Document evolving business risks and the business’ tolerance for risk, based on data classification and application critically.
Policy & Compliance
Convert Risk decisions into policy statements to establish cloud adoption boundaries.
Establish process to monitor violations and adherence to corporate policies.
Five Disciplines of Cloud Governance
Evaluate & monitor costs, limit IT spend, scale to meet need, create cost accountability.
Ensure compliance with IT security requirements by applying to security baseline to all adoption efforts.
Ensure consistency in resource configuration. Enforce Practices for on-boarding, recovery, and discoverability.
Ensure the baseline for identity and access are enforced by consistently applying role definitions and assignments.
Accelerate deployment through centralization, consistency, and standardization across deployment templates.
With all the economies of scale afforded through cloud adoption, it is essential to understand that only through public cloud governance are costs managed, data and infrastructure secured, and realize the competitive benefits of cloud providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP) and Azure.
For most organizations, cloud adoption spans business units, is siloed, skill levels vary and generally, results in “black-boxed” in conversations. Public cloud governance is not something that can be overlooked or dismissed, without having an impactful result on the business. You moved to the cloud in part, to reduce your capital expenses, but you could also have operational expenses accruing that are not aligned with the forecast. Cloud adoption does not have to be a zero-sum game, you can actually realize all of the benefits that the cloud has to offer without breaking the bank and losing track of your data.
What is Public Cloud Governance?
To govern the cloud, you have to know what is deployed at any point in time.
Proactive Cost Management
It’s not enough to look at your bill. The cloud changes rapidly, and manually keeping up with the pricing matrices can be a tall order. As a result, public cloud governance will provide cost savings and aggregated recommendations.
Compliance can be summarized as merely a set of rules. These rules are codified in a way that provide uniform governance that is both proactive and reactive.
Access and Data Security
Public cloud governance must also monitor usage patterns for compliance and security purposes, but also must account for and categorize data you have in cloud. At the end of the day, compliance officers want on-demand compliance reporting.
How do We Govern the Cloud?
Fortunately, cloud governance is achievable for companies of any size. In order to govern your clouds, you must aggregate all of your machine data for analysis in real time, or near real time.
Splunk defines machine data as, “one of the most underused and undervalued assets of any organization. But some of the most important insights that you can gain—across IT and the business—are hidden in this data: where things went wrong, how to optimize the customer experience, the fingerprints of fraud. All of these insights can be found in the machine data that’s generated by the normal operations of your organization.”
Because of a wide array of SaaS solutions in the marketplace, companies are now able to define a monitoring stack that brings all of the machine data together to provide real insights, sophisticated compliance monitoring and track your costs. Note however, that there is NOT a single, silver bullet present day; your monitoring stack will generally be comprised of 2-4 vendors, depending on your organization’s needs. As you might guess, many of these platforms will have overlap between each other, but they all have their own unique features that fill various voids.
What does a typical monitoring stack look like?
When it comes to resource management, config management (CMDB) there are a few options;
- Cloudaware (Cloud Rush recommended)
Many platforms offer core cost management and have recommendation engines designed to maximize your dollars spent. Some of our favorites are;
- Cloudaware (Cloud Rush recommended)
Organizations have varying levels of compliance needs. Make sure you understand your organization’s compliance and reporting needs.
This will help inform vendor selection.
- Divvy Cloud (Cloud Rush recommended)
Everything deployed in the cloud emits data. As a result, these logs must be aggregated for analysis, alerting, reporting and dash-boarding.
This data provides operational insights that illuminates your infrastructure as if it were sitting in your on-prem data center.
- Splunk Cloud
- Sumo Logic
- ELK stack (“roll your own” platform)