When it comes to a governance strategy, many people think of Governance, Risk management and Compliance (GRC), which spans regulatory compliance and overall security posture. Others think that governance is more about a basic foundation of policy enforcement, best practices and frameworks that help organizations define scalable solutions that will grow with the company over time.
However, it isn’t about one or the other; it takes both to develop a successful governance strategy. So, how do you achieve that? IT leaders need to look at both the security requirements as well as the requirements of the business — not just how the business wants to manage and report, but also how it wants to consume resources over time.
Oftentimes, we see organizations dive into the cloud head-first, which is fantastic, in a sense. But rapid adoption of the cloud usually means that preparatory stages have been rushed. I’ve seen a lot of these scenarios: Organizations quickly embrace the cloud to accelerate time to market or to access a customer base that perhaps they weren't previously able to reach. The cloud offers many benefits. Its elastic capabilities and flexibility are undoubtedly attractive.
As far as cloud provider options, there are a variety, but they all have fairly similar types of structures to facilitate policy design and enforcement on the platform. Sometimes it's just a matter of turning on available feature sets and functions and performing minimal configuration. But many organizations don't even know what tools exist because they don't know the platforms well enough yet.
Leveraging the tools that are available to you on your cloud platform(s) is critical for the structure of your governance. You also need to leverage management groups to apply policies across multiple subscriptions and resource groups. By enforcing things like tagging, you gain the ability to turn on cost management features on the platform(s) and use those to identify additional opportunities to govern and reduce costs.
A major consideration when developing a governance strategy for the cloud is standards. What standards do you plan to use? If you don't have standards, then you also don't have a good way to track how you're performing against those standards. You've got to establish some kind of baseline and make sure that the baseline is healthy before you start growing on top of it. This way, you’ll have a clear understanding of where your starting point is — and where you want to go.
It’s far too easy to consume more than you planned if you don't turn on some of the basic features available in cloud platforms. For instance, in Microsoft Azure, when you provision a virtual machine, there's a page that allows you to enter time settings (e.g., "I want to turn this off at 5:00 p.m.") that protect you from paying for the compute related to that workload when you're not using it. Using this type of feature can deliver savings as much as 40–80%, depending on how you're going to use that resource.
Broadly stated, you can only get value from the cloud in two ways:
If you want to make sure you're getting the most value from the cloud, you've really got to pull both of those levers. You have to get more capability out of the platform, which may require you to invest more in the platform. And you have to look at how you can reduce cloud costs. Our Cloud Optimization Services for AWS are one such avenue you could take.
There's another layer of governance needed for multicloud environments: cloud management. Organizations with multiple, large and/or complex investments in public cloud platforms, for example using both Google Cloud and Azure, need effective cloud management processes, tools and resources. Implementing a cloud management platform may seem like a good quick fix, but it’s important to consider what capabilities your organization wants to have on a day-to-day basis.
Insight offers a number of cloud management services that are ideal for a wide range of organizations, including those with multiple public clouds. Going this route enables you to dictate your business, governance and regulatory requirements — and ensure that all are being met through expert cloud management.
At the end of the day, when you move to the cloud, your day job still needs to get done. Your business is doing business, not necessarily providing IT services. Having experts alongside you who can help you evaluate and execute cloud decisions, optimize cloud costs, improve utilization and implement ongoing governance can add considerable value. Insight Cloud + Data Center Transformation has cloud capabilities and offerings to support you throughout your cloud journey.
I urge anyone who's early on in the cloud adoption process to make sure you do the work upfront in designing your governance — it’s your foundation, your landing zone. Be sure you’re comfortable with how you grow inside of the cloud platform(s) that you're investing in over time, because it costs more to implement governance and controls and remediate challenges later on than it does to do the work upfront.