Skip to main content

3 requirements for developing an effective cloud governance strategy

Traditional governance approaches to IT infrastructure and compliance aren't effective in the cloud.
Chess board

Photo by HARUN BENLİ from Pexels

Cloud computing is growing in part because it can help businesses overcome many economic and other challenges. According to the IDC Cloud Pulse 3Q22 Executive Summary, the cloud accounts for 31% of total IT budgets. Investment in cloud migration and strategic cloud services is increasing, and transitioning to the cloud must be strategic, with an emphasis on migrating off-premises.

Hybrid cloud is quickly becoming the cloud standard. Many organizations are planning large lift, shift, and migration projects. They are also replacing "retired" applications with new ones. The application landscape is shifting, with 50% of applications expected to migrate to off-premises cloud environments by 2024, according to IDC.

[ Learn how to build a flexible foundation for your organization. Download An architect's guide to multicloud infrastructure. ]

The main reason for this shift is improved operational efficiency, followed by the need to free up internal staff resources. Changing from on-premises to cloud-based IT infrastructure architectures adds layers of complexity. This also means that more people throughout the organization will be able to influence the architecture. Even if the cloud service itself is secure, if resources are deployed with poorly enforced access controls or configuration flaws, the entire system can be compromised. As a result, it's critical to develop and sustain a comprehensive cloud governance model.

Problems with old governance approaches

Traditional approaches to IT infrastructure and compliance are ineffective when applied to the cloud. The cloud is as distinct from datacenter architecture as batch computing is from real-time computing. The cloud operates in real time. As physical constraints of infrastructure capacity, capability, configuration, and speed are removed from application teams, the need for governance (oversight and direction) becomes even more important in the cloud.

Effective cloud governance, based on a clear cloud governance framework, assists organizations in fully leveraging cloud benefits while managing costs, operational risks, and security concerns in a proactive manner. Implementing a strong cloud governance strategy, consistent with the organization's strategic vision, is a good idea regardless of how long the company has existed.

[ Learn more about setting up governance for an open source project. ]

Simply put, cloud governance is management of the costs and risks associated with cloud services. It is critical for businesses in part because it improves scalability.

In this article, I'll discuss three things to keep in mind when developing an effective cloud governance strategy.

1. Visibility

To govern effectively, you must first understand what you have and where it is. The goal is to be able to understand the costs, usage, security, capacity, and health of various cloud deployment models.

With visibility, you can:

  •  Understand and develop cloud operations policies
  •  Determine who has access to the cloud and how it is consumed, managed, and monitored
  •  Maintain a secure posture by implementing security, data privacy, location, and regulatory compliance policies

Cloud management strategy involves creating an inventory of all cloud resources, which is a challenge in itself. The inventory can enable decision makers to initiate enterprise-wide initiatives like chargebacks and show backs, detect anomalies, and monitor change history logs. In turn, they can develop security dashboards, update capacity data frequently, and use automated alerts in a collaboration tool. They can also monitor health, CPU, memory, and storage alerts. Additionally, sharing this type of information not only bridges the gaps between provisioning and optimization or provisioning and compliance, it also serves as an outreach mechanism that aids in developing relationships between the center of excellence or operations teams and business customers.

[ Become a Red Hat Certified Architect and boost your career. ]

Today, data is deeply embedded in organizations' strategic capabilities. Data-centric capabilities and the infrastructure to support them are now required for high-performance computing and maximizing business value. Customer and regulatory compliance expectations for data and ethical use have raised the bar for privacy, trust, visibility, and accountability.

To meet these data visibility requirements, we have enabled an enterprise cloud management structure that gives us access to the cloud resources available to our organization. We also implemented automated billing from the cloud to the ledger to improve the visibility of cloud service costs and eliminate the need for manual financial operations.

To accomplish this, we worked with our account owners and finance team to ensure they understood the value of visibility into cloud environments. It improves cloud cost understanding, control, and communication. It also enables proactive monitoring of environments to ensure compliance with internal and regulatory standards. In addition, it encourages accountability across teams, projects, and applications.

