Your Cloud Footprint is Growing: Here’s How to Scale Cloud Governance
Written by Umair Khan, Marketing Director, Stacklet
For today’s businesses, cloud footprints have grown—and keep getting larger. Increasingly, that means many teams and departments are running implementations across multiple cloud providers, services, and regions. From a cloud governance or policy compliance standpoint, this growth leaves teams with two choices: Either they accept less consistent policy adherence, and more risks in terms of security and costs or they restrict and control usage and risk stifling developer velocity.
Why? For most organizations, it has been difficult to scale governance. While ensuring compliance of one pilot project, or even of a handful of departmental implementations, has been fairly straightforward, teams encounter a number of challenges once implementations grow past that phase. And, as outlined, most organizations are now way past that stage.
When the cloud footprint scales across cloud accounts, providers, geographical regions, divisions, and so on, piecemeal, ad hoc governance approaches quickly hit a wall. For example, if one development team needs to wait for a security group to review a new release, that’s one thing. However, if multiple development teams wait, those delays could be significant and costly. These reviews ultimately create major bottlenecks, stifle developer velocity, and burn out security teams. Further, policy compliance isn’t just a concern for security teams. Multiple teams need to be involved in governance, including cloud operations, FinOps, and compliance. Every one of these teams has a fleet of policies they want to implement and they struggle to do so—without delaying deployments and stifling innovation.
Keys to Scaling Cloud Governance
Following are several key ways to contend with the challenges of scaling cloud governance to manage growing cloud deployments:
Standardize insights and build a real-time, holistic cloud database.
Typically, as usage of cloud-based services increases, visibility suffers. This is particularly true as the number of cloud platforms grows. Even teams using native tooling from cloud providers struggle to support new services being consumed by their development team. As a result, teams work with multiple tools, which leads to limited visibility, complex, never-ending integrations, and inefficient, manual processes. To counter these issues, you need unified, real-time visibility across all your cloud resources and configurations. This visibility is vital in both tracking existing policies, as well as in updating and creating new policies.
Leverage automation to build guardrails, not gates.
In the cloud, development and operational environments are highly dynamic, which means trying to apply policies and monitor compliance on a manual basis is inherently difficult, and impossible to scale. In addition, DevOps teams are using a variety of technologies and tools to deploy code in the cloud. Given all this change and variability, automation is vital. Checks need to be put in place to ensure implementations are in compliance and, if not, alerts are automatically generated. Further, automation needs to be employed to take actions, including escalations after predefined windows and even automated remediation. Emerging approaches like governance as code can help you programmatically automate various aspects of cloud governance.
Manage policies like you manage code.
Within most enterprises, teams are already using Git to manage code. It is critical to establish capabilities for managing cloud governance policies in the same way. Teams should be able to use the same processes and source control capabilities for managing policies. In this way, teams can seamlessly align with development release cadences and ensure that changes to policies are traceable and enforced without changing application code.
Drive behavior change.
People need resources and guardrails to keep in compliance. If a user can decrypt sensitive assets to make their jobs easier, they may opt to do so, in spite of all the policies that may be broken by taking this action. Similarly, they may not bother to deprovision a resource after they’re done using it. Teams need to establish capabilities for notifying and educating teams when these events occur. People need to be notified immediately, so they can take corrective action and so they learn how to prevent the issue the next time. Further, it is important to leverage centralized resources to house the documentation, policies, templates, and knowledge resources that teams need to continue to learn and optimize their work.
Foster collaboration across cross-functional teams.
Governance requires the involvement of individuals from a range of organizations, including development, operations, security, and finance. By establishing unified governance capabilities and standardized languages for policy definition, teams can gain better visibility into policies, and they can collaborate more effectively on policy definition and enforcement. As a result, teams can work to continuously improve development velocity, strengthen security, meet regulatory requirements, and optimize cloud spending.
Today, it’s vital that governance capabilities scale along with cloud implementations. By employing the approaches above, teams can position themselves to manage costs, security, and compliance, while enabling maximum development agility.
About the Author
Umair Khan is a Marketing Director at Stacklet, developers of the industry-first cloud governance as code platform based on the open source Cloud Custodian project. Umair has over 15 years of experience in infrastructure, cloud, and open source software management, holding positions at industry-leading companies, most recently at Hewlett Packard Enterprise (via Scytale acquisition) and CA Technologies (now part of Broadcom).
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.