Cloud Governance Best Practices & How “Legacy Governance” Hurts

Cloud Governance Best Practices

The cloud can provide your organization with substantial benefits — if you adopt an effective cloud governance model. Businesses established before the cloud era (or those that took their IT governance cues from that time) struggle the most with the square-peg-round-hole problem that attempting to use a legacy model with cloud creates.

It’s true that businesses have historically benefited from centralized IT control and decision-making. That governance model helped to ensure that IT investments aligned with strategic goals. It also usually saved money. Companies could negotiate discounts for buying in bulk, standardize hardware solutions across their organizations to save maintenance and service costs and make vendor management easier.

Business Security Audit

The controls that legacy IT governance established, although slow by cloud-era standards, were also often the quickest way to get things done. When teams needed new infrastructure, everyone understood the drill, and the benefits they’d receive from the new system far outweighed the time and patience required to purchase and implement it. It was just another cost of doing business.

Purchasing Cloud Should Be Purchasing Agility

Cloud computing, however, shook things up. It ushered in new ways to pay for and deploy infrastructure, services, and applications.  Engineers no longer have to wait until the CIO finds the budget for new infrastructure and schedule time and resources to implement it. Cloud empowers organizations to add solutions and services for a monthly subscription and with just a few clicks. Whether the end game is scaling, enabling innovation, or getting products to market faster, the cloud provides the agility you need.

A governance model that doesn’t take the nature of the cloud into account, maybe one that tries to hang onto legacy IT governance policies and principles, can stand in the way of those benefits, doing more harm than good. Filtering all IT decisions through an executive can bottleneck requests, tie engineers’ hands, and hinder progress. The wrong cloud governance model can even minimize ROI – your cloud investment was supposed to be an investment in agility. With legacy, IT governance policies, your organization may be no more agile than when you used on-premises infrastructure and solutions.

A legacy IT governance model could also contribute to a restrictive atmosphere, one that limits engineers’ ability to take ownership of their projects and has them questioning whether leadership trusts them to make smart decisions.

Cloud Governance, Though, Is Still Necessary

Although cloud governance requires a different approach than legacy IT governance, it doesn’t mean it’s not necessary. There are three crucial reasons you need to ensure cloud use in your organization is controlled:

  • Cloud services are easy to add and expand. Engineers or other team members purchasing cloud capacity or services need to be able to justify the decisions they’re making and be accountable for them.
  • Cloud applications and services can introduce risk. Your team must use only cloud resources that you’ve vetted and approved to prevent risks to security or noncompliance with corporate or industry regulations. Shadow IT cannot be permitted.
  • Cloud costs add up quickly. Need to manage costs and ensure that the solutions you use are providing the greatest efficiency and allow you to operate most profitably.

Cloud Governance Best Practices

Smart organizations develop a cloud governance model that balances vital controls while empowering engineers with the ability to access the capacity and tools they need to excel at their work. The basis of effective cloud governance applies these principles in three areas:

COST MANAGEMENT

After a bill or two from your cloud provider, you will see that numerous factors can impact your invoice.  A misconfiguration can make cloud costs unintentionally escalate, or you may find an “orphaned resource” that your team is no longer utilizing, but you’re still being billed for it.

You can address cost management in a few ways. First, empower people closest to projects to make or weigh in on changes. They’ll know better than an executive whether a cloud resource is necessary or no longer needed.

Many organizations have adopted a cloud management platform with intelligent monitoring that can detect cloud usage spikes in real-time and provide the basis for root cause analysis to understand how your cloud budget is spent. The most popular tools are the native costs tools the main cloud vendors provide, like AWS Cost Explorer and Azure Cost Management.

However, these tools do not always provide the level of detail engineers require and it is worth looking into additional third-party cost optimization tools. A new disruptor to this space worth researching is Yotascale offering a drill down on costs per team and unique insight into your Kubernetes costs alongside your cloud costs.

DATA MANAGEMENT

Cloud governance must also address how your organization will manage data in the cloud. This is particularly vital if you or your clients are subject to regulations, such as the EU’s General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standards (PCI DSS), or the Health Insurance Portability and Accountability Act (HIPAA). However, all organizations should have a plan for cloud data storage to operate most efficiently.

Data management decisions you need to address include which data will be stored, how you will track data with metadata, how long data should be archived, who has access to cloud data. Make sure the policies you establish align with regulatory compliance and that you don’t cut corners that can lead to fines and harm to your reputation.

SECURITY

Some organizations fall into complacency about security when they move infrastructure and applications to the cloud. Although cloud providers have extremely robust security solutions to protect your resources, it may not be all you need.

Take time to sort out the security measures your cloud provider has taken and what they leave up to you. Your organization may benefit by adding additional security solutions, such as firewalls, web application firewalls, antivirus or anti-malware, email security, or other measures to prevent data loss prevention and provide defenses when human error occurs.

Other measures you can take include encrypting or tokenizing data in transit or when stored, using an identity and access management (IAM) solution to ensure only authorized people can access data, and promptly decommissioning unused resources. It’s also smart to revisit your security policies regularly and adapt them to changes in your organization or the threat landscape.

Cloud Governance & Your Company Culture

It is important that in the mission to democratize data, we also recognize that it must be accompanied by visibility for responsible oversight. With everyone within an organization aware of and following cloud governance best practices, it creates a culture of mutual trust and empowerment that will lead to the greatest productivity and innovation.

The cloud governance model you choose should enhance, not roadblock, the benefits your organization receives from the cloud, as well as help you build a company culture that supports both individual achievement and company success.

By Josh Hamilton

Chris Collins

Why Cloud Technology is a Smart Business Move for Higher Education

Higher Education Technology Cloud technology is not just for the world of big business. A growing number of higher education institutions are also embracing the cloud’s many advantages, especially for its data gathering and analytics ...
Kaylamatthews

What You Need to Know – IoT and Real-Time Operating Systems

Real-Time Operating Systems A real-time operating system, or real-time OS, appears to execute tasks while using a single processing core simultaneously.  However, what's really happening is that the tasks' response time is so fast that ...
Texture Cloud

Building a Cloud Roadmap

Cloud Roadmapping Why is it important to have a cloud roadmap? What's the best way to begin building a cloud roadmap? What points should a cloud roadmap include? Who should be included in the roadmap ...
Matt Holleran

Cloud Platforms, Marketplaces, and Startups

Cloud Platforms, Marketplaces, and Startups One of the most exciting recent developments in the cloud software business is the proliferation of partner ecosystems, with large public and late-stage private cloud companies creating their own marketplaces ...
Anita Raj

A Winning Data Strategy Series Part 4: Are Your Data-driven Insights Driving Business Results?

Are your data-driven insights driving business results? This is the fourth piece of a 5-part series on plugging the obvious but overlooked gaps in achieving digital success through a refined data strategy. How would you ...
Signal Messenger: How to Successfully Resist Wiretapping Attempts

Signal Messenger: How to Successfully Resist Wiretapping Attempts

Successfully Resist Wiretapping Attempts Against the backdrop of events in the US, the popularity of the Signal secure messenger has grown sharply - from 6,000 to 26,000 downloads per day. This software uses strong cryptography ...