While this blog post is specific for Azure, you can apply the same concepts on the other cloud platforms. And you might even recognize principles from your on-premise environment. After all cloud governance is an evolution from the IT governance we’ve had for years.
What is cloud governance
Moving to the cloud brings a lot of flexibility. You can deploy new assets with a click of the mouse, without having to wait for new hardware to arrive. You can try out new services you have never used before. And then there is the power of near unlimited scale for when you need it. Of course this all comes at a cost.
There is also the flexibility of responsibilities. Lines between teams blur as everyone working in the cloud touches multiple dimensions of IT. One can’t deploy a website in the cloud without knowledge of security or networking. No matter how secure the application itself is, a poorly configured deployment opens it up to vulnerabilities. You’re no longer working on a possibly disconnected private network behind firewalls, you’re working in a public cloud where security has to be taken into account for every moving part.
Cloud governance is defined as a set of rules and protocols used by organizations that operate in the cloud. Without this guidance you might end up with security holes, an inconsistent envirnment and potentially unexpected high costs.
Cloud governance focuses on the following pillars:
- Security and compliance management
- Financial management
- Operations management
- Data management
- Performance management
- Asset and configuration management
These elements influence and possibly constrain each other. All of them together are required.
As with everything you can’t expect cloud governance to be ready and implemented with the snap of a finger. Typically it is implemented in multiple phase:
- Awareness: the organization already uses the cloud or plans to move to the cloud, but has no structure in place yet. It notices the need for cloud governance, audits their existing systems and works on a draft governance plan.
- Early adoption: the organization likely has a cloud team by now and took some initial measurements related to cloud governance. The cloud governance framework quickly evolves, bringing in the results of assessments and new findings.
- Mature adoption: the organization depends on its cloud governance framework for a compliant and secure cloud environment. It has fully automated the management of its cloud environment and teams follow the guidelines set out.
Designing and implementing a cloud governance framework takes time and effort. Luckily we can fall back on Microsoft that has bundled the experience of hundreds of companies in the Cloud Adoption Framework. It covers best practices to move to the cloud, from governance to actual deployment and migration tools.
Azure (and any other major cloud vendor) has a wide range of services. Several of them help you with implementing your cloud governance plan and while some map to multiple pillars. The cloud adoption framework remaps above pillars to following design areas (each with their own focus on a set of Azure services):
- Azure Billing and Active Directory Tenant
- Identity and Access Management (IAM)
- Network topology and connectivity
- Resource Organization
- Cost Management
- Security baseline
- Resource consistency
- Identity baseline
- Deployment acceleration
- Platform automation and DevOps
Like said before, the service icons mapped to each design area is far from everything you need. Personally I cover over 30 topics when assisting an organization with defining their Azure governance plan, explaining their use and help selecting the desired configuration.
So if this is your first experience with cloud governance, certainly have a look at the Cloud Adoption Framework. You can also reach out to me (or any consultancy firm which has experience with these challenges) to help your organization move forward.