Jan 22, 2019

Holster that six-shooter, cowboy, because the Wild West days of the cloud are coming to an end.


For years, use of cloud solutions was largely unregulated at the business level, with new platforms and instances being deployed whenever the mood struck. Just about every organization has dealt with the negative effects of cloud sprawl in some shape or form, as employees launched their own cloud tools with little to no oversight from IT departments.

It was an untenable situation, creating risk, adding extra strain to already-taxed IT resources and letting operational inefficiencies run rampant. Thankfully, organizational leaders have, for the most part, smartened up and heeded the pleas coming from their IT departments. Today, more businesses understand they need to get their cloud environments under control, which means providing IT teams with complete visibility across every single cloud application, platform and solution. Adhering to cloud governance best practices will enable companies to lower operational costs, reduce your risk exposure and become more efficient.

What is cloud governance?

At its core, cloud governance refers to a set of rules, policies and parameters that dictate how cloud solutions are used. It’s a deceptively simple idea; as in actual practice, cloud governance incorporates a large number of critical IT responsibilities, including cybersecurity, access management, asset management and API management. That’s a pretty tall order for any company, and it’s no wonder that many organizations continue to struggle with cloud governance.

RightScale’s 2017 “State of the Cloud” report found that 35 percent of decision makers waste their cloud spending budget due to unused assets, auto-renewing subscriptions and poorly chosen contracts, among other reasons. ZDNet’s analysis of that study further revealed that 39 percent of companies struggle to put effective cost policies in place, while 37 percent have trouble enacting strong approval policies.

Even organizations that are currently making do with their cloud environments will eventually run into problems as their cloud footprint grows and their overarching IT ecosystem becomes more varied and expansive. As Deloitte Chief Cloud Strategy Officer David Linthicum noted, enterprise cloud environments will continue to grow until they become impossible to effectively manage and monitor without cloud governance policies in place. When that happens, companies will have no choice but to shut down cloud expansion rather than put the whole cloud ecosystem at risk.

Given the sweeping range of controls that cloud governance extends to, it’s common for IT organizational leaders to feel a bit overwhelmed. Where do you even begin to enact cloud governance best practices when there’s so much ground to cover?

Broadly speaking, your cloud governance framework should include policies and rules detailing the following:

  • Budgeting: Cloud spending will spin out of control if companies don’t lock down a firm budget for these assets. It also forces decision-makers to more closely scrutinize their cloud contracts to determine precisely what they are paying for and compare offerings from different service providers.
  • Application deployment and lifecycle: Who has the ability to deploy a new, cloud-based application? How are cloud assets deployed and managed throughout their lifecycle? These and other associated questions need to be thoroughly answered and documented.
  • Security and privacy: One of the primary concerns with unchecked cloud deployment is the increased security risks that emerge when the IT department lacks full visibility. There’s no way to protect a potential point of intrusion if you don’t even know it exists. Including strict policies regarding data security and privacy controls in the cloud helps companies minimize risk exposure.
  • Cloud management and monitoring: A single company could have hundreds of deployments in its cloud environment. Cloud governance rules should define how each one is managed as well as provide mechanisms for IT teams to closely monitor every aspect of their activity.

Of course, it’s not enough to simply put policies in place that determine how your cloud environment should operate – you need to follow up and ensure that every rule and protocol is followed to a T. That’s why cloud governance best practices include automated processes to immediately flag any deviation from the norm and enforce defined usage parameters, as well as ongoing audits and optimization to continually improve your methods.

What’s the difference between cloud governance and cloud management?

Enterprise leaders frequently equate cloud governance with cloud management, but the truth of the matter is that the former entails a much broader range of responsibilities than the latter. Cloud management involves the act of coordinating your cloud environments and infrastructure assets, while cloud governance determines how those actions should be defined.

There’s much more to cloud governance, as noted above, and some definitions could very well include cloud management under its umbrella. Other definitions encapsulate not only the strictly laid out parameters and procedures governing cloud usage, but the people that interact with or use cloud assets and the technology that supports cloud deployments. From that perspective, cloud governance falls just short of being an all-encompassing concept.

Why is cloud governance important?

The modern enterprise cloud footprint is massive, to say the least – not to mention highly complex. With often hundreds of deployments to look after, which are integrated with various legacy systems and on-premise infrastructure, IT departments have their hands full keeping an organization’s cloud environment in order.

In 2017, 85 percent of enterprises had a cloud strategy that incorporated multiple clouds, which frankly, sounds like an underestimate. That same year, approximately 79 percent of enterprise workloads operated in the cloud, with 41 percent devoted to public cloud solutions and 38 percent kept in the private cloud.

