Cloud Governance Best Practices & How “Legacy Governance” Hurts

The cloud can provide your organization with substantial benefits — if you adopt an effective cloud governance model. Businesses established before the cloud era (or those that took their IT governance cues from that time) struggle the most with the square-peg-round-hole problem that attempting to use a legacy model with cloud creates.

It’s true that businesses have historically benefitted from centralized IT control and decision making. That governance model helped to ensure that IT investments aligned with strategic goals. It also usually saved money. Companies could negotiate discounts for buying in bulk, standardize hardware solutions across their organizations to save maintenance and service costs, and make vendor management easier.

The controls that legacy IT governance established, although slow by cloud-era standards, were also often the quickest way to get things done. When teams needed new infrastructure, everyone understood the drill, and the benefits they’d receive from the new system far outweighed the time and patience required to purchase and implement it. It was just another cost of doing business.

Purchasing Cloud Should Be Purchasing Agility

Cloud computing, however, shook things up. It ushered in new ways to pay for and deploy infrastructure, services and applications.  Engineers no longer have to wait until the CIO finds the budget for new infrastructure and schedule time and resources to implement it. Cloud empowers organizations to add solutions and services for a monthly subscription and with just a few clicks. Whether the end game is scaling, enabling innovation, or getting products to market faster, cloud provides the agility you need.

A governance model that doesn’t take the nature of cloud into account, maybe one that tries to hang onto legacy IT governance policies and principles, can stand in the way of those benefits, doing more harm than good. Filtering all IT decisions through an executive can bottleneck requests, tie engineers’ hands, and hinder progress. The wrong cloud governance model can even minimize ROI – your cloud investment was supposed to be an investment in agility. With legacy IT governance policies, your organization may be no more agile than when you used on-premises infrastructure and solutions.

A legacy IT governance model could also contribute to a restrictive atmosphere, one that limits engineers’ ability to take ownership of their projects and has them questioning whether leadership trusts them to make smart decisions.

Cloud Governance, Though, Is Still Necessary

Although cloud governance requires a different approach than legacy IT governance, it doesn’t mean it’s not necessary. There are three crucial reasons you need to ensure cloud use in your organization is controlled:

  1. Cloud services are easy to add and expand. Engineers or other team members purchasing cloud capacity or services need to be able to justify the decisions they’re making and be accountable for them.

  2.  Cloud applications and services can introduce risk. Your team must use only cloud resources that you’ve vetted and approved to prevent risks to security or noncompliance with corporate or industry regulations. Shadow IT cannot be permitted.

  3. Cloud costs add up quickly. Need to manage costs and ensure that the solutions you use are providing the greatest efficiency and allow you to operate most profitably.

Cloud Governance Best Practices

Smart organizations develop a cloud governance model that balances vital controls while empowering engineers with the ability to access the capacity and tools they need to excel at their work. The basis of effective cloud governance applies these principles in three areas:

COST MANAGEMENT

After a bill or two from your cloud provider, you will see that numerous factors can impact your invoice.  A misconfiguration can make cloud costs unintentionally escalate, or you may find an “orphaned resource” that your team is no longer utilizing, but you’re still being billed for it.

You can address cost management in a few ways. First, empower people closest to projects to make or weigh in on changes. They’ll know better than an executive whether a cloud resource is necessary or no longer needed.

It’s also smart to consider using a cloud management platform with intelligent monitoring that can detect cloud usage spikes in real time and provide the basis for root cause analysis to understand how your cloud budget is spent.

DATA MANAGEMENT

Cloud governance must also address how your organization will manage data in the cloud. This is particularly vital if you or your clients are subject to regulations, such as the EU’s General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standards (PCI DSS), or the Health Insurance Portability and Accountability Act (HIPAA). However, all organizations should have a plan for cloud data storage to operate most efficiently.

Data management decisions you need to address include which data will be stored, how you will track data with metadata, how long data should be archived, who has access to cloud data. Make sure the policies you establish align with regulatory compliance and that you don’t cut corners that can lead to fines and harm to your reputation.

SECURITY

Some organizations fall into complacency about security when they move infrastructure and applications to the cloud. Although cloud providers have extremely robust security solutions to protect your resources, it may not be all you need.

Take time to sort out the security measures your cloud provider has taken and what they leave up to you. Your organization may benefit by adding additional security solutions, such as firewalls, web application firewalls, antivirus or antimalware, email security, or other measures to prevent data loss prevention and provide defenses when human error occurs.

Other measures you can take include encrypting or tokenizing data in transit or when stored, using an identity and access management (IAM) solution to ensure only authorized people can access data, and promptly decommissioning unused resources. It’s also smart to revisit your security policies regularly and adapt them to changes in your organization or the threat landscape.

Cloud Governance & Your Company Culture

We admit that Yotascale’s view of cloud governance has evolved since we started our company. As engineers, we were initially opposed to governance, which seemed to put power in the wrong hands and limit the capabilities of people closest to the work.

Although we now maintain our commitment to democratizing data, we also recognize that it must be accompanied by visibility for responsible oversight. With everyone within an organization aware of and following cloud governance best practices, it creates a culture of mutual trust and empowerment that will lead to the greatest productivity and innovation.

The cloud governance model you choose should enhance, not roadblock, the benefits your organization receives from the cloud, as well as help you build a company culture that supports both individual achievement and company success.

We think the smartest view of cloud governance is to consider it guide rails, not chains. Want to learn more? Click the button below to sign up for a free trial of Yotascale today, gaining ungated access to all features, including visualizing where your cloud dollars are being spent in your business, and utilization and Reserved Instance recommendations for reducing cost – as well as customer support to help you make the most of your trial.