The Importance of Cloud Governance and Best Practices

Some may see governance as a long and strenuous task, but governance makes up the “guard rails” for your cloud infrastructure.

To begin, it’s important to define the role of governance in Information Technology (IT). The goal is to ensure that IT can create value for the business while lessening the risks linked with IT projects. It’s vital that there’s a connection between IT management and the focus of the business.

Table of Contents

1. Management groups

2. Why governance matters

3. Azure Cloud Adoption Framework (CAF)

4. Azure Virtual Datacentre

1. Management groups

Management groups are the overarching group within an Azure environment. Governance is a critical part of Azure Management and consists of the following Azure services:

· Management groups

· Resource Graph

· Policy

· Azure Blueprints

· Azure Lighthouse

It’s important to identify that management groups are the governing body within an Azure environment that dictate what can or cannot be done. Meanwhile, the policies and blueprints link individual rules together and the Resource Graph acts as the “middleman” for searching and enquiring across resources. Azure Lighthouse is the most recent addition to the list of services, allowing a more sophisticated and complex approach to managing multiple Azure tenants through a delegated access.

2. Why governance matters

When cloud adoption first came onto the scene, it was all about moving from physical servers to virtual machines. While it’s great to be rid of those large, ugly boxes with constant noise from the fans, nothing really changed besides a cheaper electricity bill. The same problems that existed prior have just been moved to a different environment. To combat this, virtual machines were transferred to a more agile, modern infrastructure. This was great! No more having to reboot servers after a weekly patch!

So, companies quickly embraced the cloud and were left with a fork in the road.

· One path involves maintaining their current, untethered usage of the Cloud.

· The other path involves introducing limits and boundaries to Cloud usage.

It’s tempting to pick the first path and simply delete the old stuff from the Cloud at a later date- but who really gets back to this?

As a result, many are left with a forgotten Azure environment that requires some serious tidying up and maintenance. These environments tend to have a common group of resources such as:

· Shut down virtual machines titled “PRODUCTIONWEB01 and SQL2008PROD”

· Undocumented Azure functions (which allow the execution of custom code with managed servers) executing dozens of tasks every second or none at all.

· Multiple abandoned virtual networks (VNets) that still have a little bit of traffic.

These were just a few of many on this list…

Such a collection of resources can signify clear security problems. There can be varying causes to this. Maybe someone hasn’t been paying attention to alerts, Azure Advisor messages or Azure Security Centre notifications. Or maybe the issue is that no one has been assigned to be in charge of monitoring and confirming Azure invoices (as they do tend to look pretty identical each month, which creates a façade that everything appears to be how it should be).

Governance is important for the same reasons stop signs and speed limits are important in urban areas.

Clear boundaries and good practices prevent things from falling into chaos. You can choose to set up your Azure environment with minimal governance, or you can go all-in and use all the services mentioned prior to the best of their capabilities. Microsoft has created a framework that shows how excellent practices can be better adapted and adopted to Azure, called ‘Cloud Adoption Framework for Azure’.

3. Azure Cloud Adoption Framework (CAF)

It’s important to state that CAF and governance are always a work in progress. The goal is to remove the unambiguousness associated with the strategy, planning and adoption stages for companies getting ready to implement an Azure infrastructure. This Microsoft guide is especially helpful as it doesn’t have lots of technical jargon that may confuse and overwhelm a non-technical individual. I highly recommend you read this.

CAF includes a whole section dedicated to discussing governance. It considers business risks, policy and compliance and the processes for supervising these, as well as cost management, identity management, security and final deployment.

4. Azure Virtual Datacentre

Many companies have an existing data centre that they believe they’ve got in full control with strict guidelines that dictate the who, what, when and where of deployment. You don’t need to recreate a whole new method when adopting the cloud, you can use the Azure Virtual Datacentre as a reference.

The Azure Virtual Datacentre (AVDC) seeks to define the concept of a virtual datacentre in relation to Azure. It inherently acts as a subset of CAF. This style of approach is ideal for enterprise-level IT groups who seek to spread their on-premises platforms to Azure via a hybrid approach. With AVDC, apprehensions about isolation, creation of trust boundaries, identity management and encryption are fully considered. While this doesn’t mean that traditional governance can’t take these into account, AVDC is able to focus more explicitly on the foundations of traditional enterprise IT.

CloudClarity makes governance easier. To start using our free features, visit https://portal.cloudclarity.app/.