Cloud Governance – Don’t Make it an Afterthought
So almost all businesses are looking at cloud today either for Software as a Service (SaaS) or for some flavor of Infrastructure as a Service (IaaS). When you look at transitioning to the cloud, specifically IaaS, the challenges many businesses have are eerily reminiscent of the challengers many companies had when moving from physical to virtual infrastructure. I have to say it’s like Deja vu.
For just a moment, step back and look at the key challenges businesses had in moving to virtualization:
- Over Provisioning: IT wanted to be sure they could meet the request and needs of the application owners, development, test, etc. without going back to the CFO more funds every quarter, so they bought more compute and storage than they needed and it was left unused for long periods of time.
- VM Sprawl: Virtual machines (VM’s) could be spun up within minutes, and even with the normal business processes for approval, were available within days versus the weeks or months it took in the world of one app to one host. That led to VM’s popping up all over the place and without proper tracking, being left in place eating up valuable compute and storage resources.
- Standards: With the ease of standup also came the challenge of enforcing standards for VM’s. IT would provision to standard, but unless you had tight control over the VM, the applications and configuration of the VM could be easily modified and thus could easily deviate from company standards for patching, controlled access, etc. which became an issue – especially in test dev.
So let’s address these concerns/issues in terms of migrating to the cloud:
- Over Provisioning: This is still an issue in cloud. Even though you “pay for what you use”, the cloud vendors are giving discounts for reserved instances, which means there is a tradeoff between paying as you go and reserving what you need and getting a discount. How about the amount of processor, RAM and storage? Do you reserve or add as you need? Where’s the cost benefit threshold? Depending on the source you look up, it is reported that between 70% and 90% of cloud instances are over-provisioned – just like in the old school virtual server farms.
- Instance Sprawl: Cloud instances can be spun just as fast as or faster than traditional VM’s. So the issue of sprawl has not gotten any better unless you have rigorous controls, which I would say is not the case for those but the most mature cloud customers. These instances are often left running when not in meaningful use, which means your bill is running every day just like your water bill when your sprinkler system has a leak.
- Standards: Enforcing standards for security, configuration and compliance is a nightmare when there are some many instances poping up and being modified on a daily basis. Slow it down and you lose productivity, but leave it as is, and you introduce risk. How do you handle it?
The good news is that there are number of very good tools and platforms that tie into AWS, Azure, IBM and Google clouds that can help with all of the issues above. I will say that these tools are not free, but you can usually get them at a price point that is very tolerable and I can guarantee you that they will save your business both hard and soft dollars within weeks of bring them into use with your cloud management strategy. If you don’t have a tool that will do what is mentioned below as critical, then get one. If you are just starting your cloud journey, make sure you start with one.
Here are few things to look for when looking for a cloud management tool:
- Full resource visibility (usage, allocation, cost) at both company and departmental levels
- Graphical representations of your resource distribution
- Trending reports – predictive spend
- Granular views into individual resources and configurations
- Cost analysis and recommendations for optimization and reduction of monthly spend
- Auditing and Visibility into PCI/HIPAA, FISMA and applicable NIST compliance framework as well as CIS (Center for Internet Security) and CSA (Cloud Security Alliance) standards
- Log, track, and alert on critical changes to configurations, resources, and security settings
- Automated scanning for public accessible resources (ports/protocols)
If you start out with or adopt the right tools and governance models as you move into cloud, you will avoid that feeling of Deja vu. Governance and tooling will ensure you move into the cloud in a cost effective, secure and managed fashion that will ensure the cloud is an enabler for your business.
Noel Barber is a veteran of the IT industry and serves as the Vice President of Professional Services at ABS. In addition to staying on top of industry trends and changes, Noel works to ensure ABS continuously brings the best technology solutions to our clients.