CA Community






This Blog
Syndication

Effective use of frameworks and standards in the cloud

Published: February 24 2011, 04:53 PM
by Robert Stroud

Recently I was asked on a press interview if ITIL, COBIT and standards such as ISO/IEC 20000 were relevant in the cloud?  It appears that some believe that if you abdicate your IT to a third party such as an outsourcer or place it in the cloud you are no longer accountable for delivery. Such thoughts are absolute rubbish. Just because you leverage a third party you are still accountable for the delivery of the service to the business so you had better have your processes well organized. Doing so will move attention from management of incidents to ensuring that service is delivered at the service levels commensurate with the value of the service. 

I am a strong believer in the theory that cloud computing will continue to grow but I'm also pragmatic. Solving an incident in today's complex multi-partner environment is challenging. You need to know who is delivering each component and that the correct controls are in place to ensure service continuity.  Further, as the Business will be paying "green dollars" for the consumption, more than likely they are going to want to approve the additional capacity. 

This is all well and good, if  it is an arrangement where there is a single supplier, but in reality there will often be multiple partners involved.  This is where good use of automation with embedded controls will play a pivotal role.  By correctly investing in effective automated process leveraging the control identified in COBIT organizations can ensure they are in compliance with the organization's governance and risk appetites. 

So where do you start?  I strongly suggest that you start with the ISACA publication "Implementing and continuously improving governance" available on the ISACA website (http://www.isacsa.org/).  The publication provides a good-practice approach for implementing IT governance based on a continual improvement life cycle that should be tailored to suit the enterprise's specific needs and covers areas such as

  • Positioning IT governance
  • Taking the first steps towards IT governance
  • Challenges and success factors
  • Enabling change
  • Implementing a continual improvement life cycle
  • Using COBIT, Val IT and Risk IT components

ISACA provides a wide range of resources supporting the guide and COBIT, Val IT and Risk IT are freely downloadable from www.isaca.org.

Share this post:  
Tags: , , , , , , ,
Leave a comment

 

By: Robert Stroud
Robert Stroud serves as VP and as Service Management, Cloud Computing and Governance Evangelist at CA Technologies. Robert also serves as an International vice president of ISACA, is part of the Framework committee and was the former chair of the COBIT Steering Committee. Robert also serves on the itSMF...
Read More..

Comments:

No Comments

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  

 Submit