What is cloud computing?

The infrastructure of building cloud computing systems accounts for more than a third of IT spending. This number indicates an increasing reliance on external infrastructure, management, security services, and applications.

Spending on the more traditional version of in-house IT is decreasing, and workloads are gradually moving into the cloud, be it public cloud services or private clouds built by enterprises.

Vendors use shared computers to provide cloud services. Virtual technologies and multi-tenancy mechanisms segregate and protect customers and their data from unauthorised access.

Cloud computing is capable of quickly and automatically expanding or reducing available processing, data storage and network bandwidth to meet user needs.

Customers only pay for computing services that they use, and they are able to monitor their usage.

While cloud computing describes any IT resource accessed over the internet, organisations and providers use and deliver cloud services in a number of distinct ways. There are four major types of cloud deployment, and three common service models.

• IaaS: Infrastructure as a Service is a system wherein vendors provide physical computer hardware and connectivity options. This can also be used across multiple tenants using virtualisation technology. Customers have the opportunity to run systems and applications of their choice, while the vendor maintains the physical hardware.
• SaaS: The vendor uses the cloud infrastructure to provide software applications to customers. Examples include email, documents, spreadsheets etc. These services are usually accessed from a web browser and don’t require the installation of software, though this is still an option.
• PaaS: Platform as a Service includes IaaS with the addition of system and server applications. This allows customers to use the cloud infrastructure and software developed by the client with the use of programming languages supported by the vendor. The vendor usually maintains physical computer hardware, OS, and server applications.

Users have the ability to scale different services for their needs, access cloud applications from anywhere, and customise the applications they use.

Enterprise users can speed their applications to market more quickly without the worry of underlying costs or maintenance.

There is a more competitive advantage, as clouds provide the most innovative technology available.

• Data backup
• Disaster recovery
• Email
• Virtual desktops
• Software development
• Big data analytics
• Customer-facing web applications

• Cloud Provisioning and governance
• Improving developer speed
• Intelligent workload placement
• Manage cloud spend

Another aspect of cloud management is cloud governance. Cloud governance describes overseeing and regulating issues such as cost, operations, security, risk, budgets, and compliance across multiple clouds. In cloud governance, the focus is on cost, security, and operations, where cloud management often focuses on resources. Naturally, there is a significant amount of overlap between the two terms.

When working with a range of cloud providers, businesses face unique challenges. Specifically, there is no standardisation of operating models between providers, and each option brings with it its own proprietary provisioning tools. This leads to increased operational complexity, and makes effective governance extremely difficult.

An effective cloud governance solution empowers businesses to create a unified framework for provisioning and governance in a multi-cloud environment, while still promoting increased cloud agility and without restricting individual cloud-vendor capabilities.

Effective cloud governance demands a reliable optimisation and provisioning solution. ServiceNow ITOM Optimization makes it easy to provision on-demand cloud services while maintaining acceptable cloud spend. With ServiceNow, you can enjoy the full capabilities of every cloud provider, and create a manageable, unified operating model across your entire cloud ecosystem. Benefits include:

• Standardised multi-cloud service catalogue
• Non-intrusive policy guardrails
• Empowering self-service options
• Consistent modelling
• Accelerated delivery

Managing multiple clouds can be difficult, depending on the number of clouds involved—both from a cost optimisation and technology perspective. Customers tend to subscribe to various cloud services to avoid a dependency on a single service. A better approach is to select a public cloud, analyse the features they offer, and then integrate them.

Cost control and management-overhead reduction can be reconciled by using cloud management platforms (CMPs) and/or cloud service brokers (CSBs). Both help you manage multiple clouds in one location. But, these services can limit customers to common-denominator services, ignoring the unique advantages of individual cloud service providers.

Cloud computing is often considered an alternative to edge computing. However, edge computing moves local computing to local devices in a distributed system that is usually layered around a cloud computing core. Cloud is typically involved in orchestrating all of the devices, then it collects their data, analyses it, and acts on it.

Protecting data from access by a third party

• Your choice of cloud aligns with your organisation’s risk tolerance.
• You understand the privacy laws of the countries that will have access to your data.
• The vendor sanitises media storage at the end of its life.
• Users can access and store important data only through trusted operation environments.
• Auditing is available for the vendor’s security or access management for the systems you access.
• ACSC-approved encryption protects your data at all times.

Protecting data from access by the vendor’s customers

• The vendor you choose carefully separates your data from data used by other organisations.
• You have the option to access computers dedicated to your exclusive use.
• Use of the cloud does not weaken your security posture.
• Deleted data is sanitised before it is reused.

