In my previous blog, I talked about Cloud Governance and what it’s really about, where I conveyed my simple conclusion that it’s about rules for how to drive development and operation in the cloud platform.


Rules are a word we all know the meaning of, but in any case there is something about that word that makes us associated with something limiting, negative, difficult and not least annoying. Why? Maybe it’s because our experiences with rules means something more negative than positive – We have traffic rules that makes it “boil in our head” when we are stressed. Or complicated tax rules that force us to pay more taxes than we might want. And perhaps what we have known most in the last year are all the rules around Covid19, that have not been very pleasurable. And the list is long.

All these rules are most often perceived as something inhibiting, limiting and negative. The reason may be that we experience that they give us less freedom or that we lose something we believe we are entitled to. So maybe this is something completely natural that lies in us humans, at least as an immediate feeling and a mechanism to reach as far as possible for benefits. But when we think about it, rules may not be so negative after all.

Gives us opportunies

These different rules are usually made with positive signs, such as traffic rules contribute to fewer deaths and injuries, better for the environment, it even contributes to better flow and efficiency. Taxes contribute to an even better welfare society, and rules for infection control is to limit massive illness and death, etc.

When it comes to business and IT, we also have rules. Examples where we see these rules is in traditional procurements of IT deliveries, where these are often shown in the form of requirements specifications, perhaps with several hundred requirements that will secure the business against risk. In other words, it is easy to be perceived as inhibiting, limiting and negative because we must protect ourselves against something that can go wrong.

Turn it around

But what if we turned it around and saw all the rules and preventive measures as something value-creating? Now that we have cloud platforms like Microsoft Azure, Google Cloud Services and Amazon Web Services, that provide almost unlimited opportunities in technology, it contributes to high speed in development and faster go-to-market. But without having the right Cloud Security that keeps you within the business requirement when the complexity increases, it can quickly go wrong.

So instead of perceiving it as limiting and less value-creating, maybe we should focus on the fact that they give us the opportunity to maintain the speed, maybe increase it as well? It is easier and safer to maintain a high speed on a road that is secured with road barriers.

Because if you look at it holistically, the effect with rules is that in the long run we will achieve more because we have some framework to relate to and that keeps us on a safe and stable course. In other words, we achieve more value creation through less risk and higher efficiency because the framework has been set.

So is Cloud Governance (rules) about restrictions or giving us opportunities?

It may be a bit of both, but most of us would probably like to achieve as much as possible with the least possible risk.