Cloud governance is the process of managing an organization’s cloud operations under a set of rules, policies and systems that are aligned with the organization’s operational guidelines as well as the global security and governance standards. The primary goal of cloud governance is to improve data security and manage risk so that cloud systems can function smoothly.
The framework ensures that organizations have sufficient control over critical areas of cloud operations such as, data security, data and risk management, legal processes, cost management and much more. Ideally, all the sections should be working to meet common business goals.
Commonly built from IT practices already existing in an organization, cloud governance frameworks are sometimes framed afresh for the cloud.
Some of the governance rules include:
- Defining management roles and responsibilities
- Data management and encryption
- Ensuring compliance with industry standards
- Managing identity and access
- Disaster recovery
Why is cloud governance important?
The cloud environment has become very complicated, especially when hybrid and multi-cloud services are being used. Cloud governance ensures that the correct framework is in place and team members can access all the cloud resources easily. It is more focused on operations, data security and cost.
Good governance, compliance, agility and dynamism are difficult attributes to implement at the same time without compromising one or the other. To successfully maintain all of them, organizations need to adopt the DevOps approach. DevOps streamlines development to accelerate production, lowers costs of development, testing, deployment and operations, while the cloud offers scaling, automation and a standard platform to enable changes in applications.
Governance checks need to be built into all the DevOps processes and tools. It needs to become a part of security, touching every part of the processes. Most cloud computing providers, public and private, support DevOps on their platforms.
Adopting cloud governance and DevOps
Adopting both cloud governance and DevOps is not easy for all and traditional developers may need guidance at the beginning. Cloud Kinetics has successfully helped organizations overcome obstacles and adopt DevOps and cloud governance. Here is an example.
Cloud Kinetics and cloud governance: A case study
Here’s how Cloud Kinetics implemented a cloud governance project for a large global financial services institution.
We completed the complex process of cloud governance with a set of sequential activities and well-defined goals and deliverables. The sequence of phases and activities broadly included:
- Defining policies
- Arriving at security controls
- Automating infra provisioning (infra as code): Monitoring and setting alerts on policy enforcement
- Remediation: Manually or automated
At a solution level, the key features of the cloud governance solution that were implemented included:
- Automating the creation of cloud resources (subnet, security groups, storage, key vault, IAM & RBAC) through Terraform
- Setting up and configuring alerts (based on Secure DevOps tool kit framework)
- Creating a machine-image gallery that included approved images
- Setting up and configuring centralised log analytics
- Setting up a run book for baseline check
- Monitoring and reporting deviations into the feedback loop
- Configuring auto-healing through cloud custodian
We were successful in implementing our goals within the planned time frame. The goals included:
- Complete automation of 150+ security controls as per ISO and other compliance requirements
- Complete infra as a code implementation that enables the organization to set up cloud resources via automated deployments
- Separation of resources into various clusters enabling easier automation of network, server and other infra components
- Setting up of governance policies for proactive monitoring and alerts
- Complete remediation of incidents, deviations and events for automated response
- Complete implementation using open source and cross-platform tools (like Terraform, Cloud custodian) while ensuring reusability and easy maintenance.
For more updates on cloud governance, follow us on LinkedIn.