Embed Size (px)
Citation preview
Navigating the CloudsFortifying ITIL for Cloud Governance
DECEMBER 2011
© 2011, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved. 2
Cloud adoption promises to be an interesting journey for an enterprise with its luring benefits of on-demand models enabling faster innovation cycles. However CIOs are concerned whether existing ITIL based governance will be sufficient. These concerns have their foundation in availability, security, regulatory, compliance, data confidentiality, integrity, portability and a host of other issues that have come to center-stage with the introduction of cloud. While ITIL remains well suited to manage IT services, here we discuss the need for assessing and updating the existing processes, some more than others, to remain relevant and current with changing face of IT service delivery.
Adoption of cloud in an enterprise has to go through multiple steps, each requiring a unique set of tools and frameworks that need to be customized for your enterprise, as discussed in . The governance processes in your organization are most likely to have been adopted from industry established standards such as ITIL. These processes will undergo modifications and changes to accommodate the impact of cloud computing and introduction of new considerations. Some of the changes may be:
?You are no longer hosting applications in your own data center?A revised planning cycle is required given that demand and capacity
management has to factor in adopted cloud models ?You may modify the hard line budgets as well as make provisions for
on-demand models using cloud provisioning policies – potentially automated
?You are not securing all of your data yourself and a circle of trust is established that include 3rd party vendors
Scenarios like above emphasize the need for entirely new set of controls and policies to be drafted and managed as organizations continue on their cloud journey. The impact on governance processes will vary depending on your adoption approach, and during the govern step, you need to assess your organization for changes needed and appropriately prepare the plan to put requisite Cloud Governance in place.
Cloud Governance is putting together decision-rights and accountability framework for adoption and sustenance of cloud in the IT organization that ensures cloud investments generate business value as well as cloud risks are measured, monitored and controlled. An ideal cloud governance model for an organization will ensure that an enterprise wide reference model has been established for consumption of cloud services and will provide for:
?Management of cloud enabled IT environment by identifying
Introduction
“Navigating the Clouds: Tools You Can Use”
Navigating the Clouds: Fortifying ITIL for Cloud Governance
stakeholders and building RACI matrix highlighting roles and responsibilities
?Service Catalog management processes for preparation, registration and maintenance of cloud service catalog(s)
?Security of applications and data by establishing policies and appropriate controls
?Risk Management including minimizing Legal and Compliance issues?Comprehensive cloud vendor management framework establishing
communication channels and SLA management with vendors?Sustenance of services during adverse scenarios?Others, as needed by your organization.
Cloud governance will help organizations avoid silos of cloud services with disjointed policies, chargeback mechanism, service management etc.
Traditionally, organizations have managed their IT through industry best practices like Information Technology Infstructure Library (ITIL) which had not been drafted considering cloud computing. Emergence of Cloud Computing and its adoption in an enterprise doesn’t invalidate processes recommended by ITIL; rather, it underscores the criticality of some of the processes, as applicable in the chosen cloud context, after necessary modifications. Following is an example showing how catalog management will be impacted:
Service Catalog in a cloud enabled environment has much higher number of services as well as permutations and combinations that can be applied. A simple service of a server provisioning, from a pre-cloud era, can become a much more configurable service offering choices of processing power, memory and storage in combination with choices of databases and operating systems. Using a provisioning service in IaaS model, user can request for a “1 virtual core with equivalent of 1.2 GHz of computing power, 3 GB of RAM, 200 GB of instance storage with windows 2008 R2 operating system and SQL server”. In addition, there would be options for cloud bursting as well as models for billing and charge-backs. The workflows and policies for on-demand service provisioning, for metering and charge-backs, and for cloud bursting will require change since most of the steps are likely to be automated.
Such changes are expected across all the five modules of ITIL. Following are some of the key considerations impacting ITIL:
Service Strategy: Service strategy would be impacted by how business demand consumes cloud services necessitating an analysis of consumption patterns and forecasting of future demands including seasonality and expected peaks and troughs during various time periods. An analysis of existing IT services across business groups would be required to determine the cloud service portfolio.
