Before entering the cloud realm, it is wise and essential to develop a cloud governance model. But what is it? How do I create one? Fear not, we are here to explain! If you’re reading this article, then your organisation has probably decided to adopt the cloud. It might be easy: do a proof-of-concept, move some machines, or build a new application based on providers like Microsoft or Amazon. You will find and onboard your teams quickly, they will do some training, and soon you’ll be running solutions in the cloud.
Welcome to the transformation!
You're enjoying your shiny new services. Everything is going great. And then IT happens. IT might be the first bill for resources that someone forgot to de-allocate. Or an invoice for a test machine set up to test some heavy workload and left up and running for weeks. IT might be your security office hunting you down because some data or ports were found exposed to the Internet during an audit. IT might be the auditor who checks your environment every year but has now noticed that you are running new workloads in the cloud and asks about your policies. Or, IT might just be your CFO asking what you are spending money on with Microsoft, a question that you will not be able to answer. IT typically boils down to one thing: how exactly do we run this "cloud" thing (or HEDWRTCT, as all of us in IT love complex acronyms)? Eventually, someone will raise a question about the cloud governance model for your organisation. "Governance? Huh? Sounds complex and scary. Luckily, we have built cloud governance models for our on-premises environments, and we do use them. We have cost allocations and budgets, security controls, ways to deploy things and operate them." So why not to start there! Before jumping on the cloud ship, why not also build guidance on how to operate it for your cloud crew-mates?
Before we begin, a note on technical details
Rest assured, we’re providing technical guidelines in the second part of the article, available here. But we highly recommend that you first read the "Why?" and "What?" sections before moving to the "How?" If you want to jump straight into the nitty-gritty details – go to the second part of this post!Our "Why?" and "What?" sections apply to any cloud environment. Whether you are an Azure, Amazon or Google user, you can benefit from them. If you want to educate yourself on the Azure-specific approach, that is where the "How" applies.
Why do you need a cloud governance model?
It is a good habit to start any action or decision with the WHY question (and sometimes repeat the process 5 times to make sure that you nailed the answer). So, why do you need a cloud governance model for your organisation?It provides a framework for operations. Having an overarching standard makes design decisions easier. It will also ensure that you have the proper controls in place in terms of cost, auditing, monitoring, and security.Those are all valid reasons.Another reason is that it accelerates your cloud adoption and business transformation! Yeah, we know how that sounds. Another buzzword-bingo game.Look at it from this perspective: why does one adopt the cloud? To speed things up. Both from a purely operational point of view (for faster deployment) and business operations (making improvements faster, creating more incremental changes and test results, lowering time to market with services).But when things go more quickly, a chance that something will fail is higher.With a cloud governance framework, you lower the risk that something will break by providing a clear environment to operate in. You define the rules for it, ready-to-apply patterns, as well as tools and solutions for common elements. Finally, you also supply templates and ways to apply them.As a result, you can operate your cloud environment faster, in a consistent way, with controls on top of it, from both operational and business points of view.
What is a cloud governance framework?
When we were working on a framework for operations at SoftwareOne, we addressed the three main questions: Why? What? and How? We've covered the Why, so let's deal with the What. What is this thing called the cloud governance framework? (By the way – you can call it a governance framework or model – the name is not that important. It's more a matter of how it enables change at your organisation).A cloud governance model is your organisation's manualfor building and operating the cloud environment or services.To properly build one, you need to first break it down into sections. So, aside from the technical elements, what does it need to cover? On a high level, we have three main components:
- Business
- People
- Technology
(or BPT if we stick to the acronym game in this article).
Business
The business aspect gives your organisation objectives for your cloud deployment and governance model. They will mostly be set in the following areas:
- Performance: defined by how your cloud adoption will translate to performance in terms of your business goals
- Cost optimisation: streamlining and control of costs related to cloud operations
- Compliance: how you meet requirements for your compliance regulations (be it internal or external)
- Security: how to keep your data and infrastructure safe and secure, also concerning the next point which is
- Risk management: what is your threat model and what risks are you trying to mitigate with your cloud deployment?
People
People are at the centre. We highly recommend that early in the process you establish a dedicated team that will make sure your cloud governance framework covers your business objectives and applies the right technology. To ensure that you have it covered, create your own A-Team – a Cloud Strategy Team! (you can pick a better name – we're sure of that).This team should be cross-disciplinary: include your application specialists, architects, networking team and others, and make sure that you have your core disciplines represented. Your team will have two main tasks:
To define and build your governance framework
It will involve defining the strategy and approach, and how it should be rolled out based on your business needs. Align it with business goals and controls like cost optimisation and compliance.
To build and operate a common infrastructure environment and components
This is where your shared components of the cloud environment are born and maintained. Your Cloud Strategy Team will build shared elements of the governance framework and its implementation. They will also build and operate a shared infrastructure for an organisation (subscriptions, management groups, a connection between your on-prem networks and the cloud, shared services).
Technology
Technology is how your people will apply the cloud to meet your business requirements. The best outcome is when they have common patterns and ready to deploy solutions in those five areas:
- Cost management
- Security baseline
- Identity baseline
- Resource consistency
- Deployment, auditing, and monitoring.
This is it! We have the "Why" and "What" covered – in the next article, we will move to the "How".
Time to take a break!
Let's end our article on cloud governance here. We believe you are now better equipped to start the process of thinking about a cloud governance framework at your organisation. Now you can move on to part two of this article where we present the tools for implementing it for Azure.
Author
