Governance perspective: control and oversight - An Overview of the AWS Cloud Adoption Framework

Also available on Audible, Kindle, and as an eBook.

Governance perspective: control and oversight

The governance perspective focuses on orchestrating your cloud initiatives while maximizing organizational benefits and minimizing transformation-related risks. It comprises seven capabilities shown in the following figure. Common stakeholders include chief transformation officer, CIO, CTO, CFO, CDO, and CRO.

A diagram depicting the AWS CAF Governance perspective capabilities.

AWS CAF Governance perspective capabilities

  • Program and project management – Deliver interdependent cloud initiatives in a flexible and coordinated manner. Complex cross-functional cloud transformation initiatives require careful coordination, especially in more traditionally structured organizations. Program management is especially critical since many of these interdependencies only become obvious during delivery. Manage interdependencies by aligning multiple initiatives for optimized or integrated costs, schedule, effort, and benefits.

    Regularly validate your roadmap with your business sponsors and escalate any issues to the senior leadership in a timely fashion to drive accountability and transparency. Adopt an agile approach to minimize the need to make far-reaching predictions, instead, allowing you to learn from experience and adapt as you progress through your transformation journey. To help you respond to change, produce well-prioritized backlogs and structure your work in the form of epics and stories.

  • Benefits management – Ensure that the business benefits associated with your cloud investments are realized and sustained. The success of your transformation is determined by the resulting business benefits. Clear identification of the desired benefits upfront will allow you to prioritize your cloud investments and track transformation progress over time. Identify metrics, quantify desired benefits, and communicate to the relevant stakeholders. Align the timing and life-span of benefits with your strategic goals. Incorporate benefits delivery into a benefits realization roadmap. Regularly measure realized benefits, evaluate progress against the benefits realization roadmap, and adjust the expected benefits as required.

  • Risk management – Leverage cloud to lower your risk profile. Identify and quantify operational risks relating to infrastructure availability, reliability, performance, and security, and business risks relating to reputation, business continuity, and your ability to quickly respond to changing market conditions. Understand how cloud can help you reduce your risk profile and continue to iteratively identify and manage risk as part of your agile cadence. Consider leveraging cloud to reduce risks relating to infrastructure operation and failure. Reduce the need for large upfront infrastructure expenditures and reduce the risk of purchasing assets that may be no longer needed. Depending on the needs of your users, mitigate procurement schedule risks by leveraging cloud to instantly provision and deprovision resources.

  • Cloud financial managementPlan, measure, and optimize your cloud spend. Combine the ease of resource provisioning and agility benefits provided by cloud with financial accountability for your teams’ cloud spend. This helps ensure your teams continuously optimize their cloud workloads and use the best pricing models. Clarify financial roles and responsibilities as they pertain to cloud, and ensure that key stakeholders across your finance, business and technology organizations have a shared understanding of cloud costs. Evolve to a more dynamic forecasting and budgeting process, and identify cost variances and anomalies faster.

    Align your account structure and tagging strategy with how your organization and products map to the cloud. Structure your accounts and cost allocations tags to map your cloud resources to specific teams, projects, and business initiatives, and gain a granular view of your consumption patterns. Define cost categories to organize your cost and usage information using custom rules to simplify showback or chargeback. Use consolidated billing to help simplify cloud billing and realize volume discounts. Build guardrails to govern your cloud usage in a scalable manner and with minimal impact to agility.

    To avoid incurring technical debt, ensure your workloads are Well-Architected, and operated in the most cost-effective manner. Leverage demand-based and time-based dynamic provisioning to pay only for the resources you need. Reduce cloud costs by identifying and eliminating spend associated with idle or underutilized cloud resources.

    Centralize the management of on-premises and cloud software licenses to reduce license-related cost overages, reduce non-compliance, and avoid misreporting. Differentiate between licenses that are included with cloud resources and licenses that you own. Leverage rule-based controls on the consumption of licenses to set hard or soft limits on new and existing cloud deployments. Use dashboards to create visibility into license usage and accelerate vendor audits. Implement real-time alerts for non-compliance.

  • Application portfolio management – Manage and optimize your application portfolio in support of your business strategy. Applications underpin your business capabilities and link them to the associated resources. An accurate and complete application inventory will help you identify opportunities for rationalization, migration, and modernization. An effective application portfolio management capability will help you minimize application sprawl, facilitate application lifecycle planning, and ensure ongoing alignment with your cloud transformation strategy.

    Start with your most critical applications, define them in terms of the overarching business capabilities, and map them to the underpinning software products and associated resources. Build a complete picture of each application by sourcing data from related enterprise systems, such as enterprise architecture, IT service management (ITSM), and project and portfolio management. Identify key technology and business stakeholders (including application owners) and request them to periodically enrich and validate application metadata. Assess the health of your application portfolio on a regular basis with a view to maximizing the value that your organization derives from its application investments.

  • Data governance – Exercise authority and control over your data to meet stakeholder expectations. Your business processes and analytics capabilities depend on accurate, complete, timely, and relevant data. Define and assign key roles, including data owners, stewards, and custodians. Consider adopting a federated (data mesh) approach to governance. Specify standards, including data dictionaries, taxonomies, and business glossaries. Identify what datasets need to be referenced and model the relationships between reference data entities.

    Develop data lifecycle policies, and implement continuous compliance monitoring. Prioritize your data quality efforts in line with your strategic and operational data needs. Establish data quality standards: identify key quality attributes, business rules, metrics, and targets. Monitor data quality at every step of the data value chain. Identify root causes of data quality problems and improve relevant processes at the source. Implement data quality dashboards for critical data products.

  • Data curation – Collect, organize, access, and enrich metadata and use it to organize an inventory of data products in a Data Catalog. A Data Catalog can help facilitate data monetization and self-service analytics by helping data consumers quickly locate relevant data products as well as understand their context, such as provenance and quality.

    Identify lead curators with responsibility for moderating the Data Catalog. In line with your data monetization strategy, catalog key data products, including structured and unstructured data. Identify and capture relevant technical and business metadata, including lineage. Leverage standard ontologies, business glossaries, and automation (including machine learning) to tag, index, and auto-classify data. Augment with manual tagging as necessary and appropriately handle any personally identifiable information (PII). Consider crowdsourcing data enrichment through social curation. In other words, consider empowering data consumers to rate, review, and annotate data products.