May 4, 2021

Cloud Governance Best Practices & How “Legacy Governance” Hurts

By Josh Hamilton

Cloud Governance Best Practices The cloud can provide your organization with substantial benefits — if you adopt an effective cloud governance model. Businesses established before the cloud era (or those that took their IT governance cues from that time) struggle the most with the square-peg-round-hole problem that attempting to use a legacy model with cloud […]

Cloud Governance Best Practices

The cloud can provide your organization with substantial benefits — if you adopt an effective cloud governance model. Businesses established before the cloud era (or those that took their IT governance cues from that time) struggle the most with the square-peg-round-hole problem that attempting to use a legacy model with cloud creates.

It’s true that businesses have historically benefited from centralized IT control and decision-making. That governance model helped to ensure that IT investments aligned with strategic goals. It also usually saved money. Companies could negotiate discounts for buying in bulk, standardize hardware solutions across their organizations to save maintenance and service costs and make vendor management easier.

Business Security Audit

The controls that legacy IT governance established, although slow by cloud-era standards, were also often the quickest way to get things done. When teams needed new infrastructure, everyone understood the drill, and the benefits they’d receive from the new system far outweighed the time and patience required to purchase and implement it. It was just another cost of doing business.

Purchasing Cloud Should Be Purchasing Agility

Cloud computing, however, shook things up. It ushered in new ways to pay for and deploy infrastructure, services, and applications.  Engineers no longer have to wait until the CIO finds the budget for new infrastructure and schedule time and resources to implement it. Cloud empowers organizations to add solutions and services for a monthly subscription and with just a few clicks. Whether the end game is scaling, enabling innovation, or getting products to market faster, the cloud provides the agility you need.

A governance model that doesn’t take the nature of the cloud into account, maybe one that tries to hang onto legacy IT governance policies and principles, can stand in the way of those benefits, doing more harm than good. Filtering all IT decisions through an executive can bottleneck requests, tie engineers’ hands, and hinder progress. The wrong cloud governance model can even minimize ROI – your cloud investment was supposed to be an investment in agility. With legacy, IT governance policies, your organization may be no more agile than when you used on-premises infrastructure and solutions.

A legacy IT governance model could also contribute to a restrictive atmosphere, one that limits engineers’ ability to take ownership of their projects and has them questioning whether leadership trusts them to make smart decisions.

Cloud Governance, Though, Is Still Necessary

Although cloud governance requires a different approach than legacy IT governance, it doesn’t mean it’s not necessary. There are three crucial reasons you need to ensure cloud use in your organization is controlled:

  • Cloud services are easy to add and expand. Engineers or other team members purchasing cloud capacity or services need to be able to justify the decisions they’re making and be accountable for them.
  • Cloud applications and services can introduce risk. Your team must use only cloud resources that you’ve vetted and approved to prevent risks to security or noncompliance with corporate or industry regulations. Shadow IT cannot be permitted.
  • Cloud costs add up quickly. Need to manage costs and ensure that the solutions you use are providing the greatest efficiency and allow you to operate most profitably.

Cloud Governance Best Practices

Smart organizations develop a cloud governance model that balances vital controls while empowering engineers with the ability to access the capacity and tools they need to excel at their work. The basis of effective cloud governance applies these principles in three areas:

COST MANAGEMENT

After a bill or two from your cloud provider, you will see that numerous factors can impact your invoice.  A misconfiguration can make cloud costs unintentionally escalate, or you may find an “orphaned resource” that your team is no longer utilizing, but you’re still being billed for it.

You can address cost management in a few ways. First, empower people closest to projects to make or weigh in on changes. They’ll know better than an executive whether a cloud resource is necessary or no longer needed.

Many organizations have adopted a cloud management platform with intelligent monitoring that can detect cloud usage spikes in real-time and provide the basis for root cause analysis to understand how your cloud budget is spent. The most popular tools are the native costs tools the main cloud vendors provide, like AWS Cost Explorer and Azure Cost Management.

However, these tools do not always provide the level of detail engineers require and it is worth looking into additional third-party cost optimization tools. A new disruptor to this space worth researching is Yotascale offering a drill down on costs per team and unique insight into your Kubernetes costs alongside your cloud costs.

