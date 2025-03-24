By Omar Bashir, principal consultant, financial services, UK

"Cloud is about how you do computing, not where you do computing", Paul Maritz, former CEO VMWare

Introduction

"Cloud is more than technology: it’s a generational shift", Mark Hurd, former Co-CEO Oracle

Cloud can help organizations achieve business agility, technological flexibility and operational economy. However, traditional governance frameworks are prescriptive and process intensive. This distracts teams from achieving the above outcomes and restricts opportunities for innovation, optimization and flexibility on the cloud.

Hence, to maximize benefits, governance on the cloud needs to be driven from first principles that help achieve the technology and business outcomes. We believe that governance should be driven with the following three as the first principles:

Reduce delivery friction Increase confidence Optimize margins

Lower friction reduces the time to market which aids in achieving business and technological agility and flexibility. Higher confidence through early and often testing reduces failure demand, which helps teams focus on value delivery. Cloud cost conversations usually focus on just keeping costs low. However, as business volumes increase, costs are bound to increase along with revenues. Instead, the focus should be on maintaining or increasing margins as businesses scale on the cloud rather than just simply reducing costs.

Further, these principles make teams autonomous and empower them to adopt and adapt the necessary practices. This enhances their productivity in delivering the desired outcomes within the organizational and technical constraints they face. These principles are also enablers to optimize the four-key (Accelerate) metrics, which, according to the 2019 State of DevOps Report, relate directly to an organization’s ability to achieve its goals.

Challenges with traditional governance

"Today’s problems come from yesterday’s solutions", Peter Senge, author of The Fifth Discipline

IT Governance is the means to ensure that technology and business strategies are aligned and driving towards business outcomes. Popular and established governance frameworks include COBIT (Control Objectives for Information and Related Technologies) and ITIL (Information Technology Infrastructure Library). COBIT provides strategic guidelines to develop, implement, monitor and improve technology governance at an organizational level. ITIL is a framework for improving IT services by optimizing teams and their workloads to meet the business’ needs. Together they seem to complement each other.

However, in practice, organizations can experience the following challenges when implementing these frameworks:

Disruptive and time consuming implementations. Organizations spend significant time and resources on elaborate COBIT and ITIL implementations. Thus, subsequent adaptations or migrations to more recent versions of these frameworks become challenging (e.g., as indicated in this report). Hence, there is often the risk of parts of these implementations becoming irrelevant in evolving business and technology environments such as the cloud

Prescriptive governance. While business alignment is a key objective with both frameworks, these implementations end up being process oriented and activity driven rather than outcome focused. Thus governance itself may become an impediment to innovation and optimization

Disconnected governance. More importantly, governance ends up being implemented and executed by those who are distant from technology development and service delivery. This results in overcompensation in the form of unnecessary gates in the delivery workflow causing lead times and employee disengagement to escalate. The 2020 State of the DevOps Report has surveyed the impact of governance on change delivery. Organizations with highly orthodox approvals are nine times more likely to be highly inefficient. Conversely, firms with more automation and employee involvement in change management are three times more confident about change management and five times more effective with higher employee engagement

Thus, businesses may not benefit from the flexibility, agility and economy of the cloud if their technology on the cloud is governed using prescriptive, procedural and activity driven traditional frameworks. Aligning teams and their practices to the principles of governance and encouraging governance via code — as opposed to prose — leads to governance becoming a business enabler rather than seen as an obstacle.

First principles for cloud governance

"First principles is kind of a physics way of looking at the world. You boil things down to the most fundamental truths and say, ‘What are we sure is true?’ … and then reason up from there.", Elon Musk

For governance to be seen as a business enabler, it needs to be business aligned and outcome focused. To achieve this successfully, it should be:

Responsive to changes in business and technology environments

Lightweight in implementation and execution

Covering the entire lifecycle of systems on the cloud

Operating environments, business requirements and regulatory constraints largely define organizations’ governance needs, making them specific to organizations. Additionally, the cloud introduces rapidly evolving technology and an OpEx focus. Hence, effective governance on the cloud requires frequently revisiting the first principles of governance on the cloud and adapting operations to continue to align with those.

We believe that the following three are the first principles of cloud governance and they align very closely with the fundamental principles of business success:

Reduce friction: Lower the time and effort required to deliver value to the market, which may also lower the opportunity cost to the business Increase confidence: Deliver and operate high quality, secure, compliant and resilient technology Optimize margins: Leverage greater cloud OpEx transparency to manage costs such that business margins are sustained or increased even when scaling

These principles are intertwined. Higher confidence, e.g., early, fast and frequent testing, helps reduce regressions which also helps lower friction in delivering value. Reduced friction allows for faster feedback and the ability to fix defects fast and early. This provides opportunities for higher overall confidence. Higher confidence reduces rework and lower friction is generally achieved through more efficient and less wasteful pipelines and processes. Both reduce cloud costs which helps optimize margins.