Professional Documents
Culture Documents
Address:
Business Contact Name:
Email
Phone #
Instructions
#
1
2
3
4
5
#
1
2
3
4
5
This self-assessment is designed to enable you to identify what are the outcomes that are necessary in 25 key domains to
achieve the desired capability of your IT operational model transformation to support a journey to cloud implementation.
On the following page you will find 25 domains of questions in four main categories with descriptions of the capability at
each level of the maturity model.
How to complete the assessment
1. Define your Business and IT Goals (on this page)
2. Define the Cloud Value proposition desired state description & time frame for implementation
3. Define Cloud Service Capability desired state description & time frame for implementation
4. Complete the analysis page and evaluate each question and:
• Rank your current state in the current state column
• Rank your future state requirement in the future state column based on the capability you wish to achieve in your IT
operational model Transformation/cloud implementation and your business and IT goals.
• Identify which business goals and IT goals are contributed to by the transformation of the question
• Rank the contribution to the desired cloud capability Value Proposition Rating (rate each in importance using numbers 1
to 5 (1 = most important, 5 = least important)
• Identify the urgency to achieve the transformation (1-5). Urgency Rating (rate each in importance using numbers 1 to 5
(1 = Least important, 5 = Most important) Consider this as timeframe measure
5 = 6 months
4 = 12 months
3 = 18 months
2 = 24 months
1 = Greater than 24 months
Your results will be tabulated and presented in a radar chart at the bottom of the page. These results can help you then to
identify the projects that should be done to help you achieve your desired capability. The current questionnaire ratings are
place holders and need to be erased before you add your information
Business Goals
Business IT Goals
Acronyms
2. Identify stakeholders: Based on the identified Use Cases, the next step
would be to identify interested, impacted and participating parties for each
domain, pertinent to the important Use Case.
5. Consolidate results: Review the results of the analysis in context with what
is a probable desired state, and consider the real impacts and priorities of
any gaps / changes required per domain. Also consider which frameworks,
standards, tools or methods would best be applied to help close the defined
gaps for each domain.
6. Identify gaps between current and target maturity levels, and develop
closure actions: Based on the result of the analysis per selected domain, create
a practical implementation plan of change actions (from the previous step) that
groups and synchronizes any changes and actions into logical bundles. This
should result in a project plan of some sort.
Activities
Define the target scope, including for example:
· overall intended scope and objectives for cloud services
· specific target use cases required, & the enabling cloud service models
· select the domains relevant to each use case
· identify the target CMM levels (per use case)
· specify the timeline and milestones per use case / quality gates
· basic conditions and project risks
Identify relevant stakeholders and personnel to interview
Conduct interviews
Consolidate Barriers
· Gap closure plan between current and target Maturity Levels
Interview schedule: Based on the selected Use Case/s, relevant Domains are selected, and the
appropriate stakeholders for each domain can be identified. This schedule should list the stakeholders
to be interviewed, as well as listing what information needs to be obtained from each one.
Resulting Preparation: The following documents would normally be created in preparation for the
analysis:
1. A list of questions and possible outcomes per domain, specifically appropriate to the
selected Use Case/s, compiled into a single “audit” document
2. A short slide overview to introduce the stakeholders to the audit, providing objectives for
the audit, timeline, and setting feedback expectations
3. A statement of the desired target state per domain, based on executive management
inputs, against which current state will be audited
Resulting documentation: Produce a Pareto chart of barriers and identify the most common barriers
that will need to be eliminated
Resulting documentation: The following documents would normally be outputs of the analysis:
1. Statement of Current State of the selected domains, and any key problems identified
that may prevent achievement of the selected Use Case/s and enterprise objectives
Roadmap for maturity level achievement / Hybrid IT establishment:
Define a set of steps needed to move each domain from current state to target state, including
suggested reference models, recommended frameworks and standards, as well as actions needed in the
process and people layers per domain.
Produce a logical grouping of actions across the involved domains to increase project efficiency, simplify
the tasks overall, and maximize sharing/single efforts at once between domains.
Resulting Report: The following documents are suggested outputs of the analysis and Hybrid IT
Roadmap:
1. Written gap Analysis between Current and Target State, per domain, including impacts of
the gap, and recommended frameworks/standards/models to incorporate to close the gaps,
with a benefit summary of each. (This represents the Roadmap to Hybrid IT enablement at the
required levels)
2. A draft project plan for closing the gaps, with timing and logical grouping of activities
3. An executive management overview presentation showing what needs to change and
what the resource requirements may be to achieve it in the desired timeline, mapped to the
overall resulting benefits.
Radar Chart
27. AI 6. Compliance
0.5
26. Network 7. Governance & Controls
0
24. IaaS 9. Procurement
Skills
6. Compliance
8. Business Process
9. Procurement
10. Commercial
12. Projects
nagement
Domain Descriptions
Domain
Finance Domain
Culture Domain
Structure Domain
Skills Domain
Compliance Domain
Procurement Domain
Commercial Domain
Commercial Domain
Projects Domain
Technical Base Domain
IT Applications Domain
Architecture Domain
DevOps Domain
DevOps Domain
Security Domain
IaaS Domain
PaaS Domain
STaaS Domain
SaaS Domain
IPaaS Domain
Data Domain
Network Domain
AI Domain
IOT Domain
Mobility Domain
API Domain
The overall goal is to make use of API's easy, cost effective, secure, and sustainable to allow organizations to drive value from the API's they use
2
3
4
6
7
10
11
12
1
2
3
4
5
6
7
8
9
Describe what you want to achieve by implementing this solution. Some categories of business value are:
• Improve efficient use of Infrastructure resources,
• Increase velocity of Infrastructure, platform and application provisioning time,
• Support flexible and rapid capacity supply,
• Improve overall quality of service
Describes business enablement capability you wish to support such as the Democratization of IT
The ability to dynamically manage production workloads with a combination of traditional and cloud native applicati
associated middleware and infrastructure, providing geographic redundancy while maintaining SLA’s for a peak busi
event; utilizing internal on-premises, two or more public or community cloud providers
Check of the Service portfolio and capability you wish to support by your cloud
implementation
Infrastructure as a Service
Physical Server Provisioning (bare metal)
RHEL 6.3 Application Server(Virtual Machine with Vanilla OS)
Windows 2008 R2 SP1 Application Server
Windows 2012 & Windows 2012R2(Virtual Machine with Vanilla OS)
OpenStack Distro (Helion OpenStack)
Create/delete & configure load balancers
Object Storage
Block Storage
File Storage
Hypervisor Support
VMware ESX
KVM
Hyper-V
Integration Platform as a Service
Informatica
Dell Boomi
Mulesoft
SAP
SnapLogic
IBM
Platform as a Service
IIS 8.0 on WIN2012 R2
Apache 2.2 on RHEL 6.0
Tomcat
JBoss
Window Azure
Amazon Web Services
Cloud Foundry (Helion Development Platform)
Docker container
Database as a Service
Oracle
MS-SQL
Cassandra
MongoDB
Maria
Software as a Service
Sales Force.Com
Force.com
Workday
Etc.
Storage as a Service
Elastic Object storage
Elastic Block storage
Elastic File storage
Off-premises "Dropbox" services
One location for all data across the enterprise using a global file system
Ability to sync files across any device, PC, server
Backup services for applications, services and PCs
Data Archiving services
Deduplication services
Record Retention Management services
Data Encryption at rest and in transit
Application Ecosystem Provisioning
Ability to provision complete 3-tier application/infrastructure/platform/database/network in
one provisioning activity
Management Services
Replication service
Identify Barriers:
1
2
3
4
5
6
Consolidate Barriers:
1
2
3
4
5
6
7
8
9
10
11
12
13
Resulting documentation:
When planning a roadmap to enable Hybrid IT, the experienced analyst also considers which barriers they will have to overcom
few common ones in this area, which should be considered per domain, during the analysis:
Do Cloud Skills Exist
Are there unique applications in the environment that inhibit cloud use
Is there a perception of "entitlement"
Are there Union driven Job Classifications
Does leadership provide a Mandate to move to Cloud
Is there a compensation scheme supporting Cloud Adoption
The process of consolidating barriers into a Pareto chart requires the assessor to make a judgment call on the unstructured co
collected into categories. Here is a list of common categories of barriers. This is a starting point. You may find very unique cate
enterprise when doing the assessment
Process design, ownership (accountability), or handoff (inter-process accountability) problem
Management or Measurement system problem
Policy, rule, value or belief conflict
Job description, skills or organizational problem
Information system: Application System is inadequate, or nonexistent
Information System: Data is not collected or available
Information system: Infrastructure is inadequate, or nonexistent
Information system: Service or Service Levels inadequate, or nonexistent
Physical layout or location problem
Service Delivery technology problem
Corporate culture issue
IT Governance
Lack of leadership problem
Produce a Pareto chart of barriers and identify the most common barriers that will need to be eliminated.
For each of these, a solution/project will need to be included in the Hybrid IT transformation plan considering the leveraging o
culture, structure, and business strategy.
Cost /Benefit Summary Page
Content acknowledgement: several of the categories of benefits and costs are taken from the ISACA whitepaper: Cal
Benefits
Tangible Description
1
Capex Cost reduction: Computing cost is shifted from a capital
expenditure to an operational cost because the cloud provider
supplies the underlying infrastructure as part of the service bundle.
In addition, the cloud promises a cost reduction in the following
areas:
• Hardware costs
• Application software (SaaS only)
• Licensing purchase and maintenance
• Technical support and user support
• Hosting (physical building, power, cooling, etc.)
2 Opex Cost Reduction/Transformation: Reduction in Maintenance,
administration and support costs
• Labor—IT system administration hours/headcount MAC
• Maintenance (upgrades, updates, patches, etc. Provisioning.)
• Labor- Provision labour for infrastructure
• Labor- Provision labour for platform
• Labor- Provision labour for patch management
3
Enhanced productivity (change of maintenance to innovation
ratio): User mobility and ubiquitous access can increase
productivity. Collaborative applications increase productivity and
reduce rework however you need labour to accomplish this. By
moving to cloud approach the Maintenance to Innovation ratio of
labour changes and more time is available for innovation projects
4
Optimized resource utilization: Enterprises use only the computing
resources they need, thus reducing system idle time waste.
Supports seasonal or peak/event capacity demand
5
Improved security/compliance: Public Cloud providers may offer
robust security controls as a market differentiation. However it
depends on the security service level that is purchased from the
cloud provider
6
Access to skills and capabilities: Public cloud customers benefit from
top-notch skills and capabilities while avoiding employment costs
(recruiting, salary, benefits, training, etc.).
7
Access to the best applications: Application providers are now bring
the best features to the cloud version applications first. Some
applications are only available as SaaS
8
Access to complex applications such as Big Data tools: that would
require extensive infrastructure and application and skilled labour
costs
9 Scalability On-demand provisioning or computing resources:
eliminate some of the cost of capacity planning.
10 Agility: Agility contributes to cost reduction and productivity
enhancement due to faster provisioning of systems:
• Faster application deployment (SaaS)
• Faster application development/testing (PaaS)
11
Customer satisfaction: Effective utilization of cloud applications can
increase collaboration between the enterprise and its customers or
reduce response time to customer inquiries.
12
Reliability: Cloud providers have redundant sites that can address
business continuity and disaster recovery in a more efficient
manner.
13 Availability: Cloud Providers can now guarantee 7x24 availability
14
Costs
Upfront costs (Public or Private Cloud)
1
Technical readiness: Some investment in bandwidth may be
necessary to accommodate the new demand for network/Internet
access. Other
2 Infrastructure components: may need to be upgraded to integrate
with cloud services.
3 Security Gateway: many need to be integrated to support SaaS
Integrated Data stores: may be required if data residency policy
require that data cannot leave a company's data centre
4 Implementation Professional services: may be needed for
managing the transition to the cloud.
5
Integration Professional services may be needed: for Application
Transformation, integrating in-house and Private and Public cloud
services into a hybrid IT services model.
6 Configuration/customization: This applies to customer-based
configuration for SaaS applications.
7
Training IT resources may require training to manage cloud vendors
and services. Users may need training on new applications.
8
Organizational change Processes may require some reengineering
to accommodate cloud-specific needs (e.g., change management,
resource utilization monitoring, user access provisioning, internal
audit).
Public Cloud Recurring costs
1
Public Cloud Subscription fees: These will comprise agreed-on
periodic fees (monthly, quarterly, yearly) for the use of cloud
services. It also includes usage fees
• Compute
• Storage
• Network
• Data transfer costs
• Software
• Support & Maintenance cost
2
Change management: These may comprise the cost associated with
the change management process and any cost incurred when
requesting system changes.
3
Vendor management: These are costs associated with monitoring
CSP activities, contract management, service level agreements
(SLAs) monitoring and enforcement:, or any other activity geared to
manage service delivery and evaluation.
4
Cloud coordination: For enterprises running more than one cloud
service, a cloud coordination group is necessary to ensure
integration and consistency.
5
End-user support and administration: Some of these costs will be
part of the subscription fee while some may be retained by the
enterprise.
6
Downsize/upsize: Unless otherwise specified in the contract, some
vendors may charge for downsizing or upsizing computing
resources.
Public Cloud Termination Cost
1
Revert to on-premises or transfer to a different provider: The
enterprise may need to revert to an in-house model when/if new
regulations or economic problems render the cloud impractical.
Some of the possible costs are:
• Extracting data from the cloud and validating their accuracy and
completeness
• Cost to sanitize or shred data from cloud storage and processing
hardware
• Configuration and provisioning in-house systems to replace cloud
services
• Penalties for early termination
• Reallocation or recruitment of IT resources to support services
being reverted
• Reallocation or procurement of physical resources to host services
being reverted
IT Operating Model Transformational Costs
1 Finance
2 Enterprise Strategy
3 Structure
4 Culture
5 Skills
6 Compliance
7 Governance & Controls
8 Business Process
9 Procurement
10 Commercial
11 Portfolio Mgnt
12 Projects
13 Operations (IT) processes
14 Management Tools
15 Security
16 Information Lifecycle Management
17 DevOps
18 PaaS
19 IPaaS
20 IT Architecture
21 Applications
22 SaaS
23 Data
24 IaaS
25 STaaS
Total Costs
en from the ISACA whitepaper: Calculating Cloud ROI from the Customer Perspective
Relevant
Relevant
omer Perspective
Dollars Saved
Dollars Spent
Reasoning
Reasoning
Indirect Benefits score
Reasoning
Indirect Benefits
Finance Domain
Contains capabilities such as:
Financial management,
Is this domain Control and budget processes necessary to enable cloud
relevant? Yes/ No
CMM 0
Control Question
(None)
Processes
Processes
Technology
as:
sses necessary to enable cloud services when moving from CAPEX to OPEX models
CMM 1 CMM 2
(initial, ad-hoc) (repeatable, opportunistic)
CMM 3 CMM 4
(defined, systematic) (managed & measurable)
The team understand the key Reduced errors and repeat task
financial trends they should watch time (reduced costs for duplicated
for and manage relating to cloud work)
consumption and landscape
sprawl
HR & Training
0 0
Finance & Procurement
Management
0 0
Finance and Administration teams
0 0
IT Executive Management
0 0
IT Management
0 0
IT Executive Management
0 0
Financial Admin & Procurement
0 0
Administration Teams
0 0
Total 0 0
Enterprise Strategy Domain
People
Processes
ding models.
ce selection and service-level agreements (SLAs) also gain relevance in cloud initiatives
CMM 1 CMM 2
CMM 3 CMM 4
A cloud service adoption plan The use and success of the cloud
exists, with Milestones defined, adoption framework is managed
planning, and budget - by means of KPI's
representing a "cloud first"
mandate.
0 0
CxO
0 0
Enterprise Architecture
0 0
HR & Managers
0 0
Managers
0 0
Managers (Exec, IT, and Business)
0 0
Total 0 0
Structure
People
Processes
Processes Are business processes modified Processes do not consider
to leverage the use of Cloud differences between cloud and
Services traditional IT
Incidental, Training in new topics Training by external parties on A training and development plan
and unit needs is done by new topics aligned to a defined exists and is implemented,
individual employees with structure is discussed in teams, defined per structure element
personal commitment or interest with some organizational and associated business unit.
support. KPI's exist for relevant business
objective achievement
Current structure deals with ad- A Structure to enable cloud Teams have been created in the
hoc adoption service models is defined and IT function area to deal with
partially implemented, ongoing cloud services, incl business and
as projects occur technical functions.
A Business Analyst role exists to
consult with Developers and
Business on Cloud
Cloud KPI's per team are
identified
Systems use the shortest possible The system recognizes business The service request process caters
method, not aligned to structure units and roles, and is often used, for structure, roles and workflow
or roles, but can be bypassed but does not operate in real-time according to defined processes -
there is no bypassing it, and it
operates in real-time
CMM 4 CMM 5
Benefit Analysis
(managed & measurable) (optimized)
IT Department, General
Management
0 0
enterprise Strategy, HR
Department
0 0
IT Management
0 0
Process Management
Architecture
IT Management
0 0
Enterprise IT
0 0
Total 0 0
Culture
People
How does management drive Management strives to preserve
innovation within the area of status quo in order to keep legacy
cloud consumption as well as systems up and running as
delivery and encourage employees expected from business
to challenge how (well) things are departments
done?
People
Technology
behavior pattern that:
ith choice (says yes not no), and facilitates innovation, and demonstrates flexibility,
a supplier to being a business partner.
tices through self-service and automation.
nd efficient, fast and service oriented where a service is measure from a customer's point of view not IT’s
CMM 1 CMM 2 CMM 3
Departmental silos and Expert (specialist trained) teams Service and system integration
competency heroes exist. Employees think focused. Provides Competitive
no connected thinking or common department-centrically and offerings (based on "cloud first"),
understanding of values and mainly within their own is a service broker. Silos in IT
priorities technology domain. Employees almost eliminated / not existing.
strongly value and pursue Efficient and accountable for
departmental goals without Service measured at the customer
considering interdependencies point of view
and side-effects.
