Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

Week 5 Governance Questions

This week we bring together our comments from the prior weeks and begin developing the governance questions that should be asked as organizations begin to contemplate a movement to the cloud. Our questions should encompass governance in terms of strategy, risk, and resource.  We need to make sure that we address proper governance considerations. We can identify management concerns that are drawn from governance once we have fully defined the governance questions.

Our question for week 5: What questions should executives and board members consider when they are planning to utilize cloud infrastructures, platforms or services to support the organization?
You must sign in to rate content.
(Unrated)

Comments

RE: Week 5 Governance Questions

Q: What questions should executives and board members consider when they are planning to utilize cloud infrastructures, platforms or services to support the organization?

<General>

  • What kind of merits & benefits does cloud computing bring to our enterprise’s business?
  • What IT related issues do our enterprise currently have? Can cloud computing settle those issues?
  • What kind of IT related risk management is appropriate for our enterprise’s business?
  • What kind of Cloud computing related risks, impacts, countermeasures are identified?

<Cloud Specific>

  1. Business users (SaaS level) are mainly take part in following items. Will Cloud computing give them enough satisfactions?
     - CRM
     - Sales Activities
     - Accounting
     - Collaborations/Workflow
     - Document Management
     - Human Resource Management
     - Legal issues/Compliance
     - Content Management
    -  Financial Reporting
     - Email/Communication/Office Productivity
    -  Social Networks
    -  Backup & Recovery, etc.
  2. CIO & IT department Managers (PaaS level) are mainly take part in following items. Will Cloud computing give them enough satisfactions?
     - Database Management
     - Virtual Environment Management
     - System Integration
     - System Development & Testing
     - Business Intelligence Issues, etc.
  3. Systems Development Division (IaaS level) is mainly take part in following items. Will Cloud computing give them enough satisfactions? 
     - Service Management
     - Storage Management
    - CDN
    - Backup & Recovery
    - Computing Capacity Management
    - Application Management, etc.
  4.  Will Cloud When using Cloud computing, followings are important. Does our Cloud computing environment guarantee these issues?
    - Common VM Formats, Data Formats and APIs: portability point of view
     - Cloud Management (Service Management, Governance, Metering, Monitoring, federated Identity, SLAs, Data & Application federation deployment, lifecycle management and so on)
     - Security: According to data types, what kind of security is provided?
     - Data Location: Physical server location is big issue from regulatory point of view.


<Confirmation>

Please show me the analysis result of following items.

  •  Key success factors of IT initiatives
  •  Cost Reduction (benchmarking)
  •  Business value vs. IT investment
  •  Significant IT incident & its impact
  •  How to meet regulatory or contractual requirements?
  •  Audit abilities
  •  How to utilize current IT infrastructure
  •  What kinds of business process re-engineerings are required?

 

 

 

Masatoshi Kajimoto,CISA, CRISCEnergizer at 6/13/2011 1:58:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

Question week 5
The  IaaS must be review periodically amd must  be availability into  International collaboration (FIRST's, CERT's and Data Protection and Privacy Authorities)
- Data Protection Officer in IaaS (Public and Hibrid Cloud) (high collaboration with the Data Protection and Privacy Authorities and Freedom of Information Advice). The Health Data must be a High Level Public Cloud, for exemple  Assurance Companies, Hospitals, DNA Laboratories...
- Data Protection Officer in IaaS (only in Private Cloud). (collaboration with the Data Protection and Privacy Authority and Freedom of Information Advice).  
- Review abuse of IaaS and respect and implement the right to oblivion.
- Ensuring high availability of IaaS. Internet Access UN (United Nation) Universal Declaration of Human Rights.


ramoncodLively at 6/13/2011 4:59:13 AM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

What questions should executives and board members consider when they are planning to utilize cloud infrastructures, platforms or services to support the organization?

the board and executives should use exactly the same criteria they use for evaluating non-cloud solutions.  Does the solution meet the business objectives?  Are the risks of the solution consistent with our risk model?   Are the short term and long term costs of the solution acceptable?   Does the solution meet corporate GRC requirements.  Does the solution contain solution specific risks and issues that should be assessed as part of the analysis (vendor stability, technical standards,  control ability, etc., etc.

