Navigating the Clouds Fortifying ITIL for Cloud Governance

Similar documents
Accelerate Your Enterprise Private Cloud Initiative

21ST century enterprise. HCL Technologies Presents. Roadmap for Data Center Transformation

Symantec Data Center Transformation

Accelerate Your Cloud Journey

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

New Zealand Government IBM Infrastructure as a Service

Getting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption

IT Consulting and Implementation Services

Securing Your Digital Transformation

eplus Managed Services eplus. Where Technology Means More.

Cisco Start. IT solutions designed to propel your business

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

OVERVIEW MANAGED INFRASTRUCTURE SERVICES WHY INFRASTRUCTURE MANAGEMENT? KEY CHALLENGES HOW MANAGED INFRA SERVICES ADDRESS THE ABOVE CHALLENGES?

CAPABILITY STATEMENT

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Six Sigma in the datacenter drives a zero-defects culture

New Zealand Government IbM Infrastructure as a service

Achieving effective risk management and continuous compliance with Deloitte and SAP

VMware Virtualization and Cloud Management Solutions

locuz.com SOC Services

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

Demystifying GRC. Abstract

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Cognizant Cloud Security Solution

Cloud Computing Private Cloud

Service Provider Consulting

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

From Cloud adoption to Cloud first Enabling effective Cloud usage

itsmf ITIL V3: Accelerate Success with Tools Maria A Medvedeva, PMP, ITIL Regional Director CA, Inc. itsmf Middle East Board of Directors

Transform to Your Cloud

Dell helps you simplify IT

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Optimisation drives digital transformation

Supporting the Cloud Transformation of Agencies across the Public Sector

I D C T E C H N O L O G Y S P O T L I G H T

Virtustream Managed Services Drive value from technology investments through IT management solutions. Tim Calahan, Manager Managed Services

Capgemini Dynamic Services

INTELLIGENCE DRIVEN GRC FOR SECURITY

The Windstream Enterprise Advantage for Banking

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

Networking for a dynamic infrastructure: getting it right.

Cybersecurity. Securely enabling transformation and change

Data Governance. Mark Plessinger / Julie Evans December /7/2017

MAXIMIZE SOFTWARE INVESTMENTS

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

OVERVIEW BROCHURE GRC. When you have to be right

DIGITAL INNOVATION HYBRID CLOUD COSTS AGILITY PRODUCTIVITY

What is ITIL. Contents

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

Run the business. Not the risks.

Cloud Going Mainstream All Are Trying, Some Are Benefiting; Few Are Maximizing Value

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Cloud Going Mainstream All Are Trying, Some Are Benefiting; Few Are Maximizing Value

IT123: SABSA Foundation Training

Securing Data in the Cloud: Point of View

Patrick van der Griendt Atos International GSI SAP SAP HANA

Cloud Going Mainstream All Are Trying, Some Are Benefiting; Few Are Maximizing Value. An IDC InfoBrief, sponsored by Cisco September 2016

Choosing the Right Cloud. ebook

Computing Power at the push of a button: Dynamic Services for Infrastructure.

HYBRID WAN. Proof of Value Journey. WAN Summit Michael Becerra Singapore, 12 September Global Business Services Excellence. Simply delivered.

vrealize Introducing VMware vrealize Suite Purpose Built for the Hybrid Cloud

Government IT Modernization and the Adoption of Hybrid Cloud

Practical Guide to Cloud Computing Version 2. Read whitepaper at

ISO/ IEC (ITSM) Certification Roadmap

ITIL Certification The next logical certification step for the Cisco Certified Professional

MODERNIZE INFRASTRUCTURE

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

The ITIL Foundation Examination

Accelerating the Business Value of Virtualization

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

DATACENTER SERVICES DATACENTER

RUAG Cyber Security Understand Cyber. Protect Values.

Proven Integration Strategies for Government

ArcGIS in the Cloud. Andrew Sakowicz & Alec Walker

WHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.

