This blog on Cloud Governance represents part 6 of a multi-part blog series on Multi-Cloud use maturity. A comprehensive eBook that includes the entire Multi-Cloud use maturity framework can be found here. At the end of this blog, you can also find links to all the prior blogs in this series.
Governance is more than managing cloud spend
While most organizations are keenly aware that they need to implement strong governance practices as it relates to the financial management of cloud spend, there are other governance related practices that organizations must also master if they are to achieve a high degree of maturity as it relates to Multi-Cloud use. In this blog we focus on those governance practices that fall outside of the cloud financial management area and primarily effect cloud operations, cloud security and cloud compliance.
But what is “Cloud Governance” anyway? David Leigh, Senior Risk Technical Program Manager, Cloud Platform Security at CapitalOne, does a nice job discussing what this area is all about in a recent blog. I’ll quickly summarize the essence of David’s article below.
Cloud Governance is the overall way in which an organization oversees the control of cloud services and resources. It is the codification and automation of important policies, standards, and procedures that pertain to cloud computing operations.
Effective Cloud Governance, based on a well-defined cloud governance framework, helps your organization fully realize the benefits of the cloud while holistically managing costs, and operational and security risks. The need for governance is even more important in the cloud than for an on-premises environment since the physical constraints of infrastructure capacity, capability, configuration, and speed are removed from application teams.
Critical Governance Capabilities
Getting good at Multi-Cloud use necessitates having Cloud Governance practices and policies across a range of domains. The three primary domains beyond financial management are: 1) general operations, 2) security and compliance and 3) data management.
Adoption of these practices at scale will require the use of 3rd party solutions that provide high levels of automation. Below is a set of practices that organizations should consider in assessing their maturity as it relates to cloud governance.
- Policies and practices to manage privileges and access rights all clouds in use
- Policies and practices to operationalize best practices that ensure that applications perform as expected
- Policies and practices to ensure that all of applications are secure and compliant
- Policies and practices to ensure that application data (in transit or at rest) will well understood and properly used across all clouds
- Implementation of a Cloud Center of Excellence (or similar type of group) responsible for standardizing processes, developing best practices and cloud use guidelines for the full organization.
- Implementation of a central platform team with responsibility for cloud operations for most or all cloud delivered applications