Employee rarely communicates Employee sometimes Employee can communicate ideas
ideas for improvement communicates ideas for for improvement via a basic, non-
Ideas are rejected regularly by improvement formalized process (e.g.
management Ideas make it to realization on presentation during meetings or
rare occasions, only via email), no tool support
a lot of energy and time is available
required to convince stakeholders Idea rating is conducted not
and force through individual formalized and not
changes comprehensible
management does not encourage Usually, a lot of energy is required
employee to think about possible to force through individual
improvements changes
Employee is not encouraged to
think outside the box
Technology-area specific Management is open for targeted Skills related to cloud are valued
appreciation of specific skills by development of skills, but training because management is aware of
e.g. assignment of prominent measure has to occur within a the business benefit generated by
roles (Project Leader etc.) current cloud initiative and to cloud services
promise a strong RoI Management selectively supports
development of skills by trainings
requested by employee
For senior management On individual agreement, specific From compensation scheme
compensation scheme does compensation components employee understand that
contain KPIs that are affected by related to cloud are available moving to cloud technology
cloud implementation to a Compensation scheme strengthens the enterprises'
limited extent encourages employee to hold competitiveness, opens up career
their knowledge up to date and perspectives and increases
to continually look out for compensation
improvement opportunities Incentives and rewards are
within their technical domain available for those who achieve
outstanding results, innovation
and business value
IT Management has a vague idea Management involves hand- Management invites experts to
of cloud and what to achieve with selected employee into participate in formalized
it, communicating it verbally and development of strategies, development of strategies,
occasionally, only concepts and policies concepts and policies
Management sets clear barriers process is setting off from the IT
regarding focus areas, strategy / operations
participation and contribution of requirements
employee responsibilities during the
Communication is informal and development process are defined
only visible to those who are for development, a timeline is set
involved Cloud strategy and policies are
communicated on a regular basis
via workshops, training and other
occasions
Enterprise uses paper-based Enterprise uses emails containing Enterprise uses tool-based
feedback processes questions and 'free text-answers' surveys with a clear structure and
No formalized feedback process timeframe
established Formalized feedback process
established
Results are communicated
CMM 4 CMM 5
0 0
Executive Management and Line
Managers
0 0
Line Management, HR
0 0
Executive management, Line
Management, Communications
0 0
HR, Communications, Line
Management
0 0
Total 0 0
Barriers
Skills
What are the skills and values that No cloud aspects included
your IT enterprise is compensated
for
Processes
Some Employees possess limited 10-25% of employees possess 25-50% of employees possess
skills and exhibit the appropriate skill and exhibit the appropriate skill
level level, with supporting
certifications
Some Employees possess limited 10-25% of employees possess and 25-50% of employees possess and
Cloud skills (Basic) exhibit the appropriate skill level exhibit the appropriate skill level
(Intermediate/Advanced) (Advanced)
Employee provide informal, Managers or Supervisors request Feedback loop mechanisms are
undocumented feedback feedback as part of employee available for employee to
meetings and informal sessions leverage as needed/desired
Employees rarely seek Employees seek opportunities to Employees are encouraged to
opportunities to cross-train with cross-train with other team seek opportunities to cross-train
other team members members when time and with other cloud team members,
opportunity allows via project assignment and re-
prioritization of their activities
Cloud skills are assumed, and A Cloud Skill set has been Skill set has been identified &
understanding on needed vs. identified for some of the defined for most of the
preferred skills vary greatly technologies for which a technologies for which a
team/function is responsible team/function is responsible
A Basic list of skills is known by A Basic list of skills is Documented A high-level skills competency list
most Leaders & Employees; but used inconsistently exists; Managers or Supervisors
Assumptions are made about are encouraged to socialize within
depth, meaning and scope teams
Limited availability of training 10-25% of employees attend 25-50% of employees attend
classes (online or face-to-face) for available training available training
a few employee, as budget allows
Employee might track classes or Managers or Supervisors might Skill development & training
development opportunities on have ad-hoc tracking mechanisms tracking system (e.g. online Skills
their own, using ad-hoc methods Profile) is available, but usage is
not encouraged/enforced
Training consists mostly of "on the Training is informal and not A Basic training catalog (internal,
job" learning regularly scheduled external or mixed) exists and is
leveraged by Managers or
Supervisors to offer to Employees
CMM 4 CMM 5
Benefit Analysis
(managed & measurable) (optimized)
Skill set has been identified and Minimum Skill set has been
defined for all of the technologies identified and defined for all of
for which a team/function is the cloud technologies for which a
responsible team/function is responsible; a The skills that are required in each
process exists to keep it updated of the units of organisational
structure are pro-actively defined,
developed, and monitored. This
Employees attend Cloud-relevant Employees attend Cloud-relevant enables units to perform and
training towards fulfilling specific training towards fulfilling specific deliver on tasks as expected.
requirements for the requirements for the Team members are also more
role/function they serve role/function they serve, and to motivated, and constantly
ensure they're on track with developing / moving forwards in
specific skill competency goals support of ongoing organisational
included in their annual development and the evolution of
goals/plans the organisation and its products
Tool usage is part of formal SoP, Tool usage is part of formal SoP
and tracked yearly for cloud services, tracked yearly
and updated to ensure relevancy
Executive Management,
Managers, HR, Finance
0 0
Executive Management,
Managers, HR
0 0
Executive Management,
Managers, HR
0 0
Managers, HR, Training
0 0
Executive Management,
Managers, HR
0 0
Executive Management,
Managers, HR
0 0
Executive Management,
Managers, HR
0 0
Managers, HR
0 0
Executive Management,
Managers, HR, Finance
0 0
Executive Management,
Managers, Finance
0 0
Managers, HR
0 0
Managers, HR, Training
0 0
Total 0 0
Compliance
How does the enterprise ensure Enterprise does not verify that
that for the off-premises services relevant documents are
currently implemented relevant requested
attestations / certifications / self
declarations are obtained from
service providers?
Processes
Processes
a maximum deviation
g. ERP system
manner
CMM 3 CMM 4
(defined, systematic) (managed & measurable)
CMM 5
Benefit Analysis
(optimized)
0 0
HR, IT, Business, Partners
0 0
Compliance Mgt,
IT
Business
0 0
0 0
0 0
0 0
0 0
0 0
Development, Build, Release and
Operations teams.
0 0
Developers
IT Risk Mgt
Business
0 0
Total 0 0
Governance & Control
This area considers the process and technology updates t
Is this domain
relevant? Yes/ No
CMM 0
Control Question
(None)
People
Processes
Processes
Technology Are controls in place to identify, Controls and tools do not monitor
assess and manage risk, security and report risk, security and
and compliance relating to cloud compliance information for cloud
deployments, and alignment to services
business objectives?
ocess and technology updates that should be integrated into an existing environment, to deal with and control cloud and any external
CMM 1 CMM 2
(initial, ad-hoc) (repeatable, opportunistic)
Bills are received "after the fact", A formal list of partners and
and used to register cloud services are published, and
spend/procurement project budgets align to these
CMM 3 CMM 4
(defined, systematic) (managed & measurable)
CMM 5
Benefit Analysis
(optimized)
0 0
Finance, Business, IT
0 0
IT Architecture
Business
0 0
Risk Management
0 0
Security,
Business
IT Management
0 0
Security,
IT Management
0 0
Data Security
Compliance Mgt
0 0
Total 0 0
Business Process
People
Processes
Are the IT system interfaces No documentation can be
properly documented in produced of the IT system
accordance with their function in interfaces, and their inter-
the business process chain connection as part of the business
process chain
Technology
ed to;
sses are structured and designed
med support/ shared and which are unique to the business unit
Some people understand the Certain business process chains The teams know and understand
product process chains and some are known, together with the business processes, and
of the systems they depend on, identification of elements that can where the process related data is
but not end-to-end be safely run in the cloud stored, and what the rules are for
protecting it
Some business product process Each Business process is Key common elements of the
chains are documented, showing documented, together with the business process are aligned from
some involved IT elements underlying IT systems, and a semantics and data handling
SLA's / OLA's for handling perspective, and evaluated for
transactions cloud candidacy, with a migration
and consolidation plan in place.
Selected system interfaces are Some of the element interfaces Common semantics are applied to
documented, based on project underpinning the business systems, and the interface
focus work, but not towards cloud process are documented, but characteristics are well
system interfacing objectives naming and data structures are documented to enable dynamic
not aligned message queue based interaction
CMM 4 CMM 5
Benefit Analysis
(managed & measurable) (optimized)
Developers
IT
Business
0 0
Strategy and Planning
IT
0 0
Developers
IT
Business
0 0
Total 0 0
Procurement
Have Sourcing & contracting been No updates have been defined for
updated to accommodate cloud? the processes
Processes
Is Procurement Reporting updated No reporting is defined for cloud
to monitor and measure cloud services from a finance and
Processes services procurement perspective
Technology
ed to:
ses are cloud aware,
g is cloud aware,
nt performed for supporting enterprises,
een updated to accommodate cloud,
ue exists,
monitor and measure cloud services
CMM 1 CMM 2 CMM 3
(initial, ad-hoc) (repeatable, opportunistic) (defined, systematic)
Procurement team drives CAPEX Procurement team are trained Team is incentivized based on
based ordering activities, with about cloud, and the commercial cloud strategy deployment
some initial Cloud services driving models
disruption into the tribal
knowledge
Cloud resources are ordered on Default frame contracts exist for Frame contracts are integrated in
an ad-hoc basis from undefined cloud services, which are available procurement tools and standard
vendors. No standard partnering to the organizational business cloud vendors and offerings may
or frame contracts exist, although units, and re-used consistently. be chosen
initial ideas may be in play
Hardcopy brochures are used, A Cloud Portal exists and includes A well defined set of standards for
with functions and features a full integrated Catalogue of catalogue definitions are applied
defined per deployment, via a services, including technical and communicated (e.g. CIMI).
technically orientated portal functions and features, costs, and Processes are defined to enable
service level details, for IaaS and entries in the consumer facing
PaaS Services catalogue to be updated regularly,
and for retirements to be
performed according to a defined
roadmap process, without
contract changes being needed
Basic management and Defined interfaces and reports Standardized supplier contracts
Monitoring data is produced from exist for cloud providers to enable JIT delivery, from pre-
systems within the company's integrate to and supply data, in selected suppliers, with defined
own control real time reporting and source data
available according to pre-
determined business criteria
No controls exist and business Business Units are educated on Businesses willingly adhere to
units can buy anything they want the issues of cloud security and corporate policies for security,
requirements of all Cloud and IT record retention, and DR strategy.
services to adhere to enterprise IT is able to rapidly conduct a
policy for security, record cloud security audit on any
retention, backup and disaster proposed cloud provider.
recovery to minimize risk to the IT enables procurement audits to
corporation identify unauthorized cloud
service procurement and
unauthorized cloud service
detection program.
Vendor management team can Vendor management team Standardized criteria are used
engage with architecture to align engages regularly with across LOBs in vendor evaluations.
requirements with capabilities of architecture to align requirements Consultation with cloud
CSPs when requested. with capabilities of CSPs. consulting firms such as Forrester
and Gartner.
Each provider's own Cloud Portal Links exist from the enterprise Provider's catalogues and
is used for ordering & configuring Procurement Intranet to selected approval workflows are
services supplier's portals/catalogues integrated with the enterprise
order portal and standardized
workflow system
CMM 4 CMM 5
Benefit Analysis
(managed & measurable) (optimized)
- IT Procurement
0 0
- IT Procurement
0 0
- Service Catalogue Management
- IT Procurement
- IT Service Delivery
0 0
- IT Procurement
0 0
IT
Procurement
0 0
Vendor management,
Architecture, Platform operations,
Service management
0 0
- Service Catalogue Management
- IT Procurement
- IT Service Delivery
0 0
Total 0 0
Commercial
Processes
Do Key Performance No KPI's are defined for cloud
Indicators exist for cloud services
based services?
Cloud provision is handled like Some Suppliers are integrated Clear Service Levels and KPI's are
any other supplier by the involved into the Procurement and Event defined for all online services
teams and processes management systems from partners, together with
training of employee on the legal
and compliance requirements to
be considered in cloud service
contracting
No, still using original templates Leveraging contracts supplied by Zero $ based framework contracts
each cloud provider, with slightly (agreements defining services and
different terms and conditions, service level agreements, but with
and processes no volume commitments due to
the nature of cloud services) are
in place to enable service use, and
all roles and responsibilities and
remediations are clearly defined,
including risk, compliance, and
data related actions
Original internal IT processes are Defined manual handling of Standardized supplier contracts
used, and cloud is fitted to those, exceptions exists, where existing are defined, enabling JIT delivery,
as applicable systems don't accommodate from pre-selected suppliers, with
integration with cloud providers electronic levels of integration
consistently
Infrastructure availability SLA's SLA's are in place for IaaS, PaaS & KPI's are defined in context of the
are used to measure services SaaS expected benefits of cloud,
including availability,
performance, cost, flexibility,
compliance and security etc.
No, IT Costs are handled by a Yes, costs are billed to the main There is a capability for the
common IT budget departments (Production, consumer to check ordered
Management, R&D, …), but only 1 Services and their corresponding
-2 times a year costs. The costs are billed to the
consumers cost center once a
month
Salient points of an interaction are Defined products, contracts and All services and contracts are
manually captured into the partners exist in the systems, with standardized and aligned,
systems as comments zero value commitments, against enabling consistent decision
which services can be ordered making
CMM 4 CMM 5
Benefit Analysis
(managed & measurable) (optimized)
- IT Procurement
- IT Service Management
0 0
- IT Procurement
0 0
- IT Management
- IT Procurement
0 0
- IT Service Delivery Management
0 0
- Financial Controlling
0 0
0 0
Total 0 0
Portfolio Mgt
Are the portfolio mgt people No training has been done and no
trained in a formal process for framework for service portfolio
the production, operation, and management is used
retirement of the business's
service portfolio elements, with
consideration for cloud
enablement?
People
Does a defined process exist for Each team produces their own
Processes the lifecycle management of services and they are not defined
services in the portfolio, allowing formally
for new requests, changes and
retirements?
Is an online service catalogue There is no defined portfolio of
available against which services services in any system
may be ordered?
Technology
ed to:
for product and service development at both business and enabling technology layers
d to enable innovation and “cloud first” thinking,
umentation for services and products, which enables effective selection and matching of enabling and underpinning offerings
CMM 1 CMM 2 CMM 3
Some teams have defined Common training exists regarding It is required that all members of
products and a common business services development, the enterprise undergo common
approach to portfolio including design, operation and training on the business products
development is defined for that changes which are defined and services according to an
group. according to a framework, and enterprise wide common
cloud training according to this framework for service portfolio
model is applied in all new management , including the
projects positioning of cloud services in
context of compliance and
security requirements of the
business
Some core business services and Common terminology is used for Internal services of the enterprise
their supporting processes are service descriptions, and common are defined according to a
documented but it is not terminology is defined standard, and recorded in a
mandatory generally available online service
catalogue with descriptions for
selection, ordering and
deployment
Some teams have defined their A standard process exists for All services are defined according
own non-aligned standards for documenting and publishing new to a set of standardized
documenting their services, but product and service development, definitions including business
each team updates, changes and used for all new services, requirements, business case,
retires their services supported by a "cloud first" features and functions, service
independently. platform selection concept. reviews, KPI's, and retirement
criteria
Some services are defined and A common system exists where All services are documented in a
published to specific groups, in some services are defined, and defined toolset, according to their
their own systems available to the whole enterprise. role in the business environment,
which publishes them as an online
catalogue, with some service
related reporting
ng offerings
CMM 4 CMM 5
Benefit Analysis
(managed & measurable) (optimized)
0 0
Business Units, Sales, Architecture
0 0
Architecture, Sales, Line
Management
0 0
Sales, Procurement, Architecture
0 0
Total 0 0
Projects
Is this domain
relevant? Yes/ No Projects are enabled by means of defined processes, blueprin
CMM 0
Control Question
(None)
Processes
Processes
Technology
eans of defined processes, blueprints, skills, and governance frameworks. This domain considers some of the key cloud enablers for proje
CMM 1 CMM 2 CMM 3
(initial, ad-hoc) (repeatable, opportunistic) (defined, systematic)
Few internal skills exist aligned to Cloud Infrastructure Skills exist Application developers are skilled
common organizational cloud and cloud concepts are available in cloud use, aligned to the
designs to support/enable projects enterprise strategy, and available
to support projects
Ad-hoc projects developed by the Partial re-use of cloud Standard training is available for
project manager, developing own methodologies, defined by the various involved
processes, methodologies and certain new projects, and shared organizational units, tailored to
frameworks for Cloud service for further enhancement their needs, addressing
integration important cloud rules, policies,
aspects and skills that they must
develop and apply in their cloud
service adoption
Each project is independently A defined budget exists for the Cloud deployments always
funded according to its' needs enablement of the enterprise for leverage the "80%" of existing
using cloud services, and projects cloud based building blocks, and
draw from this according to their most cost is directed towards
use of cloud "20% new development"
Each project is defined by the Cloud based project templates are Pre-defined elements are
assigned project manager, and shared between project managers automatically populated into the
built from scratch for re-use project plan by the tool, and
consistent feedback loops exist to
update approved steps and
methodologies with new learning
loud enablers for projects
CMM 4 CMM 5
Benefit Analysis
(managed & measurable) (optimized)
Projects are planned in a cloud Leveraging existing templates, By creating templates and
portfolio annually in advance, resources and methodologies for standardised concepts that
with clear budget, scope and cloud use, high performance projects can leverage, pre-
objectives towards enabling innovation is enabled, defining authorisations,
cloud benefits realization multiplying the enterprises new governance, reference models
product development by a and interfaces, and
defined factor methodologies, projects in the
new cloud era can move forwards
much more quickly, completing
work by leveraging as many
existing elements as possible, and
reducing duplication and effort.
This goes a long way to supporting
a DevOps capability, in
conjunction with adopting Agile
methodologies.
methodologies, projects in the
new cloud era can move forwards
much more quickly, completing
work by leveraging as many
existing elements as possible, and
Well defined R&D budgets Projects are approved or declined reducing duplication and effort.
leverage existing cloud elements, based on their value proposition This goes a long way to supporting
thereby optimizing cloud projects to achieving the company's a DevOps capability, in
to only focus on the new objectives and associated KPI's conjunction with adopting Agile
development, at people, process methodologies.
and technology levels, consistent
with the business objectives and
cloud KPI values to the enterprise
- IT Governance
- IT Management
0 0
-IT Service Management
- Quality Management
- Knowledge Management
0 0
- IT Service design
- IT Programme Management
- It Architecture
0 0
- IT Programme Management
- IT Architecture
0 0
- IT Project Management
0 0
- IT Programme Management
- IT Architecture
0 0
Total 0 0
IT Operations
(None)
Are clear processes (e.g. ITIL) for Service risk and compliance
service, risk and compliance management processes do not
management processes defined exist or are handled in
for cloud based services including nonstandard and ad hoc fashions.
Incident, Problem and Change
mgmt., and integrated with the
cloud provider and consumer eco-
systems
Technology
Technology
How do the internal cloud services Traditional networking tools do
and off-premises service providers not provide integration services
networks support Hybrid IT across off-premises and on-
integration? premises services.
To what extent does the CMDB The enterprise does not utilize a
support cloud? CMDB.
ed to:
ontinuity, data center fail-over and
rategy, Design, Operations, and continuous improvement processes.
rkforce Management and Service design, build and test development processes.
n (Open Group IT4IT model) That service life cycle is captured in the four IT Value Streams
o)
eploy)
l)
CMM 1 CMM 2
Some groups have access to and All employee have access to and
understand operations process understand operations processes
and related tools to management and related tools for cloud
cloud services. processes.
