Information Technology should serve as an innovation advisor to the business, and the cloud is just one tool that can be deployed in that advisor role. As with any technology, we need to maintain standardization and centralization in order to maximize gains and ensure compliance with architectural standards. We do that via IT Governance.
Governance is defined in multiple ways, but it always involves one theme and that is structure. In fact, I believe governance and structure are interchangeable as long as the structure is an ongoing process. I define IT Governance as simply a set of policies and standards that delivers the highest level of value to stakeholders by optimizing technology.
To obtain the optimal benefit for a cloud solution we begin with the Cloud Review Board review and approval. The OCIO Cloud Review Board provides governance, reviews policy, and standardizes and maintains the State’s security posture for all cloud services used by the Agencies. The Cloud Review Board utilizes the Open Group Architecture Framework (TOGAF framework) methodology for the design, planning, and implementation of cloud architectures. Compliance with recommendations from this board provides consistency and enhances the maintainability of the final solution. It additionally avoids the issues of duplication and enterprise strategy misalignment. This holistic approach ensures compliance during audits and certifications.
This begins with a completed Cloud Questionnaire attached to an OCIO procurement service request.
Benefits of the Cloud Review Board include:
- Set architectural design standards
- Reduce complexity by incorporating a holistic view of entire cloud architecture
- Detect potential risks
- Identify opportunities for multi-agency use
- Calculate technology implementation and support costs along with consumption, transport and/or subscription costs
- Reduce redundancy by utilizing existing components
- Discover possible cost implications that were not disclosed or fully understood
- Ensure that the solution meets expected requirements
- Determine ownership and skills required to implement and support
- Identify the acceptable Cloud deployment model options
The classification of the data to be processed or stored using cloud computing determines the acceptable options. If there is a mix of data classifications, the most restrictive data classification must be used.
The Cloud Review Board is only one example of the benefits delivered by multiple review boards in place across the State, providing consistent and transparent decision-making by following established and published guidelines. Review boards evaluate and assess current technology and operations to guide future technology investments with a focus on continuous improvement. They address the question of ownership by assuming the responsibility for process improvement efforts through established IT standards that increase efficiency and excellent service delivery resulting in reliable and dependable performance.
The chief goal of review boards and IT Governance is to develop an IT environment that responsibly responds to the needs of the State Agencies, Boards, Commissions, and their constituents.
I appreciate your efforts each day to provide a high level of customer service to the State and the Citizens of Nebraska!