Skip to main content

What you need to know about cloud infrastructure governance

The right culture, risk management, and continuous improvement processes can multiply the value of what a private cloud has to offer.
Colorful chess pieces

Photo by Ylanite Koppens from Pexels

Managing a private cloud infrastructure can bring immense value to an organization. The value encompasses cost, data privacy, flexibility, and an enriching experience for the people and organization.

However, such a complex solution demands multiple skillsets, technical expertise, human resources, adequate training, a supportive culture, appropriate risk management, and a continuous improvement process.

In the first article in this series, we highlighted various aspects of cloud architecture; in the second article, we described self-services delivery; in the third article, we explored operations; in the fourth article, we tackled resource and capacity management; and in the fifth article, we discussed the elements of successful lifecycle management for a private cloud platform.

This article wraps up the series by exploring each of these aspects to arrive at a holistic approach to infrastructure governance.

[ Learn more about setting up governance for an open source project. ]

What is infrastructure governance?

Governance describes the system the cloud team operates and is held to account under. Ethics, risk management, compliance, and administration are all elements of governance. Ultimately, governance in organizations ensures that the investments support the business objectives. 

As we wrote in the first article, Capability Maturity Model Integration (CMMI) provides a framework for the maturity of the processes that combine the people, procedures, and tools to deliver capabilities. The CMMI process areas we recommend for infrastructure governance are: 

  • Risk Management (RSKM)
  • Strategic Service Management (STSM)
  • Process and Quality Assurance (PPQA)
  • Organizational Process Performance (OPP)
  • Organizational Training (OT)
  • Quantitative Work Management (QWM)
  • Organizational Performance Management (OPM)

Effective governance ensures that all the private cloud team members understand the team's culture, procedures, processes, and roles.

Team composition and sizing

Your team's size depends upon your need for continuity of people, the number of clouds to manage, the level of cloud consumer engagement, support requirements, and bespoke customizations.

Team sizes can be kept small by following the strict observance of automation and standardization, ensuring that multiple clouds all look and operate the same. It's best to minimize or eliminate deployment of "unicorn" or bespoke cloud environments. A Site Reliability Engineer (SRE) is key to continually improving the day-to-day functions of the team and allows small teams to manage more environments without increasing their cognitive burden.

[ Get the free eBook: Hybrid Cloud Strategies for Dummies. ]

Our general rule of thumb advises a team of at least six people for private clouds with higher support burdens and customer engagement. For smaller cloud implementations with standard configurations, we recommend a minimum team of four. These numbers assume minimal bespoke customization and effective use of your cloud software vendor's support programs and relationships. Mature operations and lifecycle management practices improve the person-to-cloud environment ratio.

Typical roles required to manage cloud platforms include:

  • Cloud architect: This role leads strategy for cloud adoption, cloud application design (OpenStack/multi-cloud/hybrid), management, and operations. This role also includes working closely with the software and hardware to drive strategy capability based on the organizational requirements.
  • Cloud engineer: This role covers a large area of capabilities such as designing and building the automation capabilities to install, scale, and manage the cloud platform. As the environments and teams grow, the focus of this role shifts to maturing practices, especially around lifecycle management and operations. This role often has a development capability to deliver bespoke components to fill integration.
  • Cloud operators: This role (beyond OpenStack or Kubernetes specialized knowledge) needs to be highly skilled in network debugging to assist with root-cause analysis. This role is also required to document and automate support processes.
  • Cloud SRE: This role spans operational break-fix activities with an architect's view to identify areas of improvement that increase the platform's stability and scalability. It also tests features and develops capabilities to increase stability and scalability. This person must be your most experienced cloud engineer and place a heavy emphasis on improving the team's day-to-day operations.
  • Project and change administration: This role ensures that the organization uses its technical professionals most effectively. Your level-three engineers should not be managing change-control processes, just as surgeons do not get involved with hospital administration tasks.
  • Full-stack engineer: This role can onboard cloud consumers and design application capabilities and integrations, such as development pipelines. They should advise on application architectures that make the best use of the platform. This person is responsible for frictionless onboarding.

These roles should be augmented with hardware- and software-vendor subject matter experts to assist during the architecture and design stages, support health checks, and drive operational maturity. The team should ensure that knowledge transfer and co-working are part of the success criteria of vendor engagements.

Training and sustainment

OpenStack and Kubernetes are distributions with unique implementation features, much the way that different Linux operating systems are delivered as distributions. Typically, many skills are transferable between distributions; however, each distribution has specific ways of doing certain tasks, and recommended practices may vary.