Each division addresses its own Clearly defined processes exist for
resource and capacity needs and onboarding new services and
sets its own rules, roughly aligning capacity into cloud services.
to the enterprise requirements. Integration of cloud service
Inclusion of cloud infrastructure capacity and traditional capacity is
and cloud-based services varies by manual.
division.
Cloud first thinking does not yet The enterprise has instituted
exist or is limited to some LOBs consistent process for demand
only, but cloud begins to work its management across that includes
way into the demand cloud platforms. This is
management lens. Requests for implemented across various lines
new workloads are handled of businesses. Theses processes
through traditional manual address requirements gathering
processes. through to build specification and
project funding. This process is
followed for all new demands.
CMM 3 CMM 4
(optimized)
A methodical approach to
selection ensures alignment
between business objectives and
both functional and non-
functional capabilities provided.
Brokering capabilities make
selection of cloud technology
platforms transparent to end-
users.
All elements of public and private Complete and updated CMDB info
cloud and traditional systems will provide the enterprise with a
across a Hybrid IT environments centralized repository of Hybrid IT
are represented in the CMDB. info which can be used to support
Data flows are automated operational decision making.
between the CMDB(s) and cloud
services with automated updating
of configuration items.
Stakeholders Current State Future State Barriers
0 0
Support teams, Service Owners
0 0
Operations and Development
teams.
0 0
Governance and Compliance
Team. Risk Management Team.
Service Management Team
0 0
Service Management Team,
Capacity Planning, Supply
Management, Technology Finance
Team, Operations Team
0 0
Capacity planning, IT Architecture,
Platform operational teams, Cloud
team.
0 0
IT Management, Operations,
Cloud Team.
0 0
Business continuity team, IT
Management, Cloud Team
0 0
IT Support, Operations, IT
Management
0 0
Business continuity team, IT
Management, Cloud Team
0 0
Architecture, Platform operations
0 0
Vendor management,
Architecture, Platform operations,
Service management
0 0
Development, Build/Integration,
Test, Release / Operations teams,
Service management
0 0
Development, Build, Release and
Operations teams.
0 0
Solution architecture, Operations
Management, Offering owners,
Service management
0 0
IT Management, Operations,
Platform teams, Cloud
management
0 0
IT Management, Operations,
Platform teams, Cloud
management
0 0
0 0
IT operations, Cloud Team, IT
Management
0 0
Total 0 0
Management Tools
Who owns and updates metrics Metric owners are not identified
related to CSP offerings? and or metrics are not used to
manage CSP offerings.
People
Who owns and updates service Service catalogs are not utilized
catalogs? within the enterprise.
How are management tools Management tools do not yet
evolving to support CSP offerings? support CSP offerings.
How are management tools used Policies are not used with our
to govern CSP offering policies? CSPs.
Processes
How are management tools Cloud-aware management tools
improving service delivery across are not in use, highly manual
CSP offerings? process based management
Technology
To what extent are CSP providing Cloud Service providers are not
or making monitoring tools providing monitoring.
Technology available?
d service provisioning
Some CSPs provide their own All CSPs provide their own CSPs are mandated to provide
proprietary metrics. proprietary metrics. Alerting common metrics but the
thresholds are managed by the enterprise selects which metrics
enterprise as a whole are included in monitoring and
reporting. Alerting thresholds are
managed by the service
consumer. Business analysts are
consulted in defining metrics
Service catalogs are Individual LOBs manage their own There is a shared service catalog
independently managed by some service catalogs which they across LOBs for some CSP
cloud service providers. Initial provide to their own user offerings. This instance is
cloud service metadata begins to communities. managed by a central services
combine with traditionally team.
deployed infrastructure and
service components.
Some pre-production support More production support teams CSP provided management tools
teams are leveraging CSP are leveraging CSP provided are integrated with internal
provided management tools. management tools. support management tools
including end to end real-time
service monitoring.
Some CSPs provide basic policy Internal management tools Centralized management tools
management tools for their provide a centralized view of CSP provide full visibility and control
offerings. Business and technical offering policies but updates are over all CSP offering policies
policy items are management via managed via CSP management including both business and
different tools. tools. technical policy items. Limited
KPIs exist for policy compliance.
Management tools are cloud Some service delivery processes Internal management tools are
aware on an ad hoc basis, but are automated through highly integrated with CSP
process management is still management tooling controlled offerings providing a unified
highly manual. by CSPs. Partial integration of service based view across Hybrid
tooling with some CSP offerings. IT components. Application
Containers are used by some deployment via containers in the
delivery teams to improve standard.
application deployments.
Tools for managing & monitoring Tools for managing Tools for managing
all Technology and ITIL V3 Service ITIL V3 Service Design, & Build & Portfolio and Program
Operations Service Transition & Test Management
IT Asset Management Work Force Management IT Architecture Enforcement
CMDB Operational IT Financial management Service Catalogue with workflow
Business Relationship
Management
Workflow Automation
Implement central cloud service
portal for configuring and
provisioning (and deprovisioning)
all cloud services directly by the
business.
Simple monitoring is provided, Basic monitoring and reporting All CSP offerings include service
but contained to those services are provided by CSPs. An internal dashboards with measured KPIs
running within the cloud platform service dashboard is used to including real-time end to end
itself. provide a service view to the monitoring and reporting for each
support team. In certain cases, cloud service. Monitoring spans
monitoring data spans beyond the across cloud platforms.
scope of a single cloud platform.
A small percentage of Internal and CSP management Triggers are used across CSP
management tools are able to tools are highly integrated and offerings to provide automated
communicate with CSP offerings provide Hybrid monitoring to aid alerting when issues arise for
to assist in manual diagnostics. in diagnostics. general conditions.
CMM 4 CMM 5
Benefit Analysis
(managed & measurable) (optimized)
Management Tool standards are Management tool standards are Having clearly identified standards
defined by Enterprise defined by Enterprise for management tools helps drive
Architecture for a Hybrid IT view Architecture and tool selection is consistency in IT delivery leading
of all services. CSPs and IT determined by a centralized IT to improved operational
delivery determine tool selection. team. efficiency.
Metrics and alerting are fully Business analytics automatically Metric ownership and evolution
customizable across CSPs. provides input to a centralized will improve consistency in how IT
services team or Enterprise deliver is measured and improve
Architecture regarding CSP metric operational efficiency.
baselines and targets.
Most CSP offerings are managed Service catalogs are periodically Service catalog ownership ensures
from a central service catalog. optimized based on usage data consistency of catalog offerings
This instance is managed by a provided by CSPs and standards and their optimization over time.
central services team. A central managed by Enterprise
service management governance Architecture.
process manages exceptions to
the centralized service catalog.
Exceptions are rationalized with
sufficient business justification.
Tools are enabled with Management tool task
standardized KPIs across CSPs to automation and integration to
provide analytical views of service CMDB across CSPs.
quality from a transaction
perspective.
0 0
0 0
0 0
0 0
0 0
0 0
0 0
0 0
0 0
Total
0 0
Security
agement
n authentication for SaaS Integration.
onse mechanism to all threats at any level of the OSI model
CMM 1 CMM 2 CMM 3
Whoever encounters cloud The requirements for secure Approval capability and roles are
security deals with it in their own cloud usage according to the defined and operational
way business objectives are defined. security measures are identified
per role.
Responsibility for cloud security is
clearly assigned to the
appropriate role players, as
defined points of contact
according to a structured process.
Security requirements are A basic security concept is Integrated Security concept
analyzed and defined on a available for infrastructure and created. A set of appropriate
national basis. Cloud server application layers per host standard Rules, Policies,
location is known but does not country with clear defined Procedures and Guidelines are
call a need for action. Credentials authorization and access control. defined and published for use
for identity and accounting based Credentials for identity and when adopting Cloud Services
on local server management with accounting based on basic around the world. Individual
no process processes standards and legacy
requirements are defined per
country and are adopted including
access management.
Defined process and methods for
identity and account management
for all services
Use is made of original physical Applications are grouped and Requirements are defined for all
separation based individual requirements are set for business types of systems, application
system requirements. critical systems. groups and all cloud provider's
Applications are not classified by services are aligned to these
groups. categories
A data security and privacy Data security and privacy is Definition of data sensitivity
concepts are not differentiated evaluated on a project level for groups, clear differentiation
for cloud and not defined yet. cloud which includes data access, between privacy and security is
security and transmissions. set for an acceptable use in cloud
service. Enterprise-wide rule set
for data security and privacy
regarding Cloud services. Audits
are defined and done on regular
basis.
Reporting is based on what lies Business systems are categorized Consistent measurement and
within the corporate perimeter, with system and data protection reporting of Cloud systems is
without interfaces or defined data parameters per 'tier'. defined, and reports are
from external systems. generated.
Security tooling is connected on Security tools are used more Tooling exists and is integrated for
an ad hoc basis, and only to consistently with cloud-based SSO, SIEM across cloud and non-
systems located within the platforms. Use of standards such cloud based systems.
enterprise network perimeter. as SAML and CDMI increases. All Cloud services use the same
ITIL and Security tooling feeding
common databases / data
warehouses.
Mechanisms (process & Full OSI level Intrusion Protection, Mechanisms (process &
technology) for application and IT Application intrusion testing and technology) for continuous
control in place to demonstrate monitoring. Standardized Security compliance to government
compliance to government policies enforced across business regulation (SOX). Network Packet
regulation (SOX), security access units application proactive security inspection. Consolidated
controlled. security testing. security incident aggregation.
Single sign on access and common
security is a gateway for all off-
premises services and mobile
access. Standardized Security
policies enforced across Business.
Security Breach pattern detection
on all items in CMDB.
CMM 4 CMM 5
Benefit Analysis
(managed & measurable) (optimized)
Cloud security training and Consistent Cloud security Decrease security gaps and lower
certifications are required for all certification is aligned to the risks, data loss
involved parties. Q-Gates business objectives and required
assessments are done. through the defined cloud eco-
system of the corporation and its
partners
Active planning exists against The organizational structure is Processes run effectively
anomalies and deviations, and able to bring tangible business according to business needs,
status is reviewed regularly and benefits by working according to enabling and advising/supporting
measurable by criteria checks security risk ratings & fast the business in real-time to
adoptions achieve its objectives
Monitoring against all policies and The security concept is reviewed More efficient IT and business
rules is established, and non- regularly to adopt changes and operations,
compliancy is automatically follow country specific changes. Reduced friction between security
reported (e.g. audit). Country Automatic monitoring of access and technology teams,
specific requirements match management. Increased agility
company's corporate enterprise Uniform process and centralized
standards. identity and account management
Uniform process for identity and for all services
account management for all
services
Clear security perimeters and Fully integrated security Reduced risk and improved
controls are defined and framework exists capturing the security posture,
extended to the different cloud whole cloud environment which Decreased chance of compliance
services, according to defined is real-time monitored and issue
security qualities and criteria integrated to the enterprise
landscape
Documentation and assessing of Active data loss/ leakage Business processes run effectively
data flows and security/privacy prevention for cloud services. according to business needs,
classes. Audits and assessments Automated KPI monitoring of data enabling and advising/supporting
ensure data policy, including encryption during data hosting, the business in real-time to
encryption facilities are available interface management and data achieve its' objectives
for data in transit, and data at transmission matching corporate
rest. strategy and policy. Automated
audits ensure security and privacy
concept implementation.
Security data is generated by the Real-time information flows Improved Cloud security and
monitoring and control systems, across all participating service cloud governance operations,
aggregated into KPI's and environments, supporting a Improved security and decreased
leveraged by operating continuous governance risk
governance bodies across the environment.
enterprise.
Security tooling exists to Continuous stream analysis and Improved security posture and
automate the deployment of the other advanced security analysis reduced risk,
related rules and policies for techniques drive automated Improved security and risk
deployment of all systems and gating and enforcement of intelligence
services. security policy. These capabilities
are consistently applied across all
cloud services.
Mechanisms (process & Automated Threat response. Real By having Security enforcement
technology) for application and IT time email monitoring for technology in place, one is in a
control in place that is able to be intellectual property or critical better position to pro-actively
changed rapidly. Role based information theft. track active deployment activity
Identity management. Able to and prevent the need for later
conduct Cloud Security Alliance remediation activity
audits.
Stakeholders Current State Future State Barriers
0 0
0 0
Compliance Team, Security,
Policy, Cloud Architecture, Cloud
Product & Portfolio
0 0
0 0
0 0
Security and Risk Management,
Cloud Architecture, Cloud Product
& Portfolio
0 0
0 0
0 0
Total 0 0
Information Lifecycle Management
People
Processes
Technology
CMM 1 CMM 2
(initial, ad-hoc) (repeatable, opportunistic)
Some employees have ILM and IM The enterprise offers ILM and IM
skills, to the extent that they classes. Employees are trained
understand how to use and skilled on data deduplication
conventional backup and recovery and data management tools and
tools. Any training programs are methods.
put together ad hoc, on a group
by group basis.
CMM 3 CMM 4
(defined, systematic) (managed & measurable)
0 0
0 0
0 0
0 0
0 0
0 0
0 0
Cloud Architecture, Cloud
Engineering, Application
Development
0 0
Compliance Team, Security,
Policy, Cloud Architecture, Cloud
Product & Portfolio
0 0
Cloud Architecture, Cloud
Engineering, Application
Development
0 0
Total 0 0
DevOps
People
Do your development and
infrastructure teams operate
functionally as a single unit?
People
People
Are the DevOps Teams developing The DevOps Teams have no skills
the skills to enable native cloud in "Cloud Technologies".
capabilities to meet the demands
of the business?
Process
Are the DevOps teams providing The DevOps teams do not provide
an extensive continuous any assessments for capabilities
assessment of cloud capabilities that support the business
and functional alignment to the functional requirements to realize
business? cloud capability solutions.
What are the process goals and The are no stated goals or
perspective with regards to perspectives provided to the
DevOps? DevOps Teams.
Technology
Are the DevOps Teams aligned to No strategic "Cloud" roadmap
a strategic "Cloud" roadmap? exist for the DevOps Teams to
align to.
CMM 1 CMM 2
(initial, ad-hoc) (repeatable, opportunistic)
The DevOps Teams have some The DevOps Teams are developing
initial skills in developing "Cloud" consistently "Cloud" applications
applications and capabilities. and services but they are
opportunistic and not part of the
development lifecycle.
There is initial use of CSP but it is The CSP process is defined for
for ad-hoc PoC and is limited. Cloud Service Adoption and there
is a developed repeatable
methodology that is used.
The DevOps Teams have initial DevOps Teams now can build and
centralized version control and re-created from source control,
automated build scripts but still management of build artifacts,
do not have any standardized automated deployment scripts,
management of artifacts. They automated provisioning of
still rely on manual deployment environments, automatic
however there are some ad-hoc integration tests, static code
environments provisioned analysis, test coverage and
through automation. Test analysis.
environments have initial
integration into the "Cloud"
lifecycle management.
CMM 3 CMM 4
(defined, systematic) (managed & measurable)
The DevOps Teams are defining The DevOps Teams now have a
the capabilities of "Cloud strategic "Cloud" roadmap that
Services" and begin to develop captures measurable capabilities
tooling and automation needed that align with strategic business
for Cloud Service Adoption. goals.
DevOps Teams now have the When the DevOps Teams provide
ability to release containers under continuous availability the
developer control to production business applications built are
with hourly deployment of designed to be "always on" and
application features. "available". Administration and
operations are greatly simplified
and often inter-site DR is
combined with continuous
availability to provide the ability
to tolerate the loss of
infrastructure service, application
or database services and still
retain functional availability to the
business.
DevOps teams are optimized for When the DevOps Teams provide
dynamic self-serve of information, continuous assessment of
customizable dashboards and capabilities and services that align
cross reference across with the business needs the
organizational boundaries. benefits are that DevOps and the
business are strategically aligned
on a common road plan to deliver
services to meet the needs of the
business.
DevOps has optimized their When DevOps Teams have
operations to maximize business defined process goals that align
process goals and development with business requirements and
capabilities to meet business demands the realization of
demands. business agility and performance
can be realized.
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams.
0 0
Software development and Resistence to break from traditional
infrastructure services teams. IT functional and organizational
norms.
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams.
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams.
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams, business
management teams
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams, business
management teams
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams, business
management teams
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams, business
management teams
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams, business
management teams
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams, business
management teams
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams, business
management teams
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams.
0 0
DevOps Teams, Cloud and
Application Architects, Project
Management Teams,
Implementation Teams,
Enablement Teams.
0 0
Total 0 0
PaaS
People
Processes
Technology
Is a single DBaaS (database as a No defined standard DB or DB
service) available on a central service is centrally available
PaaS
Technology
Do Defined resources exist for No defined cloud resources or
cloud implementations tooling exists for building
applications.
ed to:
frastructure subscriber-created or acquired applications created using programming languages, libraries, services, and tools supported
manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over
vironment
atform services such as Apache tomcat, Jboss, .net, Cloud Foundry to develop applications
ata base as service, such as Oracle, Microsoft SQL, Cassandra, Mongo, Maria, Vertica etc.
CMM 1 CMM 2
(initial, ad-hoc) (repeatable, opportunistic)
Some developers in the enterprise Developers across the enterprise
are skilled with and utilize PaaS understand the benefits of PaaS,
platforms. are adept at using PaaS but
ubiquitous use of PaaS is not the
norm.
p applications
Vertica etc.
CMM 3 CMM 4
(defined, systematic) (managed & measurable)
A preferred PaaS platform is Performance targets are
identified and known to established for developers across
developers in the enterprise. the enterprise to ensure they are
Developers use this platform to skilled in using PaaS. Developers
construct applications in the know that any traditional
majority of cases. application development, that
which does not use a PaaS
platform, is reported as exception
to enterprise standard.
CMM 5
Benefit Analysis
(optimized)
PaaS is the only way applications The more the teams are aligned
are developed. on the enterprise strategy and
imperatives, the more consistent
will be their development and
achievement of those objectives
0 0
Cloud Architecture, Cloud
Engineering, Application
Development
0 0
Cloud Architecture, Cloud
Engineering, Operations
0 0
Cloud Architecture, Cloud
Engineering, Operations
0 0
DevOps, Operations, Architecture
0 0
Cloud Architecture, Cloud
Engineering, Application
Development
0 0
DevOps, Operations, Architecture
0 0
DevOps, Operations, Architecture
0 0
Total 0 0
Integration Platform as a Service (IPaaS) Domain
People
Processes
Technology
Technology How is data integration Data is implemented through
implemented? non-standard, traditional point to
point scripts, ETL, ELT, or point to
point messaging methods.
ed to:
service (iPaaS) is a cloud service that provides a platform to support application, data and process integration projects, usually involvi
bination of capabilities that are typically found in enterprise service buses (ESBs), data integration tools, B2B gateways, managed file t
usiness developers, mobile application development teams, application teams and even business users (aka "citizen integrators") leve
flows") in the cloud.
