According to MIT, companies with effective IT governance have 20% higher profits than their competitors, which makes a pretty compelling case for creating a strong governance model. Cloud, which adds further layers of complexity to IT infrastructure, only strengthens the argument. Why, then, do so few companies develop an effective IT governance model for the cloud?
Most enterprises don’t have a well-developed governance approach for the cloud, not even an idea of a technology solution.
Enterprises are overwhelmed these days with other technology changes, including not just the move to cloud but devops, machine learning, and whatever other shiny objects pop up out of the market.
I view governance as the consistent enforcement of policies to place limits on how, when, why, and for what purpose a resource such as data, processes, APIs, storage, or compute is used. The best way to think about governance is as a series automated guardrails, in the form of policies, that keep you from running off a curvy road.
Of course, there is not one product that does everything, so governance solutions are a mix of products that include security, API management, resource management, and perhaps other technologies to address your specific needs.
There’s no “black box solution” for governance. That’s why enterprises need to treat governance strategically as both a concept and enabling technology. Few do.
Worse, most enterprises will move beyond the range of what can be done manually soon. Where 200 cloud services mixed with 100 legacy services was doable manually, the tipping point will soon come when the number of services can’t be effectively tracked by people. At that point, either you stop building or using cloud services or you face daily problems, such as data being edited by unauthorized users or, worse, running afoul of the law.
Either way, the result is the same: cloud migration projects’ epic fail.
I know that most enterprises have cloud migration projects, are building devops organizations, and deploying new security technologies. But the governance thing must be a priority as well. I understand it’s something that makes your job more complex, but the alternative sucks.
Two key points in this article help us understand why IT governance for the cloud is not widely implemented. First, it's not simple—here there is no black box solution, after all. And second, it makes IT's job more complex. But that doesn’t make it less important. Absent a strong set of enforceable policies to ensure consistent performance of increasingly distributed IT infrastructures, companies risk losing the very benefits that they want from cloud. ~Carol Hildebrand, Senior Strategic Marketing Writer, NETSCOUT