as a 


The road map is based on four guiding principles:

  1. Vision—What is the business vision and who will own the initiative?
  2. Visibility—What needs to be done and what are the risks?
  3. Accountability—Who is accountable and to whom?
  4. Sustainability—How will it be monitored and measured?



Cloud Architecture Assessment / Design

The proposed framework could be tailored to map to these various cloud models, such as SaaS, IaaS, PaaS, and DaaS; and it could be expanded by mapping to detailed controls within ISO 27001, COBIT, NIST and other guidance and regulatory requirements in various industries. Another area of development is an expansion of the trade-offs between the various quality characteristics (in particular, functionality, reliability and efficiency) and the ways that various cloud offerings address the issue of consistency vs. availability vs. partitioning.

The first step in the framework is to formulate and communicate a vision for the cloud at an enterprise and business-unit level. The first two principles relate to this vision:

Once the vision is articulated and the risk management organization is in place, the next step in the road map is to ensure visibility of what needs to be done and the risk of doing it. There are three principles related to ensuring visibility.  The third step in the cloud computing road map is accountability. In the case study, the business owner works with the operational risk manager to develop a matrix of roles and responsibilities.

This accountability extends to process, architecture and culture