CMM 1 CMM 2
SBs), data integration tools, B2B gateways, managed file transfer products and API management platforms.
ms and even business users (aka "citizen integrators") leverage these capabilities to develop, execute and manage integration
CMM 3 CMM 4
CMM 5
Benefit Analysis
(optimized)
0 0
Management, Cloud Architects,
EA teams, data responsible
0 0
0 0
Management, Cloud Architects,
EA teams, application
development, Project
Management teams/responsible
0 0
Management, Cloud, Data
Responsible, Project
Management, Application teams,
Application development
0 0
Total 0 0
IT Architecture
Processes
Technology
ed to:
erall architecture and guidelines for various practitioners to ensure adherence to the architecture.
l to cloud architectures such as:
program defined:
Based on personal interest, A group of cloud specialists exist All of the Architects share a
certain architects have some in the enterprise, who focus on common framework and
cloud knowledge. certain but not all projects. associated training regarding the
enterprise approach to leveraging
cloud services.
Architectural planning includes More often than not, architectural Consideration of cloud services is
cloud services within workflows, planning considers cloud services a central part of architectural
capability analysis and building when developing workflows, planning; representing
block development but only on an capability analysis' and consistently in workflows,
ad hoc basis. development of architectural capability models, architecture
building blocks. building blocks, standards and
patterns.
Cloud based solution design Templates for cloud platforms Solution teams consistently create
pursued at times but not exist and solution designs created architectural documentation for
consistently When carried out, for most cloud solutions. Some cloud solutions. A centralized or
cloud architecture is addressed teams share solution designs federated collection of standard
differently by different teams. across organizational boundaries cloud architecture templates and
but centralization or federation of processes are available. Team
designs has not been achieved. across the enterprise consistently
start solution design from the
core architecture processes and
artifacts.
Teams develop cloud building Use of RESTful API's emerge. RESTFul API's are a standard IT
blocks on an ad hoc basis. When Interfaces are programmatic and management methodology. The
used, building blocks are manually usable. End user can use the interfaces
developed/ integrated via the A clearly defined set of standard without knowing of their
portal of the cloud service interfaces exist for Cloud services existence.
solution. and their use, and these are used A set of standardized cloud
in all instances, as the foundation environment management tools
for managed integration. and interfaces exist.
CMM 4 CMM 5
Benefit Analysis
(managed & measurable) (optimized)
Architects across the enterprise Individual cloud learning plans are By training the architects in Cloud
are trained and evaluated against integrated with tailored classes Services Architecture, they can
a common cloud architecture for employees in architecture consciously make decisions and
training program such as EMC roles. Performance assessments select appropriate patterns to
Cloud Architect (EMCCA). and career planning include cloud leverage cloud for the enterprize
Employee performance advanced cloud architectures,
assessments take these skills into Hybrid IT architectures and
account when determining transitionary architectures for
performance ratings. moving to the cloud.
Cloud service principles are a core Architectural planning is inherent The creation of a set of pre-
element to architectural planning. to the cloud management system defined re-usable building blocks,
Workflows, capability models, that the enterprise utilizes. processes and tools reduces the
architectural building blocks, Technologists are able to plan, workload considerably for
standards and patterns that do implement and govern workflows ongoing development of business
not consider cloud are flagged as from standardized cloud functions
exceptions and addressed. capabilities.
A centralized or federated set of Designing, engineering deploying By identifying the processes and
processes are applied across the and managing of cloud services assigning responsibility, a
enterprise. These processes have merged. These are mandate is issued and doubt
ensure that cloud design review accomplished through a single removed, thereby enabling
documentations exists, tool interface. Existence of governance and control
demonstrating compliance to or operational metrics, used in
deviation from core cloud conjunction with architecture
reference architectures, principles governance and scoring, produce
and standards. a multi-dimensional score for
cloud implementations.
Central and standardized Application design patterns are Having selected application design
resources are utilized for encapsulated into a single cloud patterns for cloud helps
developing applications. This platform. Application, integration developers to adhere to centrally
includes Paas, SaaS and Platform and infrastructure are transparent defined concepts
Integration as a Service. Core as solution developers design,
cloud application designs are implement, deploy and
utilized in all cases. management solutions through a
single mechanism.
Process modelling is performed to All business applications are By pre-defining landscapes for
optimize the cloud based represented in a common, shared Business Applications, a clear set
application deployments. cloud management capability. of policies and rules can be
People, process and technology applied to all ongoing
elements are mapped across the development
application middleware and
infrastructure layers, and
accessible through this common
and shared capability.
Services can be constructed with Standard building blocks are The more standard building blocks
automated integration into selected through a design that are available for re-use, the
supporting processes (ordering interface resulting in automated less that has to be developed, and
Portal, Charging, Monitoring). This integration of additional cloud the more efficient ongoing
is accomplished utilizing standard services. This design interface is development and operations
cloud building blocks. the same interface that provides become
comprehensive development,
deployment and management of
cloud services.
Stakeholders Current State Future State Barriers
CIO
Architects
0 0
Architects, Business Owners
0 0
Enterprise, Cloud, Application,
Infrastructure and Security
Architecture Teams. Application
Development/Engineering Teams.
0 0
Enterprise, Cloud, Application,
Infrastructure and Security
Architecture Teams
0 0
Enterprise, Cloud, Application,
Infrastructure and Security
Architecture Teams
0 0
Enterprise, Cloud, and Application
Architecture Teams. Application
Development/Engineering Teams
0 0
Enterprise, Business and
Application Architecture Teams.
Business Operations.
0 0
Enterprise, Cloud, Application,
Infrastructure and Security
Architecture Teams. Application
Development/ Engineering
Teams.
0 0
Total 0 0
Applications
People
What application development Teams are staffed with traditional
roles are defined and staffed? architect, software developer and
operations roles, split between
teams in independently managed
enterprises.
How are your applications Applications are organized into
organized? traditional application
development silos. Applications
are deployed onto traditional
infrastructure, to serve a single
business need. Applications are
not leveraged across
heterogeneous processes.
Processes
Technology
CMM 1 CMM 2
0 0
Application Teams, infrastructure
Teams, DevOps Teams, project
management Teams, HR teams
0 0
Application Teams, infrastructure
Teams, DevOps Teams, project
management Teams, business
management teams
0 0
Application Teams, Infrastructure
Teams, DevOps Teams, Project
Management Teams, Deployment
teams
0 0
Application Teams, Infrastructure
Teams, DevOps Teams,
0 0
Application Teams, Infrastructure
Teams, DevOps Teams,
Integration Teams,
0 0
Application Teams, Infrastructure
Teams, DevOps Teams, Business
Strategy Teams, Business
Technology Teams, COE
0 0
Total 0 0
SaaS
People
Is any formal training provided on No formal training is offered
SaaS services about SaaS within the Enterprise
Processes
Is a SaaS Integration concept No SaaS blueprints or reference
Processes available? frameworks exist
Technology
Are SaaS Integration concepts No defined SaaS or integration
defined interfaces exist
ed to:
rovider’s applications running on a Service provider’s infrastructure.
essible from various client devices through either a thin client interface, such as a web browser (for example, web-based email), or a progr
ed with internal applications and data stores
People use SaaS without really People understand SaaS and the A clear understanding of SaaS
understanding what the benefits it offers, and understand exist covering both the
difference is what to look for from a SaaS opportunities and the risks, in
service context of the business's
applications
Some web style articles are Formal training and information Selected SaaS providers provide
available to interested users sessions from selected providers scheduled training shaped to
are scheduled on demand different business units needs
Employees try to align use of Each cloud providers' own Well defined software policies
SaaS to existing application security offering is generally exist and offerings are
classification policies. accepted consistently evaluated from all
providers
Ad-hoc use is made of Software A clear set of defined blueprints Specific business functionality is
based Systems and service and reference frameworks for the mapped to SaaS resources, and
offerings from the cloud, based on integration and use of SaaS are existing systems are being retired
the cloud providers' proposed identified, supported by according to a managed plan, and
methods contractual frameworks migrated over to these target
SaaS offerings
Some SaaS offerings are defined
in the CMDB
Reports are received from each Selected SaaS providers offerings Data monitoring and credential
SaaS provider, and their services are pre-integrated into enterprise management is in place, ensuring
are connected to, terms accepted catalogue and procurement extensive compliant use of
online by ad-hoc employees, and portal, with electronic reporting common services
used via the internet defined.
Opportunistic use is made of SaaS
offerings based on selected use
cases
Limited integration exists, ` Duplicate internal systems are
leveraging the SaaS providers' systematically replaced with SaaS
offering and security and offerings as their lifecycle
reporting on an ad-hoc basis management process proceeds
(e.g. SAP R/3 to S/4HANA)
based email), or a program interface.
CMM 4 CMM 5
Benefit Analysis
(managed & measurable) (optimized)
The appropriate teams Developers and leadership By understanding what SaaS is,
understand the business understand and drive re-use of organisational units can look for
application categorization, its standard offerings as a core opportunities to buy rather than
applications, and which ones can / culture, to avoid unnecessary own make common functionality
will be provisioned from SaaS development
offerings
Deep understanding is developed Training is performed on "tips and By training relevant teams on the
based on selected SaaS offerings, tricks", integration options, and SaaS offerings selected for the
for Developers, Integrators, and opportunity for influencing future business, they are more likely to
operations teams development of the SaaS offering use and result in critical mass to
is available make the SaaS effective for the
business
Policies are supported by All policy by-passes or exceptions Having a defined policy guides
monitoring tooling and are automatically detected and decision making and removes the
enterprise governance. real-time alerting occurs, doubt in applicability of certain
Policies for location and supported by appropriate services in various use cases
protection of Confidential governance structures
systems and content are defined,
identifying what must be
retained within the enterprise
perimeter, and which "generic
information" may be linked
anonymously from the SaaS
provider
Public and Private SaaS offerings Public and Private based SaaS are Having clearly defined interfaces
are in use and all of them are in standard daily use, with data and functions makes the selection
registered in the CMDB, and all exchange occurring through of appropriate SaaS services much
services are actively managed to defined standard interfaces (cloud faster and easier. It also helps to
use these highly standardized to cloud, cloud to enterprise), clarify how SaaS may be
functions, UNLESS a significant according to defined policies and integrated into the enterprise,
proprietary need exists for a methods, enabling complex and what data may and may not
deviation from this standard business systems and functions be located within the SaaS
seamlessly (e.g. between partner environment
supply enterprises to the
enterprise and the enterprise
itself, leveraging off or on-
premises cloud
Defined integration interfaces and A seamless SaaS experience exists Having a clearly defined set of
tools are used to interconnect for users. End users access management requirements helps
internal and external landscape enterprise branded portal, search to down-select on SaaS options,
elements (e.g. Cloud Elements). for and select the services they and identifies how the
All SaaS services are automatically desire, and the corporation organisation will expect to report
registered in the CMDB brokers access to those integrated and track the services. This helps
System protection and availability services, complete with enterprise both providers and users.
designs and mechanisms are SSO. The broker function may be
known and are aligned to the provided internally, externally, or
business transaction criticality and by a selected provider (i.e. it is not
compliance requirements, and are mandatory to have the enterprise
monitored and managed across branding part applied).
participating internal and external Additionally the authorization and
SaaS and other systems procurement process is integrated
into the company's formal
processes.
Complex SaaS integration exists
between cloud services located
on-premises and off-premises
(e.g. Salesforce.com to SAP HANA)
Updates and renewal of existing Continuous evaluation of Replacing internal code with SaaS
code are always tested against the competing SaaS based functions is code helps reduce the
organisation's defined SaaS performed, evaluating features, Enterprise's maintenance burden,
solutions - with replacement by functions, development plans, development costs, and increases
SaaS as the first option ("Cloud and costs. Replacement is based access to new features and
first") on critical mass, impacts and functions (without needing
improved integration interfaces internal development)
(e.g. on-premises CRM and
Salesforce)
Stakeholders Current State Future State Barriers
Developers
Enterprise Architects
Business Process Management
IT Management
IT Operations
0 0
Business, Developers, IT,
Operations, Compliance
0 0
Data Management, Legal
Department, Service
Management
0 0
Enterprise Architecture, Cloud
architecture, Cloud Operations,
Procurement and Legal
0 0
Enterprise Architecture, Cloud
Architecture, Cloud Operations,
Procurement and Legal
0 0
Operations, Architecture,
Business representatives
0 0
Total 0 0
Data
Are employees trained on Big Employees are not familiar with Employees are aware of big data Some employees are trained on All employees are trained on big The organization's Human
The enterprise maintains a
Data technologies? nor do they have training on big technologies that have no formal Big Data technologies such as data technologies. Employees are Resources and Talent teams
mapping of employees, business
data technologies. training. Hadoop, Vertica, Cloudera, building applications using Big review developer skills, ensuring
objectives, and technical
Autonomy. Data technologies such as that all developers or DevOps are
capabilities. Individual learning
Hadoop, Vertica, Cloudera, trained and adequately skilled in
plans are automatically
Autonomy. Big Data technologies and on
generated, tailored to addressing
canonical data messages, API
skill gaps in ensuring an
accessibility, data encryption
adequately skilled workforce. Solid data management minimizes
technology and API service the potential for errors and the
brokerage technology. damage caused by errors
Establish Controls so Data will not
be a mess.
Establish a set of business rules
that will determine who has
access to your data.
Determine what 0 0
Our employees trained on data Employees are not trained on Employees are aware of data Some employees receive training All employees receive training on The enterprise's Human The enterprise maintains a changes/additions/actions can be
services offered by public/private data services (public or private). services, but have no formal on data services such as Amazon data services such as Amazon Resources and Talent teams mapping of employees, business taken by which personnel
cloud providers and inherent to training. Kinesis, S3, DynamoDB and Kinesis, S3, DynamoDB and review employee skills, ensuring objectives, and technical Determine Database will be the
People cloud platforms? Redshift / Google's BigQuery, Redshift / Google's BigQuery, that all developers or DevOps are capabilities. Individual learning master database
Cloud Data Flow and Cloud Cloud Data Flow and Cloud trained and adequately skilled in plans are automatically Enforces the creation and
Pub/Sub / Azure's SQL DB, Pub/Sub / Azure's SQL DB, the use of cloud data services. generated, tailored to addressing maintenance of a sound complete
Recommendations, etc. Recommendations, etc. Employee skill gaps in ensuring an Data map, so data can be found
are building applications using adequately skilled workforce. quickly and easily
cloud data services. Enables the Segmentation of data.
This is the process of “sectioning”
your data so that you can use it
more efficiently
Establish a Regular Data Hygiene
Process
0 0
Does the enterprise have an No information value is Information value is determined The business value of information The business value of information Information storage and Information is continually
enterprise perspective on the determined. All information on an ad hoc basis. When groups is assessed in more cases. Groups is consistently assessed. Metrics protection criteria are regularly assessed in the course of doing
value of data? objects treated as equal. do perform valuation, each group begin valuing information in a for measuring information re-assessed based on the business business. Governance and
performs it differently. Most more consistent manner. business value are defined. value of information. validation of business value result
information objects are treated as inconsistent valuation results.
equal.
0 0
Are data access and availability No data access or availability Limited data access and Information sharing policies are Data access and availability Information access and sharing Information access, data security Control gives one guaranteed
controls in place? controls are in place. availability controls exist. defined, laying out specific data controls are consistently applied policies are defined regularly controls and availability compliance, lack of it will result in
Implementation of controls is access and availability controls. to information across the reviewed on all managed assurances are encapsulated costly remedial action later
inconsistent and varies across enterprise. Information is shared information objects. within the enterprise's data
groups. across the enterprise within the ecosystem. Access and
boundaries of appropriate availability are continually
controls. reviewed in the course of doing
business.
0 0
Do applications leverage cloud- Applications do not leverage A limited number of applications More applications use cloud- Applications systematically use The enterprise has achieved full Data services in support of Native cloud capabilities can be
based data services? cloud-based data services. use of cloud-based data services. based data services. Groups cloud-based data services. use of cloud-based data services applications are fully realized when data access is
Use of this services is done ad hoc opportunistically drive Service usage standards are for its applications. encapsulated behind access APIs. managed and monitored.
without consistency or standards. consistency and standardization in broadly deployed and used by Data services can be scaled and
the use of the services. most groups. changed without impact to the
consuming applications.
0 0
Does the enterprise have a No criteria and controls exist for Criteria and controls for managing A standard set of criteria and The enterprise consistently The enterprise has implemented Criteria and controls for data Having established criteria and
defined set of criteria and managing data. data are used on an ad hoc basis. controls for managing data utilizes criteria and controls for enterprise-wide governance for management are seamlessly controls is critical in large
controls” for managing data? Data management is inconsistent emerges. Groups opportunistically managing data. Data data management. integrated into enterprise enterprises in order to establish
across groups. drive consistency and management standards are processes. Data management standards and consistency with
standardization in data defined and published. governance exceptions are rare. outside providers.
management.
0 0
Are data management processes No data management processes Data management requires Data management processes are Data management policies are Data management is realized by Data management is automated
automated? exist human knowledge of data and documented. Processes are enforced based on correlated automated, policy-based as part of a closed loop system
location, management processes manual, but used in more and metadata. Manual processes are processes. Feedback and (no human intervention required).
are manual and inconsistent. more cases. still required for management of correction is manual. Data
data based on business metrics. management processes are based
on storage and business
Processes metadata.
Cloud Architecture, Cloud
Engineering, Application 0 0
Development, Legal, Business unit
Managers
0 0
How is your information The enterprise does not care how Information is stored by each The enterprise identifies an Multiple Business Intelligence, big The enterprise defines canonical A single enterprise-wide logical
organized, accessed, available information is organized, application separately, creating enterprise data management data or data warehouse systems messages for use with a shared, data lake repository has been
and managed? accessed, available or managed. data duplication and function. This function identifies are implemented, providing a central enterprise message implemented for structured and
inconsistencies. and opportunistically manages defined and consistent view to capability. In addition to direct unstructured data. Data is
key master-data sources. critical business data. A central set data access, data object access is accessible via API's and
of database technologies are enabled through API's. discoverable through API calls to a
implemented to support a scale service brokerage catalog. Data is
out database architecture. defined in a master data record
catalog. Clear responsibility and
ownership of all data objects is
assigned and managed by data
stewards.
0 0
IaaS
Are the infrastructure teams using The infrastructure teams are not
virtualized services to support using virtualized services to
cloud computing? support cloud computing.
Technology
Does an IaaS framework available No IaaS framework exist that
for the business to leverage for support the needs of the business
effective cloud application to realize cloud capabilities and
development? services.
Technology
CMM 1 CMM 2
IaaS services are available for ad- IaaS services are able to support
hoc support of interoperable interoperable design however
design and there is initial calls to only for limited design elements
external providers for limited that align with available services.
services (e.g. Microsoft Azure). Calls to providers for services is
opportunistic.
CMM 3 CMM 4
IaaS services are well defined and IaaS services are managed and
are implemented systematically measurable in the support of
to support interoperable designs interoperable cross-cloud
with all for the systematic calls to development and design. Calls to
providers that enable cross-cloud providers are managed and
application design and measurable (e.g. between Google
development. Cloud Platform and Amazon
AWS).
