As we dug deeper into the data, the challenges with governance became clearer among the grouping of respondents who use AWS.
Click for more from AWS survey respondents
New York
123 Street 4th Floor New York 10010 USA
Call Us
202 412 1440
Email Us
jack@ceros.com
Los Angeles
123 Street 4th Floor Los Angeles 90010 USA
Call Us
212 444 4140
Email Us
jack@ceros.com
Story title here
Read More
Story title here
Section 1
Story title here
Read More
Story title here
Section 2
Story title here
Read More
Story title here
Section 3
Story title here
Read More
Story title here
Section 4
4 Steps to Level Up Cloud Governance on AWS
TECH PLAYBOOK
The 4-Step Governance Playbook
The underlying characteristics of poor cloud governance
32%
cited a lack of buy-in from leadership as a major barrier to cloud maturity
62%
listed “establishing a central authority to define cloud best practices” as a top initiative to improve cloud governance in the next 12 months
54%
want to increase cloud operational efficiency within the next year
of AWS users said shadow IT (unauthorized use of technology within an organization that often causes IT management or security issues) was a common problem at their organization
80%
In SPR’s recent data study “Cloud Report: What Businesses Need for Resilience in 2021 and Beyond”, 61% of IT leaders surveyed used Amazon Web Services (AWS) as part of their hybrid or public cloud. Within this subset of respondents, there was a common trend: A lack of cloud governance. Forrester defines cloud governance as “the ability to provide strategic direction, track performance, allocate resources, and modify services to ensure meeting organizational objectives without breaching the parameters of risk tolerance or
Most people don’t completely understand governance or view implementing it as unnecessarily costly. Instead, a proper governance model is critical for effective deployments, adoption of technology, and avoiding major tech issues in the future. All four of these subjects — shadow IT, operational efficiency, centralized authority and executive buy-in — lead back to an issue of governance. If shadow IT is common among these organizations, then IT teams don’t have a clear grip on managing the technology used by company employees. The need to boost operational efficiency signals broken operational models that don’t support a unified workflow. And, without a centralized cloud authority and buy-in from leadership, governance can’t take root if it isn’t defined to company employees from the beginning.
In this guide, you will learn:
Mission critical: Proper governance
Four Steps to Effective Cloud Governance
Click below to begin the journey
why executives should make this a priority
how to create a culture of governance in a manageable way
how to refine your approach and implement governance best practices for your AWS or hybrid cloud systems
Study shows: Governance is lacking
compliance obligations.” The trend toward a lack of governance was not initially obvious in the data, though, and leaders weren’t admitting it themselves. In fact, more than two-thirds (67%) of IT leaders who primarily use AWS rated their organizations’ cloud governance as “mature,” with 36% saying their companies’ cloud governance was “very mature,” (i.e., cloud processes are monitored for improvement and improved periodically; processes are automated and cloud is used by all employees).
Build the Culture
Step 4 >>
Start with DevOps
Step 3 >>
Garner Support
Step 2 >>
Establish Purpose
Step 1 >>
Cloud governance must be adapted over the long term
Build the Culture
Step 4 >>
An iterative approach can help ease stakeholders' fears
Start with DevOps
Step 3 >>
Cost savings and talent can help gain executive buy-in
Garner Support
Step 2 >>
Make cloud governance your No. 1 priority
Establish Purpose
Step 1 >>
ESTABLISH PURPOSE
STEP 1
Although governance is a key tenet of the AWS cloud maturity model, the process is more complex for IT departments that need to reapply governance post-launch. Retooling for better governance requires another round of executive buy-in (see Step 2). It also means adjusting the cloud deployment design and a slight restructure of development, support, operational and infrastructure teams.
For better cloud governance, AWS’s five steps of “Vision and strategy” can be reshuffled and executed by your internal team. But, revamping an already established AWS deployment can be complex, often taking 3-4 months. In these cases, partnering with a third-party expert can ease the burden and expand its limitations. A trusted, independent expert ensures all required steps of establishing governance are completed.
Next Step
Why governance should be a top priority
The earlier you implement a governance model, the better. But just because you have prioritized governance doesn’t mean it develops quickly — or that it will automatically align with the goals of your organization’s cloud deployment. Governance does not begin as a mature process. Rather, it must go through several build cycles before it reaches full maturity. The path to mature governance is lined with testing,
company-specific goals, governance is lined with testing, company-specific goals, and it centers each build cycle on established business and operational value. The path to mature governance is outlined by AWS in the “Vision and strategy” section of its cloud maturity model: 1) Business case and roadmap; 2) Executive approval; 3) High-level technical design; 4) Governance and operating model; and 5) Application migration assessment and plan.
deploy easier
establishes rules
outlines processes
leads to better tech adoption
hard to retrofit new governance around existing tech
center build cycles on business value
helps avoid tech debt
although implementing governance models up front be more time consuming (e.g. it may add 20% to the front end of a project), the returns and adoption of the technology tend to be much higher.
rules are established, and a process is outlined (a key DevOps component: tasking granularly, to make the project easy to manage and execute).
