DEV Community

Cover image for Cloud Governance Management System

Posted on • Originally published at on

Cloud Governance Management System

In this article, we will try to build a Cloud Governance Management System (CGMS), which is an integrated system consistent with Cloud services and allow to reach Cloud objectives. The main CGMS’s components are:

  1. Principles;
  2. Reference models, policies, processes, procedures and tools;
  3. Organizational structure, roles and responsibilities;
  4. Monitoring and Key Performance Indicators (KPI).

We already discussed principles principles, so let see more details about reference models, policies and processes.

Reference models, policies, processes, procedures and tools

Governance and management are activities based on processes. For creating a reference model we need to identify which are processes for the company that will use both for cloud governance than management.

For each Cloud principle, it is defined a relative governance’s process. The process and his name should represent what is needed to realize the principle. In this way, a map that identifies the IT processes to follow is constructed, based on cloud governance principles. Of course, principles and processes can be already present in the company, and nowadays there are many well-established standards like COBIT 5 and ISO/IEC 38500. While the IS/IEC 38500 standard only defines IT governance principles, the COBIT 5 framework also defines activities and processes.

So, we can use as a basis the COBIT 5 framework for processes. It subdivides the processes into two areas, governance and management. The two areas in total have 5 domains and 37 processes:

  • Governance of Enterprise IT
    • Evaluate, Direct and Monitor (EDM) - 5 processes.
  • Management of Enterprise IT
    • Align, Plan and Organise (APO) - 13 processes;
    • Build, Acquire and Implement (BAI) - 10 processes;
    • Deliver, Service and Support (DSS) - 6 processes;
    • Monitor, Evaluate and Assess (MEA) - 3 processes.

If we consider the EDM area, we can make a link with Cloud services principles and the activities inside the EDM area. We define ti activities in Evaluate, Direct and Monitor area, associate processes to principles, and activity to processes.

for exemple:

Cloud governance principles, processes and activities mapping with COBIT 5

Tools are extremely helpful for standardizing policies, processes and procedures. Using the right tools, the company can ensure the right execution of the processes. Of course, some tools can be “nice to have”, but other tools are mandatory for an effective CGMS. So, very important tools are a ticketing system to track and manage service requests and incidents, CMS to store documented processes and procedures, and collaboration tools to coordinate schedules and other shared information with Cloud service providers (CSPs) and stakeholders.

Example integrated Cloud Governance and Menagement reference model

In this example model principles is the main container, governance direct with plans and policies the management, evaluate their proposals and monitoring management performance and conformance fo continual improvement.

Data, architecture and structure are a set of principles to support the privacy, confidentiality, availability, integrity and security of data on public and private clouds. Compliance and Risk Management are controls to manage, minimize and transfer risks.

Management contains management and operations activity, for example:

  • Cloud service provider management
    • Change management
    • Cloud vendor management
    • Monitoring and measurement
    • Service level management
    • Real-time alerting
  • Operations
    • Service management integration
    • Availability management
    • Capacity management and scalability
    • Business continuity and disaster recovery
    • Operations management
  • Finance management
    • Consumption model
    • Total cost ownership model
    • Benefits realization
    • Adoption costs
  • Security
    • Identity and access management
    • Data protection
    • Security operations
    • Platform security

Tools support all areas (the icons are only an example of software tools to use, but of course, every company chooses their tools, both digital or physical like an old fashion paper).


Cloud Governance Management System can be hard to create and maintain, also the amount of plans, policies, controls, people to govern and manage everything highly depends on the company nature and its principles and goals.


  • Fulton, Lita. Cloud Governance and Management Made Simple: Practical Step-by-Step Guide for Small and Mid-Sized Organizations

Top comments (0)