Austin HuttonLively at 6/14/2011 2:11:41 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

I very much agree with Austin on this one.  Cloud, while a relatively new model for IT (although some would say it's just outsourcing wearing a new coat), it really doesn't require a fundamental shift in thinking.  The board and executive should be asking the same questions as they would ask about any major new IT stragey.

The key question is, "do the board and executive management understand their business, its context / environment, and the risks it faces", if they can't answer yes to this question, then consideration of cloud is a moot issue.  Like all business decisions, it's a question of value at risk and should be treated no differently.  Getting caught up in the hype, may be the greatest risk of all.
Howard NicholsonLively at 6/14/2011 6:18:13 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions


Operational questions to ask:

1.       Is the solution aligned with the industry

2.       Will we be locked in with one solution

3.       Will we lose control

4.       Is there a fine print in the SLAs

 

Data questions :

1.       Is our data secure

2.       Will there be data encryption and key management

3.       Is there a guarantee for the integrity of our data

4.      Jurisdiction and applicable law

5.       International data transfer

6.       Data breach notification protocols

7.       Which date retention laws apply

8.       Who will owns data

9es

Kamal490Observer at 6/15/2011 2:16:58 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

Executives and board members should consider the strategic benefits (all aspects) of virtualization in your organization, combining the technical advantages of cloud computing (self-demand, wide access to the network, adaptability and measurement of service) with benefits it can bring to the business, such as cost savings, better return on investment, increased availability and deploy new services faster. They should be aware that the risks and safety issues will be an important inhibitor balance in their decisions, assessing whether they have the right internal capabilities to build a cloud infrastructure.
Romulo LomparteSocial at 6/16/2011 3:32:20 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

·         Do we know and understand what Cloud computing means, can we describe it, is it a valid understanding, does it fit our business model?

·         What is our risk tolerance ? Can we afford downtime, data breaches, and any kind of exposure?

·         For outsourcers, can the client contracts be satisfied if our infrastructure, platforms and services are in the cloud?  Will the contracts need to be modified?

·         Which model will support the growth of our business strategy, private, public, hybrid and why/how?

·         How will the Legal department manage the contract verbiage, particularly around security of the data?

·         What is our exit strategy in the event the providers are not meeting our SLAs.

·         What will the impact be on our SOX compliance, can we audit the cloud providers.

·         Can we continue to ensure corporate governance is embedded into the selected approach?

·         What are the metrics we will review each month to ensure our data is secure?

You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

Why are we doing this?

What are we going to achieve?

How will we measure success?

How will we achieve success? 

What is the ‘no-going back’ point?  Can we roll-back?  To what extent and duration are we committed?

What are the contract terms/conditions?  What are the rights to audit?  Security and liabilities?

How do we ensure protection of our data assets?

Depth of cost benefit analysis? How sensitive is it to changes in assumptions (i.e. consistently higher or lower than expected use etc)

How does it link to business strategy/strategic imperatives?

Essentially, all the basic elements of a business case and what executives and board members should be considering for any programme. 

John LloydLively at 6/21/2011 4:38:20 AM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

Why are we doing this?

What are we going to achieve?

How will we measure success?

How will we achieve success? 

What is the ‘no-going back’ point?  Can we roll-back?  To what extent and duration are we committed?

What are the contract terms/conditions?  What are the rights to audit?  Security and liabilities?

How do we ensure protection of our data assets?

Depth of cost benefit analysis? How sensitive is it to changes in assumptions (i.e. consistently higher or lower than expected use etc)

How does it link to business strategy/strategic imperatives?

Essentially, all the basic elements of a business case and what executives and board members should be considering for any programme. 

John LloydLively at 6/21/2011 4:38:20 AM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

·         Do we know and understand what Cloud computing means, can we describe it, is it a valid understanding, does it fit our business model?

·         What is our risk tolerance ? Can we afford downtime, data breaches, and any kind of exposure?

·         For outsourcers, can the client contracts be satisfied if our infrastructure, platforms and services are in the cloud?  Will the contracts need to be modified?

·         Which model will support the growth of our business strategy, private, public, hybrid and why/how?