More recently, companies have continued to ramp up their cloud spending to meet operational demand. RightScale’s 2018 “State of the Cloud” report revealed that one in five enterprises plan to double their cloud budgets, and 71 percent intend to increase their cloud spending at least 20 percent.

Supporting business and IT innovation

There’s no great mystery to these trends – the cloud is dominating the business world, providing scalability, cost-efficiency and flexibility that would otherwise be impossible to achieve with a wholly on-premise IT environment.

Every exciting and innovative business technology that emerges relies on the cloud in some capacity. DevOps, for instance, requires cloud solutions to coordinate efforts between disparate teams of knowledge workers, share projects and support continuous integration and delivery. In 2017, 84 percent of enterprises had adopted DevOps practices, and 30 percent had implemented DevOps principles across their entire organization.

Then there is the growing demand for cloud-based IT solutions to consider. RightScale’s 2018 report found that a number of IT-focused cloud services were gaining in popularity, including relational database-as-a-service and container-as-a-service offerings. Add in the need to support the ever-expanding Internet of Things, and you have a recipe for potential cloud overload.

It’s just not possible for IT departments to keep up with the rapid expansion of the enterprise cloud footprint without a governance framework to make sense of it all. As a 2018 Forrester report noted, regardless of who subscribes to a cloud service within your organization, the responsibility for managing those systems will inevitably fall to your infrastructure and operations teams. With all signs pointing to an ever-increasing rate of cloud usage among large companies, the complexity of enterprise cloud environments will only continue to grow.

The alternative solution – scale back and discourage widespread cloud usage – isn’t any more viable. As Fugue Vice President of Communications Andrew Wright so astutely pointed out, businesses need to be, above all else, flexible, fast and continually pushing innovation to stay ahead of the competition. Companies that turn away from the cloud entirely in favor of a traditional, strictly on-premise arrangement will be unable to keep up with the speed at which their marketplaces are evolving.

Maintaining best-in-class security and privacy measures

One must also consider the security and regulatory ramifications of an imprecise or nonexistent cloud governance framework. Shadow IT – where employees deploy new tech solutions without IT’s approval or even awareness – creates risk for organizations, regardless of how innocuous a particular cloud service may seem to an unsuspecting employee. Without IT’s visibility and control, every cloud solution effectively creates an unguarded point of entry for cybercriminals.

According to IBM and the Ponemon Institute, the global average cost of a data breach rose 6.4 percent in 2018, reaching $3.86 million. Naturally, associated costs increase alongside the scope and breadth of an incident, but enterprise leaders may be unprepared for just how pricey these breaches can be: So-called “mega breaches,” defined as events where between 1 million and 50 million records are lost, can rack up anywhere from $40 million to $350 million in costs. From threat remediation and removal to regulatory compliance and legal fees – not to mention the reputational damage that typically occurs – cybersecurity incidents can be very costly for any organization.

On average, U.S.-based incidents were more expensive than similar cybersecurity events that occurred in other areas of the world. Considering that companies are increasingly interested in hosting solutions that tap into regional network resources like interconnection exchange points and local fiber corridors, or provide a gateway to major U.S. markets, that fact should give enterprise leaders pause.

From a cost, security and competitiveness standpoint, no company can afford operating without a comprehensive cloud governance framework in place.

How can you get your cloud under control?

The first step to put your organization on the path toward cloud governance excellence is to create an inventory of sorts of your different cloud infrastructure assets, solutions and, services. Working with a managed services provider that offers cloud monitoring and visibility solutions will make this task much easier.

Once you have a clear view of every platform in your cloud environment, your team can begin to audit each one and assess ways to improve that service or cut it entirely. There could be a number of cloud solutions your company pays for that are going unused, potentially costing thousands of dollars in cloud waste. Other issues to look for are integration problems that prevent your organization from seamlessly incorporating cloud platforms with your other IT systems or business applications and security or compliance gaps that could put your company at risk for a data breach or regulatory violation.

Cloud governance best practices demand ongoing diligence and oversight, with an automated system in place to quickly identify any cloud activity that violates the rules, policies, and parameters you have set in place. In this way, automation takes much of the guesswork and uncertainty out of cloud governance. An issue arises, and the system flags it, reports it and either addresses it unilaterally or escalates the problem to an operator for correction.

Incorporating automated systems into your cloud governance framework insulates your company against potential policy breakdowns. As Wright explained, employees cannot spin up a new cloud instance or provision new cloud assets if automated compliance is a critical component to one’s governance system.

When dealing with anything as complex and riddled with potential pitfalls and cloud governance, it’s always best to work with the experts. Lume’s managed solutions provide a team of cloud experts to guide the implementation process and ensure your business adheres to the very latest cloud governance best practices.

Leave a Comment