Cloud governance as a new task for architecture management
The ever-increasing digitization allows the creation of new business models. It is also a means of differentiating existing business models more strongly: Digital offerings make your own portfolio more attractive and can differentiate it more clearly from your competitors’ portfolios.
A key success factor here is IT management and its ability to shape its own IT landscapes. IT landscapes must be able to cope with the repeated creation and change of business models. They must at least be able to keep up with the pace of business. Ideally, IT management is the source of ideas for business models and actively prepares changes.
In order to implement this effectively, IT portfolio management or architecture management is required. Supported by special software tools, this brings together all the facts about the IT landscapes that are relevant to analysis and planning. They are used to record the current situation of the architecture, support the analysis and development of specifications and principles for the architecture and enable the planning of changes to the IT landscapes through projects.
From a technical perspective, there are many options available to support business models: In addition to the virtualization of servers, tools for the provisioning and continuous deployment of applications and the use of extensive services from the global network, a key option is the use of services from the cloud.
The advantages of the cloud are well known: IT resources (computing power, storage space, services, etc.) can be used flexibly and deployed according to actual demand. This can reduce IT costs.
Cloud use must also be taken into account in companies’ architecture management. If more and more applications are running directly in the cloud and existing applications are being converted from on-premise solutions to hybrid solutions, architecture management must be able to provide specifications and plan and support the implementation.
Problems for cloud governance
The effects of a lack of cloud governance can be observed in business practice. At the same time, developments are emerging that can be controlled by well-designed cloud governance:
Architecture management is not always involved in a company’s activities in the cloud. Departments experiment with cloud offerings or move applications that are already in productive use to the cloud without the involvement and knowledge of the architects. What is missing are principles and guidelines from the architecture management side, e.g. which cloud service providers should even be considered, which technology stacks should be used in the cloud, etc.
- In addition to the question of architectural principles, it is also important to incorporate cloud usage into IT service processes. Only by integrating it into the application and approval processes for IT resources can it be ensured that the architecture principles are also implemented company-wide.
- Companies must be able to adapt their IT and IT management to new legal requirements and be accountable for them (see, for example, the recently adopted General Data Protection Regulation). Cloud governance helps to determine where applications may be installed at all based on their data protection requirements and also to check whether this is actually the case.
If these aspects are not addressed by cloud governance, the advantages of the cloud (i.e. flexible use, standardization and lower IT costs) cannot be realized or can only be realized to a limited extent. In addition, there may be fines or similar resulting from the above-mentioned legal requirements.
Companies are increasingly recognizing this as a field of action. This is why companies – including automotive suppliers and large banks – have been building up architecture management capacities for several years. The topics of cloud and data protection in particular are making companies realize the central importance of architecture management.
Steps to implement cloud governance
There are various steps to go through when setting up cloud governance. The effort involved depends on how well-developed the IT portfolio management processes already are in a company and the extent to which they are already supported by software tools.
(1) Define use cases
The first question is the use case, i.e. what cloud governance is specifically intended to achieve. For example, is it initially about creating transparency as to who is currently using which cloud resources for what? Should an analysis of the cloud capability of existing applications be carried out in order to draw up a technical cloud strategy (which applications are suitable for use in the cloud and how are they transferred from on-premise to the cloud)? Or do the business have concrete ideas for cloud-based IT and what changes does this mean for the current IT landscape?
(2) Integrate into architecture management
A meaningful concept for cloud governance, including the development of specific tasks and processes (for applying for cloud resources, data maintenance, approvals, etc.) and the definition of responsibilities, is only possible on the basis of specific use cases. The concept should therefore also include an examination of the current state of architecture management in the company. Cloud governance is a task of architecture management and must be integrated into it.
(3) Create technical support
For mapping, analyzing and planning the IT landscape, support with tools specially tailored to architecture management (e.g. Alfabet, LeanIX, ADOit) is recommended. The tool should be configured according to the previously defined use cases. For example, the tools can be equipped with adapters to retrieve information from cloud service providers and integrate it into the overview of the IT architecture and the associated reporting (see illustration).
These tools can also be used to set up workflows in order to automate certain architecture management tasks. Finally, EAM employees also need to be trained in the concept and, in particular, the use of architecture tools.
Concrete approaches for the implementation of cloud governance at a large automotive supplier were presented to the public at the EAMKON 20017 architecture conference.
Cloud governance is the enabler of the cloud strategy
Cloud governance creates structures and processes that incorporate cloud resources into the overall IT landscape. This enables cost control of these resources and the planning and implementation of architectural standards for the IT landscape. This also creates the basis for analyzing cloud resources, including them in management reporting and developing strategies for cloud use in the company for existing and new business models on this basis.
Architecture management, and cloud governance in particular, is therefore no longer limited to planning aspects alone, but is becoming an effective management tool for a company’s cloud strategy.
Cloud governance as an introduction to comprehensive architecture management
Cloud governance can be the first step towards the universal use of architecture management. Architecture management is initially used here for the long-term planning of IT development (both cloud and on-premise). This also involves deciding which IT providers should be selected for the provision of IT resources and which technologies or technology stacks should be used. Based on this, the necessary IT capacities can be planned and procured in shorter time cycles. Ideally, the specific requirements for the deployment of applications and the network infrastructure should be derived from the above considerations as technical descriptions (e.g. as a Docker file) and made available to IT service management, which can then carry out the deployment automatically if necessary. With ongoing monitoring of actual usage and the costs incurred (cloud providers now provide extensive information on this), capacities can be adjusted at short notice. Tactical or strategic IT adjustments can be made with renewed (even partial) development planning.
This makes architecture management the central capability of IT management and thus also for the digitalization of a company.