Optimized IaaS services are built Having the services that are native
with interoperable design to IaaS available for interoperable
elements that call external design is critical for leveraging the
security providers and message capabilities to enable cross-cloud
busses, enabling cross-cloud features and reliability when
application design and meeting the needs of the
development. business.
0 0
Infrastructure teams, DevOps
Teams, Enterprise Architects,
Network Engineers and
Architects, Cloud Architects, Data
Architecture, Infrastructure
Engineering, Cloud Engineering
0 0
Infrastructure teams, DevOps
Teams, Enterprise Architects,
Network Engineers and
Architects, Cloud Architects, Data
Architecture, Infrastructure
Engineering, Cloud Engineering
0 0
Infrastructure teams, DevOps
Teams, Enterprise Architects,
Network Engineers and
Architects, Cloud Architects,
Infrastructure Engineering, Cloud
Engineering
0 0
Infrastructure teams, DevOps
Teams, Enterprise Architects,
Network Engineers and
Architects, Cloud Architects, Data
Architecture, Infrastructure
Engineering, Cloud Engineering
0 0
Infrastructure teams, DevOps
Teams, Enterprise Architects,
Cloud Architects, Data
Architecture
0 0
Infrastructure teams, Enterprise
Architects, Cloud Architects,
Infrastructure Engineering, Cloud
Engineering
0 0
Infrastructure teams, Enterprise
Architects, Cloud Architects,
Identity Management
0 0
Infrastructure teams, DevOps
Teams, Enterprise Architects,
Cloud Architects, Cloud
Engineering
0 0
Infrastructure teams, Enterprise
Architects, Cloud Architects, Data
Architecture, Data Governance,
Infrastructure Engineering, Cloud
Engineering
0 0
Processes such as Configuration
Management seen as a
hinderance to agile
methodologies.
0 0
Infrastructure teams, Enterprise
Architects, Cloud Architects, Data
Architecture, Data Governance,
Infrastructure Engineering, Cloud
Engineering
0 0
Infrastructure teams, Enterprise
Architects, Cloud Architects, Data
Architecture, Data Governance,
Cloud Engineering
0 0
Infrastructure teams, DevOps
Teams, Enterprise Architects,
Network Engineers and
Architects, Cloud Architects, Data
Architecture, Data Governance,
Identity Management,
Infrastructure Engineering, Cloud
Engineering, Cloud Product &
Portfolio
0 0
Infrastructure teams, DevOps
Teams, Enterprise Architects,
Network Engineers and
Architects, Cloud Architects, Data
Architecture, Data Governance,
Identity Management,
Infrastructure Engineering, Cloud
Engineering, Cloud Product &
Portfolio
0 0
Infrastructure teams, DevOps
Teams, Enterprise Architects,
Cloud Architects, Cloud
Engineering, Cloud Product &
Portfolio
0 0
Infrastructure teams, DevOps
Teams, Enterprise Architects,
Network Engineers and
Architects, Cloud Architects, Data
Architecture, Data Governance,
Identity Management,
Infrastructure Engineering, Cloud
Engineering, Cloud Product &
Portfolio
0 0
Total 0 0
Storage as a Service
Is there a “Storage Service” No storage "service" capabilities Storage "service" capabilities exist A greater number of teams The enterprise adopts a storage Full storage "service" capabilities The enterprise has seamlessly Storage service capabilities Cloud Architecture, Cloud
capability available? exist. but are utilized on an ad hoc utilized storage "service" strategy, identifying a common exist. Monitoring, reporting and integrated storage capabilities provide agility and extendibility in Engineering, Application
basis. capabilities; utilization is storage capability; teams utilize governance ensure that teams into its single, shared cloud cloud capable environments. Development
opportunistic, not consistent. the capability consistently. across the enterprise utilize the computing or cloud brokerage
shared storage capability. solution.
Is there a “Storage Platform” No mappings of storage platforms Mapping of business needs to A greater number of mappings An enterprise-wide effort The enterprise leverages and All storage platforms are mapped Having a mapping of the storage Cloud Architecture, Cloud
mapped according to business to business needs does not exist. storage platforms is performed on emerge as teams opportunistically emerges to map business needs measures compliance to the to business needs. This happens in platforms to the business needs Engineering, Application
needs? an ad hoc basis. map business needs to storage to storage platforms. mapping of business needs to the course of onboarding new will help in identifying waste and Development
platforms. storage platforms. storage services, increases in redundancy within the service
storage capacity and addition of environment.
or changes to business services.
Do processes exist to ensure a No steps have been taken to Teams adopt STaaS and cloud- Teams begin consolidating on The enterprise has a defined and The enterprise has established a Adoption of cloud storage is Consistency in STaaS adoption will Enterprise Architecture, Cloud
consistent adoption of STaaS and identify a consistent method of based storage on an ad hoc, non- processes to ensure consistent implemented enterprise-wide storage governance function that transparent and takes place as reduce the time of adoption and architecture, Cloud Operations,
cloud-based storage? STaaS or cloud-based storage coordinated fashion. adoption of STaaS and cloud- process(s) for adopting STaaS and manages adoption of STaaS and part of the natural cycle of accelerate the benefits that STaaS Procurement and Legal
People adoption. based storage. cloud-based storage solutions. all cloud-based storage. business. Cloud/non-cloud is no has to offer.
longer a question.
Is security monitoring and Security monitoring and reporting Security monitoring and reporting Security monitoring and reporting The enterprise has a defined The enterprise has defined and Security monitoring and reporting Having security reporting and Compliance Team, Security,
reporting integrated to measure is not integrated to measure and is integrated on an ad hoc basis is integrated to cover backup security monitoring for storage, implemented an enterprise-wide is seamlessly integrated into all monitoring in place to measure Policy, Cloud Architecture, Cloud
and monitor storage services? monitor storage services. for backup services; addressing service and data storage services. addressing backup, data storage security monitoring of backups, storage services, ensuring the and monitor storage services is Product & Portfolio
applications, and data deduplication services. data storage, data deduplication enterprise has point in visibility critical to service sustainability
services and workstations (laptops and record retention into all data, at rest and resiliency.
and PC's). management services. and in transit.
Does a STaaS framework exist for No STaaS framework is available Several STaaS frameworks exist Teams begin consolidating on a The enterprise has defined an Teams consistently utilize STaaS is seamlessly integrated Speed of cloud adoption is critical Cloud Architecture, Cloud
teams to efficiently leverage for teams to leverage in but have ad hoc adoption. handful of STaaS frameworks. enterprise-wide STaaS standard STaaS framework for into the application development for time to market and availability Engineering, Application
cloud-based storage in application application development. More and more teams leverage framework(s) for use when developing applications. platform. of services. A STaaS framework Development
development? these frameworks when developing applications. can help ensure optimization of
developing applications. services across and optimized
infrastructure.
Is data and network secured to No support exists to secure data Limited support exist to secure Data transport and network The enterprise defines data Use of standard data and Data transport and network Data and network security is Compliance Team, Security,
support STaaS for both public and and network needed to support data and network needed to connectivity is established on a transport and storage and a set network connectivity is ensured connectivity configurations are paramount in availability. It also Policy, Cloud Architecture, Cloud
private services? STaaS for both public and private support STaaS for both public team by team basis to support of standard network connectivity through governance ensuring transparent to end users. These aids in the compliance with Product & Portfolio
services. and private services. STaaS for both public and private methods in support of STaaS for effective and secure use of STaaS capabilities have been integrated standards and best practices for
services. both public and private services. (on-premises and off-premises). with the enterprise's single, both public and private services.
shared cloud management or
broker capability.
Has the enterprise implemented a No cloud storage solutions are in Limited and ad hoc use of cloud Application development teams Standard STaaS solutions are The enterprise has defined and Elastic object, block and file All types of data classifications are Cloud Architecture, Cloud
full suite of cloud storage use. storage is in use. Mainly for file begin utilizing object, block and defined. Teams across the implemented standards for STaaS storage have been seamless critical to include in storage Engineering, Application
solutions? sharing. file storage cloud solutions. enterprise coalesce on a standard solutions Teams consistently integrated into the enterprise's service availability and support. Development
set of solutions (elastic block, file utilize these. Exceptions are single, shared cloud management
and object). reported, giving management the or broker capability. Technology
opportunity to address and drive choice and configuration is
Processes further consistency. transparent to the end user.
Are there process steps identified No steps have been taken to Limited adoption STaaS Moderate adoption STaaS Extensive adoption STaaS Full adoption STaaS methodology. All steps have been taken to Consistency in STaaS adoption will Enterprise Architecture, Cloud
to be ensure a consistent method identify a consistent method of methodology. methodology. methodology. implement a consistent method reduce the time of adoption and architecture, Cloud Operations,
of STaaS adoption? STaaS adoption. of STaaS adoption. accelerate the benefits that STaaS Procurement and Legal
has to offer.
Is your storage accessible through No accessibility exist to storage Limited accessibility exist to Moderate accessibility exist to Extensive accessibility exist to Full accessibility exist to storage Complete integration and Having a service interface will Cloud Architecture, Cloud
a “Service Interface”? sites through a “Service storage sites through a “Service storage sites through a “Service storage sites through a “Service sites through a “Service accessibility exist to storage sites help tremendously in Engineering, Application
Interface”. Interface”. Interface”. Interface”. Interface”. through a “Service Interface”. consolidating the access point Development
needed to attain management of
services and availability.
Is there Security Reporting and No cloud Backup services for Data Archiving Deduplication services Record Retention Data Encryption at rest Having security reporting and Compliance Team, Security,
Monitoring in place to measure Storage applications, services Management and in transit monitoring in place to measure Policy, Cloud Architecture, Cloud
and monitor storage services? services services and PCs services and monitor storage services is Product & Portfolio
critical to service sustainability
and resiliency.
Is your storage accessible through All storage is directly accessible Team implement RESTFul API A greater number of RESTFul API The enterprise defines a standard Governance ensures that all Storage service interfaces are Having a service interface will Cloud Architecture, Cloud
a “Service Interface”? via the native storage interfaces interfaces to storage on an ad hoc storage interfaces exist, teams set of RESTFul storage API's. storage implementations include integrated into the enterprise's help tremendously in Engineering, Application
no decoupled service interfaces or basis. begin leveraging these in more Teams begin to systematically a RESTFul API interface and that single, shared cloud management consolidating the access point Development
storage API's exist. and more cases. utilized these interfaces. teams utilize these interfaces or cloud broker capability. needed to attain management of
when accessing storage. services and availability.
Exceptions are managed and
addressed.
How is the infrastructure No optimizations exist to support Limited optimizations exist to Moderate optimizations exist to Extensive optimizations exist to Full optimizations exist to support Complete infrastructure Optimization of infrastructure is Cloud Architecture, Cloud
optimized to support STaaS, i.e. STaaS. support STaaS. support STaaS. support STaaS. STaaS. optimization exist to support critical in optimizing services and Engineering, Application
file sync across multiple devices, STaaS, e.g. file sync across applications that support business Development
support a global file system? multiple devices, support a global functionality.
Technology file system.
Is a STaaS framework available for No STaaS framework is available Limited STaaS framework is Moderate STaaS framework is Extensive STaaS framework is Full STaaS framework is available Complete integration of the STaaS Speed of cloud adoption is critical Cloud Architecture, Cloud
the business to leverage for for the business to leverage available for the business to available for the business to available for the business to for the business to leverage framework is available for the for time to market and availability Engineering, Application
effective cloud application effective cloud application leverage effective cloud leverage effective cloud leverage effective cloud effective cloud application business to leverage for effective of services. A STaaS framework Development
development? development. application development. application development. application development. development. cloud application development. can help ensure optimization of
services across and optimized
infrastructure.
How is your data and network No support exist to secure data Limited support exist to secure Moderate support exist to secure Extensive support exist to secure Full support exist to secure data Fully secured data and network Data and network security is Compliance Team, Security,
secured to support STaaS for both and network needed to support data and network needed to data and network needed to data and network needed to and network needed to support services are in place to support paramount in availability. It also Policy, Cloud Architecture, Cloud
public and private services? STaaS for both public and private support STaaS for both public support STaaS for both public support STaaS for both public STaaS for both public and private STaaS for both public and private aids in the compliance with Product & Portfolio
services. and private services. and private services. and private services. services. services. standards and best practices for
both public and private services.
Are the following storage services None of the following storage Limited STaaS exist for Elastic Moderate level of STaaS exist for Extensive level of STaaS exist for Full services for STaaS exist for Fully integrated STaaS solution All types of data classifications are Cloud Architecture, Cloud
included, Elastic Object, Block or services are included, Elastic Object, Block and or file storage Elastic Object, Block and or file Elastic Object, Block and or file Elastic Object, Block and or file that includes Elastic Object, Block critical to include in storage Engineering, Application
file storage? Object, Block or file storage in a services. storage services. storage services. storage services. and file storage. service availability and support. Development
STaaS offering.
Networking
Control Question
People
Processes
Is network performance and
availability reporting, as it relates
to support of business
applications and services, being
reported to the business?
Technology
Is the network capable of
automation, self-
provisioning, self-healing?
Technology
Is IP Management in place to
support the hybrid model?
Is network monitoring integrated
into a unified end-to-end solution?
Is there a Cloud based Network
Security Model?
Network teams are not aligned Participation in ad-hoc meetings Participate in most meetings
with the businesses cloud about cloud services when where network architecture is
strategy. invited. Resistant to change. required to support cloud.
Indifferent to corporate cloud Generally involved in outcomes
strategy. and strategy for cloud service
integration. An initial network
strategy to enable cloud services
exists and the people reference it
Cloud training has not been Can explain the basic concepts of Some working knowledge along
provided to the network teams. cloud. No hands-on experience. with some basic hands-on
experience. Can build a basic
cloud environment.
Cloud connectivity training has The network team has basic Basic online training as well as
not been proviced to the network understanding through web simple practical experience.
teams. materials and self-learning. No Direction and requirements are
planning, services are provisioned obtained through internal
as required. requests.
Network teams are not procuring Services procured as required No formal procurement process
cloud services. and typically based on vendor exists. Services are procured as
recommendations. needed or based on basic
business needs. Blueprint and
standards exist but are not fully
enforced. Availability is not being
measured.
The are no network plans in place Connectivity to public cloud Network architecture is being
to support operations in the cloud providers is only available via developed, however deployments
or to develop a hybrid-IT internet access. No readiness based on currently available
operating model. assessment exists and services are services are achieved through
provided “as-is”. The hybrid-IT existing equipment. The hybrid-IT
operating model is now being operating model is being built but
developed. no production deployment is in
place.
The network has not been Network instrumentation does As virtual cloud networking
instrumented to support cloud not currently measure network develops operational support is
operations. performance is not aligned with starting to look at provider and
business requirements. Issues 3rd party tools to utilize network
such as latency, jitter, packet loss instrumentation. As a result
are not seen as impactful for the measurement of performance
on-prem environments and metrics are beginning to be
therefore are also not considered utilized as challenges arise. The
as disruptive for the off-prem hybrid model is beginning to form
environments as well. As virtual and off-prem/on-prem
networking is beginning to environments are beginning to be
emerge these become more seen more holistically.
prominent.
There is no network strategy for Cloud networking supports Mobile applications are deployed
building or deploying a virtual mobile devices but lacks a manually via cloud virtual
network in the cloud to support strategic alignment with cloud networks but lack cloud
mobile devices. networking capabilities and the automation capabilities. MDM is
user experience is not optimized. still managed via internal
management tools. Some cloud
provider and 3rd party tools are
being tested and evaluated. Use
of QoS is being evaluated and
mobile traffic is beginning to be
distinguished on the network to
support the end user experience.
There is no network compliance There is a lack of measurement Some policies exist to account for
strategy for building or deploying between the "off-prem" Cloud the external network perimeter
virtual networks in the cloud. environment and the "on-prem" and controls that address the
environment and therefore are hybrid model are in process of
managed differently. Data access implementation. Providers and
between the two environments is 3rd party vendors are considered
partially managed and consistent in the compliance and legal
control systems for both are responsibilities needed to support
under evaluation. the hybrid environment. The need
for measurement and
management of services is
considered critical in support of
business KPI’s and SLA’s. Security
teams, (which traditionally relied
on visibility to the environment
via the network), have
transitioned to an application
based view of risk and
vulnerabilities.
There is no network automation Currently all provisioning is Visibility of the network is
or provisioning of virtual manual and done on an “as possible as access points have
networks. needed” basis. The network been created to connect to
topology is legacy and has been provider services. Self-
built in layers. Infrastructure does provisioning is enabled via API’s,
not support automation and self- and provider services are
provisioning. The network layers consumed as and when needed.
are abstracted in order to create The network teams provide a
access points to “off-prem” public hybrid network model to support
providers. both on-prem consumption and
off-prem builds.Designs for
needed availability are in place
with automated service failover.
IP Management does not support IP Access Management (IPAM) is IP management in the hybrid
the hybrid model. in use for internal “on-prem” model is a high concern and
deployments however due to the implementation of IPAM is
ethereal nature of the cloud it is proving a complex and resource
not utilized for “off-prem” intensive process to manage.
deployments. VLAN/Vnet’s exist Management is siloed and there
but there is no management of IP is no cohesive strategy in place.
ranges, most use the default Cloud provider and 3rd party
settings over-subscribing the tools are leveraged considered
number of IPV4 addresses being but lack support for the hybrid
used. Due to the rapid growth model and the network teams
and complexity of utilizing legacy have to manage IP via multiple
IPV4 addressing there is concern tools. IPV6 is part of the long-term
over the number and usage of strategy but has not been
IPV4 addresses being used. implemented.
Network monitoring is siloed and Network monitoring is split Network monitoring is driven by
is not enabled for end-to-end between on-prem and off-prem business cost and Memorandums
application overview. environments. Off-prem is of Understanding (MoU) between
monitored via provider GUI and or the network teams, providers and
3rd party tools. There is limited business consumers. The need for
monitoring of traffic to and from business to control cost and
provider environments. manage resources is critical to
enable capabilities such as “cloud
bursting” and “auto-scaling”.
Integration between silo's is
sought from 3rd party tools.
Demand is placed on Network
Operations Centers (NOC) and
Security/Operations (SecOp)
teams to implement solutions
that holistically view the
application ecosystem.
There is no cloud network security There are some ad-hoc and Due to application portability and
model. individual based cloud networking distribution cloud based security
security related policies that services are partially migrated
address some risk management away from dedicated hardware
concerns, based on provider solutions to cloud-based security
shared security requirements, services such as Software as a
however they are inconsistent Service (SAAS) model. This model
and do not reflect business needs provides defined policy based
or requirements. orchestration, applied in new
service automation opportunities.
