Data governance practitioners know the impact a clear and defined ontology can have on business operations. So, why then do we continue to allow the cloud to remain somewhat of an enigma?
In this article, I apply First San Francisco Partners’ practice of information architecture to identify and define the distinct activities and behaviors that constitute a successful cloud program.
Governing the Cloud
Cloud governance. Data governance in the cloud. Cloud data governance.
There are many terms used to group the various governance-related activities required for a successful cloud program. However, each of these terms comes with a slightly different scope and set of activities, making it challenging to interpret where to start your cloud journey and what its focus should be.
Despite some variation in definition and scope, common across every iteration is a focus on the core objectives of any governance program:
- Minimizing risk
- Maintaining compliance
- Improving efficiencies
- Managing costs
What’s important to discern is that baked within each of these are two distinct sets of activities that come together to allow a business to realize each objective successfully. The first is creating a framework to guide efforts, and the second is applying that framework during execution. This distinction is critical, as expecting any one team or department to perform both is often not within their area of expertise — nor is it a scalable methodology.
Having two distinct sets of activities means there must also be two separate sets of goals, responsibilities and individuals. To convey that distinction, each phase must be defined and named appropriately. Through alignment on nomenclature, a common language emerges that facilitates focused, clear and effective conversations that impact strategic and tactical business decisions.
Develop a Framework to Guide Efforts
Let’s look at the first set of activities — creating a framework to guide efforts toward achieving governance goals for the cloud.
To build a scalable, sustainable framework, focus on the items of value and risk (the reason the cloud exists in the first place): the data. This ensures that as the technology landscape shifts internally and in the market, the framework can still be leveraged across the organization where different cloud technologies and services may be deployed.
Focusing on the data, rather than on implementing specific technologies and architectures, lands us in the realm of data governance. The term “governance” now becomes much better defined and scoped, as we are talking about governance frameworks rather than the action of governing the implementation of a specific cloud technology or architecture.
In addition, a distinct responsibility of data governance is to help ensure that both IT and data strategies support the organization’s top-level goals. The cloud provides immense opportunities for cost savings, efficiency and security, and governance’s responsibility is to facilitate an enterprise point-of-view in helping balance the risks and benefits of the cloud.
So, is the term “data governance” enough to convey this initial set of activities?
Something still seems to be missing that appropriately captures the significance of change associated with cloud adoption. Therefore, that significance of change means that the cloud itself poses new risks and challenges that must be incorporated into the framework and key data governance activities, such as crafting policies, establishing standards and expanding the operating model.
This consideration for the general cloud infrastructure is essential, as it indicates a progression of traditional governance rather than a “lift-and-shift” approach.
If we revisit the commonly heard industry terms, we’re ultimately left with one term that adequately captures the responsibilities and objectives of this first group of activities: cloud data governance.
Here’s a recap of how some of my FSFP teammates and I came to this conclusion:
|Cloud governance||Too action-oriented towards the implementation of specific technology and/or architecture.||No|
|Data governance in the cloud||Implies a “lift-and-shift” approach of traditional data governance.||No|
|Cloud data governance||Maintains the existing definition of data governance, but implies there is a progression to the approach due to the complexities and nuances introduced by cloud architecture and technology.||Yes|
Apply Framework to Guide Implementation
The second set of activities we identified is the application of what we’ll now call a cloud data governance framework to guide the execution of efforts toward achieving those governance objectives in the cloud.
As this is the implementation and operational piece of the process, governance occurs over the activities of establishing the infrastructure surrounding the data. This appears in tactical-level activities, such as provisioning, coding and deployment and at the strategic level (e.g., pre-purchase vendor evaluation and selection).
The cloud data governance framework should be heavily leveraged during the pre-purchase phase to ensure appropriate provider selection. The operating model indicates which groups of IT, digital and architecture individuals should be included in business-led discussions on the cloud’s goals, expectations and requirements. These individuals are responsible for communicating the risks and benefits of certain cloud technologies and architectures to ensure a comprehensive strategy and go-forth plan. In other words, the cloud data governance governs the creation of a cloud adoption strategy.
Moving forward a step, it’s critical that the cloud data governance framework directives and standards are leveraged as vendor requirements to ensure the prospective service meets all needs and expectations — both of IT and the business. Here, the cloud data governance framework is actively governing the provider and tool selection process.
The post-purchase phase is much more tactical. During implementation, the cloud data governance policies and standards must be fulfilled in conjunction with directives from other business functions. As I touched on earlier, these cloud data governance directives are aimed not just at minimizing risk and maintaining costs but also at creating greater efficiencies and capabilities for the business functions of the cloud services. It’s important to remember that to the vast majority of the business, the cloud is ultimately a service — and with any service, keeping the customer at the center is crucial in maintaining ongoing success.
Ongoing success will be maintained by open communication between data stakeholders and cloud operations. These communication channels are established through the cloud data governance operating model. Standards for data quality ensure there are acceptance thresholds and active monitoring for the flow of data, while issue management processes provide clear procedures and responsibilities for achieving resolution. Again, the cloud data governance framework is providing the guidance for governing the continued execution of cloud services.
Throughout the cloud lifecycle, the distinction remains between the two phases of activities. The cloud data governance framework provides the structure and direction, but the second phase is what makes this framework real through its application in day-to-day business decisions and activities. This influence on actions and behaviors is closely governing the cloud technology and architecture. Therefore, revisiting the potential terms, “cloud governance” truly applies.
For a successful cloud program, cloud data governance and cloud governance are two sides of the same coin. Breaking down cloud-related activities into their atomic parts allows us to uncover patterns in the scope and purpose of those activities. Grouping them accordingly (and with the proper terminology) drives clarity and consensus around the goals of what have become two very distinct phases in the cloud journey. It’s that use of a clear and common language that any data governance practitioner knows is a critical step in aligning on business goals. The cloud — with all its promise and potential — is not just another technology construct but is one of those goals in and of itself.