·         How will the Legal department manage the contract verbiage, particularly around security of the data?

·         What is our exit strategy in the event the providers are not meeting our SLAs.

·         What will the impact be on our SOX compliance, can we audit the cloud providers.

·         Can we continue to ensure corporate governance is embedded into the selected approach?

·         What are the metrics we will review each month to ensure our data is secure?

You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

Executives and board members should consider the strategic benefits (all aspects) of virtualization in your organization, combining the technical advantages of cloud computing (self-demand, wide access to the network, adaptability and measurement of service) with benefits it can bring to the business, such as cost savings, better return on investment, increased availability and deploy new services faster. They should be aware that the risks and safety issues will be an important inhibitor balance in their decisions, assessing whether they have the right internal capabilities to build a cloud infrastructure.
Romulo LomparteSocial at 6/16/2011 3:32:20 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions


Operational questions to ask:

1.       Is the solution aligned with the industry

2.       Will we be locked in with one solution

3.       Will we lose control

4.       Is there a fine print in the SLAs

 

Data questions :

1.       Is our data secure

2.       Will there be data encryption and key management

3.       Is there a guarantee for the integrity of our data

4.      Jurisdiction and applicable law

5.       International data transfer

6.       Data breach notification protocols

7.       Which date retention laws apply

8.       Who will owns data

9es

Kamal490Observer at 6/15/2011 2:16:58 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

I very much agree with Austin on this one.  Cloud, while a relatively new model for IT (although some would say it's just outsourcing wearing a new coat), it really doesn't require a fundamental shift in thinking.  The board and executive should be asking the same questions as they would ask about any major new IT stragey.

The key question is, "do the board and executive management understand their business, its context / environment, and the risks it faces", if they can't answer yes to this question, then consideration of cloud is a moot issue.  Like all business decisions, it's a question of value at risk and should be treated no differently.  Getting caught up in the hype, may be the greatest risk of all.
Howard NicholsonLively at 6/14/2011 6:18:13 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

What questions should executives and board members consider when they are planning to utilize cloud infrastructures, platforms or services to support the organization?

the board and executives should use exactly the same criteria they use for evaluating non-cloud solutions.  Does the solution meet the business objectives?  Are the risks of the solution consistent with our risk model?   Are the short term and long term costs of the solution acceptable?   Does the solution meet corporate GRC requirements.  Does the solution contain solution specific risks and issues that should be assessed as part of the analysis (vendor stability, technical standards,  control ability, etc., etc.

Austin HuttonLively at 6/14/2011 2:11:41 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

Question week 5
The  IaaS must be review periodically amd must  be availability into  International collaboration (FIRST's, CERT's and Data Protection and Privacy Authorities)
- Data Protection Officer in IaaS (Public and Hibrid Cloud) (high collaboration with the Data Protection and Privacy Authorities and Freedom of Information Advice). The Health Data must be a High Level Public Cloud, for exemple  Assurance Companies, Hospitals, DNA Laboratories...
- Data Protection Officer in IaaS (only in Private Cloud). (collaboration with the Data Protection and Privacy Authority and Freedom of Information Advice).  
- Review abuse of IaaS and respect and implement the right to oblivion.
- Ensuring high availability of IaaS. Internet Access UN (United Nation) Universal Declaration of Human Rights.


ramoncodLively at 6/13/2011 4:59:13 AM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

Q: What questions should executives and board members consider when they are planning to utilize cloud infrastructures, platforms or services to support the organization?

<General>

  • What kind of merits & benefits does cloud computing bring to our enterprise’s business?
  • What IT related issues do our enterprise currently have? Can cloud computing settle those issues?
  • What kind of IT related risk management is appropriate for our enterprise’s business?
  • What kind of Cloud computing related risks, impacts, countermeasures are identified?