[ Download the free eBook to answer the question Red Hat OpenShift and Kubernetes ... what's the difference? ]

We highly recommend that organizations invest in training and certification for the people who deliver their cloud platforms. Proactive training and certification combined with well-documented processes and a continuous relationship with your software and hardware vendors help create a sustainable platform.


Culture defines the set of acceptable behaviors for a group. Culture has a massive impact on the team's willingness to go the extra mile when needed, the way they act towards consumers of your cloud platform, their inclination to share knowledge within the team, and their willingness to innovate. 

"Culture is to a group what personality is to an individual."

Successful teams intentionally seek to build a strong culture. It is a process that takes time and requires ownership from the whole team. The Open Practice Library has resources to help you define and create your team culture, an environment of collaboration, and technical engineering practices.

We recommend you start with a clear understanding of how the team supports the organization's mission and then create a mission statement for the team from that. Then establish a social contract to drive the team's internal and external interaction. 

At the very least, everyone on the team should be able to answer the following questions:

  • What are we here to do?
  • How does that help the organization's mission?
  • What is my role in that?
  • How do I interact with my team?
  • What do we value in our team members?

Everyone on the team, and especially the team leader, should act out these values consistently.

Work and risk management

Private clouds are often large projects that integrate with several external systems. A project-management approach helps you consider all required use cases and address them before "go-live."

Beyond project management, you need to apply decision-management practices. A decision framework defines the criteria to evaluate decisions against (and should align with) the mission. This helps alleviate decision bias and personal preferences from stronger-willed individuals on the team. You can incorporate standards such as ISO 9126 into evaluating technical solutions to ensure that the team thinks through all the aspects of a solution. You must document the architectural challenges, decisions, and evaluation criteria. 

Driving continuous improvement

Mature teams can articulate their current and ideal maturity levels. This allows them to create a plan that increases their maturity over time.

We recommend using a model such as Capability Maturity Model Integration for Services (CMMI-SVC) to measure and map out your maturity journey. CMMI-SVC draws on concepts and practices from other service-focused standards and models, including:

  • Information Technology Infrastructure Library (ITIL)
  • ISO/IEC 20000: Information technology—Service management
  • Control Objectives for Information and Related Technologies (COBIT)
  • Information Technology Services Capability Maturity Model (ITSCMM)

Teams rate their current maturity against CMMI maturity level definitions and the five areas of practice and state their desired level of maturity. You can use it as a simple visual tool (as shown below) to communicate the current state and direction with the team and management.

Sample maturity assessment
(Mohammad Ahmad, Maurice Burrows, Adam Goossens, John Apple II, Johannes Swanepoel, CC BY-SA 4.0)

Once you assess your team's maturity, use the CMMI and CMMI-SVC process areas to help your team identify areas of improvement in conjunction with the recommendations from this paper.

We believe that these processes and recommendations will help you deliver a successful private cloud platform in your organization.


Factors such as having the right team composition with the required range of skillsets and team sizing can play a significant role in the successful governance of a private cloud. Coupled with training and sustainment, the right culture, risk management, and continuous improvement processes managed in an orchestrated manner can multiply the value of what a private cloud has to offer.

Topics:   Cloud   Leadership  
Author’s photo

Johan Swanepoel

Johan has 19 years of experience in Information Technology in various sectors including Banking and Finance, and Government. For Red Hat, he worked as a Federal Government Technology Specialist. More about me

Author’s photo

Adam Goossens

Adam, a Red Hat Senior Solution Architect for APAC, has 10 years experience in Information Technology and open source, with the last three years spent architecting, deploying and operating private clouds.  He focuses heavily on the design and implementation of cloud governance procedures, includi More about me

Author’s photo

Mohammad Ahmad

Mohammad has 20+ years of experience in multi-tiered system development and automated solutions. He has extensive experience in online services that use open-source software based on UNIX and Linux. Primarily focused on IT infrastructure with a background in open source web development. More about me

Maurice Burrows

Maurice is a Senior Consultant at Red Hat with 30+ years experience in Information Technology. He has worked for vendors, system integrators and end user organizations and has experienced the challenges of each.  More about me

Author’s photo

John Apple II

John, a Senior Technical Support Engineer, has 16 years of systems administration, operations, and IT management experience around UNIX, Linux, Performance/Capacity Management, Automation, Configuration Management, and OpenStack private clouds. More about me

Navigate the shifting technology landscape. Read An architect's guide to multicloud infrastructure.


Privacy Statement