Cloud governance

Cloud governance helps you manage your risks when developing cloud-based products or services.

As with any technology, there are risks with using cloud. You can use cloud governance measures to manage these risks.

The main risks that you may need to manage when using cloud include:

  • cost
  • security
  • internal processes slowing delivery

Monitoring unexpected cloud costs

Cloud can lead to sudden cost increases. For example, these can arise from:

  • automatically adding computing capacity
  • data transfer fees
  • increases in data size
  • services no longer in use
  • development systems that aren’t used out of hours

Managing cloud security risks

As cloud is self-service, developers and engineers have direct access to make changes. This is one of the main benefits of cloud. But it also means you could be left open to attack by accident.

The potential level of access your cloud service provider has to your systems is also a risk. You manage this in the same way you manage other risks. Agencies have trusted relationships with service providers and cloud services are an extension of these.

Streamlining internal processes for cloud

Internal processes can slow delivery. These can be a major risk of cloud adoption.

One of the main benefits of cloud is agility. It enables rapid prototyping, experimenting and delivery. These help to ensure you deliver the best possible service for users in the shortest possible time. You need to make sure your agency’s processes support this type of delivery.

There’s also a risk you could build something that doesn’t meet your user needs. If you don’t do research to understand user needs, you may just deliver the wrong thing faster.

People who manage cloud governance

Senior responsible officer 

You should consider having a senior responsible officer (SRO) who is accountable for adopting cloud in your agency. The SRO is usually a Senior Executive Service Band 2 or Band 3.

They ensure your agency’s cloud program meets:

The SRO:

Users expect services to be secure and functional. The SRO makes sure this happens.

Cloud business office

Your agency may also consider setting up a cloud business office. This is a dedicated team that makes sure:

  • your agency is realising the benefits of cloud
  • your cloud goals align with your business goals
  • stakeholders from across your agency commit to learning about cloud

If your agency has a cloud business office, the SRO can fill the role of cloud transformation leader.

The cloud business office sets up cloud objectives and principles. It also helps streamline processes.

Executives in the office understand the risks of cloud. This allows them to question teams about the information they share.

The cloud business office helps delivery teams by removing blockers. This means delivery teams don’t have to wait hours, days or even weeks to progress in their work.

The cloud business office leads the adoption of scalable cloud governance. This ensures the agency manages the risks of cloud in a scalable and agile way. This helps to prevent compliance needs from blocking delivery.

Product owner

You may have many product owners in your agency. Each product owner will be responsible for one or more products. The product owner is responsible for:

  • cost
  • security
  • delivery

Information sharing

You need to make sure teams share information with executives about what they’re doing, such as:

  • delivery
  • security
  • cost
  • system health
  • user activity

Sharing information doesn’t have to mean writing reports. This can slow delivery. You could use tools instead, such as:

  • kanban boards, which show work in progress and highlight blockers — these are also known as agile walls
  • Google Analytics, which reveal insights about user activity
  • cloud security tools which give you real-time insight into the security of your cloud-based products

Get in touch

If you have any questions you can get in touch with us at secure.cloud@dta.gov.au