Designing a Day 1 Operating Model for Rapid Adoption of Converged Systems GLOBAL SPONSORS

Data Center Engineering Acceleration Efficiency Interoperability HCL ERS DATA CENTER ENGINEERING SERVICES

Professional Services for Cloud Management Solutions

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

How To Reduce the IT Budget and Still Keep the Lights On

Implementing ITIL v3 Service Lifecycle

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

PRIME HOME 5.0 DATA SHEET

Vulnerability Assessments and Penetration Testing

The Impact of Hyper- converged Infrastructure on the IT Landscape

HYBRID CLOUDS DEFINING A SUSTAINABLE STRATEGY

Best Practices in Securing a Multicloud World

TRANSFORMING TO IT-AS-A- SERVICE

Oracle Buys Palerra Extends Oracle Identity Cloud Service with Innovative Cloud Access Security Broker

Vulnerability Management. June Risk Advisory

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

HP Software-Defined Infrastructure (SDI)

Windows 10 IoT Overview. Microsoft Corporation

Enterprise Private Cloud. Fully managed private cloud as a service in your data centre or ours.

in Action Delivering the digital enterprise Human Centric Innovation Ralf Salzmann Manager OEM

Symantec Data Center Migration Service

Transcription:

Navigating the Clouds Fortifying ITIL for Cloud Governance DECEMBER 2011

Cloud adoption promises to be an interesting journey for an enterprise with its luring benefits of on-demand models enabling faster innovation cycles. However CIOs are concerned whether existing ITIL based governance will be sufficient. These concerns have their foundation in availability, security, regulatory, compliance, data confidentiality, integrity, portability and a host of other issues that have come to center-stage with the introduction of cloud. While ITIL remains well suited to manage IT services, here we discuss the need for assessing and updating the existing processes, some more than others, to remain relevant and current with changing face of IT service delivery. Introduction Adoption of cloud in an enterprise has to go through multiple steps, each requiring a unique set of tools and frameworks that need to be customized for your enterprise, as discussed in Navigating the Clouds: Tools You Can Use. The governance processes in your organization are most likely to have been adopted from industry established standards such as ITIL. These processes will undergo modifications and changes to accommodate the impact of cloud computing and introduction of new considerations. Some of the changes may be: You are no longer hosting applications in your own data center A revised planning cycle is required given that demand and capacity management has to factor in adopted cloud models You may modify the hard line budgets as well as make provisions for on-demand models using cloud provisioning policies potentially automated You are not securing all of your data yourself and a circle of trust is established that include 3rd party vendors Scenarios like above emphasize the need for entirely new set of controls and policies to be drafted and managed as organizations continue on their cloud journey. The impact on governance processes will vary depending on your adoption approach, and during the govern step, you need to assess your organization for changes needed and appropriately prepare the plan to put requisite Cloud Governance in place. Cloud Governance is putting together decision-rights and accountability framework for adoption and sustenance of cloud in the IT organization that ensures cloud investments generate business value as well as cloud risks are measured, monitored and controlled. An ideal cloud governance model for an organization will ensure that an enterprise wide reference model has been established for consumption of cloud services and will provide for: Management of cloud enabled IT environment by identifying 2

