All shareholders want to see their investments return dividends, and those looking at IPOs as an investment vehicle need to know the companies can control cloud costs and reduce cloud risks in order to maximize profitability. There is a way in which companies can reassure shareholders – effective cloud governance.
If you’ve read the financial pages recently, you’ll be aware there’s a glut of IPOs on the horizon. Zoom, Lyft, Tradeweb, and Pinterest are among the biggest names to have publicly filed S-1 Registration Statements with the Securities and Exchange Commission (SEC), while Uber and Slack have filed privately, and Airbnb is expected to follow suit.
What these companies have in common is that they have a major presence in the cloud. For example, Pinterest is committed to spending $441 million on cloud services before July 2023, and Lyft is committed to spending $300 million in the cloud by December 2021. Consequently, all cite cloud costs and cloud risks among the “Risk Factors” potential investors need to be aware of.
The need to control cloud costs and reduce cloud risks isn’t unique to companies looking to go public. Overspends and privacy violations can seriously harm any company’s finances and its profitability. Therefore every company with a presence in the cloud is looking for ways to control cloud costs and reduce cloud risks. Some manage it better than others, and there’s no secret to how they achieve better outcomes in these areas – effective cloud governance.
What is Cloud Governance?
Cloud governance is quite simply the rules under which a company operates in the cloud. The rules can relate to how much a department can spend in the cloud, what the cloud can be used for, and what security precautions need to be taken to reduce cloud risks. In some ways, cloud governance is the same as having rules for how an on-premises IT environment operates. But in other ways, it isn’t.
The difference between a cloud environment and an on-premises environment is that, in a cloud environment, assets can be launched with the click of a mouse; whereas in an on-premises environment assets are mostly fixed. It’s harder to monitor who’s doing what in the cloud than on-premises, and there are more security risks due to IT infrastructures no longer being protected by a firewall.
Companies who try to apply the same rules to their cloud operations as they do to on-premises operations will find them much harder to police. So, a separate set of rules needs to be in place to govern activity in the cloud. What makes cloud governance “effective” is how the rules are monitored and enforced, and the best way of monitoring and enforcing the rules is automation.
Achieving Effective Cloud Governance through Automation
Due to the self-provisioning nature of the cloud, there are often too many moving parts to police manually. Automation allows system managers to “manage by exception” – i.e. only have to act when something goes wrong; or – in the case of automation – when something might go wrong or has been prevented from going wrong by the automation solution stopping an “adverse event”.
Automation is already widely used in the cloud, but more often in the deployment of assets rather than to police cloud activity. When applied to cloud governance, system managers can use an automation solution to control cloud costs and reduce cloud risks by developing “policies” – these being the parameters within which company employees have to operate.
For example, a policy could be created that alerts budget owners when their projected month-to-date spend is likely to exceed budget limits. System managers can control cloud costs by limiting the size of assets that can be deployed without approval, or by creating a policy instructing the automation solution to terminate unused assets – for example idle relational databases. These are all measures that ultimately can help a company maximize its profitability.
How Automation Can Help Reduce Cloud Risks
The benefits of automation aren’t limited to cost control. Policies can be applied to many different areas of a company’s cloud operations to reduce cloud risks. For example, one of the biggest risks of operating in the cloud is data breaches due to unencrypted storage volumes being publicly accessible. To counter this risk, policies can be created to automatically encrypt storage volumes with specific tags and restrict access to them. Other example policies to reduce cloud risks include:
- If any instance has unauthorized open ports, terminate instance and notify the asset owner
- If AWS’ CloudTrail is disabled for any asset, enable the audit trail service and notify manager
- If a user with root account access logs in from an unrecognized IP address, revoke access
- If a user with root account access has MFA disabled, enable MFA to prevent unauthorized access
- If more assets than usual are launched outside normal working hours, notify IT security
- If an instance is launched in a non-U.S. region, terminate asset and notify IT security
These types of policies don’t guarantee companies will be able to reduce cloud risks in their entirety. Automation cannot prevent a hacker cracking a password by brute force or completely stop a malicious insider from stealing data. What it can do is reduce cloud risks to a degree so system managers and IT security teams don’t waste time monitoring cloud activity for events that may not be occurring.
Further Benefits of Effective Cloud Governance by Automation
A common theme among the “Risk Factor” sections of the publicly-filed SEC S-1 forms is that past performance is no guarantee of future performance and therefore there’s no guarantee of future profitability. Risks related to performance include price competitiveness, brand loyalty, being able to expand the company’s services, and maintaining – if not improving – the expected customer experience.
Being able to control cloud costs with effective cloud governance will contribute to addressing the price competitiveness issue inasmuch as, if costs are not controlled, prices will have to increase in order to pay the bills. Similarly, by being able to reduce cloud risks and prevent data breaches, customers will feel secure using the company as opposed to sharing their personal details with a less-than-secure company.
However, these aren’t the only benefits of effective cloud governance by automation. An automation solution can encourage safe innovation by applying development boundaries, and enable companies to optimize the performance of their cloud assets by – for example – identifying when capacity needs to be increased in order to cope with greater demand. Both measures can help maximize profitability.
Find Out More about Effective Cloud Governance by Automation
CloudHealth gives you total visibility over your cloud, multi-cloud, or hybrid cloud environment in order for you to better control cloud costs and reduce cloud risks. Our platform has multiple cost and performance optimization capabilities to maximize profitability and, if your company operates in a regulated industry, can help you meet your compliance requirements.
Our cloud management platform currently manages more than 1.8 billion assets for more than 4,500 customers worldwide – saving them millions of dollars per year. If you’d like to control cloud costs and reduce cloud risks to help maximize your company’s profitability, do not hesitate to contact us today.