Understanding IT Governance in Cloud Computing

By Judith Hurwitz, Robin Bloor, Marcia Kaufman, Fern Halper

Governance is about making good decisions regarding performance predictability and requiring accountability. This is the case whether you’re governing your own data center or thinking about the cloud. At its most basic, governance is about applying policies relating to using services. It’s about defining the organizing principles and rules that determine how an organization should behave.

Before diving in, take a step back and look at the IT governance process in general because many of the same principles are relevant to the cloud environment. IT manages a complex infrastructure of hardware, data, storage, and software environments. The data center is designed to use all assets efficiently while guaranteeing a certain service level to the customer. A data center has teams of people responsible for managing everything from the overall facility, workloads, hardware, data, software, and network infrastructure.

In addition to the data center itself, your organization may have remote facilities with technology that depends on the data center. IT management has long-established processes for managing and monitoring individual IT components, which is good.

IT governance does the following:

Ensures that IT assets (systems, processes, and so on) are implemented and used according to agreed-upon policies and procedures.

Ensures that these assets are properly controlled and maintained.

Ensures that these assets are providing value to the organization (actually supporting your organization’s strategy and business goals).

IT governance, therefore, has to include the techniques and policies that measure and control how systems are managed. However, IT doesn’t stand alone in the governance process. In order for governance to be effective, it needs to be holistic. It is as much about organizational issues and how people work together to achieve business goals as it is about any technology. Therefore, the best kind of governance occurs when IT and the business are working together.

A critical part of governance is establishing organizational relationships between business and IT, as well as defining how people will work together across organizational boundaries.

How does IT governance typically work? IT governance usually involves establishing a board made up of business and IT representatives. The board creates rules and processes that the organization must follow to ensure that policies are being met. This might include

Understanding business issues such as regulatory requirements or funding for development

Establishing best practices and monitoring these processes

Responsibility for things like programming standards, proper design, reviewing, certifying, and monitoring applications from a technical perspective, and so on.

A simple example of IT governance in action is making sure that IT is meeting its obligations in terms of computing uptime. This uptime obligation is negotiated between the business and IT, based on the criticality of the application to the business.