stakeholders and building RACI matrix highlighting roles and responsibilities Service Catalog management processes for preparation, registration and maintenance of cloud service catalog(s) Security of applications and data by establishing policies and appropriate controls Risk Management including minimizing Legal and Compliance issues Comprehensive cloud vendor management framework establishing communication channels and SLA management with vendors Sustenance of services during adverse scenarios Others, as needed by your organization. Cloud governance will help organizations avoid silos of cloud services with disjointed policies, chargeback mechanism, service management etc. Cloud Governance vs. ITIL Traditionally, organizations have managed their IT through industry best practices like Information Technology Infstructure Library (ITIL) which had not been drafted considering cloud computing. Emergence of Cloud Computing and its adoption in an enterprise doesn t invalidate processes recommended by ITIL; rather, it underscores the criticality of some of the processes, as applicable in the chosen cloud context, after necessary modifications. Following is an example showing how catalog management will be impacted: Service Catalog in a cloud enabled environment has much higher number of services as well as permutations and combinations that can be applied. A simple service of a server provisioning, from a pre-cloud era, can become a much more configurable service offering choices of processing power, memory and storage in combination with choices of databases and operating systems. Using a provisioning service in IaaS model, user can request for a 1 virtual core with equivalent of 1.2 GHz of computing power, 3 GB of RAM, 200 GB of instance storage with windows 2008 R2 operating system and SQL server. In addition, there would be options for cloud bursting as well as models for billing and charge-backs. The workflows and policies for on-demand service provisioning, for metering and charge-backs, and for cloud bursting will require change since most of the steps are likely to be automated. Such changes are expected across all the five modules of ITIL. Following are some of the key considerations impacting ITIL: Service Strategy: Service strategy would be impacted by how business demand consumes cloud services necessitating an analysis of consumption patterns and forecasting of future demands including seasonality and expected peaks and troughs during various time periods. An analysis of existing IT services across business groups would be required to determine the cloud service portfolio. A financial model including the charge-back, or show-back in the absence of charge-back, needs to be determined as applicable to the organization. Dashboards may be required for compliance of SLA and policies. Policies need to be modified / established for short listing of cloud service partners and identifying cloud operating models to use. 3

Service Design: The key service design consideration from cloud perspective includes bundling cloud services from in-house or from multiple vendors, integration of cloud services with in-house apps and IT assets, security of services and data, ensuring availability in the event of disruption of cloud service as well as managing cloud vendor agreements, contracts and SLAs. Service Transition: Service transition would require policies and protocols for coordinating releases across wide range of cloud vendors, end to end testing of cloud services across providers, managing changes across cloud providers and monitoring for smooth transition of cloud services to production state. Service Operations: Key changes at operations stage would be to ensure access to authorized users for cloud services, prioritization and coordination of service requests (SR) with cloud provider(s), ensuring visibility of SR status and major events, and managing incidents and problems across cloud providers. Continual Service Improvement: The key service improvement considerations include working with providers to proactively improve services and agreeing on improvement goals. The changes required in ITIL processes will vary across models and environments and will be different for each organization. Following image represents the impact on a sample organization looking to adopt hybrid cloud environment within the enterprise. 4

It is important to understand what changes are required for your organization by doing a thorough assessment of where you stand in ITIL adoption and creating the roadmap for cloud governance based on your cloud strategy. Fortifying ITIL for Governing Cloud Since each of the five ITIL process areas necessitates a detailed analysis for cloud considerations, the first step is to understand the level of ITIL adoption in your enterprise and identify gaps that exist from recommended cloud processes. Step 1: Governance Maturity Analysis Current implementation of ITIL process areas Service Strategy, Service Design, Service Transition, Service Operations and Continual Service Improvement should be evaluated to understand the current level of implementation, deviation from best practices, maturity of implementation, usage of tools etc. Such an analysis should take into account the maturity of organization as well as relevance of the process in question to organization s IT operations for desired state. The study should highlight areas where the processes are not matured enough to manage cloud and associated remediation measures. 5

Step 2: Process Prioritization Once you have identified the process changes required for achieving desired cloud state, you need to prioritize the process changes. Prioritization will allow for focused improvement incrementally that can be rolled out across the organization. There are many ways for you to prioritize these process changes. An ideal methodology will take into account the gap that exists in process today and tries to balance the risk of not having the processes with the effort required to achieve the maturity. One of the ways is to use quotients as defined in HCL s Cloud Governance Framework (CGF). CGF defines three quotients that help in prioritizing the processes. These are: Maturity Gap Quotient of a process is measured as difference between the maximum maturity level that can be attained and the current level of maturity for the process in the organization. Risk Quotient of a process indicates relative risk to the organization if the process is not put in place in a cloud enabled IT environment. For example, processes required for organization s compliance will pose greater risk, if not remediated. Effort Inverse Quotient of a process is the inverse of the transformational effort required to attain minimum maturity level for the chosen cloud environment. The guiding principle is pick the processes which expose organizations to minimal risk, effort required to transform the process is less (pick the low hanging fruits) and gap between desired and current maturity is high (helps in showing value and riding up the learning curve); thus maximizing value and minimizing risk all through the cloud governance implementation. 6