<Cloud Specific>

  1. Business users (SaaS level) are mainly take part in following items. Will Cloud computing give them enough satisfactions?
     - CRM
     - Sales Activities
     - Accounting
     - Collaborations/Workflow
     - Document Management
     - Human Resource Management
     - Legal issues/Compliance
     - Content Management
    -  Financial Reporting
     - Email/Communication/Office Productivity
    -  Social Networks
    -  Backup & Recovery, etc.
  2. CIO & IT department Managers (PaaS level) are mainly take part in following items. Will Cloud computing give them enough satisfactions?
     - Database Management
     - Virtual Environment Management
     - System Integration
     - System Development & Testing
     - Business Intelligence Issues, etc.
  3. Systems Development Division (IaaS level) is mainly take part in following items. Will Cloud computing give them enough satisfactions? 
     - Service Management
     - Storage Management
    - CDN
    - Backup & Recovery
    - Computing Capacity Management
    - Application Management, etc.
  4.  Will Cloud When using Cloud computing, followings are important. Does our Cloud computing environment guarantee these issues?
    - Common VM Formats, Data Formats and APIs: portability point of view
     - Cloud Management (Service Management, Governance, Metering, Monitoring, federated Identity, SLAs, Data & Application federation deployment, lifecycle management and so on)
     - Security: According to data types, what kind of security is provided?
     - Data Location: Physical server location is big issue from regulatory point of view.


<Confirmation>

Please show me the analysis result of following items.

  •  Key success factors of IT initiatives
  •  Cost Reduction (benchmarking)
  •  Business value vs. IT investment
  •  Significant IT incident & its impact
  •  How to meet regulatory or contractual requirements?
  •  Audit abilities
  •  How to utilize current IT infrastructure
  •  What kinds of business process re-engineerings are required?

 

 

 

Masatoshi Kajimoto,CISA, CRISCEnergizer at 6/13/2011 1:58:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

Q: What questions should executives and board members consider when they are planning to utilize cloud infrastructures, platforms or services to support the organization?

<General>

  • What kind of merits & benefits does cloud computing bring to our enterprise’s business?
  • What IT related issues do our enterprise currently have? Can cloud computing settle those issues?
  • What kind of IT related risk management is appropriate for our enterprise’s business?
  • What kind of Cloud computing related risks, impacts, countermeasures are identified?

<Cloud Specific>

  1. Business users (SaaS level) are mainly take part in following items. Will Cloud computing give them enough satisfactions?
     - CRM
     - Sales Activities
     - Accounting
     - Collaborations/Workflow
     - Document Management
     - Human Resource Management
     - Legal issues/Compliance
     - Content Management
    -  Financial Reporting
     - Email/Communication/Office Productivity
    -  Social Networks
    -  Backup & Recovery, etc.
  2. CIO & IT department Managers (PaaS level) are mainly take part in following items. Will Cloud computing give them enough satisfactions?
     - Database Management
     - Virtual Environment Management
     - System Integration
     - System Development & Testing
     - Business Intelligence Issues, etc.
  3. Systems Development Division (IaaS level) is mainly take part in following items. Will Cloud computing give them enough satisfactions? 
     - Service Management
     - Storage Management
    - CDN
    - Backup & Recovery
    - Computing Capacity Management
    - Application Management, etc.
  4.  Will Cloud When using Cloud computing, followings are important. Does our Cloud computing environment guarantee these issues?
    - Common VM Formats, Data Formats and APIs: portability point of view
     - Cloud Management (Service Management, Governance, Metering, Monitoring, federated Identity, SLAs, Data & Application federation deployment, lifecycle management and so on)
     - Security: According to data types, what kind of security is provided?
     - Data Location: Physical server location is big issue from regulatory point of view.


<Confirmation>

Please show me the analysis result of following items.

  •  Key success factors of IT initiatives
  •  Cost Reduction (benchmarking)
  •  Business value vs. IT investment
  •  Significant IT incident & its impact
  •  How to meet regulatory or contractual requirements?
  •  Audit abilities
  •  How to utilize current IT infrastructure
  •  What kinds of business process re-engineerings are required?

