Step 3: Create a service catalog of blessed applications
To accommodate all technical levels, you'll want to provide an easy-to-use, familiar interface -- like ServiceNow or Cisco Prime Services Catalog -- that offers workflow approval tooling as part of the deployment process. Interfaces like this enable an administrator to grant or deny access to individual applications for deployment and ensure that a management approval process is followed prior to resources being provisioned on cloud infrastructures.
Step 4: Assign access based on role
Generally speaking, development and test workloads are best steered toward public clouds because the variability of the load they generate is a good match for the elasticity public clouds provide. Operations staff will need access to both public and private cloud platforms so that they can make intelligent decisions that involve considerations such as data gravity, data security, and private cloud capacity before making a definitive decision. Nontechnical line-of-business users, on the other hand, will only need to deploy specific applications on a more restrictive set of infrastructures and only through the service catalog. IT teams can customize and quickly change access if they've taken the steps to set up the authentications, authorizations, abstractions, and service catalogs described previously.
Step 5: Track usage with metering and billing
There is a balance to be struck between tracking spend on cloud accounts and creating a different cloud account for every individual user. Cloud management platforms often provide a mechanism for system administrators to track application deployments on an individual or group basis with internal metering that then maps to a single cloud account. Metering enables central IT to minimize cloud account administration, providing granular account usage reconciliation that optionally gets integrated into part of a larger internal chargeback mechanism.
Line-of-business teams in years past never had choices for provisioning resources like they do today. Now that the genie is out of the bottle, there's no getting him back in. Line-of-business teams demand self-service, on-demand provisioning. If they can't get it from their IT teams, they will get it themselves, creating shadow IT in the process.
Simply reining in cloud access is not the answer. Cloud anarchy, which features central billing of otherwise unorganized access to clouds, is not much better. Instead, a governance solution can provide self-service, on-demand provisioning in an organized manner that also offers granular metering and billing. Everybody wins when you implement governance that includes authentications/authorizations, cloud abstractions, service catalogs, role-based access assignments, and cost tracking.
Sign up for CIO Asia eNewsletters.