A robust governance framework implements checks and balances to keep a lid on costs and enforces more responsible buying behaviour.


Running a business today is vastly different than it was even just a decade ago. Leaders must cope with far more complexity at all levels and across functions.

This change is the result of huge investment in digital technologies and services, the vast majority of which run in the cloud.

Cloud, by its very nature, is a dynamic patchwork of system interdependencies and connections. On the one hand, the model has made us smarter and more productive, and on the other, it has increased potential risks and points of failure.

Hybrid cloud – now the preferred environment, often combined with multi-cloud – streamlines many of the complexities. Instead of having to manage individual system components, IT leaders get quick access to a blend of tools and capabilities to work at a business service level rather than down in the so-called weeds of technology.

However, the diverse nature of hybrid cloud environments makes it challenging to track and manage all elements – even at the abstracted management layer. With different technologies, vendors, access points, and control levels, neglecting monitoring can have consequences. If you stop paying close attention to who’s using what, where, and when, you could end up paying a heavy price.

Responding to budget pressure

According to IDC, IT planners are under pressure to bring a sharper focus to cost management. They are using common measures to curb costs including dropping under-utilised IaaS resources, optimising their consumption, and eliminating duplicate resources and SaaS functionality.

IaaS stands for Infrastructure-as-a-Service. This is a cloud model that provides virtualised computing resources online, allowing organisations to scale their infrastructure without needing physical hardware.

Governance frameworks are helping IT leaders introduce checks and balances to keep a lid on costs, with sharper pressure to focus on cost management in the cloud. They are able to apply policies, processes, and tools to track and forecast costs, identify and eliminate unused or underutilised resources, and enforce policy compliance.

A robust governance framework can lower risk

A chief reason having a robust governance framework in place is important is to identify common risks and outlines policies to manage them. For example, consider the risk of budget overruns. The abundance of services and self-service options in the hybrid cloud invites overspending. A corresponding policy might stipulate that each cloud deployment or service consumed must be allocated to a cost centre with an approved budget and a mechanism to track spending.

Other cloud cost management risks
  • Underutilisation: This mainly relates to prepaid cloud services or fixed annual commitments to a specific service plan. There’s a risk that allocated services won’t be used, resulting in wasted investment. A policy to mitigate this risk could demand that teams in each cost centre conduct monthly reviews to gauge planned versus actual spending to determine a course action when these two measures diverge.
  • Overprovisioning: Retaining extra capacity for growth and unplanned events is widespread in legacy IT environments. Hybrid cloud’s inherent scalability eases requirements for maintaining surplus capacity. However, legacy thinking persists, as many businesses haven’t yet fully retired their on-premises IT. There are real risks that old practices artificially inflate cloud spending. A policy might demand that any asset deployed to the cloud must be tagged and monitored for capacity utilisation to ensure the governance team can instruct the workload owner to optimise overprovisioned assets.
  • Over-optimisation: Over-exuberant optimisation can undermine service levels necessary to maintain an acceptable user experience. A good policy will document and update any seasonal or event-driven peaks to steer future optimisation.

Putting a stake in the ground

Cost governance starts with sound information. You must know exactly what is being spent and where, simply because you can’t improve what you don’t measure. Doing this job involves analysis of business metrics and technical information, such as cost centres, platforms, applications, and projects. It’s a huge job, but the faster you can put hard measures on your cloud landscape, the better your policies become, and the easier they are to codify in your hybrid cloud strategy.

Cloud governance continues with continuous processes for management. Continuous cost control behaves very differently from the traditional month-on-month or quarterly legacy technology cost management. A robust governance framework is both backwards looking and forwards looking, tracking and predicting future state costs, and providing a foundation for creation of future budgets. Financial operations governance – using FinOps – involves maturity of lifecycle management of cloud resources and how they are deployed, showing it as one of the key drivers of operational process maturity.

Solid baseline data on services consumption and costs also make it easier to spot variable or uncharacteristic usage. From this position you can begin to adjust budgets, pre-buy compute when it makes sense, formalise spending agreements, and curtail unused or mysterious spending.

Other measures, such as sending bills to specific departments or project teams, encourage more responsible purchasing behaviour. People are far less likely to leave the engine running, so to speak, when they know it will come out of their budget.

And then there’s the business of detecting policy breaches and new risks as cloud usage develops and matures. Monitoring tools are essential, raising flags when activity exceeds a predetermined range or other policies. These systems can even drive programmatic actions, such as deactivating services.

How hybrid cloud helps optimise governance

For some organisations, hybrid cloud adoption has been more organic than a result of a strategic plan to maximize cloud investments. And that’s a problem.  They may have gone all in on public cloud, and then realised it is too hard or expensive to manage. Policies and processes to track and forecast costs, rebalance resources, and enforce compliance to policies, somehow, must be retrofitted to an existing IT architecture. It’s a bit like asking an architect to draw the plans for a house after it has been built.

But it can be done, and hybrid cloud providers like CCL are often asked to step into the fray to introduce policies and disciplines to address the consequences of uncoordinated cloud investments.

3 winning qualities IT leaders should look for in their hybrid cloud providers
  • Comprehensive optimisation and cloud data management capabilities for both public clouds and on-premises IT. This can include recommendation support for major virtual machines (VMs); container optimisation; and memory, CPU, disk, and network data capabilities.
  • Intelligent usage policy creation and enforcement that applies budgets and controls to users, projects, roles, and teams. This provides the ability to enforce budget violations and prevent additional consumption.
  • Flexible frameworks that allow both top-down and more distributed control. Groups and teams can decide their own policies and when to use them.

BTW: Learn how CCL’s hybrid cloud experts can help your business get the best from hybrid cloud. We’ll streamline workloads and data across cloud environments to keep you within budget and at the top of your game. Contact us now and one of our experts will show you the possibilities.

To delve deeper into this topic, please read “Navigating the Cloudy Business of Cost Management” and “Accelerating with Hybrid Cloud”.