High Availability is not in use There are some ad-hoc backup High availability has shifted to the
across the network. services running however they are application layer (built for failure
inconsistent and do not reflect paradigm) enabling the
business needs or requirements. application to utilize high
availability patterns in the design
phase by implementing “cloud
design patterns”, such as “Circuit
Breaker and “Retry Patterns” to
leverage increased availability
opportunities. The network
partially supports these designs
and automation of network
resources is part of each service
design.
SaaS, PaaS environments.
Network team members are Network team members are part All network team members are
included in networking of strategic workgroups and fully aligned and engaged with the
workgroups related to cloud provide direction related to business cloud strategies.
strategy. Provide input and are networking for cloud access. Participate in all meetings and
engaged in finding solutions to Engaged in architecture, security workgroups and build plans to
achieve the business objectives and corporate policies. optimize the strategies.
which cloud enable.
Network team has a solid working Clearly understands cloud services Formal training and certification
understanding of cloud principals and can easily participate. on cloud services obtained. Can
and use cases. Network team Formalized cloud training has easily participate in DevOps and
understands corporate cloud been completed. help optimize infrastructure
strategies and follows standards. deployments.
Some formal training and practical Attended formal training and can Formal education and certification
experience with cloud test demonstrate advanced testing on cloud networking
environments. Network connectivity solutions. Lab/test achieved. Standard education
connectivity planning is driven environments available and curriculum defined for the
from business requirements. utilized. Network team networking team. Cloud
connectivity planning forms part connectivity planning forms part
of the strategic network of all strategic IT planning,
procedures and policies. Input including cloud access. Network
from the business units forms part performance reporting and
of the detailed requirements. utilization are part of all reporting.
RFI & RFP processes used to Procurement criteria is managed Criteria for detailed network
obtain network services and and documented to provide services are established and
produce systematic results. metric for measurement of updated regularly. Procurement
Network services are measured network services. Network of network services is optimized
against defined business goals. services are in line with business to align with business
Bandwidth and capacity are used requirements, security and requirements, security and
to define requirements. compliancy regulations. RFI/RFP compliancy regulations. RFI/RFP
processes managed to utilize processes are documented and
network services with predefined measured against requirements.
catalogues, sharing network NFV (Network Functions
services across platforms. Virtualization) is preferred, SDN
(Software Defined Network) and
virtualized appliance functions,
policy and cost requirements
(NLB, WAF, WAN Connections)
are optimized to meet business
needs, security and compliance
with network services.
Network Service disruption Network services are well Network services are optimized
notification has automated documented and align with and designed for failure.
triggers that are escalated based business requirements defined by Predictive modeling and
on mapped business function as KPI’s and tested regularly. notifications on failure as well as
described in SLA’s based on Disruptions are managed and service restoration are used to
defined KPI’s which ensure measured to ensure availability meet business functions and fully
availability requirements are met. requirements and ensure SLA support defined KPI’s to ensure
adherence which include vendor availability and consistency of
plans for escalation. services. Disruptions are
responded to through triggered
events which utilized automation
to ensure business function
maintained according to defined
SLA’s. Accumulative impacts and
events are measured over time
and are responded to by adaptive
SLA’s.
Application performance and Network availability and The network is now optimized to
availability reporting is defined performance reporting services align with defined business KPI’s
appropriate to the business align with business KPI’s and SLA’s that are regularly tested and
function and business impact and are available in real-time to reported to the business. Network
analysis is routinely performed. the business. Business function automation continually monitors
Automation is beginning to be mapping now overlays network for new services to enhance
utilized in response to network services enabling measured availability and performance
performance and availability impact to business objectives. while proactively identifying
requirements as defined by potential impacts and deficiencies
business SLA's and KIP's. bringing greater value to the
business which enable strategic
assessments to drive proactive
resolution to unforeseen
deficiencies before they occur.
Business requirements have been Network architecture has been Network architecture is optimized
defined and captured in the fully implemented to support the to enable operational support of
network architecture which hybrid-IT operating model. The the hybrid model to rapidly
supports operational needs and is network equipment needed to identify performance and
supporting services for the hybrid- support WAN optimization, availability, as well as, support
IT operating model for both utilizing such tools as caching, de- security dependencies, service
internal traditional and external duplication, compression and management and business
cloud environments. WAN broadband bonding are in place continuity. Current and
Optimization is now recognized as and performance is measured “predicted” future network
an important factor in the hybrid against business defined KPI’s. requirements needed to support
model. Equipment (inventory) and “real-time” business needs are
services are known and deployed through automation.
documented. Network Provisioning is managed through
assessment plan is complete and policies that align with cost
updated regularly to support benefit analysis. WAN traffic
ongoing business and cloud management
adoption. Plans include all is fully optimized to interact with
aspects of performance, both the on-prem and off-prem
compliance, availability and environments holistically enabling
automation. visibility of the hybrid operating
model.
The hybrid model is in place and Operational support teams now Network instrumentation is
instrumentation is being utilized manage and monitor transactional optimized to enable real-time
by operations to support the performance through network access to analytical data and
hybrid model. Cloud provider and instrumentation tools to enable automation to respond to
3rd party supplied tools are continually monitor and measure events in real-time. Network
measuring network performance network performance against pre- instrumentation optimizes unified
while providing continually defined metrics. WAN networks and automated
monitored services. Advancement optimization strategies such as provisioning enabling seamless
in instrumentation is allowing caching, de-duplication, migration of services and
operational support of security compression and broadband applications from one
intelligence to shift from a bonding are used to enable environment to another with no
network centric security model to services such as QoS and measure constraints. Network traffic is
an application centric security application performance against instrumented to support “always
model. business KPI’s. encrypted” traffic and ethereal
networks are managed through
the CI/CD processes. Operations
now supports the network
through the application layer with
open API’s for centralized
software control, traffic
analysis/analytics, traffic steering,
and security.
Cloud virtual networks now Average response times between Mobile Cloud Computing (MCC) is
consistently support mobile mobile apps and end-points are optimized for mobile device
devices utilizing traffic measured to identify latency and management, provisioning is fully
prioritization measurements, such meet performance expectations. automated and leverages cloud
as QoS to mobile applications, and Cloud virtual networking is fully virtual networking to enforce
leveraging cloud managed utilized and supports hosted cloud security, policy management and
authentication. Views of network provider and 3rd party tools for business process orchestration.
traffic are being utilized to enable seamless app distribution, Network performance is managed
end-to-end bandwidth shaping. automation and provisioning. to optimize peak performance to
Latency and performance are now Packet Shaping is used to improve support end users using edge
being measured and managed to user experience by measuring caching and mobile device
meet demand. bandwidth to latency-sensitive detection for redirect of mobile
applications which need to optimized websites. Real-time
operate in real-time. Front-end Optimization (FEO) to
HTML pages is optimized for
rendering. Adaptive image
compression compresses images
based on real-time intelligence
about network conditions.
Enhanced Mobile Protocol (EMP)
is implemented to accelerate
mobile users web experience
implementing protocol
optimization (such as real-time
TCP parameter tuning and HTTP
pipelining)
Organizational policies and legal The network is continuously Compliance is applied and
requirements are adhered to by monitored and tested against all validated via automation in the
well-defined controls which utilize compliance and regulatory Continuous Integration and
automation and orchestration to policies. Controls are Contentious Deployment (CI/CD)
align with environmental implemented as new threats and pipeline. All code is scanned
conditions. There are new vulnerabilities are identified. during development and network
boundaries defined between Configurations are tested for and infrastructure is templated
providers and subscribers and written to support environmental against the latest builds, policies,
regulatory compliance is weaknesses. All end-points and regulatory compliance and legal
environmentally driven, i.e. the access-points are monitored for requirements. Models, which
provider enables controls to not vulnerabilities and security groups provide scaling up/down use
allow a subscriber to implement a tightly control access. platforms such as Cloud
non-regulatory compliant Application Management Platform
environment. The Network is fully (CAMP) and Tosca CI, to
documented and is regularly seamlessly integrate functional
tested for compliance and tests into the continuous
regulatory policies. New services integration environment. Network
are tested against requirements functions, such as firewalls,
prior to being deployed. gateways, load-balancers, etc.,
are available for use by catalog in
a library for use by automation/
orchestration and are controlled
by security groups.
Network services align with the to which the The network is The network is directly
hybrid model and Software continuously monitored and programmable, control functions
Defined Networking tested against service availability are decoupled from forwarding
(SDN) enables network engineers and performance requirements functions, which enables the
and administrators to respond and stated business KPI’s. QoS is network to be programmatically
quickly to changing business in place and managed though configured by proprietary or open
requirements via a centralized business SLA requirements. source automation tools,
control console. Problem Network teams are designing, including OpenStack, Puppet, and
detection and recovery triggers building, and managing networks Chef. Centralized Management is
and processes are defined and in that separate the network’s implemented to enable network
use. Roadmaps and control and forwarding planes, intelligence that maintains a
budgets include elements to make enabling the network control to global view of the network. The
the network more flexible and be programmable and the network delivers agility and
agile to support the virtualized underlying infrastructure to be flexibility enabling rapid
server and storage infrastructure abstracted for applications and deployment of new applications,
of the modern data center. network services. Applications services, and infrastructure to
Automated re-routing around relay performance and quickly meet changing business
performance problems is availability requirements to the goals and objectives. The network
implemented switches and routers respond. is architected to support “self
healing” which enable
weaknesses and vulnerabilities in
the network to align with
changing business requirements
and demand.
IP Management is a backend IP Management is centralized IPAM data is fully integrated into
service and is part of API access with integration of IPV4 and IPV6 DNS Zone/Record generation,
and management in public cloud address ranges. Network policies DHCP scope deployment, Peering
provider environments. exist to control and manage IPV4 data and Asset data. Automation
Provisioning and infrastructure addresses while IPV6 is adopted in of subnets are tracked and
services are managed based on the development and deployment assigned to manage address
IAM role/user, and can be used to pipeline. IP addressing is utilization. Orchestration manages
monitor and manage events and managed and is strictly controlled IP subnet allocations and static
logging within the cloud through provisioning polices and assignments for both internal and
environment, but lack a total compliance controls. DNS and external networks. IP tagging is in
hybrid solution. Solutions, such as DHCP strategies exist to support use to include required metadata
IPV6, are being implemented for protocols such as IPV6 as the and other custom fields. IPAM
large enterprises as part of IP standard for cloud deployments. manages and administrates
management strategies for cloud overlapping/duplicate IP subnets
environments. integrating with device
management for additional
automation. IPAM adopts API’s
for integration into third party
DNS providers, enterprise
managed service providers, third
party CRM and ERP SaaS
solutions, and the ARIN RESTful
Web Services and utilizes RIPE
(RPSL) APIs as part of the
management strategy.
The strategy for monitoring the Application performance Monitoring of cloud and on-prem
technology ecosystem is moving monitoring is a commodity and infrastructure is from a single
towards including all providers as Application Performance platform. Monitoring is focused
well as on-prem and off-prem Management (APM) is on trends and alerts on cloud
environments. The “single-pane- implemented to help manage the resource consumption. The end-
of-glass” is the goal of all support resources and cost of user-experience is the core focus,
and admin teams. Consolidation applications. Monitoring and methods such as synthetic
and integration of monitoring Serverless Architectures is an transaction monitoring are used
data for historical trend analysis identified new Use Case. to ensure brand and Intellectual
as well as predictive analysis is Function-as-a-Service (FaaS) or Property (IP) are protected.
adopted as part of the hybrid Serverless Architectures are Metrics are integrated with flows
model. Network and application standardized and IaaS is deployed and logs to provide an end-to-end
monitoring rely heavily on vendor through scripts (such as Terraform view of the whole technology
supported tools and services. and Lambda). Monitoring cloud ecosystem. Monitoring is focused
application dependencies at the on the application layer and is
application layer is now the fully deployed across all
standard. environments that includes on
and off prem as well as cloud-to-
cloud across all providers.
Network and application events
are seen holistically across all
provider environments.
Cloud based network security Cloud network security policies Networking in the cloud is fully
solutions are introduced to include the hybrid model and are optimized to meet the needs of
address the increase in virtualized based on the "shared security the business. Network security is
deployments in public cloud responsibility model". Network fully automated to be deployed in
provider environments. Cloud security is measured and real-time to support fully secured
deployed networks need to monitored to ensure networks that have all of the most
support this demand for cloud orchestration and implementation recent and up-to-date policies and
based security. Therefore, in of risk management is based on vulnerabilities in place. Risk
order to deliver comprehensive business risk which is measured management is consistent with
protection, security is written into against business policy and the shared responsibility model
the architecture of a cloud compliance requirements. and supports proactive and
deployed network to support the Implementing cloud-network continuous deployment
"shared security responsibility based security has provided methodologies.
model". consistent control and visibility
across varying domains across
public, private and hybrid cloud-
based services.
Application design patterns have High availability has been fully All networking high availability
off-loaded some of the high defined to support the business requirements have been met and
availability requirements needed model and is implemented the network is fully diverse and
in order to meet business through defined pipelines that fault tolerant. The network is
requirements, however respond to real-time business self-healing and will automatically
networking patterns are partially opportunities and security reroute traffic with no human
implemented leveraging IAC vulnerabilities. Policy based intervention. There is no
(Infrastructure as Code) in the orchestration and implementation performance degradation due to
form of Terraform Models, Chef of risk management based on analytics that capture SLA
Recipes and Puppet Enterprise business risk are well defined and requirements and ensure they are
builds. As network deployment standardized, as well as all policy met prior to demand being
becomes more standardized, and compliance requirements. reached. All network
models are available to support Automation is a fully implementations are scanned and
highly available networks, and are implemented deployment adhere to vulnerability and
being systematically adopted into methodology. compliance policies prior to
the application environment. deployments. Deployments are
continuous to meet business
demand.
Benefit Analysis Who
Current Future
State State
Total 0 0
Barrier
Lack of awareness of
available options to provide
network connectivity across
multiple providers. Often
vendors will provide
solutions that are specific to
their implementation and
can distract from adopting
solutions that are agnostic
and work across multiple
providers.
The business lacks concepts
in cloud capabilities and has
a tendency to either
oversubscribe or under-
utilize network service
capabilities.
Control Question
Is Executive Management
supporting investments and
objectives relating to the use of
AI/ML/DL in current and future
cloud operations?
People
People
Do IT/Ops personnel and
developers have training and/or
experience in AI concepts, tools,
and appropriate use cases?
Alternatively: Are AI consultants
available to supplement in house
capabilities?
Processes
How are machine learning
systems developed, deployed to
production, and standardized
across the business?
Technology
No priority has been given to Awareness of the value of AI and Management is able to see
applying AI/ML/DL. ML has led to Management's examples of AI/ML based
support of efforts to achieve capabilities on top of defined and
CMM Level 3 or greater in the systematic Operations
Data and DevOps domains to capabilities. IT/Ops is able to
establish a solid foundation of demonstrate applied AI/ML in
data access, automation and proof of concept environments.
processes to ensure AI/ML Management is supporting
capabilities can be layered on top further implementation and
of a solid foundation in the future. inclusion of AI/ML capabilities in
the IT/Ops roadmap.
Conceptual AI experience is Some staff members are known to AI subject matter expertise and
unknown or non-existent. have basic conceptual AI use of appropriate algorthims has
knowledge. There is an been demonstrated in a small
understanding of which use cases number of projects and use cases.
are appropriate for various
machine learning algorithms and
neural network architectures.
No processes exist to plan for Logging of some notable Infrastructure utilization and
cloud consumption or capacity demand/utilization events capacity requirements can be
needs based on data or analytics. and corresponding cloud forecast for cloud resources
infrastucture utilization is supporting a specific project or
occuring. Visuals, such as graphs, workload.
can be constructed for operators
to estimate possible correlation of One or more methods for
factors. applying statistical analysis on
historical utilization data exist and
forecast results can be
automated, scripted, or visualized
proactively (not necessarily in
real-time)
No basis for data quality Institutional knowledge of which A Data Management System is
measurement exists. data sets are accessible and used as the system of record
suitably structured for use with noting attributes that describe the
algorithms is limited. structure, accessibility, and type
Measurements of data and of data available to the
algorithm quality are not organization. AI algorithm
quantitative. Examples may developers update the system of
include anecdotal outcomes of record noting attributes useful for
projects or experiments. their AI projects. The system can
be queried to reveal sets of data
that match the requirements
and/or capabilities of algorithms
that are being developed.
No common or shared process Early adopters (typically Data More predictive systems are
exists. Scientists) are independently being deployed, but each
using various AI/ML frameworks requires unique handling. Some
and tools to create predictive groups have well documented
models. IT/Ops is starting to processes, and they are
create deployment systems to collaborating with IT/Ops to help
facilitate deployment of standardize. Working groups are
predictive models, but there is no bringing best practices together
standard system in place. with new tooling and systems to
facilitate deployment of
predictive models.
AI, ML, and automation do not AI/ML tools and automation have AI/ML tools and automation have
exist or have little to no access to access to single systems or limited access to some key data sets
application, system, or respositories of data. E.g. across the organization.
organizational data. predictive analysis has access to
the central log respository only. Integration of data labeling tools
is able to tag or capture data sets
Tools to generate and label useful through data pipelines tied to a
training data sets (features and data lake, data warehouse, or
corresponding results) are being external data repositories.
explored.
AI/ML routines mostly depend on
structured data sets.
No automation, ML or AI is Teams are employing automation Automation is common. AI and
present within the orgnaization. utilizing Chef, Python, and other ML have been introduced to
scripting to automate application detect changes and build simple
deployment, infrastructure models. Some predictive
management, and testing. automation is possible and
Intelligent automation efforts rely enables classification of data
on explicit rules and conditions. and/or detection of anomalies in
No predictive learning capabilities quantitative operations
are in use. measurements.
E.g. physical environmentals
cluster analysis, baseline
audio/visual recordings,
temperature regression analysis.
No capabilities have been Experimentation with various Algortihms are processing a mix of
demonstrated. AI/ML approaches is occuring, but inputs, such as ops events (CIs),
few substantive results have infrastructure logs, or application
surfaced. performance data, and human
operators are using
recommendations from AI or ML
based systems to make decisions
more quickly and more
accurately.
No consideration. AI projects are developed in The data that is available for AI
isolation and exist mostly on local projects is generally non-
workstations with some use of production data, and it is isolated
public cloud or on-premises from production environments.
environments. There is little The data can be readily
consistency in making training transferred into the cloud. Real-
data readily available to those time data from production
experimenting with machine systems has not been
learning. instrumented for use by AI
projects.
ations, Hybrid IT, and cloud-native Software Development
nments
AI/ML intiatives are included in Management has recognized Thought leadership, technical
IT/Ops roadmaps. IT/Ops is improvements in cloud innovation, and contribution to
delivering capabilities on the automation and operations due to FOSS projects are considered
roadmap and adding AI/ML the investments in applying valuable to the business.
capabilities to the IT/Ops service AI/ML. IT/Ops is capturing Executive Management
catalogue. Goals for operations quantitative metrics that evangelizes the modern
improvement are defined. demonstrate the business value of capabilities internally and to
of AI/ML. Roadmaps now include investors, and advocates
the application of DL on continued investments as the ROI
operational data/logs to find from the application of AI/ML/DL
valuable correlations for further is effectively self-funding.
improvement.