Since the associated ROI can be hard to understand, people often don't want to deal with governance, but implementing it up front is effective because:
Because technology projects are often launched with tight timelines, leadership may push back on governance-related initiatives, asking: why spend time on governance when it may add several days of effort? If companies don't address governance up front, it presents a risk of taking on tech debt (which will bring on scalability limits, performance issues, or other future tech costs) that you'll have to resolve at some point. And, the longer companies wait to address governance, the harder it will be to wrap governance around already established technology.
The most effective path to governance: Make it your No. 1 priority. With tight timelines, leadership may push back, though.
Mitigate shadow IT projects with continuous customer communication and engagement
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.
New User Roles & permissions
Business case and roadmap
Executive approval
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.
Product Integration - Duis Aute Irure
Vision and strategy
High-level technical design
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.
Improved Reporting
Governance and cloud operating model
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.
Export Data
Application migration assessment and plan
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.
Support for ad Minim Veniam
Establish CCOE
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.
Excepteur Sint Accaecat Dashboard
Implement AWS technical foundation
Enablers
AWS awareness and training
Expert consultants
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.
New Admin Screen
POC
Cloud services brokerage (CSB) model (optional)
Continuous Improvement
Sprint 1
Months 1-3
Months 3-6
Months 6-24
Ongoing
Sprint 2
Sprint 3
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.
Quick Edit
Development
Migration acceleration
All in
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.
Team Collaboration
Production migration factory
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.
Unlimited Dolor Sit Amet
Project Stage
Foundation Stage
Migration Stage
Optimization Stage
The path to maturity
When to bring in a third party
TECH PLAYBOOK
Remind execs of reasons to modernize
STEP 2
Next Step
The most compelling argument for investing in governance is a financial one. IT governance and financial governance go hand in hand: The more time you invest in designing correct, efficient process solutions for your organization, the more time and money the company can save over the long term.
Like we said in our first step, a restructure of cloud governance means another round of executive buy-in.
The financial argument also points to the need for modernization. Your enterprise can no longer afford to wait on modernizing its environment and applications. Doing so puts your company behind other competitors with more efficient, turnkey processes, (by definition, this means effectively governed process). Lagging behind competitors can bog down your IT operations and fail to meet modern expectations of your users, leading to lost revenue opportunities over time. With more companies making a shift from CapEx to OpEx, the final investment in legacy methods should be investing in a new modern strategy, through an effective governance model.
Financial benefits and tech talent realities can help gain executive buy-in.
Working toward a modern strategy that incorporates proper governance ensures that you have forward-thinking approach that (1) avoids tech debt and (2) readies your business for the current and emerging skillsets for the experts in your IT team's employ. Investing in an application and environment modernization strategy through defined functions like decoupling will achieve a higher ROI than leaving your AWS deployment as it currently stands. A short-term, hybrid cloud strategy built with structures rooted in governance can enable your organization to modernize applications in the cloud on a timeline parallel to the retirement of on-premise resources.
A second consideration: any legacy strategy — tech included — handcuffs companies to a talent pool that's shrinking. Avoiding modernization means your organization remains committed to a waning pool of available technology experts, the ones with skill sets limited to older technologies.
As cloud providers like AWS change product offerings (for example, introducing AMD processors with more compute power for less money than Intel-based instances), proper governance and automation can ensure that your organization follows these trends. So, you can push resources into new pricing models (or any other strata) by implementing governance and cost controls.
If your company is not ready to start decoupling applications or modernizing code bases, execs often ask whether a lift-and shift- approach is a more financially sound option. The short answer: No. Migrating a workload often means it won't function in a modern way, so future modernization efforts on that same workload will still be required as a second phase. Reworking things after migrating to the cloud doesn't make sense since it requires more effort and cost.
3 of 3
George Burns III cloud senior consultant, SPR
George Burns III, SPR's cloud operations senior consultant, demonstrates how your team can reduce cloud runtime by decoupling monolithic applications into smaller components such as containers and serverless functions. Application decoupling can ensure your organization onlly pays for runtime when a container or function is running. "But we're not ready for decoupling..."
2 of 3
Hot Topic: Decoupling
We know proper governance creates more efficient processes, contributing to better financial health of your tech operations. Beyond the cost savings driven by this efficiency, it's critical to break down the cost savings of the governance model itself. Let’s take a look
1 of 3
Financial motivators for implementing your governance model up front
How a governance model helps with cost controls
Motivators for modernization related to IT talent operation
filler coming
TECH PLAYBOOK
get started with a devops approach
STEP 3
Next Step
The above components define your organization’s path forward and divide its upgrade plan into tangible pieces. Proper governance is your guide to operate within a defined set of rules so that you don't derail your tech projects.
DevOps methodologies provide a project management framework and governance establishes the rules for project success — what we can consume and how. From aligning on company goals to working with employees on UAT, each component of modernization unifies IT with other departments.
Throughout the process of establishing governance, various stakeholders in your organization will struggle with fear of the unknown — so start with a small, iterative approach that includes all necessary parties in your company.
