Welcome!

Cloud Security Authors: Yeshim Deniz, Liz McMillan, Elizabeth White, Ravi Rajamiyer, Pat Romanski

Related Topics: @CloudExpo, Cloud Security, Government Cloud

@CloudExpo: Blog Feed Post

Hybrid IT Governance: Automation Is Key By @Kevin_Jackson | @CloudExpo #Cloud

As cloud computing continues to grow in importance, enterprises are now facing a new realization

As cloud computing continues to grow in importance, enterprises are now facing a new realization. In their almost rampant embrace of cost savings associated with public cloud, many are just now understanding the information technology governance challenge posed by vastly different traditional and cloud computing operational models. Often referred to as hybrid IT, supporting both models has left many executives trying to cope with a lack of hybrid IT operational experience. Challenges can also include security concerns, financial management changes and even dramatic cultural changes.
This myriad of challenges translate into enterprise risk across multiple levels, namely:

  • Organizational management and governance
  • Accelerating business process speed and scope
  • Expanding business partner ecosystem
  • Broadening enterprise information system user base

To be successful, organizations should explicitly address these risks with a focused risk management strategy. This strategy should not only address holistic activities that integrate across the business, but also on coordinated activities for overseeing and controlling high impact and high probability risks. Some areas may even warrant organizational policy and governance enhancements include:

  • Delegation of management decision authority to those responsible for everyday interactions with the organizations business ecosystems and IT supply chain
  • Establishment and communication of cloud ecosystem related risk tolerance through Service-Level Agreements (SLA), including delegated authority on decisions that impact the risk tolerance;
  • Near real-time monitoring, recognition, and understanding, of information security risks arising from the operation and/or use of the information system leveraging the cloud ecosystem; and
  • Organizational accountability around incidents, threats, risk management decisions, and solutions.

Figure 1: Risk Management Framework (NIST SP 800-37 Rev. 1)

Specificity around security processes, business resilience and financial management are paramount. The dynamic and agile nature of modern business also demands using a relatively high degree of automation in supporting multiple business functions including:

  • Customer demands for multi-channel and multi-device interaction;
  • Expanding dynamic global IT requirements
  • Operational business decision support
  • Enforcement of organizational governance
  • Operational flexibility through business ecosystem API
  • Internal demands to deliver on the promise of IT-as-a-Service

When automating governance and control, organization should, as much as possible, enhance:

  • The discovery and documentation of existing public cloud resources
  • The enforcement of data and access management security policies
  • Monitoring and reporting of all governance processes
  • Cost controls and budget management processes
  • Evaluation and selection of application "cloud readiness"

Companies that fail to automate these key processes, will not realize the operational efficiencies and agility of hybrid IT platforms. They will also fall behind their competition, eventually to the point of irrelevance.

Exemplary of a successful transition was when a leading, Fortune 500 nutrition, health and wellness company decided to migrate applications from two end-of-life data centers. During their initial evaluation, the enterprise found that moving to a Hybrid IT model - a mix of private cloud, public cloud and physical assets - would help them solve problems that were hindering their competitiveness. With the expertise of a top system integrator, the enterprise transitioned to a cloud brokerage solution. This solution automated their IT governance by tying planning, consumption, delivery, and management seamlessly across public, private, virtual, hosted, and on and off premises resources. Gravitant's cloudMatrix solution was identified as the only purpose-built solution for Hybrid IT. Using this solution, the enterprise enhanced IT governance, reduced operational risk and transformed its IT services model from a high-cost, inflexible physical data center model into a next generation, pay-per-use model.

In accomplishing this transformation, cloudMatrix provided:

  • A seeded catalog of the industry's leading cloud infrastructure providers, out-of-the-box without the overhead of custom integration.
  • A marketplace where consumers can select and compare provider services, or add their own IT-approved services for purchasing and provisioning. Consumers can use a common workflow with full approval processes that are executed in terms of minutes not weeks.
  • Reporting and Monitoring that includes multi-provider consolidated billing estimates, actuals, and usage projections for accuracy and cost assignment.
  • A visual designer that includes sync-and-discover capabilities to pull all assets (VMs) into a single, architectural view and management standard.
  • Integration with service management and ticketing systems through an API framework.

In only six months, the enterprise was able to move its workloads from the existing data centers, to a Hybrid IT (private, public and physical) delivery model and provide self-service IT to business units with cost and usage transparency. IT cost, which had previously categorized as a general percentage of overall IT spend assignment, is now available by virtual data center, service/application, and usage - permitting reporting and governance at a "cost-per-business unit" level.

(This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud Network Partners or any other corporation or organization.)

Cloud Musings

( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)

Read the original blog entry...

More Stories By Kevin Jackson

Kevin Jackson, founder of the GovCloud Network, is an independent technology and business consultant specializing in mission critical solutions. He has served in various senior management positions including VP & GM Cloud Services NJVC, Worldwide Sales Executive for IBM and VP Program Management Office at JP Morgan Chase. His formal education includes MSEE (Computer Engineering), MA National Security & Strategic Studies and a BS Aerospace Engineering. Jackson graduated from the United States Naval Academy in 1979 and retired from the US Navy earning specialties in Space Systems Engineering, Airborne Logistics and Airborne Command and Control. He also served with the National Reconnaissance Office, Operational Support Office, providing tactical support to Navy and Marine Corps forces worldwide. Kevin is the founder and author of “Cloud Musings”, a widely followed blog that focuses on the use of cloud computing by the Federal government. He is also the editor and founder of “Government Cloud Computing” electronic magazine, published at Ulitzer.com. To set up an appointment CLICK HERE

IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...