A financial model including the charge-back, or show-back in the absence of charge-back, needs to be determined as applicable to the organization. Dashboards may be required for compliance of SLA and policies. Policies need to be modified / established for short listing of cloud service partners and identifying cloud operating models to use.
Cloud Governance vs. ITIL
© 2011, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved. 3
Navigating the Clouds: Fortifying ITIL for Cloud Governance
© 2011, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved. 4
Service Design: The key service design consideration from cloud perspective includes bundling cloud services – from in-house or from multiple vendors, integration of cloud services with in-house apps and IT assets, security of services and data, ensuring availability in the event of disruption of cloud service as well as managing cloud vendor agreements, contracts and SLAs.
Service Transition: Service transition would require policies and protocols for coordinating releases across wide range of cloud vendors, end to end testing of cloud services across providers, managing changes across cloud providers and monitoring for smooth transition of cloud services to production state.Service Operations: Key changes at operations stage would be to ensure access to authorized users for cloud services, prioritization and coordination of service requests (SR) with cloud provider(s), ensuring visibility of SR status and major events, and managing incidents and problems across cloud providers.
Continual Service Improvement: The key service improvement considerations include working with providers to proactively improve services and agreeing on improvement goals.
The changes required in ITIL processes will vary across models and environments and will be different for each organization. Following image represents the impact on a sample organization looking to adopt hybrid cloud environment within the enterprise.
Navigating the Clouds: Fortifying ITIL for Cloud Governance
© 2011, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved. 5
It is important to understand what changes are required for your organization by doing a thorough assessment of where you stand in ITIL adoption and creating the roadmap for cloud governance based on your cloud strategy.
Since each of the five ITIL process areas necessitates a detailed analysis for cloud considerations, the first step is to understand the level of ITIL adoption in your enterprise and identify gaps that exist from recommended cloud processes.
Current implementation of ITIL process areas – Service Strategy, Service Design, Service Transition, Service Operations and Continual Service Improvement – should be evaluated to understand the current level of implementation, deviation from best practices, maturity of implementation, usage of tools etc. Such an analysis should take into account the maturity of organization as well as relevance of the process in question to organization’s IT operations for desired state.
The study should highlight areas where the processes are not matured enough to manage cloud and associated remediation measures.
Fortifying ITIL for Governing Cloud
Step 1: Governance Maturity Analysis
Navigating the Clouds: Fortifying ITIL for Cloud Governance
Step 2: Process Prioritization
Once you have identified the process changes required for achieving desired cloud state, you need to prioritize the process changes. Prioritization will allow for focused improvement incrementally that can be rolled out across the organization.There are many ways for you to prioritize these process changes. An ideal methodology will take into account the gap that exists in process today and tries to balance the risk of not having the processes with the effort required to achieve the maturity. One of the ways is to use quotients as defined in HCL’s Cloud Governance Framework (CGF). CGF defines three quotients that help in prioritizing the processes. These are:
Maturity Gap Quotient of a process is measured as difference between the maximum maturity level that can be attained and the current level of maturity for the process in the organization.
Risk Quotient of a process indicates relative risk to the organization if the process is not put in place in a cloud enabled IT environment. For example, processes required for organization’s compliance will pose greater risk, if not remediated.
Effort Inverse Quotient of a process is the inverse of the transformational effort required to attain minimum maturity level for the chosen cloud environment.
The guiding principle is pick the processes which expose organizations to minimal risk, effort required to transform the process is less (pick the low hanging fruits) and gap between desired and current maturity is high (helps in showing value and riding up the learning curve); thus maximizing value and minimizing risk all through the cloud governance implementation.