Protecting data from access by the vendor’s employees

• Vendor employees and personnel are adequately vetted.
  
• Every action performed by a vendor’s employees is reviewed and logged.
• The vendor data centres use cable management systems to identify any tampering.
  
• Your password or key for data decryption are not known by the vendor.
  
• Any visits to the vendor’s data centres are identified and escorted.

How to handle cloud security

• Ensure that the vendor provides timely responses and support for any security issues.
• The vendor has a good, strong security plan.
• You will be notified of any security incidents.
• You are able to audit logs and any information needed for a forensic investigation.
• Adequate compensation for security breaches will be provided.
• Employees are trained to detect and address any security incidents.

• Cloud-centred organisations like DevOps, Security, and Finance who need to ensure that the diverse business sets within a business unit are using best practices.
• Larger, multi-cloud organisations who demand a standardised series of processes and tools to work across CSPs for security, operations, cost control, and governance.
• MSPs who develop cloud centres and are focused on creating best practices for customers.

• Interdepartmental communication
  CCoE bridges departments that use, fund, or measure cloud operations. The departments and stakeholders need to be on the same page regarding goals, budgets, and timelines for cloud operations.
• Technology expertise
  It’s imperative that the CCoE has strong expertise in the cloud technology used by the organisation, as they are the drivers of innovation within the organisation.
• Governance
  Authority and standardisation are two major elements of governance. An effective CCoE should be granted authority to create policies and standards for cloud security, cost control, and compliance. The expectation is that everyone in the organisation will adhere to these policies. 
  
• Repeatability and automation
  After the establishment of policies, the deployment process will need to be repeatable with reference architectures, as well as available tools and platforms in place for cost control and governance.
• End-user buy-in
  It’s crucial for the CCoE team to develop a sense of engagement in the teams, or the new structure will not succeed.
  

Leverage your existing ITSM processes, quickly creating a unified management framework across both multi-cloud and non-cloud environments.

Easily define new types of cloud services using cloud-native templates and offer them through a unified service catalogue. Provision cloud services in real time, responding instantly to requests from DevOps and other cloud users.

Establish non-intrusive policy guardrails, including quotas, available cloud service types, naming conventions, workload placement, and more. Automatically manage approvals for policy exceptions while instantly fulfilling compliant requests.

Deliver a streamlined, responsive user experience with an intuitive self-service portal where users can create and manage their cloud resources.

Take advantage of integrations with configuration providers and other vendors, including Terraform and Ansible Tower.

ServiceNow® ITOM Optimization lets you rise to this multi-cloud challenge. Its Cloud Provisioning and Governance feature provisions on-demand cloud services, accelerating service delivery while providing consistent, non-intrusive governance guardrails that prevent uncontrolled cloud spend. It directly leverages native cloud provisioning capabilities—for example, AWS CloudFormation templates—so you have unrestricted access to the full power of each cloud vendor. And it works seamlessly with ServiceNow IT Service Management, creating a unified operating model across your cloud and non-cloud estate.

Create a catalogue of standardised cloud services by importing cloud vendor templates into the role-based ServiceNow service catalogue. DevOps and other users simply select the cloud service they want, enter configuration parameters, and submit their request. They can also do this programmatically using a built-in REST API. ServiceNow automates the end-to-end provisioning process, creating the requested cloud resources in real-time—often in seconds when no approvals are required. This provides a consistent, secure, and auditable way of ordering services across multiple clouds, delivering effective governance while simplifying and accelerating provisioning for users.

Define role-based permissions and policies for your users, creating non-intrusive guardrails that are only triggered when there is an exception condition. Policy examples include storage and CPU quotas, allowed cloud service types, naming conventions, workload placement, resource sizing limits, tagging policies, and more. This lets you manage approvals for policy exceptions while instantly fulfilling compliant requests. You can also establish leases for non-production cloud resources, alerting resource owners when the lease is about to expire. Unless the owner renews the lease, ITOM Optimization automatically deprovisions the resource—reducing cloud sprawl and stranded cloud assets.

ITOM Optimization makes it easy for cloud users to see and manage all of their cloud services in one place. Its Cloud User Portal delivers a consumer-like, unified experience where users can create new cloud services, manage their existing cloud services, track approvals, and see associated changes and incidents for their cloud resources. The portal also has quota utilisation information, creating situational awareness and encouraging users to release cloud resources they no longer require. ITOM Optimization also includes a dedicated Cloud Administration Portal, providing a single pane of glass where IT managers can govern their cloud resources and deployment policies across multiple cloud vendors.