Cloud Governance execution plan

It is not that complicated! Let me get you a draft plan how to start such initiative.

If you need further help, let me know!

A carefully designed and executed cloud governance plan is a must for every reasonable size company. It’s about control, risk management, and security. Note that Governance is not a one time project, it is ongoing initiative.

Setting foundation by developing and executing cloud governance program can be overwhelming. Every organization is different and requirements should be tailored accordingly. 

 Here are some recommended steps to start the work:

1. Form a governance team and document current state
2. Define goals and strategy
3. Implement programmatic controls
4. Develop policies for business units and plan adjustments
5. Create a cloud architecture diagram and guidelines

Let us dive into each of these steps in more detail:

1. Form a governance team and document current state
   
   For maximum effectiveness, this team should be composed of people from across your company including cloud engineers, cloud architects, and security leads (team composition should also vary depending on the org structure of your company). Company-wide buy-in and inputs from various stakeholders is essential.
   When setting goals it is essential to understand your current state and issues first. How are central security requirements applied? Do you have good control of your Bring your Own Licenses usage in the cloud? Do you have recommended cloud architecture guidelines for your environment? How is your common naming convention followed? Are tags used consistently? How do you create new cloud accounts/subscriptions? The complete list of questions is long, but it is very well spent time to capture this information.
   Gathered information should be used to establish goals and priorities which is the next step.
   
   
2. Define goals and strategy
   
   Work with your team to identify key priorities, policies and goals. Map those to stakeholders, cloud tools and security risks.
   It is good time to evaluate Cloud Security baseline. This should result to a great overview if what your cloud governance needs to include.
   
   
3. Implement programmatic controls
   
   When the policies and goals clear, it is time to implement them in practice. This will probably include improvements to access controls, revision of encryption processes, auditing of specific security configurations, implementing automated compliance, establishing financial management rules and similar.
   
   
4. Develop policies for business units and plan adjustments
   
   Once the essential programmatic controls are in place, work must continue with focus on each individual business unit within your organization. Business representatives are the best source for insight into what’s working and what needs improvement. You should implement effective process for feedback collection. Good cloud governance should enable cloud usage in controlled way by implement self-service capabilities and having framework for business unit autonomy.
   
   
5. Create a cloud architecture diagram and guidelines
   
   Finally, it is important to have clearly documented architectural decisions made in your cloud environment to support other architects and engineers building new cloud solutions. This could be achieved by creating architecture diagrams for your landing zones putting focus on shared platform components like network, identity, integrations, etc.