CCOE is a new operating model for OA which is primarily a governance and planning organization with oversite and ownership of the cloud platforms. CCOE builds the structure and widgets that PLAN/BUILD/RUN use to create and operationalize solutions.
Our Recommended CCOE Operating Principles are
- Cloud will be built around NIST security standards
- New cloud capabilities will be planned and operationalized according to the cloud governance model diagram
- BRM and EA collaboration will define the CCOE roadmap based on business and strategic needs
- Cloud patterns, guidance, standards, and security will be planned in collaboration with EA
- CCOE will champion through consultation cloud capability adoption, knowledge transfer, and resource alignment to the cloud operating model
- All cloud solutions whether migrated or new will be configured with network segmentation
- Cloud solutions will be cost planned, cost managed, and have cost data transparency provided near real time
- Continuous Compliance – Cloud will have data at rest and data in transit encryption based on the latest security standards for OA
- Cloud will have strict RBAC and will be integrated with Active Directory
Cloud Decision principles
Define when cloud is a good idea
- Workload-by-workload (or application-by-application decision)
- Is it available as a SaaS offering?
- Is it available as a PaaS offering? What other integrations are required for a full solution?
- Build from scratch using cloud native capabilities? Can it be containerized?
- IaaS as a last resort
- Vendor considerations
- Build to Learn – Leverage vendor free/freemium offers to build proof-of-concept/minimal viable product solutions to aid decision making
- Leverage commercial technology, capability, and innovation whenever possible
- Maximize competition to ensure that the organization is getting the best technology and value
- Leverage industry open standards and best practices to avoid lock-in and provide maximum flexibility for future cloud advances
- Independently assess the services delivered to ensure that the data remains secure.
- Cloud Smart: One cloud strategy to adopt cloud solutions that streamline transformation and embrace modern capabilities for multiple clouds and missions
- Data Smart: Data transparency and visibility to be enabled by enterprise infrastructure, application standards, and data tagging.