The guidance in this section of the Cloud Adoption Framework provides examples of actionable governance guides that represent common experiences often encountered by customers. Each example encapsulates business risks, corporate policies for risk mitigation, and design guidance for implementing technical solutions. It can help you to create personalized governance solutions that meet a variety of business needs. These needs include the governance of multiple public clouds through detailed guidance on the development of corporate policies, processes, and tooling.
The cloud creates new paradigms for the technologies that support the business. These new paradigms also change how those technologies are adopted, managed, and governed. As the cloud estate changes over time, so do cloud governance processes and policies.
It’s important to establish a rough vision of the end state of your journey before taking the first step. The following infographic provides a frame of reference for the end state.
The Cloud Adoption Framework governance model identifies key areas of importance during the journey. Each area relates to different types of risks the company must address as it adopts more cloud services. Within this framework, the governance guide identifies required actions for the cloud governance team. Because governance requirements will change throughout the cloud adoption journey, a different approach to governance is required. Business results are expected more quickly and smoothly. IT governance must also move quickly and keep pace with business demands to stay relevant during cloud adoption and avoid “shadow IT.”
An incremental governance approach empowers these traits. Incremental governance relies on a small set of corporate policies, processes, and tools to establish a foundation for adoption and governance. That foundation is called a minimum viable product (MVP). An MVP allows the governance team to quickly incorporate governance into implementations throughout the adoption lifecycle. An MVP can be established at any point during the cloud adoption process. The ability to respond rapidly to changing risks empowers the cloud governance team to engage in new ways. The cloud governance team can join the cloud strategy team as scouts, moving ahead of the cloud adoption teams, plotting routes, and quickly establishing guardrails to manage risks associated with the adoption plans. These just-in-time governance layers are known as governance iterations. With this approach, governance strategy grows one step ahead of the cloud adoption teams.
The following diagram shows a simple governance MVP and three governance iterations. During the iterations, additional corporate policies are defined to remediate new risks. The Deployment Acceleration discipline then applies those changes across each deployment.
Establishing cloud governance is a broad iterative effort. It is challenging to strike an effective balance between speed and control, especially during execution of early methodologies within the cloud adoption. The governance guidance in the Cloud Adoption Framework helps provide that balance via an agile approach to adoption.
Great features in the Cloud Adoption Framework governance model are the cloud governance guides. To begin your cloud adoption journey, you can choose one of many governance guides. These guides are divided into the * Standard enterprise governance guide” and the “Governance guide for complex enterprises”. Each guide outlines a set of best practices, based on a set of fictional customer experiences. The guides demonstrate how to implement a governance MVP. From there, each guide shows how the cloud governance team can work ahead of the cloud adoption teams as a partner to accelerate adoption efforts. The Cloud Adoption Framework governance model guides the application of governance from foundation through subsequent improvements and evolutions.
Any change to business processes or technology platforms introduces risk. Cloud governance teams, are tasked with mitigating these risks and ensuring minimal interruption to adoption or innovation efforts. The Cloud Adoption Framework governance model guides these decisions (regardless of the chosen cloud platform) by focusing on development of corporate policy and the Five Disciplines of Cloud Governance. The five Disciplines are “Cost Management”, “Security Baseline”, “Identity Baseline”, “Resource Consistency” and “Deployment Acceleration” discipline overview.
With any cloud platform, there are common governance disciplines that help inform policies and align toolchains. These disciplines guide decisions about the proper level of automation and enforcement of corporate policy across cloud platforms.
Security is a component of any IT deployment, and the cloud introduces unique security concerns. Many businesses are subject to regulatory requirements that make protecting sensitive data a major organizational priority when considering a cloud transformation. Identifying potential security threats to your cloud environment and establishing processes and procedures for addressing these threats should be a priority for any IT security or cybersecurity team. The Security Baseline discipline ensures technical requirements and security constraints are consistently applied to cloud environments, as those requirements mature.
Identity is increasingly considered the primary security perimeter in the cloud, which is a shift from the traditional focus on network security. Identity services provide the core mechanisms supporting access control and organization within IT environments, and the Identity Baseline discipline complements the Security Baseline discipline by consistently applying authentication and authorization requirements across cloud adoption efforts.
This discipline focuses on ways of establishing policies related to the operational management of an environment, application, or workload. IT Operations teams often provide monitoring of applications, workload, and asset performance. They also commonly execute the tasks required to meet scale demands, remediate performance Service Level Agreement (SLA) violations, and proactively avoid performance SLA violations through automated remediation. Within the Five Disciplines of Cloud Governance, Resource Consistency is a discipline that ensures resources are consistently configured in such a way that they can be discoverable by IT operations, are included in recovery solutions, and can be onboarded into repeatable operations processes.
This discipline focuses on ways of establishing policies to govern asset configuration or deployment. Within the Five Disciplines of Cloud Governance, Deployment Acceleration includes deployment, configuration alignment, and script reusability. This could be through manual activities or fully automated DevOps activities. In either case, the policies would remain largely the same. As this discipline matures, the cloud governance team can serve as a partner in DevOps and deployment strategies by accelerating deployments and removing barriers to cloud adoption, through the application of reusable assets.
About the Author:
I am Matthias Gessenay, and I am a Microsoft MVP for Azure, Microsoft Certified Trainer and Azure Architect for Corporate Software. I am in IT for about 20 years, and dealing with Azure since about six years. I am passionate about community and run four Meetup groups.
Gessenay, M. (2020). Microsoft Cloud Adoption Framework for Azure – Governance (Part V). Available at: https://cloudspeed.ch/post/azure-cloud-adoption-framework-part5/ [Accessed: 19th May 2020].
Check out more great Azure content here