×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.
BMC Cloud Lifecycle Management 4.5 ... Getting started Key concepts Product overview

Cloud governance and compliance

The "cloudification" of workloads will require the integration of traditional IT governance best practices, such as compliance and chargeback, into the cloud environment. Therefore, in order to govern the cloud for business excellence, IT must implement the cloud with asset and incident management, compliance, and transparent financial management.

By doing all of these things, IT is well on its way to responsible, compliant operations — with tight fiscal controls and transparency. As a result, IT can benefit from economies of scale, lower individual usage costs, and centralize infrastructure costs, while also extending or improving current governance capabilities.

In a cloud model, users pay for what they consume, increase or decrease their usage (as needed), and benefit from shared underlying resources in a policy-compliant construct that provides visibility into actual costs and provides chargeback.

Cloud governance is made up of three primary steps:

  • IT process integration — In order to govern your cloud effectively, your IT processes should be fully integrated to ensure the extension of existing corporate governance processes into the cloud. This can be achieved through enforcing license compliance, federating your CMDB, and enabling incident and problem management.
  • Continuous compliance — Depending on your industry, you may have to meet different compliance standards, such as HIPAA (for healthcare) or PCI (for credit card retail sales). To protect your business, you will need to guarantee regulatory, operational, and security compliance by enforcing standards, auditing to ensure those standards have been met, and integrating change management to facilitate smooth and compliant transitions.
  •  Financial management — The ability to track the realized cost/benefit of migrating traditional workloads to the cloud will require the integration of IT financial management into the environment. As a result, you can provide financial transparency for your cloud by enabling showback or chargeback, utilizing usage accounting, and actively managing your suppliers.

Cloud governance and compliance benefits:

  • Align business metrics with IT operations
  • Extend existing operational best practices to the cloud
  • Ensure responsible compliant operations
  • Maintain tight fiscal controls and transparency

BMC is helping organizations govern their cloud environments today. Through cloud governance and compliance, the business challenges of cloud — from compliance to costing IT — are addressed. With robust offerings in configuration compliance, regulatory compliance, and chargeback and financial management, BMC can help you provide "good governance" for applications and services moved to the cloud, infusing the tenets of Business Service Management throughout the cloud environment.

Back to top

IT process integration

Occasionally, software vendors will come and audit your usage to make sure that what you are paying for and what you are actually using match accordingly, especially with "per-seat" or "concurrent-user" licenses. Therefore, as your cloud matures, you must track your license usage, historical peaks and valleys, and current usage on certain (if not all) software products to avoid penalties and failed audits. When usage goes above thresholds, it should trigger certain true-up events, and refuse to provision a certain license (pending approval/true-up in certain cases).

The best way to do this is by keeping track of software license utilization, managing changes across environments, and logging those changes in a configuration management database (CMDB). This CMDB is meant to be the "central source of truth" for the organization, storing all the configurations and services delivered by IT.

With multiple CMDBs , such as one for a physical environment, one for a virtual environment, and one for a cloud, there is no single source of truth. If a change, such as a patch, has to happen to multiple environments, then each environment has to be searched independently.

There are two ways to establish a single source of truth: (1) Simply integrate everything to point back to the central CMDB or (2) Federate the separate CMDBs. As your environment grows — and the sheer volume and diversity of your IT environment increases — federation is the recommended approach. With federation, you need not move all data into your single CMDB. Rather, a primary CMDB can be queried, and, through federation, it will reach out to the secondary CMDBs to respond to the query. You then can ask the single CMDB a question and get a holistic answer about your entire environment, including incident and problem management. If an incident does happen, a record of what it was, how it was handled, and the outcome of the problem will be documented and auditable.

Key steps to IT process integration include:

  • Federate your CMDB
  • Enforce license compliance
  • Track, manage, and report on incident and problem management

With the BMC Atrium CMDB – optionally,you can also integrate BMC Remedy Change Management running on a remote ITSM server – you can effectively track assets and license utilization in the cloud.

