Overview > > >

Framework 2.0

    categories
  • Providing cloud strategy execution aligned with strategic business drivers, general IT strategy and sourcing strategy

    strategy
  • Involving the business in cloud transition, supporting them in adopting new cloud solutions to increase business value

    business
  • Facilitating an organisational structure that enables successful cloud use and building up necessary cloud knowledge and capabilities

    organisation
  • Designing, building and continuously improving the cloud platform (including landing zones, IAM, connectivity and integration) for the sole purpose of serving the business

    platform
  • Fostering a culture where innovativeness leads, people learn and adapt quickly, responsibility and autonomy are embraced, and business & IT work seamlessly

    culture
    capabilities
  • Maintaining a desired speed of cloud adoption and digital transformation according to the cloud strategy and KPIs

    cloud strategy execution
  • Realising the optimal mix of cloud services, products and suppliers according to cloud strategy

    strategic sourcing
    capabilities
  • Creating cooperation amongst DevOps and value teams, IT, and the various cloud stakeholders to automate processes, and spread knowledge and competences so that the CCoE becomes obsolete

    business support
  • Supporting the deployment, change management and policy compliance of applications, infrastructure and services using automation pipelines by autonomously operating business teams

    cloud solution management
  • Acquiring full control of the cloud services provided by the CCoE and those supplied by external services and suppliers

    cloud services & supplier management
    capabilities
  • Enhancing and embedding organisation wide cloud expertise, proactively and continuously, so that a CCoE is not needed anymore for that purpose

    knowledge management
  • Reorganising teams, mandates and responsibilities, the way of working within and amongst those teams, so that competences and talents are optimally used

    organisation development
    capabilities
  • Providing for an effective and efficient cloud platform that is designed according to the guidelines and principles which is flexible with a high level of self service opportunities

    platform development
  • Enabling the business to increase innovation in a controlled way by providing a platform so the operational processes are automated as much as possible

    platform operations
  • Providing fully automated tooling, reporting and recovery in the area of security and compliance of the cloud platform and the solutions it serves

    security operations
    capabilities
  • Developing leadership styles that are based on a validated mission and vision allowing for continuous innovation

    innovative leadership
  • Creating common ground for digital transformation and cloud transition

    change management
    building blocks
  • Achieving and monitoring the objectives of the cloud strategy, during and post transformation

    strategic value tracking
  • Identifying and maintaining active relations with those stakeholders who are likely to contribute to successful transformation

    stakeholder management
  • Maintaining an enterprise architecture that fully supports and contributes to the realisation of the objectives of the cloud strategy

    cloud focused enterprise architecture
    building blocks
  • Selecting and contracting cloud partners and suppliers that bring strategic value and positively impact the creation of value for the organisation and business

    partner selection & contracting
  • Facilitating and managing full alignment of the services provided by the different cloud partners and suppliers for the purpose of (cost) efficiency and integration

    partner alignment
    building blocks
  • Building, maintaining and sharing sufficient cloud knowledge in the organisation

    knowledge building & sharing
  • Ensuring sufficient cloud expertise through accessible and efficient cloud training and certifications

    learning paths
    building blocks
  • Initially setting up and continuously optimising the responsibilities, tasks, roles and positioning of the CCoE in the organisation and in relation to other organisational components

    CCoE formation & positioning
  • Adopting a way of working through which the CCoE enables the organisation to adapt to business needs and organisational changes

    way of working & mandate
  • Shaping and facilitating cloud talent acquisition and development

    career & incentive management
    building blocks
  • Initial design and implementation of a cloud platform (foundation) and landing zones that perform checks, offers guidelines and services to be used by (DevOps) teams

    platform design & build
  • Creating, managing and deploying re-usable reference architectures to be used to build solutions

    reference architectures
  • Ensuring that the platform and solution architectures used are consistent with the principles and guidelines laid down in the enterprise architecture

    enterprise architecture alignment
    building blocks
  • Creating and evangelising core values that are in line with vision, mission and change process

    core values & vision
  • Creating support for change in the formal and informal network of the organisation

    leadership of change
    building blocks
  • Creating new rituals and stories that strengthen and develop new behaviour towards cloud

    storytelling & rituals
  • Creating an environment feeding a continuous drive for optimisation and innovation

    continuous improvement

compliance & risk management

“Evaluating and adapting standards and control measures to support the balance between control and innovation”

overview

“In the cloud, a zero-trust approach can actually accelerate innovation”

Compliance and risk management is all about balancing ambition versus control. Ambition in this case translates to innovation. Teams need freedom to innovate, but laws, regulations and managing risks requires a measure of control. Freedom and control are at opposite ends of the spectrum. How do we strike a balance?

The risk appetite of the organisation must be weighed against the objective it’s trying to achieve. All within legal boundaries of course. From there, risks are managed through a control framework. Standards and regulations require controls on all levels: from geographical location and data centre management, to the use of protocol-versions, authentication and secrets management and encryption methods. Everything counts. 

The risks must be mapped out and mitigating measures put in place. The controls are necessary to ensure that things are done properly. It is imperative that the CISO continuously monitors whether the organisation is compliant and in control of the risks. 

Cloud is complex in this regard because of the shared responsibility model. The CCoE will help by working closely with the CISO, ensuring tools and methods to mitigate the impact of security incidents are in place and applied. For instance, recommended security measures are included in blueprints and automated deployments of services.

By adopting a zero-trust architecture risk assessment processes for solutions can be simplified, which will accelerate innovation significantly. 

The CCoE gives recommendations on the use of cloud native or third-party tooling to generate security assessments and reports. Reports and assessments are used to initiate corrective actions in cooperation with the DevOps teams and SecOps.

Strive for continuous compliance!

activities checklist

initial:

  • Determining applicable legislation, regulations and standards
  • Determining the appropriate control frameworks
  • Selecting policy compliance tooling
  • Configuring security & compliance controls as provided by the CSP
  • Developing with the CCOE a zero-trust architecture

recurring:

  • Formulating necessary measures, both technical and process-based
  • Tailoring the risk process to the level the zero-trust architecture has been implemented
  • Keeping track of relevant legislative changes and evaluating their impact
    Keeping track of relevant changes in standards and evaluating their impact
  • Assisting teams with assessing and solving security and  compliance reports (thereby continually increasing compliance scores)

cloud governance RASCI

cloud consultantsupporting
cloud architectconsulting
cloud security specialistresponsible
cloud developerinformed
cloud engineer
cloud analyst
product owner CCoE
management
cloud partnersconsulting
DevOps teaminformed
business stakeholderinformed
architecture
securityaccountable
finance
procurement