Information Technology Reference
In-Depth Information
a convergence of the IT and business functions, and thus the governance of
IT is a logical next step for organizations who choose to embrace the cloud.
19.1.1 IT Governance
The practice of IT governance needs to understand the different ways in
which IT services are delivered and maintained in the presence of a cloud
infrastructure. For instance, for each of the issues identified, the governance
body needs to understand the implications of noncompliance with regula-
tory, ethical, business, and political constraints, as well as be suitably pre-
pared for unforeseen circumstances in the future. The management of this
activity requires delegation to a body that can oversee and marshal the holis-
tic perspective while also having the authority to intervene when required.
However, it is unlikely that the governing body can understand the totality
of detail that increasingly complex technology involves, so consideration of
the following items is needed:
1. While IT governance is concerned with the technical capabilities and
requirements of technology, the adoption of cloud services, together
with the associated delegation of authority (but not responsibility) to
external partners, reinforces the need to understand the issues that
affect the business. Governing IT that includes clouds means that
an intimate understanding of the responsibility boundaries is as
important as whether there is sufficient bandwidth at each point of
access.
2. A governance perspective usefully tends to bring to the fore
the potential myriad of services that may already exist. This list
of services is likely to increase in the future, so it is important to
empower the governing board to be able to rationalize and stan-
dardize where practicable. This in itself demands a blend of techni-
cal and business expertise that the governing board can call upon to
inform its operations.
3. The pace of change is rapid, and cloud adoption will only accelerate
this change. Meaningful data are required to inform the decisions
taken, and therefore it is necessary to not only understand what met-
rics need to be monitored and reported, but the mechanisms that do
this must be automated.
IT governance should be seen as an opportunity to manage the emerging
organization that aspires to align its IT and business needs to generate value.
It is likely that this will require a risk-based approach to management, which
of course is hugely dependent on the quality of information used to assess
and monitor risk. Standards such as COBIT assist the creation of bench-
marks upon which monitoring can take place, but the resulting actions that
Search WWH ::
Custom Search