You can't hide your head in the sand. You can't plunge headfirst into it and ignore the obvious risks.
In between these two extremes is the notion of governance: a policy-making function that attempts to assess opportunities and risks in a dynamically changing environment. Several years ago when I was doing the corporate social media strategy thing, I found that a good governance model can accelerate change.
I think it can do the same thing with enterprise use of clouds as well.
And, today, I'd like to share with you a "cloud governance model" that EMC's IT team is using to navigate the choppy waters forward.How This Came To Be
EMC, as a large global company, has more than our fair share of internal IT.
You can get a sense from these stats that we have a sizable IT estate, and have been doing many of the same things other IT organizations do to improve efficiency and responsiveness.
However, there's more: EMC's user population tends to be very forward looking in terms of technology adoption. Hey, we're in the IT business, so you'd expect that.
On the other hand, our EMC IT group is subject to many of the same challenges that each and every IT organization has to face.
They still have to balance cost, risk and agility just like everyone else.
Many people think that -- somehow -- the EMC IT guys get their stuff for free.
Quite the contrary, their investments and justifications are subject to the same scrutiny that you'd find in any well-run $15B global enterprise.
Given how financially conservative (and technically astute) most of the senior leader at EMC can be, our EMC IT team has to work extra-hard to make their business cases pass muster.
I do not envy them in this; however, I think they've gotten pretty good at it.
Although there's predictably strong encouragement to use EMC products and services, that's not always mandated.
EMC IT's Private Cloud StrategyUnderneath the private cloud construct, there will be internal clouds and external clouds -- both under some degree of control by EMC's IT group.
Furthermore, the clear expectation is that capabilities in each sub-cloud category will evolve rapidly: first with private clouds built on internal resources, then to external service providers using compatible technology and operational models.
The first general activity is to make sure that the basic technology works as advertised in EMC's IT environment. In addition to general infrastructure issues (compute, storage, network, orchestration, etc.) we are particularly focused on security and federation between locations.
The second general activity is to create a high-level framework of use cases within the business, and evaluate current capabilities to against business requirements. You can see the high-level evaluation criteria listed out under "use cases" in the right hand column.
I should point out that "use case business requirements" are inherently dynamic for different applications at EMC -- and, correspondingly, the underlying capabilities of internal and external private cloud services are moving very quickly as well.
The third general activity is around policy and governance mechanisms -- how do we evaluate what has changed recently to affect categorization?
Top of this list is security, of course -- but in our global environment, bandwidth matters. Many of our applications are somewhat tightly coupled -- they need to be considered as a unit rather than individual pieces, hence the "integration" criteria.
Finally, there's the service delivery aspect of this: shown as "incident response" and "monitoring and management".
Again, all three aspects of this equation are moving very fast indeed, pointing to the need for governance as a process, rather than a static document.
The High Level Model
Which brings up to the following "roll up" diagram ...
Across the top is a replay of the different criteria, followed by the overriding concern in all use cases -- confidential information.
The top level governance board includes not only representatives from IT, but representatives from Legal and Finance as well -- much as you'd see with any high-level governance function.
Beneath that, we've established four general categories of use cases as a starting point. And, for each of those, we've established a few "lead criteria", and a smaller-scale governance function for each.
There's more to it than that -- the actual catalog of workloads goes on for several pages, but this gives you a sense of the top level view.
What's Not There?
Notice the complete lack of chargeback models. The general view is that -- sure -- we have to find a way to pay for all of this stuff, and there are some cases where granular or wholesale chargeback might be interesting to ration the use of resources, but -- at the end of the day, everything comes out of EMC's pockets by one route or another.
Besides, we've never been much of a cross-charging company, culture-wise. If it's the right thing to do, we go do it.
Also, note the lack of tool, platform or service provider specification. Yes, generally speaking, we prefer to use EMC (and VMware and Cisco) capabilities, as well as those of our partners, but that discussion is somewhat independent.
Usefulness Of The Cloud Governance Model
We've already seen several interesting benefits from this approach.
First, business users interested in cloud-based approaches are appreciative of the thought and structure that's gone into this. It's also clear what problems have to be solved for them to move in that direction.
This approach also gives us plenty of workloads to go "cloudify" without waiting for the end-all, be-all solution. We can get started with what the technology can do today, and quickly "adapt and adopt" as things move along.
If we want to accelerate private cloud adoption, we know what areas EMC IT has to focus on to broaden the available portfolio of candidate workloads.
And, of course, the whole "risk vs. reward" debate can happen with the right stakeholders involved -- clearing the way for accelerated adoption as well.
More interesting is the discussion of service providers (IaaS, PaaS, SaaS) that want a piece of EMC's IT business. We can be very granular as to the candidate workloads that are in play, and exactly what the vendor has to provide in order to be seriously considered.Tends to make the meetings a bit shorter :-)
Going Forward
What struck me was this was a sensible and pragmatic approach to a complex and nuanced challenge. I thought it worth sharing.
Does this sort of approach work for you?
Hi Chuck,
Thanks for sharing this insight into EMC's cloud governance model. Very interesting, apt and simple solution to an emerging complex problem. What are your thoughts about the cloud maturity itself and its associated governance aspects? At what point would you consider linking this upward into the org strategy and vision? I am assuming the Joint review board has representation from the end-user / business community? Is that the case?
Posted by: Premil | December 03, 2010 at 06:08 AM