March 1, 2023
IT governance is focused on the policies you apply when using services, software, and hardware. When it comes to the cloud, governance plays a vital role in compliance, security, cost control, and performance. It can help you rein in shadow IT, keep an eye on internal and provider SLAs, and add accountability.
Ultimately cloud governance is not incredibly different from general IT governance. Most IT departments likely adhere to some form of governance policy for data center or infrastructure assets, ensuring that hardware and software deployments are used according to company policy, that they are tracked and maintained, and that they are providing useful value.
Your governance policy should take cloud services specifically into account, with different protocols depending on Software as a Service and Infrastructure as a Service as deployed by IT. SaaS apps are extremely commonplace and may be used without the knowledge of IT, a practice known as Shadow IT.
Governance in the cloud can be difficult because of its distributed nature. It is not always clear who is accountable for a cloud service, for example: the service provider? The IT department? The user? All three are responsible for some level of security, but without a governing policy to refer to, it is difficult to enforce security and privacy.
The same goes for performance. When you have an IaaS environment, clearly a certain level of performance and availability falls on the provider, which should be clearly defined within the SLA. Your administrators may degrade performance without careful use of the VMs by overprovisioning or bottlenecking network traffic inadvertently.
Finally, compliance issues can rear their head without a corporate cloud governance policy, especially with the proliferation of Shadow IT. In a compliance-mandated industry like healthcare, data must be tracked and access to information must remain under control of IT in order to maintain compliance.