© 2011, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved. 6
Navigating the Clouds: Fortifying ITIL for Cloud Governance
© 2011, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved. 7
Step 3: Roadmap Preparation
The roadmap for cloud governance implementation should take into account the organizational people availability,inter-process dependency overlayed with prioritization arrived from prioritization methods as discussed in previously in this paper. An ideal roadmap will strive for incremental capability improvement while balancing risk to the organization.
Navigating the Clouds: Fortifying ITIL for Cloud Governance
Summary
About the authors
Adoption of cloud in an enterprise brings with it the newer characteristics that necessitate a change in the way IT is governed in the enterprise. Depending upon the maturity of existing IT governance processes in an organization, different organizations will have to take different paths to achieve their cloud vision. It is best to incrementally update your ITIL v3 based processes for the chosen context as you continue on your cloud journey, as ITIL does provide with the necessary foundation. However, the existing processes will need to be assessed thoroughly and a remediation roadmap is required balancing risks and efforts.
HCL’s Cloud Governance Framework, consisting of boilerplates tailored to each industry as well as cloud models and well designed prioritization quotients, can help you map your path to avoid silos of cloud services with disjointed policies in your organization. It can help address concerns such as availability, security, regulatory in a systematic manner and establish the necessary structure to produce, consume and sustain the cloud enabled IT.
Atin Agarwal is a principal consultant with HCL Technologies’ Business and IT Transformation Services practice and has been instrumental in developing HCL’s cloud governance framework. In last 10 years of his experience he has worked on transformation initiatives for Fortune 500 clients spanning engagements around Business and IT Strategy, Cloud strategy and value discovery. He can be reached at Rupak Rathore is a principal consultant with HCL Technologies’ Business and IT Transformation Services practice and is key innovator behind CRI and associated frameworks. Over last 15 years, he has helped many customers use technology to deliver superior value to businesses. He can be reached at
Business and IT Transformation Services (BITS) arm of HCL aims to increase value of IT while reducing cost and mitigating risks associated with such transformation. BITS provides consulting services across the globe and has many Global 1000 companies as its customers. Reach us at
8
Navigating the Clouds: Fortifying ITIL for Cloud Governance
© 2011, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.
HCL Technologies is a leading global IT services company, working with clients in the areas that impact and redefine the core of their businesses. Since its inception into the global landscape after its IPO in 1999, HCL focuses on ‘transformational outsourcing’, underlined by innovation and value creation, and offers an integrated portfolio of services including software led IT solutions, remote infrastructure management, engineering and R&D services and BPO. HCL leverages its extensive global offshore infrastructure and network of offices in 26 countries to provide holistic, multi-service delivery in key industry verticals including Financial Services, Manufacturing, Consumer Services, Public Services and Healthcare. HCL takes pride in its philosophy of ‘Employees First’ which empowers our 80,520 transformers to create real value for customers. HCL Technologies, along with its subsidiaries, had consolidated revenues of US$ 3.7 billion (Rs. 16,977 crores), as on 30 September 2011 (on LTM basis). For more information, please visit www.hcltech.com
ABOUT HCLHCL Technologies
HCL is a $6 billion leading global technology and IT enterprise comprising two companies listed in India - HCL Technologies and HCL Infosystems. Founded in 1976, HCL is one of India's original IT garage start-ups. A pioneer of modern computing, HCL is a global transformational enterprise today. Its range of offerings includes product engineering, custom & package applications, BPO, IT infrastructure services, IT hardware, systems integration, and distribution of information and communications technology (ICT) products across a wide range of focused industry verticals. The HCL team consists of over 88,000 professionals of diverse nationalities, who operate from 31 countries including over 500 points of presence in India. HCL has partnerships with several leading Global 1000 firms, including leading IT and Technology firms. For more information, please visit www.hcl.com
About HCL Enterprise
CUSTOM APPLICATION SERVICES
ENGINEERING AND R&D SERVICES
ENTERPRISE APPLICATION SERVICES
ENTERPRISE TRANSFORMATION SERVICES
IT INFRASTRUCTURE MANAGEMENT
BUSINESS PROCESS OUTSOURCING
© 2011, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.