Small cloud engagements, such as 90-day proof of concept (PoC) plans, can help test theory, prove functionality, uncover major issues and identify the pieces needed to complete a full cloud strategy implementation. These pilot project engagements typically enable you to determine functionality without a months-long project commitment. As a result, projects of this nature can be accomplished with manageable costs.
Additionally, a PoC can establish an immediate benefit to your business with minor changes to critical issues that yield major improvement. You can also consider building a new business capability (such as implementing a data warehousing strategy or a zero trust architecture* through a pilot project as a valuable additive that doesn’t disrupt existing services at your organization.
When implementing a DevOps methodology, it’s best to break up your modernization journey into the following components:
Organizational-specific, overarching goals that span departments (i.e., upgrade our financial platform and deploy into cloud)
Epics
Major milestones in the process (i.e., environment preparation and deployments, PoC validation, old infrastructure cleanup)
Features
Projects that lead to feature completion (i.e., research and planning, build and confirm environment connectivity, deploy resources, user acceptance testing (UAT), corrective action, test/produce deployments)
User stories
Assigned individual work items that can be completed in one to few days by employees (i.e., identify firewall ports, confirm connectivity, create user/service accounts)
Tasks
*a security methodology where everything is challenged
Components of modernization
Unify across the organization
performance tracking
resource allocation
matching services with organizational objectives
establishing secure practices
strategic direction
This typically follows Forrester’s cloud governance tenets stated earlier:
TECH PLAYBOOK
BUILD A GOVERNANCE CULTURE
STEP 4
Formalize a governance body
Recommendation
1 | Establish an input/advisory board
2 | Engage in thought leadership
3 | Create thought leadership through IT SMEs or senior technologists
1 | Establish an input/advisory board
Document and distribute policies, processes, and procedures
Recommendation
2 | Engage in thought leadership
3 | Create thought leadership through IT SMEs or senior technologists
1 | Establish an input/advisory board
2 | Engage in thought leadership
Create and document a RACI model for adoption
RACI is an acronym that stands for Responsible, Accountable, Consulted and Informed. Parties are assigned and tracked in a matrix.
Recommendation
3 | Create thought leadership through IT SMEs or senior technologists
With a determined cloud implementation approach established by the cyclical framework, you can identify improvement opportunities in the cloud that users can realize with your established governance and expertise. To optimize usage costs, your team can also determine the best utilization of cloud resources across departments based on their desired business outcomes. Cross-departmental collaboration between IT and other business teams leads to a more mature cloud governance model and broader user acceptance.
This happens because all relevant parties are included in the refinement process, not just IT. Alignment between IT and business teams also reduces the use of shadow IT. Proper alignment helps avoid shadow IT risks by making non-IT employees become active stakeholders in the cloud deployment and maturity process. Finally, a third-party expert can be a valuable resource in ongoing governance ITSM. Check out the AWS Well-Architected Review framework for more information on how to improve your AWS infrastructure and maintain applications for the long haul.
In the end, a well-established governance model equals stronger cloud maturity and helps you take advantage of the value offered by cloud providers like AWS. By following the four steps outlined in this report, you can eradicate the challenges highlighted in our interactive report featured by IT leaders who use AWS: Shadow IT, poor operational efficiency, centralized authority and executive buy-in — no matter where your organization stands in its modernization journey.
Laying this ITSM governance foundation ensures your organization has a consistent framework for IT operational processes. The framework includes evaluation as the first step, followed by identifying a problem/enhancement, and then implementing the change. Beyond implementing a change, your team should also look at security considerations, risk definition
and mitigation, and financial considerations. These aspects are better established through a consistent governance model with participation from fellow employees. Through this cyclical framework, your IT team can work in unison with other departments to determine the best strategies to move forward in the cloud.
Once governance structure is established, you must implement cyclical IT service management (ITSM) to ensure cloud maturity remains consistent. The foundational structure for this process requires: 1) Establishing an input/advisory board; 2) Engaging in thought leadership using IT subject matter experts or senior technologists; and 3) Defining a maturity strategy.
SPR’s team of experienced and highly skilled technologists can chart a modernization journey. We'll help you determine a governance model that fits the needs of your organization’s business, budget, end users and IT team.
Need a partner to help boost your company’s level of governance?
True cloud governance never really ends and must be adapted over the long term.
Foundational structure for cyclical ITSM implementations
Wrap up: What a governance model can do for you
Requirements
New York
123 Street 4th Floor New York 10010 USA
Call Us
202 412 1440
Email Us
jack@ceros.com
Los Angeles
123 Street 4th Floor Los Angeles 90010 USA
Call Us
212 444 4140
Email Us
jack@ceros.com
Chicago
233 S. Wacker Drive, Suite 3500 Chicago, IL 60606
More About Us
www.spr.com
info@spr.com
Email Us
Follow Us
Evaluate
IDentify
the problem or enhancement
IMPLEMENT
the change
An ITSM governance foundation ensures a consistent framework for IT operational processes.
TECH PLAYBOOK