Understanding cloud governance: 3 ways to reduce spend and risk

In an era of increasing cloud-based business, one recurring pain-point for infrastructure and operations (I&O) leaders to overcome is a lack of clarity around their role in enterprise cloud governance strategies.

Cloud governance encompasses all management and oversight for a company’s cloud activities, including but not limited to access control, auditing, monitoring, security and usage. All of these activities involve and affect admins, end-users, operations and security, and decision-makers - and enterprises that lack this level of governance in their business processes face unnecessarily high cloud spend and completely avoidable risk. As the cloud matures, I&O need to step in and ensure cloud governance is optimised.

  • I&O need to be a go-to for helping the organisation optimise its cloud costs, right-size workloads and automate governance activities.
  • I&O leaders can play an active role in assessing cloud governance across the business, as well as identifying each internal team’s existing capabilities that can benefit it.
  • I&O involvement is ultimately viewed as essential for improving organisational satisfaction with cloud initiatives heading further into 2019.
Despite this increasingly crucial need, many current I&O leaders are underutilised in this area and opportunities to reduce both risk and waste in their cloud transformation initiatives are going unrealised. It is projected over 60% of organisations that do not include I&O in their cloud governance processes will spend at least 20% more than the optimal figure in 2019, according to Gartner - making this a critical pain-point to address.

In this blog, the team at Xello pinpoint the top 3 most essential takeaways from Gartner’s latest 2019 cloud governance report that will help I&O leaders recognise their integral role in cloud governance - and the many ways they can help improve and optimise processes, as well as overall satisfaction with the cloud in 2019 and beyond.

 

1. Identify and leverage your existing expertise within I&O

3_ways_to_improve_cloud_governance_and_reduce_risk_identify_skillsets

 

Businesses transitioning from on-premises towards the cloud must recognise that many existing I&O skills can carry over seamlessly - and benefit initiatives immediately.

Optimal cloud governance requires expertise across a broad range of functions - alerting, capacity planning, chargeback and showback, monitoring and workload right-sizing. In addition, security is key to governance and reducing cloud risk - identity management (IAM) policies, role-based access control (RBAC) and single sign-on (SSO).

All of these competencies can be applied to cloud governance efforts, and it’s up to I&O to identity and coordinate these existing skill sets for internal cloud initiatives, whether as part of formal involvement (Gartner uses the example of a Cloud Center of Excellence framework) or informal involvement (analysing costs and risks of the current governance approach to emphasise the need for I&O to step in and drive more hands-on oversight over cloud-based resources).

Gartner recommends I&O leaders increasingly recognise these governance competencies and how they align with cloud management’s major functional areas, including:

  • Cloud migration, backup and DR
  • Cost management and resource optimisation
  • Compliance, identity and security
  • Monitoring and analytics
  • Provisioning and orchestration
  • Service requests

While most enterprises are confident in handling compliance, identity and security, many are less confident in executing most of the other areas - and this is where I&O can step in and provide the most value by ensuring everyone follows the right governance framework:

  • Accountability: Make sure there is sustained ownership of the results of the effort.
  • Participation: Keep key stakeholders in the know of your governance processes by eliminating their omission and emphasise the importance of their involvement.
  • Predictability: Pinpoint each governance action to take and how often, and establish the organisational framework that ensures actions are appropriate and consistent.
  • Transparency: Certify all decisions surrounding cloud governance are made based on facts and in alignment with the organisation’s policies and principles.

Gartner notes that I&O leaders that want to stay in front of the pack for cloud governance need to be seen as an enabler rather than a blocker for the overall cloud journey, and that governance is a continuous process they must be able to keep up with as processes change.


2. Start automating your governance activities

3_ways_to_improve_cloud_governance_and_reduce_risk_automation

 

Whether it’s Amazon Web Services (AWS), Google Cloud or Microsoft Azure, public cloud platforms provide a number of automation capabilities that are foundational to cloud governance and modern-day, cloud-enabled infrastructure - it’s time to start taking advantage of it.

As Gartner notes, governing cloud computing deployments effectively can’t be done with the old manual approach. As a team that made the transition from manual to automation, we can relate to the pain-points of delaying the usage of automation tools - and attest to the many immediate benefits once we implemented it for real.

  • For starters, setting up event-based workflows can help your business detect resource shortages and automatically start extra provisioning to resolve the issue. They can also move workloads to the right environment that provides the necessary resources. These use multi-channel alerting and monitoring for events that process the action you need to happen.
  • I&O leaders also need to familiarise themselves with scheduling policies for resource provisioning. Setting policies to dictate future actions and auto-scaling ensures you always get additional resources as needed without anyone having to manually check up on ops status.
  • Finally, I&O leaders must help users compile dynamic resource groups and implement proper tagging to ensure resources are never untagged and configuration policies can be automatically remediated should business needs rapidly change.

Ultimately, it’s about eliminating manual, repetitive tasks and embracing the automation afforded by public cloud providers - in combination with the right governance framework, people and processes. I&O must foster this culture in order to ensure effective automated governance, or seek external expertise to ensure it is done correctly.



3. Establish and enforce different personas to ensure cloud agility

3_ways_to_improve_cloud_governance_and_reduce_risk_personas

 

I&O leaders have traditionally struggled in handling the different personas necessary to ensure cloud activities and provisioning remain agile for the end-user, while appropriately governing each user’s specific cloud needs and organisational status.

Governance essentially determines all provisioning within a cloud environment, so having the right blueprints or frameworks in the form of personas means when users need specific cloud services get the level of resources appropriate to their access level and activities, while, for example, users with more exploratory needs are provided the necessary guardrails.

I&O should start applying governance through the service catalogue, limiting users by assigning them the specific cloud services, resource pools and spending limits they actually need. This can be bolstered by request-approval workflows and identity management processes, and is a major step towards eliminating any chance of accidental cloud overspend or unnecessary risk.


Reducing cloud spend and risk in 2019: Next steps

It’s clear I&O leaders play a key role in developing and executing cloud governance strategies, and improving overall cloud expenditure and security for all cloud activities.

It’s important to analyse existing cloud governance processes to determine areas of the business that need realignment, and to help educate stakeholders on the importance of actively assessing cloud governance and setting a strict framework - especially to realise the level of cost reduction and lowered risk your organisation aspires to achieve.

Are you currently on Microsoft Azure but have trouble with weak governance? Watch our webinar to discover 7 key steps to lowering Azure spend with stronger governance.

azure_aligned_webinar_part_3