Back to top

Continuous compliance

Cloud computing gives you the freedom to choose the right mix of internally and externally provided services that best meet your business requirements. Before you send a service to a public cloud, however, you must consider the compliance requirements associated with that service. Although at first glance, it may appear that you should "just say no" to outsourcing any service that is under regulatory compliance, this approach limits your flexibility in creating the optimum combination of internal and external services. Keep in mind that public cloud providers are continually improving their security and compliance capabilities, making it feasible to offload more services to the public cloud. If you keep your options open, you will be able to take advantage of additional opportunities in the public cloud as they emerge.

Note

Regardless of whether you are in the healthcare, finance, retail, or any other industry, you must make sure your organization meets the regulatory, operational, and security gold standards established for compliance in your industry.

Both IT and the businesses it supports feel the acute pain of service disruptions resulting from problematic changes, and both constantly worry about the accuracy and impact of changes — not knowing whether a change will disrupt service, impact the quality of the service, or result in non-compliance. The ability to keep pace with changes as they come in, the pain of manual processes, and a lack of confidence in up-to-date documentation are all concerns to both IT and the business.

In a cloud infrastructure, it's even harder to convince yourself that you've checked all the boxes and dotted all the i(s). That's why automation is so important — as well as closed-loop compliance on both configuration and regulatory policies.

Manual and disconnected processes add to the risk of errors, non-compliance, and delays, resulting in a drain on both staff and budget resources. To minimize these risks, you need automated solutions that integrate across organizational silos, processes, and tools to manage the entire change and release process — from initiation to validation.

Key steps to continuous compliance include:

  • Enforce regulatory, operational, and security compliance
  • Facilitate auditing
  • Integrate change management

BMC delivers change and release management solutions that control who can make a change, how that change is approved, when it is deployed, and whether it was successful — all according to policy. Our solutions automate change controls, process orchestration, and change execution, including handoffs across silos, with a level of integration unmatched in the industry.

BMC Cloud Lifecycle Management will help you provide compliance through BMC Automation solutions, while also managing your cloud environment through a policy-based Service Governor. Optionally, you can also integrate BMC Change Management (running on an external ITSM server) with BMC Cloud Lifecycle Management to track and verify all changes to the cloud environment and individual cloud services.

Back to top

Financial management

One of the many benefits of a cloud is that you can track consumption of resources and assign a cost to that consumption. At the same time, cloud resources are, by nature, variable. Although hardware resources are reasonably easy to track, network resources are less so, and software resources are downright tricky. IT organizations benefit from alignment of business metrics with IT operations, enabling users to factor in financial information into their cloud decision-making. Through showback or chargeback, you can send each business unit a report of their monthly consumption. True chargeback involves inputting consumption and cost calculations into your organization's financial systems.

Cloud resources must be ready and waiting for new requests to come in. That means services, hardware, and software need to be procured in advance of the end consumer or user "buying" it. So, the flow of payments to IT has shifted. Historically, IT bought services, hardware, and software to support funded projects. With the increased proliferation of cloud computing, however, IT now buys services, hardware, and software before they even know what projects are coming. In order to track what resources are currently being utilized — and project what resources may be needed in the future — monitoring and accounting for usage can provide key pieces of information.

An additional financial consideration is the overhead of supplier management. Suppliers may be providing infrastructure as a service (IaaS), software as a service (Saas), platform as a service (PaaS), "solution as a service", or simply computing or network capacity and the people required to manage it. Closely accounting for what is being purchased — and by whom — provides financial transparency and fiscal control to your organization.

Key steps to financial management include:

  • Enable billing via showback and chargeback
  • Drive usage accounting
  • Actively manage suppliers

BMC provides the industry's only truly integrated approach to managing the business of IT. Built on a comprehensive data model that captures the interdependencies among IT functions, the solution bridges the silos of information across demand, supply, resources, financials, and risk to provide a single system of record for visibility, coordination, and control of IT.

Back to top

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Last modified by Lisa Greene on Jul 27, 2016
concept

Comments

Log in or register to comment.

Cloud business planning
Architecture
© Copyright 2024 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.