© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Alison Robinson, University of Maryland – Associate VP & Deputy CIO

Dawn Beadle, Monash University – Director, Infrastructure Services

Blake Chism, AWS – Professional Services

November28, 2016

Governance Strategies for

Cloud Transformation

WWPS 302

What to expect from the session

• Definition and Overview of Cloud Governance

• Cloud Center of Excellence (CCoE)

• Stages of Cloud Governance

• Cloud Governance Best Practices

• Monash University

• University of Maryland

• Question and Answer

Why are we talking about

Cloud Governance?

Benefits of Governance

Firms with above-average IT

governance had more than 20% higher

profits than firms with poor

governance*

*Peter Weil and Jeanne W. Ross, IT Governance: How Top Performers Manage IT Decision Rights for

Superior Results (HBS Press, 2004)

Why Cloud Governance in the Public Sector?

1. Reduction in Access and Security Risks

2. Ensures regulatory compliance (HIPAA, PCI, NIST, etc.)

3. Cost Avoidance/Reduction/Optimization

4. Elimination of rogue IT and disparate cloud initiatives

5. Defines automation methods and parameters

6. Increases capacity for Innovation in the Organization

7. Enhanced management of the consumption of cloud resources

What is Cloud Governance?

A Definition of Cloud Governance

The decision making people, criteria, processes,

and policies involved in the planning, architecture,

acquisition, deployment, operation and

management used for operating IT services in the

cloud.

gov·ern·ance - noun

• the action or manner of governing

• the way a company is controlled by the people who run it

Governance

“What would you say…you do here?” –Bob (Office Space 1999)

• Make Laws

• Administrate Laws

• Adjudicate Laws

• Allocate Shared

Assets for Shared

Goals

MAKE GOOD DECISIONS AS A SOCIETY FOR THE SOCIETYWHY

GOV’T

Understanding Governance

MAKE

LAWS

ADMINISTRATE

LAWS

ADJUDICATE

LAWS

ALLOCATE

SHARED

ASSETS FOR

SHARED GOALS

WHAT A

GOV’T

DOES

MAKE GOOD DECISIONS AS A SOCIETY FOR THE SOCIETYWHY

GOV’T

Understanding Governance

MAKE

LAWS

ADMINISTRATE

LAWS

ADJUDICATE

LAWS

ALLOCATE

SHARED

ASSETS FOR

SHARED GOALS

GOVERNANCE IDEOLOGY

WHAT A

GOV’T

DOES

HOW A

GOV’T IS DESIGNED

GOVERNANCE SCOPE

MAKE GOOD DECISIONS AS A SOCIETY FOR THE SOCIETYWHY

GOV’T

Understanding Governance

MAKE

LAWS

ADMINISTRATE

LAWS

ADJUDICATE

LAWS

ALLOCATE

SHARED

ASSETS FOR

SHARED GOALS

GOVERNANCE IDEOLOGY

PROCESSESWHAT ARE THE ACCEPTED

PROCESSES THROUGH WHICH

THE STRUCTURES MAKE,

ADMINISTRATE, ADJUDICATE,

AND ALLOCATE

STRUCTURESWHAT GOVERNANCE BODIES MAKE,

ADMINSTRATE, ADJUDUICATE, AND

ALLOCATE, HOW ARE MEMBERS

CHOSEN, AND WHAT RIGHTS,

ROLES, AND RESPONSIBILITIES DO

THEY HAVE IN THE PROCESSES

WHAT A

GOV’T

DOES

HOW A

GOV’T IS DESIGNED

GOVERNANCE SCOPE

HOW A

GOV’T IS DELIVERED

MAKE GOOD DECISIONS AS A SOCIETY FOR THE SOCIETYWHY

GOV’T

Understanding Governance

MAKE

Policies and

Standards

ADMINISTRATE

Policies and

Standards

ADJUDICATE

Policies and

Standards

Manage Cloud

Services

GOVERNANCE IDEOLOGY – Philosophy for governance

PROCESSESWHAT ARE THE ACCEPTED

PROCESSES THROUGH WHICH THE

STRUCTURES MAKE,

ADMINISTRATE, ADJUDICATE, AND

ALLOCATE

STRUCTURESWHAT GOVERNANCE BODIES MAKE,

ADMINSTRATE, ADJUDUICATE, AND

ALLOCATE, HOW ARE MEMBERS

CHOSEN, AND WHAT RIGHTS,

ROLES, AND RESPONSIBILITIES DO

THEY HAVE IN THE PROCESS

What IT

Governance

Does

How IT

Governance

is Designed

GOVERNANCE SCOPE – Which part of organization?

How IT

Governance

is Delivered

Enjoy Benefits of Good Decisions for the OrganizationWhy IT

Governance

Understanding IT Cloud Governance

Cloud Governance Opportunities

• Speed – Carry out the Mission at cloud speed and cost

• Integration – Complimentary to existing enterprise

IT governance processes, policies and tools

• Balance – Appropriate coverage for key decisions, investments and

risks while achieving the benefits of Cloud

• Proactivity - Anticipate and prevent Shadow Clouds and

unauthorized cloud activities that expose organizational risks

• Enablement - appropriate Cloud decision-making without friction

Cloud Center of Excellence (CCoE)

Cloud Center of Excellence (CCoE)

The Cloud Center of Excellence is a

team of executives and IT area

experts that authors Cloud

Governance to enable Organizational

Units to access a self-service model

and provides a catalog of

standardized and templated patterns

from which to select and auto-

provision.