2. Automation

Governance is not a one-size-fits-all proposition, and each organization may prefer a different approach to governance depending on its objectives. Digital transformation is no longer a novel concept. But continuous innovation is required to improve and remain competitive, making automation critical for operational efficiency.

According to IDC's Worldwide Artificial Intelligence and Automation 2023 Predictions, AI-driven features are expected to be embedded across business technology categories by 2026, with 60% of organizations actively utilizing such features to drive better outcomes.

Automation is critical for increasing efficiency in cloud management operations, such as billing and cost transparency, right-sizing computer resources, and monitoring cost anomalies. The use of automated tools can improve security, lower administrative overhead, decrease rework, and lower operational costs. Definable metrics and key performance indicators (KPIs) can be used to assess outcomes with the right cost transparency tool.

[ Learn how IT modernization can help alleviate technical debt. ]

Modernizing application architectures, effectively managing cloud resources, increasing developer velocity, and focusing on outcome-driven metrics are the key cost-cutting practices in cloud computing. Automation can also aid in resolving personnel issues, which can cause migration projects to stall.

The strategy we're using is the crawl-walk-run strategy:

  • Crawl is about gaining visibility into the cloud landscape, which entails knowing what we have and where it is.
  • Walk entails basic automation in response to cloud operations and security threats, with the goal of lowering costs and improving security and compliance posture.
  • Run is about being proactive with cost, security, and cloud operations management.

With custom rightsizing recommendations tailored to our enterprise workloads, we are also enabling tools that can quickly identify opportunities to reduce wasteful spending as our strategy evolves. We are investigating cloud security and compliance center tools that can govern cloud resources, monitor compliance, and share results to highlight vulnerabilities. This also assists internal teams in preparing for compliance audits.

3. Continuous innovation

Governance is a journey, not a destination. Over time, it will demand the participation of multiple stakeholder groups. Continuous innovation is needed to develop and perfect the standards and automation tools required to master cloud governance best practices.

Cloud governance must be conceptually linked to current technology governance and address all stages of the cloud lifecycle, from planning to offboarding from a cloud provider. Integrated governance contributes to establishing a solid foundation for developing and iterating cloud services.

With hundreds, if not thousands, of existing workloads to consider, cloud governance must strike a balance between protecting the enterprise and optimizing cloud value across the entire organization. It's important to avoid creating barriers that slow or prevent the business from obtaining the technology needed to remain competitive and avoid a plethora of "shadow" clouds.

[ Hybrid cloud and Kubernetes: A guide to successful architecture

Integrating the governance strategy

We are integrating our governance strategy with the capabilities of our long-term hybrid cloud roadmap. This means collaborating closely with our architects and site reliability engineering team to strategically align our actions to scale our cloud capabilities now and in the future with our governance principles.

We are working hard to foster a proactive culture of cost awareness across all lines of business. We do this by providing highly differentiated reporting and insights that promote transparency. We hope that data-driven facts will help accelerate this cultural shift, because different levels of decision require real-time insight to keep up with the rate of change.

[ Create an organizational culture that fosters innovation. Download The IT executive's guide to building open teams. ]

To summarize, application landscapes are changing, necessitating cost and risk management for cloud services to improve business scalability. Your approach to cloud governance may differ depending on your organization's goals. Understanding what you have and where you have it is critical. Automation improves operational efficiency and security, and integrated governance that allows for technology enablement is required to achieve it.

This originally appeared on Hybrid Cloud How-tos and is republished with permission.

Topics:   Cloud   Strategy   Security  
Author’s photo

Pimmi Malhotra

Pimma is an experienced business development, product development, and transformation leader. She currently serves as the Hybrid Cloud Center of Excellence and Governance leader. More about me

Navigate the shifting technology landscape. Read An architect's guide to multicloud infrastructure.


Privacy Statement