 

 

 

Masatoshi Kajimoto,CISA, CRISCEnergizer at 6/13/2011 1:58:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

Question week 5
The  IaaS must be review periodically amd must  be availability into  International collaboration (FIRST's, CERT's and Data Protection and Privacy Authorities)
- Data Protection Officer in IaaS (Public and Hibrid Cloud) (high collaboration with the Data Protection and Privacy Authorities and Freedom of Information Advice). The Health Data must be a High Level Public Cloud, for exemple  Assurance Companies, Hospitals, DNA Laboratories...
- Data Protection Officer in IaaS (only in Private Cloud). (collaboration with the Data Protection and Privacy Authority and Freedom of Information Advice).  
- Review abuse of IaaS and respect and implement the right to oblivion.
- Ensuring high availability of IaaS. Internet Access UN (United Nation) Universal Declaration of Human Rights.


ramoncodLively at 6/13/2011 4:59:13 AM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

What questions should executives and board members consider when they are planning to utilize cloud infrastructures, platforms or services to support the organization?

the board and executives should use exactly the same criteria they use for evaluating non-cloud solutions.  Does the solution meet the business objectives?  Are the risks of the solution consistent with our risk model?   Are the short term and long term costs of the solution acceptable?   Does the solution meet corporate GRC requirements.  Does the solution contain solution specific risks and issues that should be assessed as part of the analysis (vendor stability, technical standards,  control ability, etc., etc.

Austin HuttonLively at 6/14/2011 2:11:41 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

I very much agree with Austin on this one.  Cloud, while a relatively new model for IT (although some would say it's just outsourcing wearing a new coat), it really doesn't require a fundamental shift in thinking.  The board and executive should be asking the same questions as they would ask about any major new IT stragey.

The key question is, "do the board and executive management understand their business, its context / environment, and the risks it faces", if they can't answer yes to this question, then consideration of cloud is a moot issue.  Like all business decisions, it's a question of value at risk and should be treated no differently.  Getting caught up in the hype, may be the greatest risk of all.
Howard NicholsonLively at 6/14/2011 6:18:13 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions


Operational questions to ask:

1.       Is the solution aligned with the industry

2.       Will we be locked in with one solution

3.       Will we lose control

4.       Is there a fine print in the SLAs

 

Data questions :

1.       Is our data secure

2.       Will there be data encryption and key management

3.       Is there a guarantee for the integrity of our data

4.      Jurisdiction and applicable law

5.       International data transfer

6.       Data breach notification protocols

7.       Which date retention laws apply

8.       Who will owns data

9es

Kamal490Observer at 6/15/2011 2:16:58 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

Executives and board members should consider the strategic benefits (all aspects) of virtualization in your organization, combining the technical advantages of cloud computing (self-demand, wide access to the network, adaptability and measurement of service) with benefits it can bring to the business, such as cost savings, better return on investment, increased availability and deploy new services faster. They should be aware that the risks and safety issues will be an important inhibitor balance in their decisions, assessing whether they have the right internal capabilities to build a cloud infrastructure.
Romulo LomparteSocial at 6/16/2011 3:32:20 PM Quote
You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

·         Do we know and understand what Cloud computing means, can we describe it, is it a valid understanding, does it fit our business model?

·         What is our risk tolerance ? Can we afford downtime, data breaches, and any kind of exposure?

·         For outsourcers, can the client contracts be satisfied if our infrastructure, platforms and services are in the cloud?  Will the contracts need to be modified?

·         Which model will support the growth of our business strategy, private, public, hybrid and why/how?

·         How will the Legal department manage the contract verbiage, particularly around security of the data?

·         What is our exit strategy in the event the providers are not meeting our SLAs.

·         What will the impact be on our SOX compliance, can we audit the cloud providers.

·         Can we continue to ensure corporate governance is embedded into the selected approach?

·         What are the metrics we will review each month to ensure our data is secure?

You must sign in to rate content.
(Unrated)

RE: Week 5 Governance Questions

Why are we doing this?

What are we going to achieve?

How will we measure success?

How will we achieve success? 

What is the ‘no-going back’ point?  Can we roll-back?  To what extent and duration are we committed?

What are the contract terms/conditions?  What are the rights to audit?  Security and liabilities?

How do we ensure protection of our data assets?

Depth of cost benefit analysis? How sensitive is it to changes in assumptions (i.e. consistently higher or lower than expected use etc)

How does it link to business strategy/strategic imperatives?

Essentially, all the basic elements of a business case and what executives and board members should be considering for any programme. 

John LloydLively at 6/21/2011 4:38:20 AM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.