My role at TESM focuses on our Cloud Management and Governance services and products. The goal of all of us working here at TESM is to help customers maximise their investment in ServiceNow.
As I wrote in my last blog entry, embracing Cloud services (eg: AWS, Azure, GCP etc.) is by no means purely a technical challenge, and that much bigger challenges can be faced in addressing the operational and commercial considerations around Cloud
This means we need to take a TCO approach – ensuring Technical, Commercial and Operational considerations are addressed. In this blog entry, I’d like to focus on the Operational considerations.
The Operational dimension
I think of the Operational dimension of the TCO approach to be the “real world stuff”. It’s “when the rubber hits the road” and, if not correct, where “the chickens come home to roost”! – enough analogies for you?
In an enterprise IT environment, as an example, it’s likely that Technical responsibilities will be primarily held by the “Architecture and Engineering” function. Corresponding Commercial responsibilities will be held by “Business Management or Procurement”.
What is nearly always the case is that the responsibility for the Operational day-to-day, minute-by-minute delivery and operation of the required IT services to the required level of performance, availability and security will fall upon “IT Production Operations”.
Thus, that function is primarily responsible for making sure that bad things don’t happen, and that if they do, remediation is timely and effective. This means that the people in such functions are somewhat pessimistic and protective.
This is totally understandable, since in the event of the things going wrong (eg: performance degradation, service failure, etc.) it is “IT Production Operations” that suffers the full wrath of users and/or clients.
In addition, in highly regulated environments, the intense scrutiny of regulators, auditors and compliance staff is often directed toward such functions to ideally prevent, but in many cases investigate, procedure and process failures.
So, the challenge that Cloud presents is how do you balance the demands for agility in providing flexible, elastic IT resources while making sure you do not compromise your operational integrity.
Creating a policy
In my view, the key lies in making sure that governance is effective without being a hindrance. The key elements are policy, standardisation and automation. For instance, “right-sizing” a change control policy such that the right things (“known good”) happens swiftly and efficiently, whereas any deviations from these are subject to a higher level of scrutiny.
Getting a good policy in place, that appropriately aligns IT supply with business IT demand can allow standardisation and hence, automation – giving you effective governance while you embrace the benefits of Cloud.
What does such a policy look like? Well, it should be simple and understandable, thereby driving credibility, acceptance, adoption and hence, compliance.
At the simplest level, there are two dimensions to a policy that maps IT supply to IT demand.
The first is what I call the control dimension. In this dimension, we consider what degree of control needs to be exercised over IT supply for a given IT demand or workload. Can the workload run anywhere, on whatever supply is available, etc.? – or does it need to be constrained to run, for instance on a very specific set of IT supply in a very specific location? In the simplest of policies, a workload is either constrained or it isn’t.
The second dimension is criticality. This is driven by the criticality of the consuming business process leading to the IT demand. Again, keeping it simple, the process is either critical or it isn’t. If it’s critical, the IT supply delivered to support it must ensure high availability of the required capacity and capability. If a business workload is non-critical or can tolerate service interruptions and non-availability, then the availability requirements for the IT supply are lower.
Thus, in the simplest form, an effective policy for mapping IT demand to IT supply, especially in a cloud environment has two dimensions, with two categories in each dimension, resulting in four categorisations of IT supply and demand.
Getting such a policy in place and getting your IT demand and IT supply fully categorised is the key to operating safely in the cloud.
