4. Assure service performance across the IT value chain. It is not enough to build a cloud; the complete cloud lifecycle includes running cloud services to assure the availability, compliance, and experience that the business requires, Png added. This begins with the alignment of service levels and business service priorities, and extends to real-time, 24x7, service-aware performance monitoring for the entire business service. "Moreover, in a complex world of hybrid IT, you need assurance across multiple service tiers; across physical infrastructure and non-x86 components; across elements of SaaS, PaaS, and IaaS; as well as across virtual, private, and public cloud boundaries," he emphasised.
5. Secure cloud with content-aware identity and access controls. Png further cautioned: "Any cloud lifecycle 'solution' that does not include security is risky at best, downright dangerous at worst. Shifting boundaries of cloud make traditional perimeter protection less effective, so you need to adopt agile identity- and content-aware security, alongside traditional technologies such as data loss prevention and event monitoring." Automated controls will help to reduce risk by ensuring functional isolation and strict audit for data access, system provisioning, configuration changes, and other sensitive activities, he added, and this security should not only support all types of cloud services -- on-premise, off-premise, public, private, IaaS, PaaS, SaaS, -- but should also integrate with traditional IT systems to ensure there are no gaps for security breaches.
6. Manage hybrid cloud service according to business needs. "It is not enough to build, buy, or use a cloud and call it good; it is not even enough to go just one level higher than the element infrastructure, and look at so-called 'IT services' in isolation," Png said. "Instead, you need a top-down approach that values and manages business service outcomes • user productivity, return on assets, carbon production, legal and contractual compliance, energy utilisation, resourcing costs, innovation and ideation, cycle time acceleration, performance, and more. You must also continually revisit IT and business service delivery, automating and orchestrating as much as possible to keep removing inefficiencies and manual intervention."
If CIOs are adopting cloud computing without planning, without security, without assurance, then the cloud -- and perhaps their business -- is destined to fail spectacularly. Png summarised thus: "Because the cloud is complex, overly simple approaches will not work. IT needs to manage the entire cloud, from end to end -- starting with initial service analysis, planning and modelling; through intentional assembly of components and services; automation and orchestration of complex processes; assurance for performance and reliability; security and compliance for data and identity; to business-focused management of the whole business service."
Sign up for CIO Asia eNewsletters.