Cloud-Computing Governance
When a company moves to the cloud, the company must further extend their information-technology governance. To begin, first and foremost, the company must ensure that on-premise or within-the-cloud solutions align with the company’s business strategy. If the IT resource development and deployment does not align with the company strategy, the IT initiatives are destined to fail. Then the company must govern the cloud deployment. Meaning, the company must create policies, procedures, and controls that not only ensure strategic alignment, but which also provide confidence in the accuracy and security of the cloud-based solutions.
A key place to begin the cloud-governance process is with the service-level agreement. Specific questions to consider with respect to the agreement include:
-
Who within the company can access the service?
-
Who within the cloud-provider can access the service?
-
What can those who can access the service do?
-
Is the solution multitenant?
-
How is the service secured?
-
How is the service replicated or colocated?
-
How can the service be tested and validated?
-
What is the service uptime?
-
How and when is the service maintained?
-
What controls can be implemented and at what stages of the service?
-
How are errors and exceptions logged?
-
How can performance be monitored?
-
What is the upgrading and versioning process?
-
What auditing support is provided?