Feel free to contact me if you want to hear more
A new cloud compliance concept makes it easier to turn a no into a yes
Under the name Fit for Cloud, Globeteam is launching a method and tool that qualifies companies’ decision to move IT to the cloud. The Cloud Compliance approach presents the risk ownership with a complete consequence analysis of upcoming digitalisation projects. In addition, the concept makes the risk assessment process operational to the IT department that is going to implement the security measures and to the compliance unit that will document the robustness of those same measures.
Compliance requirements can take the pace out of companies’ digital transformation process. Laws and standards can make digitalisation and the cloud migration of apps, solutions and services a difficult exercise. On top of the requirement to comply with a complex set of rules, there are also requirements regarding documentation of that same compliance.
These cumbersome workflows often mean that the top decision makers would rather err on the side of a ‘no’ when new digital projects are presented. Understandably enough. After all, it is responsibility of the board and management to deal with risks as they are presented to them. And if the overview presentation of risks associated with, for example, an upcoming cloud project, is not sufficiently nuanced it is the top decision makers’ responsibility to give it a thumbs down.
We have to do something about that automatic reaction.
Globeteam’s Cloud Compliance concept
This is why Globeteam is launching a new cloud compliance concept – Fit for Cloud – that in the simplest of terms is about adapting a collective perspective on the company’s wish to digitalise or use cloud resources. Because if compliance considerations are often the factor that delays or annuls a cloud migration, then compliance has to be the starting point for the pre-analysis that decides if a cloud project is possible or not.
In practise, this means that we break the compliance challenge up into separate elements based on specific business processes, wherein one or several systems are included. We put on our cloud compliance glasses and focus exclusively on which risks the cloud migration creates, which security measures can offset those risks, and which controls should be implemented to ensure compliance in the long term.
The method behind the analysis is centred around connections between workflows (roles), rules (standards, laws, policies, etc.) and the IT systems in use. All of these mappings of the collective business process work at the same time as documentation for the project that can be shown to internal and external stakeholders.
Collective overview of a business process
The model shows how all IT considerations in Globeteam’s cloud compliance concept are based on a specific business process. By identifying the roles, rules, applications and data that are included in the business process, an organisation can have a collective overview of the risks associated with, for example, moving a specific workflow to the cloud. Based on the desired risk appetite, the organisation can then construct the security measures and control mechanisms that will give the project a green light.
Cloud Compliance aids transparency and is a tool for dialogue
The Cloud Compliance concept works to ensure transparency across risk ownership, IT, law and the business. It fosters a common view on what it takes to move to the cloud, if indeed moving to the cloud is what the analysis concludes is best. The conclusion might well result in a debate on why it is necessary to maintain certain systems, data or business processes on the premises in order to maintain compliance. In that sense, Fit for Cloud also delivers input and a roadmap to the hybrid-cloud agenda, because it is business considerations and an assessment of the related risks that guides the work.
In addition to the transparency effect, Globeteam’s cloud compliance concept works as a tool for dialogue across the organisation. The result of the compliance analysis for a specific business process can be presented to the stakeholders in different formats, depending on who needs the information. With Fit for Cloud, the board, the management, the people responsible for the business, the lawyers and the people responsible for IT get a set of structured information in one single tool that is embedded in the same risk analysis, but that expresses information in a determined way of perceiving the risks. Some of it can be shown as diagrams and graphs, other parts can be displayed in an Excel sheet, and maybe elaborated upon as pure text in Word.
The right analysis in the right context in the right format can help smooth some of the well-known wrinkles when the business knocks on the door of IT, the law department and management with requests to accelerate the digital transformation process. When the prerequisites to invest in the modernisation of the system portfolio are documented clearly with a 360o overview of risks, security measures and control mechanisms, it creates calm and reduces the eternal compliance unrest at all levels.
How can Globeteam help you?
The process diagram below shows Globeteam’s method, where we move from business process to business process while mapping and analysing relevant risks connected with a digitalisation project. An analysis that also serves as documentation for the compliance related assessment and the necessary approaches to the solution. Globeteam covers the entire spectrum of services in the compliance concept, including business consultancy, strategy development, implementation and technical setup.
Globeteam’s consultants have many years of experience within management consultancy, IT strategy, security, governance and compliance. As a consultancy firm, one of our trademarks is the ability to combine a high business understanding with a deep technical knowledge. Based on a wide array of services, we build solutions that create specific business value.