Governance as Code is The Next Step For Enterprise IT Transformation

Ever since cloud computing took roots in the industry, Infrastructure as Code (IaC) has gained tremendous traction mainly aided by the programmatic interfaces for managing the cloud resources and recipe-based config management tools like Chef, Ansible, and others. This shift to treating infrastructure as code helped organizations embrace DevOps and streamline the consumption of infrastructure resources to meet the application needs. The modern-day avatar of using Git as the single source of truth for all of the infrastructure further increased the adoption of infrastructure as code inside the enterprises.

Benefits of Infrastructure as Code

Some of the benefits of Infrastructure as Code include:

• IaC increases agility as the infrastructure necessary for the applications can be provisioned by executing a script. In fact, offerings like Chef Habitat when used with Chef Infra and Chef Automate could help organizations streamline not only provisioning of the infrastructure needed to deploy their applications but also in ensuring seamless application delivery
• IaC ensures that there is consistency in infrastructure provisioning and, when used under the GitOps model, it also helps maintain a single source of truth for the underlying infrastructure. This also reduces risks as the changes in Human Resources will not have any major impact
• IaC helps an organization become more efficient in how infrastructure is procured and consumed (in terms of capacity planning and seamless scaling up and down based on application needs). This helps organizations cut down on resource wastage and save costs

As organizations modernize, they want to empower their developers to programmatically provision the necessary infrastructure for their applications and also right-size the underlying infrastructure. This is where the Pulumi platform comes in handy. They empower developers to provision and manage the underlying resources for their applications using the same programming language developers are familiar with. Whether it is Javascript, Typescript, Python, Go, or .NET, the Pulumi platform allows developers to use their favorite programming language on a familiar IDE to effectively manage the infrastructure.

Hashicorp’s Terraform has gained traction as a multi-cloud Infrastructure as Code platform. Along with other Hashicorp products like Vault, Consul, Nomad, Terraform has emerged as the foundation for automating infrastructure provisioning across multiple cloud providers. Terraform also has a vibrant community extending the platform further.

Beyond IaC, the time is ripe for Governance as Code

As IaC (or its modern avatar GitOps) becomes a norm in enterprises, the attention is being shifted from the programmatic provisioning of infrastructure to ensuring compliance to the organization’s policies in a programmatic way. This has lead to a new trend by name Governance as Code (GaC). With Governance as Code, organizations are making sure that the governance policies are properly enforced while also empowering the developers to innovate. With Governance as Code, central IT is moving from gatekeepers to enable rapid innovation by giving developers easy access to the underlying infrastructure while, also, programmatically keeping track of all the guardrails put in place to ensure governance. Governance as Code is the next evolution of Modern Enterprise IT. They become part of the core innovation team in today’s enterprise while also ensuring compliance with both governance policies as well as regulatory requirements.

Env0 is a startup that offers a seamless governance platform that makes it easy for IT departments to ensure cost management and policy compliance using the Governance as Code paradigm. The key advantage offered by the Env0 platform lies in bringing together cost management and policy enforcement into one platform, thereby, ensuring more holistic governance of the underlying infrastructure.

Pulumi Crossguard also allows programmatic control of policy compliance along with security and cost control. Pulumi allows developers to codify these compliance rules using the programing language they are comfortable with. Chef has taken its comprehensive infrastructure automation platform to enable Governance as Code with its Chef Compliance platform. Chef Compliance works across hybrid and multi-cloud environments, making it easy for central IT departments to ensure automated audit and remediation and, thereby, continuous governance.

Terraform has built the Sentinel policy as a code framework to work with its other products to ensure automatic compliance to governance. Sentinel is the foundation for multi-cloud Governance as Code for Hashicorp customers, giving them a more fine-grained policy control and multiple level enforcement.

While they don’t directly compete in the Infrastructure as Code and Governance as Code, it should be mentioned that CoreStack, a Seattle-based startup, provides a template-based infrastructure orchestration and governance platform.

Governance as Code is picking up steam and more enterprises are jumping into automated policy enforcement using code. While Terraform, Chef, and Red Hat Ansible lead the pack among the Infrastructure as Code players, Pulumi and Env0 are also competing hard with their own differentiation. Governance as code is the next frontier they are trying to target as multi-cloud adoption increase and enterprises demand a more seamless way to automatically ensure governance compliance without adding any friction for developers. Governance as Code is the next step in the enterprise IT modernization strategy.

We expect all the Governance as Code platforms to embrace machine learning to ensure continuous governance. CoreStack has taken the necessary steps to bring in machine learning to gain the necessary insights for remediation. From my conversations with Chef, Pulumi, and Env0, I expect them to use machine learning for ensuring policy compliance. While I haven’t spoken to Hashicorp recently, my conversations with the product team during 2019 Hashiconf gave me the impression that they will also bring machine learning into their platform.