Overview > > >

Framework 2.0

    categories
  • Providing cloud strategy execution aligned with strategic business drivers, general IT strategy and sourcing strategy

    strategy
  • Involving the business in cloud transition, supporting them in adopting new cloud solutions to increase business value

    business
  • Facilitating an organisational structure that enables successful cloud use and building up necessary cloud knowledge and capabilities

    organisation
  • Designing, building and continuously improving the cloud platform (including landing zones, IAM, connectivity and integration) for the sole purpose of serving the business

    platform
  • Fostering a culture where innovativeness leads, people learn and adapt quickly, responsibility and autonomy are embraced, and business & IT work seamlessly

    culture
    capabilities
  • Maintaining a desired speed of cloud adoption and digital transformation according to the cloud strategy and KPIs

    cloud strategy execution
  • Realising the optimal mix of cloud services, products and suppliers according to cloud strategy

    strategic sourcing
    capabilities
  • Creating cooperation amongst DevOps and value teams, IT, and the various cloud stakeholders to automate processes, and spread knowledge and competences so that the CCoE becomes obsolete

    business support
  • Supporting the deployment, change management and policy compliance of applications, infrastructure and services using automation pipelines by autonomously operating business teams

    cloud solution management
  • Acquiring full control of the cloud services provided by the CCoE and those supplied by external services and suppliers

    cloud services & supplier management
    capabilities
  • Enhancing and embedding organisation wide cloud expertise, proactively and continuously, so that a CCoE is not needed anymore for that purpose

    knowledge management
  • Reorganising teams, mandates and responsibilities, the way of working within and amongst those teams, so that competences and talents are optimally used

    organisation development
    capabilities
  • Providing for an effective and efficient cloud platform that is designed according to the guidelines and principles which is flexible with a high level of self service opportunities

    platform development
  • Enabling the business to increase innovation in a controlled way by providing a platform so the operational processes are automated as much as possible

    platform operations
  • Providing fully automated tooling, reporting and recovery in the area of security and compliance of the cloud platform and the solutions it serves

    security operations
    capabilities
  • Developing leadership styles that are based on a validated mission and vision allowing for continuous innovation

    innovative leadership
  • Creating common ground for digital transformation and cloud transition

    change management
    building blocks
  • Achieving and monitoring the objectives of the cloud strategy, during and post transformation

    strategic value tracking
  • Identifying and maintaining active relations with those stakeholders who are likely to contribute to successful transformation

    stakeholder management
  • Maintaining an enterprise architecture that fully supports and contributes to the realisation of the objectives of the cloud strategy

    cloud focused enterprise architecture
    building blocks
  • Selecting and contracting cloud partners and suppliers that bring strategic value and positively impact the creation of value for the organisation and business

    partner selection & contracting
  • Facilitating and managing full alignment of the services provided by the different cloud partners and suppliers for the purpose of (cost) efficiency and integration

    partner alignment
    building blocks
  • Building, maintaining and sharing sufficient cloud knowledge in the organisation

    knowledge building & sharing
  • Ensuring sufficient cloud expertise through accessible and efficient cloud training and certifications

    learning paths
    building blocks
  • Initially setting up and continuously optimising the responsibilities, tasks, roles and positioning of the CCoE in the organisation and in relation to other organisational components

    CCoE formation & positioning
  • Adopting a way of working through which the CCoE enables the organisation to adapt to business needs and organisational changes

    way of working & mandate
  • Shaping and facilitating cloud talent acquisition and development

    career & incentive management
    building blocks
  • Initial design and implementation of a cloud platform (foundation) and landing zones that perform checks, offers guidelines and services to be used by (DevOps) teams

    platform design & build
  • Creating, managing and deploying re-usable reference architectures to be used to build solutions

    reference architectures
  • Ensuring that the platform and solution architectures used are consistent with the principles and guidelines laid down in the enterprise architecture

    enterprise architecture alignment
    building blocks
  • Creating and evangelising core values that are in line with vision, mission and change process

    core values & vision
  • Creating support for change in the formal and informal network of the organisation

    leadership of change
    building blocks
  • Creating new rituals and stories that strengthen and develop new behaviour towards cloud

    storytelling & rituals
  • Creating an environment feeding a continuous drive for optimisation and innovation

    continuous improvement

identity & access management

“Provisioning and managing access to the platform and other cloud services”

overview

To properly manage your corporate identities, keep everything centralised

Identity and access management is one of the most important areas to get a firm grip on the security of the IT infrastructure and application base.

When multiple cloud service providers are used, the challenge arises to keep user account management and access control manageable. Most organisations use a directory service, such as Microsoft (Azure) Active Directory, which may or may not be linked to a human resources system. Centralised management of user identities, service identities and role-based access control is important to implement and control policies in this area. The use of decentralised, decoupled identity and access management services makes management and control extremely difficult, for example regarding revoking usage rights or suspending login rights.

We also want to be able to use modern security techniques, including multi-factor authentication (MFA), risk-based access control and temporary rights elevation systems. We want to be able to integrate authentication and authorisation with external solutions and to let partners and third party's authentication systems integrate with our systems. And finally, we want to be able to automate user account provisioning and deprovisioning, automate role-based access rights and permissions, and automate the integration of identity and access management systems.

To do so, user and role management should be centralised. Single sign on to any resource should be mandatory. This can be realised using centralised directory services and IAM systems and, if applicable, third party identity brokers.

activities checklist

initial:

  • Setting clear IAM security standards and guidelines
  • Defining a strategy to work with privileged accounts
  • Automating security controls, such as MFA
  • Creating integration services and guidelines for external systems
  • Automating identity provisioning/deprovisioning
  • Automating RBAC and permissions
  • Defining and implementing a process to validate that “least privileged” principle is applied
  • Defining and implementing a process describing the tasks and responsibilities with regards to identity and access management

recurring:

  • Reviewing automatically generated messages about detected anomalies
  • Processing access change requests
  • Automating integration with third party systems
  • Automating SaaS user access control

cloud governance RASCI

cloud consultant
cloud architectresponsible
cloud security specialistresponsible
cloud developerinformed
cloud engineerinformed
cloud analystresponsible
product owner CCoE
management
cloud partnersconsulting
DevOps teaminformed
business stakeholderresponsible
architectureaccountable
securityresponsible
finance
procurement