Step 3: Roadmap Preparation The roadmap for cloud governance implementation should take into account the organizational people availability,inter-process dependency overlayed with prioritization arrived from prioritization methods as discussed in previously in this paper. An ideal roadmap will strive for incremental capability improvement while balancing risk to the organization. 7

Summary Adoption of cloud in an enterprise brings with it the newer characteristics that necessitate a change in the way IT is governed in the enterprise. Depending upon the maturity of existing IT governance processes in an organization, different organizations will have to take different paths to achieve their cloud vision. It is best to incrementally update your ITIL v3 based processes for the chosen context as you continue on your cloud journey, as ITIL does provide with the necessary foundation. However, the existing processes will need to be assessed thoroughly and a remediation roadmap is required balancing risks and efforts. HCL s Cloud Governance Framework, consisting of boilerplates tailored to each industry as well as cloud models and well designed prioritization quotients, can help you map your path to avoid silos of cloud services with disjointed policies in your organization. It can help address concerns such as availability, security, regulatory in a systematic manner and establish the necessary structure to produce, consume and sustain the cloud enabled IT. About the authors Atin Agarwal is a principal consultant with HCL Technologies Business and IT Transformation Services practice and has been instrumental in developing HCL s cloud governance framework. In last 10 years of his experience he has worked on transformation initiatives for Fortune 500 clients spanning engagements around Business and IT Strategy, Cloud strategy and value discovery. He can be reached at atin.agarwal@hcl.com. Rupak Rathore is a principal consultant with HCL Technologies Business and IT Transformation Services practice and is key innovator behind CRI and associated frameworks. Over last 15 years, he has helped many customers use technology to deliver superior value to businesses. He can be reached at rupak.rathore@hcl.com Business and IT Transformation Services (BITS) arm of HCL aims to increase value of IT while reducing cost and mitigating risks associated with such transformation. BITS provides consulting services across the globe and has many Global 1000 companies as its customers. Reach us at cloudconsulting@hcl.com 8

CUSTOM APPLICATION SERVICES ENGINEERING AND R&D SERVICES ENTERPRISE APPLICATION SERVICES ENTERPRISE TRANSFORMATION SERVICES IT INFRASTRUCTURE MANAGEMENT BUSINESS PROCESS OUTSOURCING ABOUT HCL HCL Technologies HCL Technologies is a leading global IT services company, working with clients in the areas that impact and redefine the core of their businesses. Since its inception into the global landscape after its IPO in 1999, HCL focuses on transformational outsourcing, underlined by innovation and value creation, and offers an integrated portfolio of services including software led IT solutions, remote infrastructure management, engineering and R&D services and BPO. HCL leverages its extensive global offshore infrastructure and network of offices in 26 countries to provide holistic, multi-service delivery in key industry verticals including Financial Services, Manufacturing, Consumer Services, Public Services and Healthcare. HCL takes pride in its philosophy of Employees First which empowers our 80,520 transformers to create real value for customers. HCL Technologies, along with its subsidiaries, had consolidated revenues of US$ 3.7 billion (Rs. 16,977 crores), as on 30 September 2011 (on LTM basis). For more information, please visit www.hcltech.com About HCL Enterprise HCL is a $6 billion leading global technology and IT enterprise comprising two companies listed in India - HCL Technologies and HCL Infosystems. Founded in 1976, HCL is one of India's original IT garage start-ups. A pioneer of modern computing, HCL is a global transformational enterprise today. Its range of offerings includes product engineering, custom & package applications, BPO, IT infrastructure services, IT hardware, systems integration, and distribution of information and communications technology (ICT) products across a wide range of focused industry verticals. The HCL team consists of over 88,000 professionals of diverse nationalities, who operate from 31 countries including over 500 points of presence in India. HCL has partnerships with several leading Global 1000 firms, including leading IT and Technology firms. For more information, please visit www.hcl.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback