SOLUTION WHITE PAPER. IT Business Management and Compliance Ensuring Cloud Governance



Similar documents
BMC Cloud Management Functional Architecture Guide TECHNICAL WHITE PAPER

Beyond Provisioning. Ongoing operations of an efficient cloud environment SOLUTION WHITE PAPER

The CMDB: The Brain Behind IT Business Value

Hybrid Cloud Delivery Managing Cloud Services from Request to Retirement SOLUTION WHITE PAPER

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER

BSM for IT Governance, Risk and Compliance: NERC CIP

BMC Asset Management SAP Integration

Cloud Lifecycle Management

Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER

Enterprise Cloud Management: Drive business value by balancing speed, cost and risk

Continuous IT Compliance: A Stepwise Approach to Effective Assurance BEST PRACTICES WHITE PAPER

Align IT Operations with Business Priorities SOLUTION WHITE PAPER

SOLUTION WHITE PAPER. Align Change and Incident Management with Business Priorities

8 Tips for Winning the IT Asset Management Challenge START

Next Generation Service Delivery: Fast Forward to Enterprise Cloud Computing

BEST PRACTICES WHITE PAPER. BMC BladeLogic Client Automation and Intel Core vpro Processors

Atrium Discovery for Storage. solution white paper

Reaching for the Clouds: Achieving the Business Benefits of Cloud Computing

SOLUTION WHITE PAPER. BMC Manages the Full Service Stack on Secure Multi-tenant Architecture

Reduce IT Costs by Simplifying and Improving Data Center Operations Management

Securing the Service Desk in the Cloud

Planning a Successful Cloud Strategy Identify existing assets, assess your business needs, and develop a technical and business plan for your cloud

Why you need an Automated Asset Management Solution

Effective End-to-End Enterprise Cloud Management

Simplify and Automate IT

Simplify and Automate IT

Solution White Paper Monetizing the Service Provider Cloud

Streamlining Service Request Processes: A Key to Business Success

SOLUTION WHITE PAPER. Building a flexible, intelligent cloud

CA Automation Suite for Data Centers

TECHNICAL WHITE PAPER. Accelerate UNIX-to-Linux Migration Programs with BMC Atrium Discovery and Dependency Mapping

The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution

Reduce Risk: Three Best Practices for Integrating Change and Compliance in the Data Center

Copyright 11/1/2010 BMC Software, Inc 1

Realizing the Value of Standardized and Automated Database Management SOLUTION WHITE PAPER

Superior Web Application Performance in the Cloud

Service Automation to implement and operate your Cloud initiatives

EMA Radar for Private Cloud Platforms: Q1 2013

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper

Meeting the Challenge of Service Request Management SOLUTION WHITE PAPER

Hybrid IT A Low-Risk Path from On-Premise to ITaaS

BMC Control-M Workload Automation

BMC BSM for PCI DSS Addressing PCI DSS File Integrity Monitoring SOLUTION WHITE PAPER

Three Asset Lifecycle Management Fundamentals for Optimizing Cloud and Hybrid Environments

ROUTES TO VALUE. Business Service Management: How fast can you get there?

Moving beyond Virtualization as you make your Cloud journey. David Angradi

BMC s Security Strategy for ITSM in the SaaS Environment

How to Improve Service Quality through Service Desk Consolidation

Understanding ITIL Service Portfolio Management and the Service Catalog. An approach for implementing effective service lifecycle management

Automated Disaster Recovery With BMC Atrium Orchestrator

Taking the Service Desk to the Next Level BEST PRACTICES WHITE PAPER

IBM Tivoli Endpoint Manager for Lifecycle Management

How To Monitor Hybrid It From A Hybrid Environment

IBM Tivoli Endpoint Manager for Lifecycle Management

How to Deliver Measurable Business Value with the Enterprise CMDB

BEST PRACTICES WHITE PAPER. Relieving the Pressure of Change in the Data Center

Business Service Management Cyril Gobrecht Business Solutions Manager Halim Belkhatir Regional Manager. 17 December 2008

Benefits of an ITIL Help Desk in the Cloud

TECHNICAL WHITE PAPER. Introducing BMC Control-M Self-Service

BMC Software s ITSM Solutions: Remedy ITSM & Service Desk Express SOLUTION WHITE PAPER

BMC BladeLogic Application Release Automation TECHNICAL WHITE PAPER

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?

Governance, Risk, and Compliance (GRC) White Paper

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

BMC ProactiveNet Performance Management: Delivering on the Promise of Predictive Control Across the Total IT Environment SOLUTION WHITE PAPER

Seven Steps to Getting a Handle on Software Licensing

Best Practice Operations Management for System Virtualization. A White Paper Prepared for BMC Software February 2007

ITIL, the CMS, and You BEST PRACTICES WHITE PAPER

IBM Software Integrated Service Management: Visibility. Control. Automation.

Extend the value of your service desk and integrate ITIL processes with IBM Tivoli Change and Configuration Management Database.

EXTEND YOUR FEDERATION ENTERPRISE HYBRID CLOUD SOLUTION

How to Build a Service Management Hub for Digital Service Innovation

Cloud Services Catalog with Epsilon

Increase Business Intelligence Infrastructure Responsiveness and Reliability Using IT Automation

Maximize the synergies between ITIL and DevOps

BIGFIX. BigFix and configuration management database solutions

Dynamic Service Desk. Unified IT Management. Solution Overview

The Top Ten Business Service Management Principles

Four Steps to Faster, Better Application Dependency Mapping

CA Configuration Management Database (CMDB)

CA Configuration Automation

SOLUTION WHITE PAPER. Managing AWS. Using BMC Cloud Management solutions to enhance agility with control

SOLUTION WHITE PAPER

Data Management Emerging Trends. Sourabh Mukherjee Data Management Practice Head, India Accenture

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

Predictive Intelligence: Identify Future Problems and Prevent Them from Happening BEST PRACTICES WHITE PAPER

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Kenandy TM Cloud ERP White Paper. Kenandy Cloud ERP Overview

EMC Storage Monitoring

TECHNICAL WHITE PAPER. Monitoring Cisco Hardware with Sentry Software Monitoring for BMC ProactiveNet Performance Management

IBM Tivoli Netcool network management solutions for enterprise

Accenture Cloud Enterprise Services

BMC Remedy IT Service Management Suite

MAXIMIZING VALUE FROM SAP WITH SUPPLY CHAIN COLLABORATION IN A SOFTWARE-AS-A-SERVICE MODEL. An E2open White Paper. Contents.

IBM Tivoli Netcool Configuration Manager

IBM Maximo Asset Management for IT

VMware's Cloud Management Platform Simplifies and Automates Operations of Heterogeneous Environments and Hybrid Clouds

how can you shift from managing technology to driving new and innovative business services?

Transcription:

SOLUTION WHITE PAPER IT Business Management and Compliance Ensuring Cloud Governance

Contents EXECUTIVE SUMMARY 1 THE ROLE OF GOVERNANCE AND COMPLIANCE IN THE CLOUD 2 IT PROCESS INTEGRATION 2 CONTINOUS COMPLIANCE 2 FINANCIAL MANAGEMENT 3 SUMMARY 4

Cloud Governance and Compliance Benefits Align business metrics with IT operations Extend existing operational best practices to the cloud Ensure responsible compliant operations Maintain tight fiscal controls and transparency Maeve looks at the numbers again on the screen in front of her. As head of IT for the city hospital, she is charged with the security of all the hospital medical records, as well as with ensuring that they remain HIPAA compliant. However, with more and more records going digital (and getting updated daily), she is running out of storage space. In looking more closely, she realizes that the cardiac surgery department is taking up much more space than other comparably sized departments and she wonders why. Maeve would like to shift some of the records to the cloud to save money, but she s worried about security and compliance. Furthermore, she isn t even sure if some of the records still need to be stored. She needs to decide what to do and fairly quickly so the hospital can continue to run smoothly. EXECUTIVE SUMMARY The cloudification of workloads will require the integration of traditional IT governance best practices, such as compliance and chargeback, into the cloud environment. Therefore, in order to govern the cloud for business excellence, IT must implement the cloud with asset and incident management, compliance, and transparent financial management. By doing all of these things, IT is well on its way to responsible, compliant operations with tight fiscal controls and transparency. As a result, IT can benefit from economies of scale, lower individual usage costs, and centralize infrastructure costs, while also extending or improving current governance capabilities. In a cloud model, users pay for what they consume, increase or decrease their usage (as needed), and benefit from shared underlying resources in a policy-compliant construct that provides visibility into actual costs and provides chargeback. Cloud governance is made up of three primary steps: IT process integration In order to govern your cloud effectively, your IT processes should be fully integrated to ensure the extension of existing corporate governance processes into the cloud. This can be achieved through enforcing license compliance, federating your CMDB, and enabling incident and problem management. Continuous compliance Depending on your industry, you may have to meet different compliance standards, such as HIPAA (for healthcare) or PCI (for credit card retail sales). To protect your business, you will need to guarantee regulatory, operational, and security compliance by enforcing standards, auditing to ensure those standards have been met, and integrating change management to facilitate smooth and compliant transitions. Financial management The ability to track the realized cost/benefit of migrating traditional workloads to the cloud will require the integration of IT financial management into the environment. As a result, you can provide financial transparency for your cloud by enabling showback or chargeback, utilizing usage accounting, and actively managing your suppliers. 1

THE ROLE OF GOVERNANCE AND COMPLIANCE IN THE CLOUD IT PROCESS INTEGRATION Occasionally, software vendors will come and audit your usage to make sure that what you are paying for and what you are actually using match accordingly, especially with per-seat or concurrent-user licenses. Therefore, as your cloud matures, you must track your license usage, historical peaks and valleys, and current usage on certain (if not all) software products to avoid penalties and failed audits. When usage goes above thresholds, it should trigger certain true-up events, and refuse to provision a certain license (pending approval/true-up in certain cases). The best way to do this is by keeping track of software license utilization, managing changes across environments, and logging those changes in a configuration management database (CMDB). This CMDB is meant to be the central source of truth for the organization, storing all the configurations and services delivered by IT. With multiple CMDBs, such as one for a physical environment, one for a virtual environment, and one for a cloud, there is no single source of truth. If a change, such as a patch, has to happen to multiple environments, then each environment has to be searched independently. There are two ways to establish a single source of truth: (1) Simply integrate everything to point back to the central CMDB or (2) Federate the separate CMDBs. As your environment grows and the sheer volume and diversity of your IT environment increases federation is the recommended approach. With federation, you need not move all data into your single CMDB. Rather, a primary CMDB can be queried, and, through federation, it will reach out to the secondary CMDBs to respond to the query. You then can ask the single CMDB a question and get a holistic answer about your entire environment, including incident and problem management. If an incident does happen, a record of what it was, how it was handled, and the outcome of the problem will be documented and auditable. Key steps to IT process integration include: Federate your CMDB Enforce license compliance Track, manage, and report on incident and problem management With the BMC Remedy IT Service Management Suite, including the BMC Atrium CMDB, you can effectively track assets and license utilization in the cloud. CONTINOUS COMPLIANCE Cloud computing gives you the freedom to choose the right mix of internally and externally provided services that best meet your business requirements. Before you send a service to a public cloud, however, you must consider the compliance requirements associated with that service. Although at first glance, it may appear that you should just say no to outsourcing any service that is under regulatory compliance, this approach limits your flexibility in creating the optimum combination of internal and external services. Keep in mind that public cloud providers are continually improving their security and compliance capabilities, making it feasible to offload more services to the public cloud. If you keep your options open, you will be able to take advantage of additional opportunities in the public cloud as they emerge. [Please note: Regardless of whether you are in the healthcare, finance, retail, or any other industry, you must make sure your organization meets the regulatory, operational, and security gold standards established for compliance in your industry.] 2

