您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

为云准备企业 IT 策略Prepare corporate IT policy for the cloud

云治理是随着时间的推移持续采用工作带来的产物,因为真正持久的转换不会在一夜之间发生。Cloud governance is the product of an ongoing adoption effort over time, as a true lasting transformation doesn't happen overnight. 在处理关键公司策略更改之前,试图使用快速进取的方法来实现完整的云治理很少会产生期望的结果。Attempting to deliver complete cloud governance before addressing key corporate policy changes using a fast aggressive method seldom produces the desired results. 相反,我们建议采用增量的方法。Instead we recommend an incremental approach.

我们的云采用框架的不同之处在于购买周期以及如何实现真正的转型。What is different about our Cloud Adoption Framework is the purchasing cycle and how it can enable authentic transformation. 由于没有大的资本支出请购要求,工程师可以更快地开始试验和采用。Since there is not a big capital expenditure acquisition requirement, engineers can begin experimentation and adoption sooner. 在大多数企业文化中,消除对采用的资本支出障碍可能会产生更紧密的反馈循环、有机增长和增量执行。In most corporate cultures, elimination of the capital expense barrier to adoption can lead to tighter feedback loops, organic growth, and incremental execution.

向云采用转变需要进行治理转变。The shift to cloud adoption requires a shift in governance. 在许多组织中,企业策略转换允许通过增量策略更改并自动化执行这些更改来改进治理和提高遵从率,由你与云服务提供商配置的新定义功能提供支持。In many organizations, corporate policy transformation allows for improved governance and higher rates of adherence through incremental policy changes and automated enforcement of those changes, powered by newly defined capabilities that you configure with your cloud service provider.

本文概述了可以帮助你调整公司策略以启用扩展治理模型的关键活动。This article outlines key activities that can help you shape your corporate policies to enable an expanded governance model.

定义公司策略以完善云治理Define corporate policy to mature cloud governance

在传统治理和增量治理中,公司策略创建了治理的工作定义。In traditional governance and incremental governance, corporate policy creates the working definition of governance. 大多数 IT 治理操作都寻求通过技术来监视、执行、操作和自动化这些公司策略。Most IT governance actions seek to implement technology to monitor, enforce, operate, and automate those corporate policies. 云治理也是基于类似的概念构建而成。Cloud governance is built on similar concepts.

公司治理和治理规则 图 1:公司治理和治理规则。Corporate governance and governance disciplines Figure 1: Corporate governance and governance disciplines.

上图演示了业务风险、策略和符合性之间的交互,以及对公司策略创建的监控和执行。The image above demonstrates the interactions between business risk, policy and compliance, and monitor and enforce to create a governance strategy. 然后按照五大云治理规则来实现策略。Followed by the Five Disciplines of Cloud Governance to realize your strategy.

评审现有策略Review existing policies

在上图中,治理策略(风险、策略和符合性、监控和执行)从识别业务风险开始。In the image above, the governance strategy (risk, policy and compliance, monitor and enforce) starts with recognizing business risks. 了解云中的业务风险变化是创建持久云治理策略的第一步。Understanding how business risk changes in the cloud is the first step to creating a lasting cloud governance strategy. 与业务部门合作,准确衡量业务对风险的容忍度,帮助你了解需要修正什么级别的风险。Working with your business units to gain an accurate gauge of the business's tolerance for risk, helps you understand what level of risks need to be remediated. 理解新的风险和可接受的容忍度,有助于对现有策略的评审,从而确定适合组织的治理级别。Your understanding of new risks and acceptable tolerance can fuel a review of existing policies, in order to determine the required level of governance that is appropriate for your organization.

提示

如果你的组织受第三方合规性约束,则要考虑的最大业务风险之一可能是法规合规性的遵守问题。If your organization is governed by third-party compliance, one of the biggest business risks to consider may be a risk of adherence to regulatory compliance. 这种风险通常无法修正,而可能需要严格遵守。This risk often cannot be remediated, and instead may require a strict adherence. 在开始策略评审之前,请务必了解第三方合规性要求。Be sure to understand your third-party compliance requirements before beginning a policy review.

云治理的增量方法An incremental approach to cloud governance

云治理的增量方法认为超过企业对风险的容忍度是不可接受的。An incremental approach to cloud governance assumes that it's unacceptable to exceed the business's tolerance for risk. 相反,它假定治理的角色是加速业务更改、帮助工程师理解体系结构指导原则,并确保定期传达和修正业务风险Instead, it assumes that the role of governance is to accelerate business change, help engineers understand architecture guidelines, and ensure that business risks are regularly communicated and remediated. 或者,治理的传统角色可能成为工程师或整体业务采用的障碍。Alternatively, the traditional role of governance can become a barrier to adoption by engineers or by the business as a whole.