Several projects have successfully Multiple teams and multiple Technical training focused on AI
demonstrated successful projects are consistently disciplines and use cases is
application of general AI, Machine demonstrating subject matter incorporated into training aimed
Learning (ML), and/or Deep expertise and appropriate use at the entire company's technical
Learning (DL) in appropriate use case application across multiple AI and technology management
cases. disciplines. employees. The company's
challenges and successes with
A larger center of excellence Training and certification applying AI to innovative use
compentency has developed in programs are available to cases are evangelized internally
the team. employees across multiple and shared publically (blogs,
organizations. presentations, books, etc.)
This team is sharing its expertise
with other organizations seeking Metrics track employee usage of
to implement AI/ML. Data and AI platforms.
Automated processes correlate Metrics focusing on the accuracy Most cloud operations change
active cloud resource utilization of AI/ML generated events are initiated by automated
data and a few external change recommendations for cloud systems and processes. Prediction
events in near real-time. capacity decisions (adjustments) and detection of over-load or
are in place. Some cloud capacity over-allocation conditions helps
More advanced ML regression allocation events are automated the business optimize on cloud
capabilites are applied to logged based on confidence in the spending, and the use of least
utilization and change event data. predictive utilization and cost cloud resources across
Ops staff are alerted to make consumption patterns. multiple providers (hybrid cloud)
capacity decisions when forecast is providing additional value.
resources are expected to be
over- or under-subscribed.
Most data sources and their There is widespread adoption of The data quality assessment
associated attribute metadata are the data quality assessment framework has been extended to
catalogued in the data framework in the organization. measure costs and benefits of
management system. The Metrics relating to data accuracy, data processing algorithms
organization tracks AI algorithm accessibility, availability, and including the measurement of
usage in the system and can adherence to data model real-time data processing
measure the utilization of standards are defined and capabilities and the
different data sets. Management included in KPIs and management improvements that algorithms
has adopted a data quality objectives for key stakeholders. produce including risk mitigation,
assessment framework and set attributable increases in revenue,
quantitative objectives for data and reductions in cost. The
quality based on reporting output organization can compare the
from the data management effectiveness and efficiency of
system. different algorithms.
Cross-functional teams have A platform providing shared Data pipelines are largely shared
adopted common tools. IT/Ops training data pipelines is and feature labeling in training
has provided a deployment accessible to multiple teams. data sets is normalized and
workflow and supporting Multiple data sources (including shared across different
compliance frameworks to structured data and data lakes) organizations.
enable development, staging, are instrumented in the platform
and production deployment of and features can be defined and Model development and
predictive models. Results of labeled for new and existing deployment systems are
training data have a standard training models. providing rapid access for
repository where results can be organizations to quickly iterate
compared. Qualitative metrics track data on new ideas and experiments.
quality, platform usage, and
predictive model accuracy. ML capabilities are instrumented
to perform experiments, design,
and select the best fitting models
and types of ML used on the
machine learning platform. (i.e.
ML is being used to improve the
fit of models deployed on the ML
platform)
AI/ML tools are integrated into an The AI/ML automation platform is Data management processes
automation platform and several instrumented into a majority of themselves are leveraging AI to
teams are processing data the organization's data maintain data quality and produce
through the system. Access is repositories. Useful training data higher quality training data sets
through defined API's, data sets are available to multiple for use on the platform.
interfaces, and integration tools teams for experimentation and
(RESTFul API, database views, ML/DL training.
iPaaS, ETL, Service Bus)
Data pipelines are specialized into
Exploration to identify high value near term/future predictive use
sets of features and algorithms cases and batch-oriented
requires significant iteration and workflows. AI/ML algorithms are
experimentation. able to process unstructured data
sets.
ML-based automation is revealed Sophisticated AI/ML systems are Automation of increasingly
interesting correlations between able to outperform human complex tasks has driven the
multiple, disparate sets of data. operators (as measured by innovation of deep neural
accuracy and/or speed) in networks (DNNs) and other ML
Examples in data center identifying root causes of systems which continuously
operations include identification anomalies or forecasting future update the training models from
of infratructure threats or needs or outcomes. the data the system is observing
anomalies based on changes or acting in.
detected in monitors captures Examples in data center
data from the physical world (e.g. operations include prediction of
on-premises audio recordings, mechanical equipment failure
cameras, thermometers, and/or (server fans, hard drives, HVAC).
vibration sensors).
Examples in business outcomes
include real-time targeted
advertising individually suited to
detailed consumer profiles
and supply chain optimization.
Total 0 0
Barrier
Executive Management
does not know what AI is or
how it can be used to
improve business outcomes.
The organization does not
recognize the complexity of
AI implementations and
therefore doesn't support
their personnel in getting
appropriate training or
utilizing consultants.
Control Question
Is there a development
environment where ideas can be
tested, also worked into the SDLC?
Processes
Is there a provisioning process?
Technology
Are the various IOT technology
elements implemented according
to the selected reference
architecture /plan of the
organization?
Knowledge Pyramid
Description http://www.ioti.com/strategy/iot-market-research-which-industries-are-leading-curv
Contains capabilities related to:
IOT use, skills and implementation in an organization
Being able to map and report business objectives against specific metrics
Having services defined in the IOT space
CMM 0 CMM 1 CMM 2
(None) (initial, ad-hoc) (repeatable, opportunistic)
The business users have no formal Some areas of business are Some business units have defined
information about IOT or how it educated about using data some Business Scenario Use cases
can be applied. No roles are feedback from IOT services. requirements for IOT data, and
assigned to it. Teams operate independently and are implementing it as new
are disconnected at this level. opportunities arise via parallel
projects. Demand is identified
which is greater than the existing
projects can satisfy. IT has
identified the IT operating Model
changes that will be required to
implement IoT technologies.
No visibility of data exists from The IT team can see data from Data sets from sensor based
any sensor technology. various sensors, but do not sources are available to selected
expose it to the business. business users.
No understanding exists of the People read articles and A business group is trained on IoT
opportunitiies IOT presents. individuals apply IoT to a process and identifies process
they own improvement projects which will
exploit the new technology
No reference architecture is Some teams have identified IOT A common architecture reference
identified. systems and implemented them model for IOT is identified for the
in silo's, without central co- organisation defining processing
ordination. locations, communication
protocols and security layers, as
well as tooling and data.
IoT equipment and systems are Development teams have Monitoring is more systematic,
being tested and/or deployed into implemented monitoring systems and a shared support organization
production, but no effort is made for their own devices using has been established for
to monitor their health or activity. bespoke tooling or manual responding to outages and
No effort is made to identify scanning and physical anomalies. Adoption of a common
rogue devices. observation. This monitoring IoT platform provides more
targets known devices and may consistent visibility across
turn up a rogue device, but not by applications and deployments.
design. Registration in a hardware
provisioning portal supports quick
lookups of failed devices for
location and type of replacement
equipment. Periodic scanning is
done in key ares to detect rogue
devices.
No IOT Provisioning process exists No process exists. Individuals Companies include IoT
implement IoT to solve problems technologies as a possible
in their area technology in their arsenal of
technologies and design systems
using this approach.
There is no relationship between Any business value is incidental Market pressure drives business
Business and IT objectives. and not measured or reported. to leverage IOT, based on industry
results where sensor derived
information is leveraged.
IoT Business scenario Use Cases
are developed to support business
goals.
No standards exist. Different teams use different Specific common elements are
technology and approaches implemented with standard
independently, motivated by interfaces, to enable re-use and
"their special process ease the IOT implementations at
environment". the edge. Initial Patterns of use
that define Business Scenario use
cases that are best served by edge
processing and those that should
be implemented sing Data Center
or cloud IOT processes.
No implementation exists Capability: Capability:
1. Near time data collection 1. Real time data monitoring from
2. Independent business units IoT devices
select and deploy IOT solutions 2. Individual IOT implementations
individually, and without central are aligned to justify individual
co-ordination or integration objectives and not those of the
Technology Implemented: company.
Simple dumb sensors 3. Efficiency on central systems
Data Center or cloud analtics and effective use of shared
resources is ignored
Technology implemented:
Smart Sensors
Edge Processing
No defined services are orderable Some teams advertise capability IT offer a range of available IOT
to deliver selected services, based Services that define patterns of
on their own implementations use, sensor selection, data
aggregation, LoRa network
capability for data collection from
sensors, MQTT Platform and Data
aggregation and access to
aggregated and summarized data
based on the deployment of the
central reference architecture and
some central elements of it
No IoT technology or Applications Some basic sensors such as RFID Advanced SMART sensors and
exist exist functions are deployed and
Siloed inter-system integration is supported. Connectivity is secure
deployed without a common and robust. LoRa® networks are
reference architecture being implemented in some
underpinning the implementation areas. Edge Processing
implemented to support data
aggregation and basic reporting.
A reference Architecture exists
Data
Monitoring. This stage enables Control. At this stage, connected
devices to gather data through products can be controlled remotely
sensors. This is the baseline for the with basic conditionals, such as if X
next steps of the continuum. occurs, Y is performed.
CMM 3 CMM 4 CMM 5
(defined, systematic) (managed & measurable) (optimized)
All business units have identified The business have adopted IOT as Data Science is the operating
Business scenario use cases and critical part of their Business model in use by the business, well
have defined appropriate Strategy and are implementing understood and integrated into
comprehensive data changes to their products and business logic, and the teams look
requirements for IOT, and an services to exploit IoT for new opportunities to leverage
overall implementation plan exists technologies. Business scenario data learning in developing new
with prioritized areas for all data data triggers from the IOT feeds, products, services, and
that could have monetary impact automatically adjust services and eliminating unneeded cost
on the business. IT has define trends to respond to, as drivers. IOT data enables
implemented the IT operating well as the agility / urgency potential value determination for
Model changes required to needed. Proactive analytics are in the teams, on various work.
implement IoT projects. place that foresee actions based
on IoT driven transformation.
Integrated views are shared on The business derives monetary The products and services of the
sensor derived data between value from the use of sensor business are evolved based on
business and IT. IT has derived data. Business users are analysis feedback from IOT based
implemented a cross business able to develop their own IoT data.
data catalog of all IoT Data. applications using data that is
available from IT Data Lakes.
A company considers IoT A Corporation utilizes real-time An enterprise integrates IoT data
technology in it's strategic data analytics based on IoT data from suppliers and customers
product planning and includes it to predict future trends in their with their data and identifies
and in new products operating model trends and foresees future
opportunities based on collected
IoT data
IOT interfaces are defined for all The Reference architecture is Based on results of the reference
relevant business products and continually evolved to exploit architecture implementation, the
processes, and implementation new technologies and use cases. architecture is adapted and
prioritized based on business It contains guidance and IOT updated to include elements of
objectives and value. patterns of use for business high business value, and
IoT Data Lake is implemented. users. The architecture contains optimized to increase simplicity
Architectural directions are governance policies on IoT data of operation and maintenance.
published to guide users on what usage The IoT solutions enable Industry
uses cases and data requirements 4.0 Business Scenario use cases
should be processed at the edge, and coordinate the activities of
and what should be processed in all businesses involved based on
the cloud. proactive incident identification
A central development Specific use cases and models are based on the business unit
environment is available to the selectable from the development wanting to test, a number of
organisation environment shaped around the proposed scenarios are listed for
business units needs, to enable the unit, with the ones they have
rapid concept prototyping not yet adopted being highlighted
An IoT device monitoring and IoT devices and systems are Self Healing is implemented to
support structure has been constantly monitored for address device failures, leveraging
defined within the hardware availability and non-responsive redundant deployments.
support and/or security units. The digital twin capabilities Autoscaling is enabled through
organizations to holistically of the IoT platform provides the smart devices that are in use,
respond to device fault and rogue dashboards and alerts for quick responding to changing workloads
device detection indicators. remediation. Statistics are automatically. Redundantly
Systematic rogue device detection captured and reports are provided implemented devices ensure
is performed at applicable for uptime, failure rates, suspect continuous availability.
locations. Action is taken equipment, expected devices not
automatically to address reporting in, etc. Automated
anomolies. network and RF scans are
Provisioning information for failed performed continuously, alerting
devices is automatically delivered when rogue devices are detected.
to field support staff that they can Other company assets like cell
efficiently replace or repair the phones run scanning applications
affected hardware. that detect rogues even in
uninstrumented locales.
Corporations implement a Corporations provide an open Enterprises develop integrated
foundational data collection data exchange from their devices data repositories of data sets to
platform and expose IoT data as (products) to customers to utilize rapidly integrate data from
sets of data to users to support data collected from devices to everyone’s IoT platforms to solve
citizen integration within their support their own IoT initiatives. enterprise issues and foresee
Corporation. trends
Business scenario use cases New products and services are IOT and the resulting data derived
support Business objectives that developed leveraging IoT trends are leveraged to re-shape
support business partners. These technologies and Data, so as to the enterprise and focus
Business Scenario use cases support Business Revenue growth innovation initiatives and
support an Industry 4.0 Operating goals. transform the market and
model. The results of IOT data are used to customer expectations of the
help prioritise investments. Enterprise.
IOT data is used to help optimize
investment planning and
operations efficiency.
Specific standards and Technology and systems are Highly specialized technology is
technologies are defined and selected based on their replaced in favour of re-usable
implemented, based on the compliance to specific company multi-functional technology, so
defined Use Cases of the business standards and ability to support that the IOT systems can be
unit, as supported by the the defined use cases of the dynamically re-organized and re-
reference architecture adopted. organization. Standardization on positioned within the eco-system,
Comprehensive Patterns of use technology enable efficiency on as needed.
that define Business Scenario use spares and support. Standardized
cases that are best served by edge Patterns of use are enforced
processing and those that should through governance, across the
be implemented using Data enterprise.
Center or cloud IOT processes.
Capabilities: Capability: Capability:
1. Ability to real time process 1. Ability to do Real time 1. Ability to integrate the efforts
control based on Realtime data Predictive Analytics is across busineses to faciliate the
collection of IoT data implemented based on IoT data response efforts of multiple
2. Deployment according to a enable business efficiency along enterprises based on monitored
defined secure architecture, with the business processes. IoT data.
existing central shared control 2. Product innovation funnels are 2. Ability to collect data and
and management elements, fed from IoT analytics results. resulting analytics reports from
enables rapid edge deployment Technology implemented: every step of the business process
and scaling. Scene recognition technology via IOT enable real-time
3. Stable scalable control, implemented. adjustment and correction to
management and governance Conventional process control ensure achievement of the
systems provide predictable systems data integrated into IOT business objectives.
performance and capacity. Predictive analytics capabilities. 3. Highly specialized technology is
Technology implemented: replaced in favour of re-usable
Consistent underpinning multi-functional technology with
infrastructure such as LoRa® high learning capability, so that
networks are implemented in the the IOT systems can dynamically
enterprise. RFID technology and re-organize and re-position within
Smart shelving technologies the eco-system, as needed around
enabled to provide real time data business hot-spots and priorities.
collection of inventory and assets. Technology Implemented:
Sensor technologies are Augmented reality for
standardized and published for Maintenance and inventory
consistent use by businesses. applications in production.
Drones exploited for hazardous or
complex inspection activities.
Appropriate data collection and
resulting analytics reports from
every step of the business process
via IOT enable real-time
adjustment and correction to
ensure achievement of the
business objectives.
Managed IOT Services exist IoT Data is integrated into In addition to the requirements of
Secured Remote Management of corporate data lakes and is CMM 4, CMM 5 requires that
IOT is offered available to all business users to customer and supplier data is
Quality of Service is offered, enable advanced analytics that integrated into the data lake with
ensuring reliability exploit data from production , a standardised common data
IOT advisory and Pilot project customers, smart products to model, and is available to all
identification and implementation support business revenue business users (and to support an
Consulting services forecast and business planning Industrie 4.0) to enable advanced
analytics with AI that exploit data
from production , customers,
smart products to support
business revenue forecast and
business planning
Mobile and remote connectivity is Management, Monitoring and IoT applications and data are
available. LoRa® networks Analytics tooling provide integrated into/from all available
implemented across enterprise Dashboards, Visualization, Mining sources (such as Social Media,
Use is made of cloud based and Modelling capability. Mobile, Analytics, Cloud
services where appropriate and IoT technologies managed and applications, Virtual Reality,
available monitored by IT system Augmented Reality, A.I ( Artificial
Integration exists into business management tools. Intelligence), Quantum
systems such as CRM/ERP/PLM IoT Technologies integrated into Computing, and Massively
IoT data available to all IT Change and configuration Distributed grid Computing
applications via Restful API access management systems and process approaches) to support product
Machine leaning technologies development and achievement of
operational Business goals.
The IOT Reference Architecture
and the IT reference Architecture
are integrated
Systems are deployed accoridng The deployed solutions include Proactive modelling and
to defined enterprise standards, detection a capability for security prediction capability is configured
and images are applied to them, compliance. supporting security, analytics, and
which include hardening in of Examples include Scene planning functions.
security as the tech has capbility Recognition technology that Examples of sources include Social
and functions to support this. enables both visual and non visual Media, Mobile, Analytics, Cloud
Example: Smart sensors with data capability such as infrared. applications, Virtual Reality,
preprocessing, Data Lake technology: Hadoop, Augmented Reality, A.I ( Artificial
Open Source Middle wear: Statiscal Analytics: R, ThingWorx, Intelligence), Quantum
OpenRemote, IBI, Apache Spark Computing, and Massively
Proprietary Middleware: Data Process Engines: Distributed grid Computing
ThingWorx ApacheStorm
IoT Visualization tools: Freeboard, Cloud IoT Platforms: Microsoft
MQTT Platform for data IoT, GE Predix, Cloudera and
aggregation Talend
0 0
Where business can see results Business users, data scientists, IT
more quickly, they are also able to Architects
respond to opportunities or
threats more dynamically.
0 0
ONce the business leverage IOT Enterprise Architecture, Business
data to solve problems, they are Analysts
able to focus their solutions much
more explicitly at the aspect that
represents business value, based
on real statistical data now
available to them
0 0
Leveraging a common Enterprise Architecture, Business
architecture model enables Analysts
business and IT to align and re-use
common elements, as well as to
govern and secure the
environment more effectively.
0 0
By enabling concept testing in a Enterprise Architecture, Business
Lab, the business is able to model Analysts
the opportunities and benefits, to
help make their case and analyse
what impacts the use of IOT in
that dimension may have
0 0
Theis ensures the ongoing Technical Architects, Security,
availablility of information Compliance
through defined service levels,
and Security levels are
maximised / security breaches are
minimised. Device reliability is
increased through the use of
redundant senro technologies
A consistent process expands Technical Architects &
from an individual to an Operations / Support / DevOps
enterprise to provide data for all
to use. It quickly eliminates the
need for custom integration and
data models
0 0
There are millions of potential IT Architects, Security, IT
devices and technologies available Operations, Networks, Business
- by having standards in place, Analysts
security, re-use, and maintenance
are significantly improved.
