View
217
Download
0
Category
Tags:
Preview:
Citation preview
1
IBM Research
Self-Service Financial Control and Organizational Governance in Cloud
Chunqiang Tang, Chang-shing Perng, Salman Baset
IBM T.J. Watson Research Center
2 2
IBM Research
What Cloud Brings to Us? Key features of cloud
► On-demand self-service► Auto-scaling
Advantages: improve productivity and agility Risk: circumvent traditional business process around IT financial
control and organizational governance
3 3
IBM Research
Examples of Risks in Using Cloud without Governance
Example 1: A student over-spends his professor’s credit card on Cloud resources.
Example 2: A large enterprise continuously adjusts its IT budget allocation and organization structure, making it hard for frontline engineers to balance spending.
Example 3: Due to a bug in a Cloud application’s autoscaling controller, it mistakenly creates 1,000 virtual machines (VMs) instantaneously.
Example 4: An employee provisions in the Cloud a public facing VM using the company’s domain name, but it exposes inappropriate Web contents, due to either mistake or abuse.
4 4
IBM Research
Root Cause of the Governance Problems
Cloud is totally disconnected from the governance structure and process in the real world
► No reflection of the hierarchical structure of an organization
► No reflection of the complex budget flow in an organization
Cloud lives in fairyland
Corporate StructureExample: a school’s budget flow
5 5
IBM Research
Solution Overview for the Governance Problems (1/2)
Separation of governance mechanism and policy► Cloud provider builds the mechanism for governance
► Cloud user defines the governance policy through self-service
Organizational governance solution► Hierarchical account structure
► User self-service to grow or change the hierarchy
► Parent account has authority over child account
6 6
IBM Research
Solution Overview for the Governance Problems (2/2)
Financial control solution
User self-service to create, divide, and pass “credit tokens” to represent budget flows
A credit token comes with user-defined rules, and the cloud provider enforces the rules
► E.g., hourly spending < $100 AND monthly spending < $1000
Users can define monitoring rules to trigger alert on spending
account
account account account
accountaccount
account
Recommended