Stages of Cloud Governance

Levels of Cloud

Governance

L0 – Decentralized

Control

L1 – Centralized

Control

L2 – Decentralized

Control with

Automation

L3 – Centralized

Control with Self-

service

3 Phases of Cloud Governance

Beginning

• Minimal integration

• Reactive environment

• Cost overruns

• Manual deployments

• No Cloud Structure

Adopting

• CCoE is in place and policies are maturing

• Policies matched to process

• Designing for Cost

• Rapid Deployment

Mature

• Full automation and self-service

• Benefits of cloud services realized

• Agility and control

• Optimized for Cost

• Secure and Compliant environment

Phase 1: Beginning

1. Create the CCoE to develop and own Cloud Governance and its policies

2. Develop Governance model and establish policies for:

• Security

• Account Management

• Cost

• Network

• Instance and Storage

• Service Management

• Monitoring and Reporting

3. Begin to modify the deployment process and policies and look to automate

• Develop governing policies to enable automated approval cycles

• Develop financial policies to enable end-users to quickly stage POC’s

Phase 2: Adopting

1. Develop Self-Service Policies

2. Develop Data Governance Policies

3. Develop Continuous Integration / Deployment Policy

4. Develop Design-for-Cost Architecture Guidelines

5. Develop Cloud Audit and Compliance Policies

6. Develop a common API Design Framework

Phase 3: Mature

1. Develop advanced automation techniques and policies to promote

further cost reduction, agility, and resiliency:

• Automated testing and code promotion from each tier to production

• Automated Disaster Recovery testing

• Automated instance power down / power up for non reserved instances

• Utilization of Spot Instances – when and where to use

2. Develop Transition Policies to Define Services

3. Develop Policies Allowing Existing Applications to Test-for-Cost

(scale up / scale out)

Cloud Governance Best Practices

Cloud Governance Best Practices

• Establish a CCoE and begin developing/updating policies for Cloud

• Tailor your governance process to your organization’s particular risk

tolerance (Ideology)

• Decide where to leverage existing processes versus establishing

new ones

• Make the process as light-weight as possible and as informative as

possible to create a positive user experience

• Start early in the Cloud Transformation so you can get business and

IT feedback and support

• Rely on use-case reviews to improve your processes

Monash University

Monash University’s governance

in the cloud

70,071

Number of students

8,936

Potential classes per week

14,869

Number of staff

$350Mil+

Our research income for 2014

Global

Where you will find us

Australia, Malaysia, South

Africa, China, India and Italy.

Top one percent

Of universities worldwide, and consistently listed as a preferred source of graduates by companies the world over.

Research capability

We're active in over 150 fields and accommodate (or are joint

partners in) more than 120 research centres and institutes.

IT at Monash

Vision

to achieve more flexible, cost effective delivery of

IT services, increasing the university’s ability to

compete by enabling greater agility and

innovation

by sourcing our services more appropriately

given the evolution of underlying

technologies & the ability of the market to deliver

cloud based service

programme initiated early 2014

Change Agenda

Governance

Virtual Data Centre

Tools & Automation

Base OS image

Hosted infrastructure

Disk Memory CPU Network

Solution Blueprint Pattern Template

Breast Cancer Clinical Registry

Solution

SOE Shared Drive Solution

Student Submission

Solution

ZedMedTerminal Solution

Blueprint 01 Blueprint 12

Blueprint 01Blueprint 03

Access Control

Need to change culture

Top down

Chain of command

Increased communications

Culture

Lessons

Do something, not nothing Executive sponsorship

Not a slavish approach to Compliance It’s not all about technology

University of Maryland – College ParkAlison Robinson

University of Maryland – College Park

Quick FactsStudents: 39,083

Employees: 13,791

Total Research Awards: $550,384,756

4 Data Centers

225+ Buildings

95,000+ Data Jacks

7239 Wireless Access points

11M+ Feet of Fiber

14M+ Feet of Copper

University of Maryland – College Park

People

• Organizational Structure

• Culture

• Training

University of Maryland–College Park

Support &

Infrastructure

Networking &

Communications

Software

Engineering

Security Learning

Technologies

Research

TechnologiesPlan

Build

Run

Engage with IT in many places to:

1) Order a service

2) Receive help with a service

3) Request a new service

Inefficiency

Silos

Delays

No Agility

University of Maryland–College Park

One “front door” to IT to:

1) Order a service

2) Receive help with a service

3) Request a new service

Streamlined

DevOps Approach

Agility

Cost Savings

University of Maryland – College Park

Governance Framework

• Effective & secure management

• Sourcing & hosting matrix

• RACI

University of Maryland – College Park

RACI Example

University of Maryland – College Park

Cost

• Current Costs

• Modeling Costs in AWS

Research Architecture

Costing Approach Examples

Business Intelligence

Question and Answer

Thank you!

Remember to complete

your evaluations!