Cloud Governance, what is it and why does it matter?
Cloud Governance is one of the most important areas to address for enabling smooth Public Cloud adoption. However, for various reasons, it does not always get proper attention and resources. In this article I will express my point of view on this topic, also why I consider it so important.
One obvious benefit of using Public Cloud is that it enables easy and self-service access to many traditional and innovative cloud hosted IT services. Sounds great, but with this power comes some potential pitfalls.
Let me give some common observations that are typical result of poor Cloud Governance, together with some inspiration how this could be solved (solutions proposed are based on my own experience working with Azure, but most of the suggestions could be easily applied on other Public Clouds as well). This will give you some practical insights into Cloud Governance:
- Sprawl of subscriptions/accounts, without no or very little clarity where to deploy workloads. This results not needed infrastructure overhead and lost time to take decisions. Solution inspiration: document and internally publish subscription scaffolding logic, be clear how the chargeback logic works, same on any network limitations, as well as autonomy rules.
- Inconsistent permission structure on subscriptions limiting people to do their jobs, time waste to fix this ad-hoc. Solution inspiration: start by defining structure for Management Groups. Tip: set essential RBAC on the various management group levels, including root. Follow the subscription scaffolding logic for workload placement.
- Inconsistency in deployments, difficulties to enforce regulatory compliance. Solution inspiration: leverage Infrastructure as Code, for example use Blueprints that allow to “stamp” configurations with Resource Groups, RBAC, ARM JSON, Policy, Custom scripts. Azure Policies can ensure that certain agents are installed, enforce usage of managed disks and much more.
- High manual effort to find information about the Cloud Objects/Solutions. Who is owner, what is it for, who takes cost, how critical is the solution, etc.? Solution inspiration: implement clear tagging and naming standards some good practices from MS https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging.
- No clear Org structure with mandates. Solution inspiration: agree and communicate clear RACI at least for the key roles. Whenever possible, avoid “Two in a Box” model (style of management in which two individuals are jointly responsible to manage an organization/team).
This list of issues is by no means complete, as there are many more sub-areas that falls under Cloud Governance, e.g. security, cost management, etc. but probably the main thing to say is that having at least the main things sorted in many cases can be a game changer for the user experience of our Cloud platform consumers.
So, as we see Cloud Governance is more or less extension of IT Governance to the Cloud, where most of the things that we have used to see in PDF format becomes part of automation, that gets enabled by clear and consistent architecture, led by competent Cloud Architects. The good thing that it is never too late to do more in this area, even when it is much easier to start right than to try implementing good Cloud Governance practices in huge production environments.
Hopefully, you have got some inspiration on this. If you need help where to start, let me know ?