DATA MANAGEMENT

Cloud governance must also address how your organization will manage data in the cloud. This is particularly vital if you or your clients are subject to regulations, such as the EU’s General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standards (PCI DSS), or the Health Insurance Portability and Accountability Act (HIPAA). However, all organizations should have a plan for cloud data storage to operate most efficiently.

Data management decisions you need to address include which data will be stored, how you will track data with metadata, how long data should be archived, who has access to cloud data. Make sure the policies you establish align with regulatory compliance and that you don’t cut corners that can lead to fines and harm to your reputation.

SECURITY

Some organizations fall into complacency about security when they move infrastructure and applications to the cloud. Although cloud providers have extremely robust security solutions to protect your resources, it may not be all you need.

Take time to sort out the security measures your cloud provider has taken and what they leave up to you. Your organization may benefit by adding additional security solutions, such as firewalls, web application firewalls, antivirus or anti-malware, email security, or other measures to prevent data loss prevention and provide defenses when human error occurs.

Other measures you can take include encrypting or tokenizing data in transit or when stored, using an identity and access management (IAM) solution to ensure only authorized people can access data, and promptly decommissioning unused resources. It’s also smart to revisit your security policies regularly and adapt them to changes in your organization or the threat landscape.

Cloud Governance & Your Company Culture

It is important that in the mission to democratize data, we also recognize that it must be accompanied by visibility for responsible oversight. With everyone within an organization aware of and following cloud governance best practices, it creates a culture of mutual trust and empowerment that will lead to the greatest productivity and innovation.

The cloud governance model you choose should enhance, not roadblock, the benefits your organization receives from the cloud, as well as help you build a company culture that supports both individual achievement and company success.

By Josh Hamilton

Josh Hamilton

Josh Hamilton ​is an aspiring journalist and writer who has written for a number of publications​ involving Cloud computing, Fintech and Legaltech​. ​Josh has a Bachelor’s Degree in Political Law​ from ​Queen's University in Belfast​​. Studies included, Politics of Sustainable Development, European Law, Modern Political Theory and Law of Ethics​.
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more

Lambda Cold Starts: What They Are and How to Fix Them

What Are Lambda Cold Starts? Lambda cold starts occur when AWS Lambda has to initialize [...]
Read more

A.I. is Not All It’s Cracked Up to Be…At Least Not Yet!

Exploring AI’s Potential: The Gap Between Aspiration and Reality Recently Samsung releases its new Galaxy [...]
Read more

Azure Free Tier vs. AWS Free Tier: Which Provides More Value?

Cloud computing has become a cornerstone for the digital transformation of businesses. From startups to [...]
Read more
Steve Prentice

Get Smarter – The Era of Microlearning 

The Era of Microlearning Becoming employable and then staying employable requires ongoing, up to date [...]
Read more

Exploring SaaS Directories: The Path to Optimal Software Selection

Exploring the Landscape of SaaS Directories SaaS directories are vital in today’s digital age, serving [...]
Read more

SPONSORS

Interviews and Thought Leadership

Jeff DeVerter

Charting the Course: An Interview with Rackspace’s Jeff DeVerter on AI and Cloud Innovation

Rackspace’s Jeff DeVerter on AI & Cloud Innovation In an insightful conversation with CloudTweaks, Jeff DeVerter, a seasoned IT and technology veteran with over 25 years of experience, sheds light [...]
Read more
Daniel Barber

Q&A Daniel Barber – 2024 AI + Data Privacy Predictions

2024 AI + Data Privacy Predictions In a recent interview with CloudTweaks, Daniel Barber, Co-Founder and CEO of DataGrail, shared insightful perspectives on the evolving landscape of AI and privacy. [...]
Read more

Leveraging Artificial Intelligence in Insurance Claims Analytics Software Development

Enhancing Insurance Claims Analysis with AI Technology Nowadays, digital technology affects all aspects of our everyday lives, and the insurance [...]
Read more

CrowdStrike and Dell unleash an AI-powered, unified security vision

Dell and CrowdStrike are joining forces today to help businesses battle against cyberattacks using AI to protect against generative AI, stealth social engineering and [...]
Read more

The Future of Cybersecurity: Insights from Cyber Upgrade’s Founders

AI and Cybersecurity: Innovations and Challenges In the rapidly evolving landscape of technology, where artificial intelligence and cybersecurity shape the [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.