0 0
When appropriate capabilities are Service Management, IT
defined for the business specific Operations
Use Cases, then technology
selection, governance, and
support are much easier and
more cost effective. Mis-informed
buying can also be reduced
0 0
By defining shared services and Service Management, Enterprise
advertising them to the business, Architects, Business Users
improved economy of scale is
achieved. Standards are also
easier to manage and govern.
The Citizen Integrator is enabled
through pilot programme
opportunities
0 0
Implementing according to a IT Architects, Security
defined reference architecture
generally makes troubleshooting
and planning much easier. It also
enables coordinated negotiations,
and improved investment
planning
0 0
By defining the compliance and IT Architects, Security
security requirements up front,
technology selection and
integration is significantly
simplified.
0 0
Total 0 0
Barrier
Control Question
Do standard architectural
designs/patterns exist to guide
API creation / management?
Processes
Technology
How are APIs monitored for
usage, billing, etc?
The overall goal is to make use of API's easy, cost effective, secure, and sustainable to allow organizations to drive value from
Anyone and Everyone can suggest End-users of an API provide input A Business Analyst is assigned to
API introductions and for new requirements. help accumulate requirements for
development Input tends to be specific to a API's.
functional requirement, without These requirements are vetted
an understanding or definitiion of across the user base to make
all use cases for the use of the changes more strategic
function
No formal training has been Individual developers experiment Training on various API
performed leveraging their existing dimensions is performed where
programing skills, and some new application development
online learning occurs
API's are not seen or managed as API's are created as required by A process exists to create APIs.
a product or service individual units. In general, acceptable interop
Interoperability is limited to the formats are defined up front, and
initial use cases, no standard some standard tooling exists for
tooling exists, and no registration, co-ordination and
owner/maintainer is defined governance of API's.
Owners are defined, but
changes/updates are done as
requests come in
No control exists API access is managed Access to APIs are tied to a central
individually, and access is granted authority (for example: AD
on a once-off basis by the project groups) where basic user
team. management happens.
Identity management is not
centralized, and is granted for the
specific API only.
No process is in place One or two key API's are A CI is created in the CMS for each
identified and commonly tracked API that is officially used by the
and used in the organisation. enterprize
Information on functions, updates
and changes to the API is retained
within individual teams
No designs exist Design patterns only address the Use of functions is defined via
use of common platforms, and design principles and patterns, so
how the API's may be accessed as to create common ways of
doing things, making
maintenance, support and
operations easier
API's are not considered for The Availability of the API is linked API is classified according to
business continuity to the system availability of the existing BCP/DR strategies and
system it ties to processes of the application it
interfaces with most
No secure development lifecycle It is assumed that all internal All new functions and API's are
evident development is trustworthy, and released to Production through a
that all authorised vendor change and risk analysis and
provided API's are trustworthy control process
No alignment is documented Developers develop what they All new development effort is
need for their function, with no justified based on how it enables
clear alignment to business the business and IT strategy and
objectives requirements
There is no deployment concept Each developer deploys or DevOps deploy API's and
registers the API manually functions for own applications,
registered in defined tools, via
their own change or release
processes
umption, maintenance, and retirement for APIs
API's are assigned to a A product owner is assigned, and A steering committe supports a
Solution/Enterprise architect who the API is assigned to a process gatekeeping function which
acts as API and standards owner, for evolution and development. determines if and when new API's
and assigns and prioritises new The owners is responsible for and functions are introduced,
function development. standards and processes around depending on what already exists,
This is aligned to business access, use, and effectiveness of what can then be retired, and
objectives and needs. Product the API functions in regards what can be consolidated.
owner makes build vs buy business enablement.
decisions around feature Tooling is leveraged to track and
enhancements. report the API function use
A secured and standard process Product owners utilize a standard Policy driven automation of
exists for creating/managing set of metrics to determine the changes are implemented.
APIs. future roadmap of a particular API function use is tracked and
A product owner is selected who API. reported regularly, so as to
plans a roadmap for the API use is tracked and reported optimise, analyse and switch off
evolution (or de-evolution) of a regularly, and goals are unused functions
service or product relating to a established for using Standard
particular API . industry foundational API
The API is advertised to the sources. Options such as FOSS,
target users in a standard way, are leveraged to reduce own
via an API management platform. development and maintenance
effort
Access to APIs is granted at a A community portal exists where No standing access to end APIs
more granular level than group users can manage their access and exists, and access requests are
membership, usually via claims. owners can approve access. granted in a "just-in-time" fashion
APIs have facilities for machine- Roles within the API are well- for the required duration of the
to-machine identity management defined based on measured usage request/process.
(e.g. service principles). patterns. Machine-to-machine interactions
Access aligns with applicable data Usage of those APIs is tracked take place with managed service
security policies. closely and reported on. accounts that have built-in
Access requests are generally password rotation/certificate
serviced via existing IT helpdesk rotation mechanisms.
or ticketing systems, and can be
tracked for offboarding.
All functions available via the API Use of each of the API functions is Based on API function criticality
are catalogued and attributes are tracked and reported and use, common functions are
defined in the CMS for each of automatically, so as to identify consolidated, and unused ones
them, against the CI for the API. critical and non-critical API's, are removed from the API and
Dependencies on the functions dependencies and functions from the API library, so as to
are registered, so as to enable reduce maintenance, risk, and any
change management and impact unneeded integration work
analysis
Design guidelines exist specifying Specification exists for defining A common funnel of new
the definition and naming of hooks into API's for monitoring, functions for API's is mapped, and
variables, functions and objects, management, measurement and prioritisation and co-ordination
as well as the security and access reporting purposes, as well as for their development is
controls for the function. troubleshooting. channlled to DevOps via the Agile
Re-usability is a key dimension of Error Code definitions are defined processes.
the specification. and applied, so as to enable ease
Self healing is also considered in of troubleshooting
the blueprint
Standard designs identify that the Self-healing is a standard part of All API's are stored in an API
API is designed to deal with the design blueprint, dealing with library, which is considered as a
failure, and to find and connect to element failures. critical system, and included in
the next available relevant Error handling and automatic fault the BCP / DR process and strategy
resource wherever that may be, correction is catered for in the
so as to ensure service continuity design.
All developers work according to
this process and design
A process exists whereby API's are API Management and Governance Due to all API's being registered
carefully analysed, and only tools manage exactly which API and controlled by means of an API
authorised acceptable functions functions are used by each user or management toolset, DevOps
are enabled or used. user group based on a tracking align tigthly to registering /
The API library contains the and registration porcess, and deregistering all development
secured API code, and the where they may be used, by releases via this toolset
function is called / loaded from means of policies.
this secure library in each instance The governance tool also tracks
the API version/s and reports
anomalies
All new and existing functions are All weighted functions are If development does not enable
weighted and prioritised based on prioritised based on their use and the business strategy or
the degree to which they enable their role in terms of business objectives, it is not done.
business and IT strategy and value and business enablement.
objectives. Based on being core Investment in further
or non-core, the non-core development is assigned
functions are slowly worked out accordingly
or de-prioritised while the core
functions are invested in and
prioritised
A roadmap of changes for all API's Monitoring and reporting Users of API's and functions
is registered so that all users of provides information about new receive automatic notifications of
API's are able to synchronise their API's features and functions, and changes, and have to accept the
plannning with DevOps their timely releases, illustrating notfication in order to proceed
the business value impact of any
delays
An API management tool is in Usage reports and consumption Usage reports and consumption
operation, and all API Functions of API's from the API tools is of API's from the API tools is
usage is recorded against defined automatically reported to the automatically assigned to the
metrics users' cost centre users' cost centre
Enterprise Change Management The Agile tooling interfaces with All new functions as needed to
process uses the API Governance the API governance tooling, and support predicted business
tools to register and release API's updates are planned and released capability are synchronised into
and updates across the enterprise via sprint releases release dates, and their
development and integration is
synchronised to these key
business targets
Benefit Analysis Who
Current Future
State State
0 0
APIs managed at the correct level Development Team, Business
lead to an optimal balance Analyst, Architects, Product
between strategic decisions vs Managers, Portfolio Managers
point decisions
0 0
Co-ordinated development along
common paradigms helps make
maintenance and evolution
withing the orgaisation much
easier and simple to maintain
0 0
By defining API's as products and Development Team, Business
services, their value and impact Analyst, Architects, Product
on / to the organisation can be Managers, Portfolio Managers
recognised and managed
accordingly
0 0
Knowing who use an API, and Development Team, Business
being able to report that ensures Analyst, Architects, Product
compliance and that anomalies Managers, Portfolio Managers
can be detected and resolved
quickly
0 0
Knowing what part of an API is Development Team, Business
used enables the DevOps Analyst, Architects, Product
organisation to focus their efforts Managers, Portfolio Managers
efficiently
0 0
The existence of common Development Team, Business
guidelines and supporting Analyst, Architects, Product
governance provide for effective Managers, Portfolio Managers
use, and enable compliance
management and risk
manageemnt
0 0
Feature and function availability Development Team, Business
can be guaranteed and depended Analyst, Architects, Product
on by the system owners and Managers, Portfolio Managers
users who leverage the API's
0 0
Being able to have a complete list Development Team, Business
of API's, functions, and access Analyst, Architects, Product
enables an organisation to quickly Managers, Portfolio Managers
address any issues that may
occur, and to secure their multi-
cloud perimeters much more
effectively. (Cloud today is driven
by API access and network access
- network is usually well-
managed, but API discipline is
new)
0 0
Focussing expensive resources on Development Team, Business
functions that add value to the Analyst, Architects, Product
business enables a higher return Managers, Portfolio Managers
on investment. If they are not co-
ordinated, much effort can be
spent on non-value generating
work.
0 0
By ensuring that all affected users Development Team, Business
are informed, impacts of change Analyst, Architects, Product
on the organisation can be Managers, Portfolio Managers
minimimsied, and expectations
can be managed more effectively
0 0
Being able to identify that all Development Team, Business
access to and use of API functions Analyst, Architects, Product
is accroding to the company Managers, Portfolio Managers
poliicies, ensures ongoing
compliance, and reduction of risk
0 0
Central co-ordination of API's Development Team, Business
provides security and control of Analyst, Architects, Product
the organisations key functions Managers, Portfolio Managers
and services
0 0
By being able to assign costs for Development Team, Business
the lifecycle management of an Analyst, Architects, Product
API based on usage, the Managers, Portfolio Managers
organisation can fairly determine
production costs of each business
product
0 0
Knowing that the business Development Team, Business
capability will be underpinned by Analyst, Architects, Product
key API functionality ties IT and Managers, Portfolio Managers
business tightly together, linking
dependencies directly, and
enabling effectivey opportunity
cost management
0 0
Total 0 0
Barrier
Many communication
strategies do not accomodate
API's yet, and consider them as
too low a level for formal
inclusion and broadcast
Control Question
People
Do you have a process for tracking
cloud resources?
Processes
Technology
Do you use automated tools for
identifying and relating cloud-
based CIs?
Technology
Do you manage configuration
consistency of the application
stack?
Contains capabilities related to:
• Ensuring use of the cloud aligns with the organization's Configuration Management process while still enabling the organizati
CMM 0 CMM 1 CMM 2
No. Cloud is treated as Some groups and/or projects pilot All groups and/or projects have
"different". adoption of CM practices for adopted some level of CM
cloud-based systems. This practices for cloud projects. These
adoption is inconsistent and is practices are generally similar, but
generally seen as being low as a whole the approach
priority by the majority of teams. is informal with no prescriptive
adherence to an organizational
standard nor communication on
best practices.
No effort is made to track cloud Cloud resources are manually Cloud resources are manually
resources. inventoried restrospectively as inventoried at time of
discrete entities, but not on a deployment. Relationships
consistent schedule. between components are also
recorded and maintained
manually. Monitoring tooling
runs daily to report systems and
configurations, and base system
information and location is
recorded into a CMS.
Cloud resources are not tracked Some development and/or All development and/or project
with any formal configuration project teams are tracking cloud teams are tracking cloud
management process. resources using disparate manual resources using a consistent
processes. This information is manual process. This information
siloed from the CMS and its is siloed from the CMS and its
component CMDB's (e.g. in component CMDBs (e.g., in
manually-maintained separate spreadsheets, etc.).
spreadsheets, etc.).
Teams are experimenting with
configuration data from cloud
vendor tooling (e.g., AWS Config,
etc.).
No integrated repository exists Some groups store CMS data for All groups are tracking CMS
cloud resources in disparate information for cloud resources,
repositories (spreadsheets, simple in disparate repositories which
RDBMS, etc.). are not connected.
All groups and/or projects for All groups and/or projects for All groups and/or projects for
cloud systems are following a cloud systems are following a cloud systems are following a
common, documented CM common, documented CM common, documented CM
process, including any relevant process. Training on the CM process. Relevant training and
training. There is no auditing to process is part of each cloud team process compliance are
confirm compliance. member's development plan. monitored and tracked. Team
Adherence to the process is members regularly provide input
monitored for compliance to continuous improvement
and corrective action taken when activities related to the process.
required.
Attributes about cloud resources Organization focuses on "high Cloud resource components are
(e.g., CPU and memory capacity of value" config data (business inventoried via automation,
VMs, configuration settings, etc.) critical apps, regulatory including component attribute
are being captured as part of the requirements, etc.), and data and component dependency
inventory of record. optimized data to manage cost relationships. Process no longer
and simplify processes. depends on manual intervention.
New deployments or changes Service chains (dependencies Cloud resource inventory data
cause "event triggered" updates between infr. and software) used as input to business decision
to CI records. identified via automated means making (e.g. understanding
(e.g. system scanning identified dependencies and lifecycles
Automated tooling for software, network connectivity within application portfolio,
infrastructure map to identify component inter- predictive budgeting for cost
component discovery exists to dependencies, etc.). associated with
improve configuration accuracy. CMS data regularly audited for maintenance/licensing/support,
accuracy and corrective measures maintaining capability roadmaps
implemented. in response to business demand,
CMS data used as input to other etc.)
ITSM processes (e.g., analysis of
service chain dependencies to
assess Change Management
decisions, etc.).
Cloud resources are tracked in Cloud-based functions are Combining cloud and on-
more formal CMDBs (vs. reported from one CMS, based premises assets in a single CMS
spreadsheets, bespoke on federated CMDBs, (shared provides a holistic view of the
databases, etc.) which are with other IT resources), and the Hybrid IT estate. This "single
integrated into a single logical dependency mappings identify point of truth" enables
CMS . These are managed as the service chains and associated optimization of the estate (e.g.,
independent CIs with no dependencies to other CIs. removing duplicative or
relationship and dependencies overlapping functions and
identified to other CIs. capabilities, identifying assets
which can be eliminated or
phased out from support and
operational processes, etc.).
An integrated CMS environment All CI's & Attributes are Duplicate data and data stores are
exists with different automatically captured and eliminated. Consistent tooling is
data elements located in different updated into the "single point of leveraged by all teams for defined
data stores, but as a cohesive truth" CMS, based on specialist functions.
federated CMS. Real CI orchestrated events.
information is beginnning to All groups register CI & attribute Predictive analysis of problem
migrate into this CMS. information for cloud resources, areas exists and leverages access
ITSM processes are being adapted and automated tooling raises to and analysis of the federated
to use the federated CMS for events where a bypass or CMS.
managing cloud based services in unauthorised item is noted.
context of the entire IT estate. Attributes are defined for Automated responses to
Regulatory related CI elements additional layers representing problems are invoked based on
are identified and managed cloud service integration, (e.g. the trend analysis.
accordingly API's,) and for dealing with
containers and microservices.
Additional functional layers are
accomodated in the CMS which
are important for cloud services
including IaaS levels, Application
Levels, and Integration elements
such as API's and Message
Services
Orchestration Events trigger the Automated discovery is used to Predictive analysis is integrated to
creation and updates of CI's and map dependency relationships the CMS for annalysing CI's and
attributes / changes between CIs into application- attributes, so as to identify
Automated discovery scans for specific service chains. potential problems and focus
existing cloud resources and is This is accomplished by scanning areas for attention.
used to improve accuracy of CMS installed software, and analysis of Unused systems and overused
data captured at deployment network connections between systems are identified, as well as
time. CIs, etc. areas for system optimization.
Updates resulting from manual All changes to systems occur via Trends are also identified for the
change events are logged by the service orchestration system, systems and components,
automated tools resulting in event driven triggers enabling predictive planning and
Relationships/dependencies automatically updating all CI's and budgeting for cloud resource use
between CIs are manually attributes without exception. and integration.
maintained. Discovery is used to audit the CM
process by identifying any
resources deployed outside
approved orchestration or
procurement procedures, and
escalated to risk management.
Tooling/scripting is standardized All existing physical and cloud The application stack is reported
across the organization and all based application stacks are as a single service entity.
projects manage and report the recorded in the CMS consistently. Shared and individual elements
configuration of new application are identified, re-use/no-use is
stacks, leading to improved Integration elements are tracked and reported.
predictability of full-stack recorded, and non-standard Deployment of elements or
consistency at deployment. configurations or elements updates for applications are
Configuration and application marked for correction. synchronised, based on
updates are detected in existing Objectives have been set for CI dependencies on common
environments by daily scans, record compliance and overall elements.
reducing configuration drift of the system alignment to defined (e.g. API function updates,
records. standards. messaging service updates,
Some manual changes still occur, A dashboard illustrates the integration platform updates, data
which are not all recorded, current status of application stack model updates etc.)
especially in the context of older configuration compliance with the Visibility of the stack enables
existing systems. defined standards. alignment to policy and regulatory
Alll changes result in an event compliance for the business
triggered update to the CMS function.
Event driven changes update the
CMS, which then supports pro-
active preventative maintenance
via the CIC/CD pipeline.
Benefit Analysis Who
Current Future
State State
0 0
The IT organization is better able Capacity Managers,
to respond to business demand Risk & Compliance Managers
when it has a clear picture of CIO
what it has and how it is all
interconnected.
0 0
Cloud resources captured as CIs Procurement
support ITSM processes such as IT Management, Compliance
Change Management, Asset Officer
Management, Financial
Management, etc.
0 0
Elimnation of duplicated systems ITSM teams, DevOps teams,
and data flows reduces costs and Capacity & Risk managers
administration.
0 0
Removing the need for humans to Software development and
capture details and replacing this infrastructure services teams.
function with automated tooling ITSM teams
generally increases accuracy and DevOps teams
minimises errors. It also bring the
data up to a standard and level
that meaningful analysis can be
performed to enable predictive
actioning.
0 0
New and revised applications are Software development and
deployed and managed infrastructure services teams.
consistently as a single logical
entity, ensuring more predictably
functioning applications while
minimizing the impact of
unintended change.
0 0
Total 0 0
Barrier