Both IT and the businesses it supports feel the acute pain of service disruptions resulting from problematic changes, and both constantly worry about the accuracy and impact of changes not knowing whether a change will disrupt service, impact the quality of the service, or result in non-compliance. The ability to keep pace with changes as they come in, the pain of manual processes, and a lack of confidence in up-to-date documentation are all concerns to both IT and the business. In a cloud infrastructure, it s even harder to convince yourself that you ve checked all the boxes and dotted all the i(s). That s why automation is so important as well as closed-loop compliance on both configuration and regulatory policies. Manual and disconnected processes add to the risk of errors, non-compliance, and delays, resulting in a drain on both staff and budget resources. To minimize these risks, you need automated solutions that integrate across organizational silos, processes, and tools to manage the entire change and release process from initiation to validation. Key steps to continuous compliance include: Enforce regulatory, operational, and security compliance Facilitate auditing Integrate change management BMC delivers change and release management solutions that control who can make a change, how that change is approved, when it is deployed, and whether it was successful all according to policy. Our solutions automate change controls, process orchestration, and change execution, including handoffs across silos, with a level of integration unmatched in the industry. BMC Cloud Lifecycle Management will help you provide compliance through BMC BladeLogic Automation solutions, while also managing your cloud environment through a policy-based Service Governor. Similarly, BMC Remedy IT Service Management Suite will track and verify all changes to the cloud environment and individual cloud services. FINANCIAL MANAGEMENT One of the many benefits of a cloud is that you can track consumption of resources and assign a cost to that consumption. At the same time, cloud resources are, by nature, variable. Although hardware resources are reasonably easy to track, network resources are less so, and software resources are downright tricky. IT organizations benefit from alignment of business metrics with IT operations, enabling users to factor in financial information into their cloud decision-making. Through showback or chargeback, you can send each business unit a report of their monthly consumption. True chargeback involves inputting consumption and cost calculations into your organization s financial systems. Cloud resources must be ready and waiting for new requests to come in. That means services, hardware, and software need to be procured in advance of the end consumer or user buying it. So, the flow of payments to IT has shifted. Historically, IT bought services, hardware, and software to support funded projects. With the increased proliferation of cloud computing, however, IT now buys services, hardware, and software before they even know what projects are coming. In order to track what resources are currently being utilized and project what resources may be needed in the future monitoring and accounting for usage can provide key pieces of information. An additional financial consideration is the overhead of supplier management. Suppliers may be providing infrastructure as a service (IaaS), software as a service (Saas), platform as a service (PaaS), solution as a service, or simply computing or network capacity and the people required to manage it. Closely accounting for what is being purchased and by whom provides financial transparency and fiscal control to your organization. 3

Key steps to financial management include: Enable billing via showback and chargeback Drive usage accounting Actively manage suppliers BMC provides the industry s only truly integrated approach to managing the business of IT. Built on a comprehensive data model that captures the interdependencies among IT functions, the solution bridges the silos of information across demand, supply, resources, financials, and risk to provide a single system of record for visibility, coordination, and control of IT. SUMMARY BMC is helping organizations govern their cloud environments today. Through cloud governance and compliance, the business challenges of cloud from compliance to costing IT are addressed. With robust offerings in configuration compliance, regulatory compliance, and chargeback and financial management, BMC can help you provide good governance for applications and services moved to the cloud, infusing the tenets of Business Service Management throughout the cloud environment. To learn more, please visit www.bmc.com/cloud. BUSINESS RUNS ON I.T. I.T. RUNS ON BMC SOFTWARE. Business thrives when IT runs smarter, faster and stronger. That s why the most demanding IT organizations in the world rely on BMC Software across distributed, mainframe, virtual and cloud environments. Recognized as the leader in Business Service Management, BMC offers a comprehensive approach and unified platform that helps IT organizations cut cost, reduce risk and drive business profit. For the four fiscal quarters ended December 31, 2010, BMC revenue was approximately $2 billion. *202781* BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other BMC trademarks, service marks, and logos may be registered or pending registration in the U.S. or in other countries. AIX and IBM are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. Solaris is a trademark or registered trademark of Oracle Corporation. All other trademarks or registered trademarks are the property of their respective owners. 2011 BMC Software, Inc. All rights reserved. 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information