Cloud governance guidance
The cloud governance model looks at the five disciplines of cloud governance.
Governance
Governance within IT is really important to get right in order to have the visibility to make informed decisions based on metrics you can gather. This is more important with using cloud services because, when running a business on an on-premises IT infrastructure, you know what your capital costs are and have a fairly good idea about your month-to-month operational costs. You also know departments will be running the software, applications, and programs that have been approved for them.
In the cloud, different departments, programs, or projects can develop their own systems and deploy assets with the click of a mouse. You may no longer have to worry about capital costs, but your operational costs can get quickly out of hand without controls in place. Furthermore, the software, applications, and programs deployed by one department may not be able to communicate with those deployed by another department.
A lack of controls not only creates issues with costs and efficiency but can also raise security concerns. Whereas cloud services themselves are secure, assets that are deployed with poor access controls or configuration vulnerabilities are an invitation to a hacker to infiltrate your network.
To provide a consistent approach to cloud governance within your organisation a cloud governance board will be required. The responsibilities of this board will include assurance and consultation with regards to cloud technology adoption within the organisation. This board should meet on a regular basis and be responsible for the adoption of cloud governance, where risks are identified log and lead with remediation or migration activities.
Cloud governance board
Any change to business processes or technology platforms introduces risk. Cloud governance teams, whose members are sometimes known as cloud custodians, are tasked with mitigating these risks and ensuring minimal interruption to adoption or innovation efforts.
Each NHS and healthcare organisation must set up and meet on a regular basis to review the organisations cloud capabilities. The Governance board needs to cover 5 key areas of their cloud platforms, these are
Cost is a primary concern for cloud users. Develop policies for cost control for all cloud platforms.
Security is a complex subject, unique to each company. Once security requirements are established, cloud governance policies and enforcement apply those requirements across network, data, and asset configurations.
Inconsistencies in the application of identity requirements can increase the risk of breach. The identity baseline discipline focuses on ensuring that identity is consistently applied across cloud adoption efforts.
Cloud operations depend on consistent resource configuration. Through governance tooling, resources can be configured consistently to manage risks related to onboarding, drift, discoverability, and recovery.
Centralisation, standardisation, and consistency in approaches to deployment and configuration improve governance practices. When provided through cloud-based governance tooling, they create a cloud factor that can accelerate deployment activities.
Members of the board must include the following roles:
- cloud lead for the organisation (SRO for Cloud) - This is a named person who has overall responsibility for cloud within the organisation and will be the board chair
- financial lead within the organisation
- operational lead for IT within the organisation
- security lead for the organisation
- governance lead for the organisation
This cloud governance model guides these decisions, irrespective of the chosen cloud platform, by focusing on the five disciplines of cloud governance and focuses on their areas that may need attention or further considerations to maintain an optimal service.
Further information
To help NHS and healthcare organisations get started with understanding how to adopt cloud and what the impact will be on their server, infrastructure, and applications we have provided information on public cloud adoption best practice.
This guidance is designed to highlight the many benefits cloud services can bring to the NHS or healthcare provider, and how using the cloud can support your digital transformation.
A workload assessment is an essential tool to structure and communicate your application transformation roadmap. It allows informed decisions on how each application in the scope of a transformation will eventually touch the cloud.
Support and information to create a cloud exit plan.
Design your service to fit your cloud deployment type.
To provide guidance in your organisations cloud adoption when you have created 6 guides focusing on key areas of your organisations and the NHS Cloud Strategy, principles, policies and guidance is relevant to your role.
Last edited: 6 July 2023 5:16 pm