Cloud Governance: Getting Started — 3 Things to Know
Cloud computing can help businesses overcome many challenges that are on the rise due to macroeconomic pressure. However, the transition to the cloud will be very strategic, with an emphasis on migration off-premises. According to the IDC Cloud Pulse 3Q22 Executive Summary, on-premises continues to decline while investment in cloud migration and strategic cloud services increases, with cloud accounting for 31% of total IT budgets. Hybrid is quickly becoming the de facto cloud standard, with nearly half of cloud users aspiring to it. Many organizations are planning large lift/shift/migration projects, as well as replacing “retired” applications with new ones. The application landscape is shifting, with 50% of applications expected to migrate to off-premises cloud environments by 2024.
The main reason for this shift is improved operational efficiency, followed by the need to free up internal staff resources. Changing from on-premises to cloud-based IT infrastructure architectures adds layers of complexity. This also means that more people throughout the organization will be able to influence the architecture. Even if the cloud service is secure in and of itself, if resources are deployed with poorly enforced access controls or configuration flaws, the entire system can be compromised. As a result, it’s critical to develop and sustain a comprehensive cloud governance model.
Old governance approaches aren’t effective for the cloud
Traditional approaches to IT infrastructure and compliance are ineffective when applied to the cloud because it is as distinct from datacenter architecture as the concepts of batch computing vs. real-time computing are. The cloud operates in real time. As physical constraints of infrastructure capacity, capability, configuration, and speed are removed from application teams, the need for governance (oversight and direction) becomes even more important in the cloud.
Effective cloud governance, based on a clear cloud governance framework, assists organizations in fully leveraging cloud benefits while managing costs, operational risks, and security concerns in a proactive manner. Regardless of how long or recently a company has existed, implementing a strong cloud governance strategy is a good idea. This strategy must be consistent with the organization’s strategic vision.
Simply put, cloud governance is the management of the costs and risks associated with cloud services, and it is critical for businesses because it improves scalability.
In this article, I’ll discuss three things to keep in mind when developing a solid cloud governance strategy.
1. Visibility
To govern effectively, you must first understand what you have and where it is. The goal is to be able to understand the costs, usage, security, capacity, and health of various cloud deployment models.
With visibility, you can:
a) Understand and develop cloud operations policies
b) Determine who has access to the cloud and how it is consumed, managed, and monitored
c) Maintain a secure posture by implementing security, data privacy, location and regulatory compliance policies
A cloud management strategy involves making an inventory of all cloud resources, which is a challenge itself. Decision makers can then initiate enterprise-wide initiatives like charge backs and show backs; detect anomalies; and monitor change history logs, security dashboards, frequently updated capacity data, automated alerts in a collaboration tool, and health, CPU, memory, and storage alerts. Additionally, delivering informational and educational initiatives not only bridges the gap between provisioning and optimization or provisioning and compliance, but also serves as outreach that aids in developing relationships between the center of excellence or operations teams and business customers.
Data is now deeply embedded in every organization’s strategic capability. Data-centric capabilities and the infrastructure to support them are now required for high-performance computing and maximizing business value. Customer and regulatory compliance expectations for data and ethical use have raised the bar for privacy, trust, visibility, and accountability.
To this end, we have enabled an enterprise cloud management structure that gives us access to the cloud resources available to the organization. We also implemented automated billing from the cloud to the ledger to improve visibility of cloud service costs and eliminate the need for manual financial operations. To accomplish this, we needed to work with our account owners and finance team to ensure they understood the value. Visibility into cloud environments improves cloud cost understanding, control, and communication. It also enables proactive monitoring of environments to ensure compliance with internal and regulatory standards and encourages accountability across teams, projects, or applications.
2. Automation
Governance is not a one-size-fits-all proposition, and each organization may prefer a different approach to governance depending on its objectives. Digital transformation is no longer a novel concept, but continuous innovation is required to improve and remain competitive, making automation critical for operational efficiency.
According to IDC’s Worldwide Artificial Intelligence and Automation 2023 Predictions, AI-driven features will be embedded across business technology categories by 2026, with 60% of organizations actively utilizing such features to drive better outcomes. Automation is critical for increasing efficiency in cloud management operations, such as billing and cost transparency, right-sizing compute resources, and monitoring cost anomalies. The use of automated tools can improve security, lower administrative overhead, decrease rework, and lower operational costs. Definable metrics and key performance indicators (KPIs) can be used to assess outcomes with the right cost transparency tool.
Modernizing application architectures, effectively managing cloud resources, increasing developer velocity, and focusing on outcome-driven metrics are the key cost-cutting levers in cloud computing. Automation can also aid in resolving personnel issues, which can cause migration projects to stall.
We’re using the crawl-walk-run strategy.
• Crawl is about gaining visibility into the cloud landscape, which entails knowing what we have and where it is.
• Walk entails basic automation in response to cloud operations and security threats, with the goal of lowering costs and improving security and compliance posture.
• Run is all about being proactive about cost, security, and cloud operations management.
With custom rightsizing recommendations tailored to our enterprise workloads, we are also enabling tools that can quickly identify opportunities to reduce wasteful spending as our strategy evolves. We are investigating cloud security and compliance center tools that can govern cloud resources, monitor compliance, and share results to highlight vulnerabilities and assist internal teams in preparing for compliance audits.
3. Continuous innovation
Governance is a journey, not a destination. As it evolves over time, it will demand the participation of multiple stakeholder groups. Continuous innovation will be needed to develop and perfect the standards and automation tools required to master cloud governance best practices.
Cloud governance must be conceptually linked to current technology governance and address all stages of the cloud lifecycle, from planning to offboarding from a cloud provider. Integrated governance contributes to establishing a solid foundation for developing and iterating cloud services.
With hundreds, if not thousands, of existing workloads to consider, as well as new demand for capabilities to drive digital transformation, cloud governance must strike a balance between protecting the enterprise and optimizing cloud value across the entire organization. It’s important to avoid creating barriers that slow or prevent the business from obtaining the technology enablement needed to remain competitive and avoid a plethora of “shadow” clouds.
Integrating the governance strategy
We are integrating our governance strategy with the capabilities of our long-term hybrid cloud roadmap, which means collaborating closely with our architects and Site Reliability Engineering team to ensure that actions to scale our cloud capabilities now and in the future are strategically aligned with our governance principles. We are working hard to foster a proactive culture of cost awareness across all lines of business by providing highly differentiated reporting and insights that promote transparency. We hope that data-driven facts will help to accelerate this cultural shift, because differentiated decision power requires real-time insight to keep up with the rate of change.
To summarize, application landscapes are changing, necessitating cost and risk management for cloud services to improve business scalability. Your approach to cloud governance may differ depending on your organization’s goals. Understanding what you have and where you have it is critical; automation improves operational efficiency and security; and integrated governance that allows for technology enablement is required.
Pimmi Malhotra is Leader, CIO Hybrid Cloud COE, Governance at IBM based in Sandy Springs, GA. The above article is personal and does not necessarily represent IBM’s positions, strategies or opinions.