对于云治理的增量方法,在构建新业务解决方案的团队和保护业务避免风险影响的团队之间,有时会存在不可避免的摩擦。With an incremental approach to cloud governance, there is sometimes a natural friction between teams building new business solutions and teams protecting the business from risks. 在这个模型中,这两个团队可以在增量或冲刺 (sprint) 工作方式中成为合作伙伴。In this model, those two teams can become peers working in increments or sprints. 作为合作伙伴,云治理团队和云采用团队开始协同工作,以发现、评估和修正业务风险。As peers, the cloud governance team and the cloud adoption teams begin to work together to expose, evaluate, and remediate business risks. 这项工作可以创建一种减少摩擦并在团队之间建立协作的自然方法。This effort can create a natural means of reducing friction and building collaboration between teams.

策略的最小可行性产品 (MVP)Minimum viable product (MVP) for policy

在云治理和采用团队之间建立合作伙伴关系的第一步是就策略 MVP 达成协议。The first step in an emerging partnership between your cloud governance and adoption teams is an agreement regarding the policy MVP. 云治理的 MVP 应认识到,起初业务风险很小,但随着时间的推移,组织会采用更多的云服务,业务风险可能会增加。Your MVP for cloud governance should acknowledge that business risks are small in the beginning, but will likely grow as your organization adopts more cloud services over time.

例如,对于部署五个不包含任何高业务影响 (HBI) 数据的 VM 的企业来说,业务风险很小。For example, the business risk is small for a business deploying five VMs that don't contain any high business impact (HBI) data. 在云采用过程的后期,当 VM 数量达到 1,000 时,企业将开始移动 HBI 数据,企业风险随之增加。Later in the cloud adoption process, when the number reaches 1,000 VMs and the business is starting to move HBI data, the business risk grows.

策略 MVP 尝试为部署前 x 个 VM 或前 x 个应用程序所需的策略定义必需的基础,其中 x 是采用的一个小而有意义的单位数量 。Policy MVP attempts to define a required foundation for policies needed to deploy the first x VMs or the first x number of applications, where x is a small yet meaningful quantity of the units being adopted. 该策略集需要的约束条件不多,但包含从一个工作增量云采用快速增长到下一个工作增量所需的基本方面。This policy set requires few constraints, but would contain the foundational aspects needed to quickly grow from one incremental cloud adoption effort to the next. 通过增量策略的发展,该治理策略将会随着时间的推移而增长。Through incremental policy development, this governance strategy would grow over time. 通过缓慢而微妙的转变,策略 MVP 将成长为与策略评审工作结果相同的功能。Through slow subtle shifts, the policy MVP would grow into feature parity with the outputs of the policy review exercise.

增量策略增长Incremental policy growth

增量策略增长是策略和云治理不断增长的关键机制。Incremental policy growth is the key mechanism to growing policy and cloud governance over time. 它也是采用增量模型进行治理的关键要求。It's also the key requirement to adopting an incremental model to governance. 为了使该模型有效工作,治理团队必须在每个冲刺 (sprint) 中全力投入持续时间,以评估和实现不断变化的治理规则。For this model to work well, the governance team must be committed to an ongoing allocation of time at each sprint, in order to evaluate and implement changing governance disciplines.

冲刺 (sprint) 时间要求:在每次迭代开始时,每个云采用团队都会创建一个要在当前增量中进行迁移或采用的资产列表。Sprint time requirements: At the beginning of each iteration, each cloud adoption team creates a list of assets to be migrated or adopted in the current increment. 云治理团队应该有足够的时间来评审列表,验证资产的数据分类,评估与每个资产相关的任何新风险,更新体系结构指导原则,并对团队进行变更方面的培训。The cloud governance team is expected to allow sufficient time to review the list, validate data classifications for assets, evaluate any new risks associated with each asset, update architecture guidelines, and educate the team on the changes. 这些承诺通常在每个冲刺 (sprint) 中需要 10 到 30 小时。These commitments commonly require 10-30 hours per sprint. 这种级别的参与还需要至少一名专门的员工来管理大型云采用工作中的治理。It's also expected for this level of involvement to require at least one dedicated employee to manage governance in a large cloud adoption effort.

发布时间要求: 在每次发布开始时,云采用团队和云策略团队应优先考虑在当前迭代中迁移的应用程序或工作负荷列表,以及任何业务更改活动。Release time requirements: At the beginning of each release, the cloud adoption teams and the cloud strategy team should prioritize a list of applications or workloads to be migrated in the current iteration, along with any business change activities. 这些数据点可让云治理团队尽早了解新的业务风险。Those data points allow the cloud governance team to understand new business risks early. 这样使得团队有时间根据业务进行调整,并评估业务对风险的容忍度。That allows time to align with the business and gauge the business's tolerance for risk.

后续步骤Next steps

有效的云治理策略始于了解业务风险。Effective cloud governance strategy begins with understanding business risk.