s security risk exposures. A well structured cloud service management model will enable the company to reap the benefits of cloud while minimizing the risk exposure for the company. This presentation will cover topics on:
• Governance structure for cloud solutions.
• Architecture strategies to identify cloud capabilities to enable business.
• Selection criteria for preferred cloud vendors based on architecture, legal, security, and IT operations categories.
• Risk management process of cloud solutions.
• Service management for cloud computing following ITIL model.
• Executive endorsement and buy in.
1. Cloud Adoption –
Journey of IT Service Management
CIO San Francisco Summit
Dec 4, 2013
Caroline Hsieh
2. Cloud Adoption – How to Get There
Governance structure
Architecture strategies to identify cloud
capabilities to enable business
Selection criteria to determine
preferred cloud vendors
Risk-management process
Service management process for cloud
computing following the ITIL model
Executive
Endorsement
3. Why Cloud Governance?
Opportunity
Business Growth
Threat
Cost Savings
Minimize vendor proliferation
Security Risks
Speed
Reduce Corporate Risk
Service Management
Consistently Secure Data
Cloud Governance
Reap the benefits of cloud while….
Minimize vendor proliferation
Reduce Corporate Risk
Consistently Secure Data
Quickly and Safely
4. Cloud Governance Structure
Forming a Cloud Governance Body
To enable business to rapidly adopt cloud
solutions while minimizing data security risks
with cloud vendors
Define cloud strategies and maintain cloud capabilities
Establish selection criteria to minimize proliferation of vendors
Perform risk assessment on data and cloud vendors
Educate business users on how to handle data in the cloud
Enforce data security and privacy policies
Enterprise Architecture
IT Operations
Vendor Management
Purchasing
Information Security
Corporate Compliance
Legal
Business Representatives
Cloud Governance Committee is a continuous working body to define
and maintain cloud usage policies and standards.
5. Architecture Strategy and Cloud Capabilities
Step 1 - Identify business demand across company
SaaS
Sales
IaaS
• Opportunity
Management
• Quoting
• Live Chat
• Account Mgmt.
• Sales Compensation
• Content
Management
• Partner Relationship
Management
Marketing
• Social Marketing
• Campaign
Management
• Live Chat
Tech Support
• Content
Management
• Live Chat
Education &
Training
• Virtual Classroom
• Live Chat
• Knowledge Base
• Compliance
Education
Professional
Services
• Project Accounting
• Online Collaboration
• Service Resource
Planning
HR
• Human Resource
Management
• Applicant Tracking
• Talent Management
• Payroll
Legal
• Contract
Management
• Online Collaboration
• Dev./QA Lab
• Storage
• Database
Marketing
• Microsite Hosting
• Content
Management
• Customer Survey
• Lead Management
• Online Collaboration
• Case Management
• Knowledge Base
• Account Mgmt.
Engineering
PaaS
Engineering
• Dev./QA Lab
• Database
• Integrated
Development
Environment
Moderate usage of
cloud
Heavy usage of cloud
6. Architecture Strategy and Cloud Capabilities
Step 2 – Select Preferred Cloud Vendors
Identify selection criteria
Cost
Support
Talent acquisition
Integration
Web services, APIs
Single sign on
Data replication
UI customization
Support mobile devices
Multi-factor auth.
3rd party certification
Data loss prevention
Data retention policy
Access management
Data encryption
Data segregation
SLA (uptime & support)
Monitoring
Vendor viability
Billing
Redundancy/DR
Incident notification
Data privacy
Indemnification
eDiscovery
Architecture
Security
Operation
Legal
Create vendor checklists to incorporate the identified criteria
Select vendor based on functionality fit and adherence to the criteria
7. Architecture Strategy and Cloud Capabilities
Step 3 – Map business demand to vendor capabilities
Examples
Account Management
Pipeline Management
Lead Management
Performance
Management
Talent Management
Virtual Machine
Preferred CRM
SaaS Vendor
Storage
Web Hosting
Database
Preferred HRMS
SaaS Vendor
Development Platform
Preferred PaaS
Vendor
Workforce
Management
Campaign
Management
Event Management
Lead Generation
Content Management
Online Collaboration
Preferred IaaS
Vendor
Preferred
Marketing
Automation
SaaS Vendor
Preferred
Content
Management
SaaS Vendor
Leverage preferred vendors to
Minimize vendor proliferations
Reduce risk exposure
Consolidate buying power to get best pricing
Negotiate the terms to best protect the
corporation
Standardize technology and skillset required
to support the cloud solutions
8. Cloud Vendor Risks
What Business and IT are facing today
Data
Access,
Loss &
Privacy
Operations
Legal
Financial
Service
Management
Security
Corporate
Reputation
Vendor
Viability
9. Data Security and Risk Management
Establish policies for handling data in the cloud
Classify the data based on data sensitivity(*)
Define security control policies for different data classification
Less security control
Public Info
Higher security control
Internal data
Highly confidential data
Educate business community on handling data in the cloud
Obtain business and IT executive approval for storing data in the
cloud
Establish standard agreement terms with preferred vendors
10. Balancing Business Value vs. Risk Level
HIGH
Approve
Assess
Assess
Reject
Business Values
Time to Market
Cost Saving
Operation Efficiency
Customer Experience
LOW
Risk Level
Security
Financial
Legal
Vendor Management
HIGH
11. Service Management Process
Leveraging ITIL for cloud services
Follow ITIL framework for
end to end cloud service
management,
Clarify the role &
responsibilities of
Business, IT, and cloud
providers.
Ensure governance
process encompass the
entire service
management cycle.
Develop your staff’s skills on cloud service management
12. Establish Service Management Process
Roles and Responsibilities Example – to be adjusted for SaaS, PaaS, IaaS
Service Strategy
Service Design
Vendor
Service Portfolio
Management
A
Demand
Management
Financial
Management
Service Level
Management
R
A
C
Transition Plan
& Support
CI
A
R
Event
Management
CI
Availability
Management
A
CI
R
Service Asset &
Configuration
I
CI
A
Incident
Management
A
A
RC
Capacity
Management
A
CI
R
Validation and
Testing
R
A
CI
Problem
Management
A
R
A
IT Service
Continuity
A
CI
R
Release and
Deploy
R
A
CI
Request
Fulfillment
A
Information
Security
CI
A
R
Change
Management
CI
CI
A
Access
Management
Supplier
Management
CI
A
Evaluation
R
A
Service
Catalogue
A
CI
Knowledge
Management
I
A
C
Continual Service
Improvement
IT
Business
Vendor
Service
Measurement and
Reporting
CI
CI
A
Continual Service
Improvement
CI
CI
A
Vendor
Business
C
Business
IT
RI
IT
Vendor
Vendor
Business
Business
A
Service Operation
IT
IT
Service Strategy
Service Transition
I
CI
A
CI
A
C
R
Responsible
A
Accountable
C
Consult
I
Inform
13. Executive Endorsement
Forming a Cloud Executive Council
Chief
Information
Officer
Business
Executive
Sponsors
Cloud Vision
Funding Model
Risk Threshold
Escalation
Chief
Technology
Officer
Chief
Information
Security
Officer
Cloud Executive Council is a steering committee to sponsor cloud
adoption and champion enforcement of policies.
14. Summary
Balance business benefits vs.
risk level
Establish cloud strategy and
cloud capability
Cloud Adoption
Obtain buy-in from
stakeholders
Incorporate cloud
governance as part of
enterprise architecture and
IT operations processes