News

Governance: The forgotten Key to managing and operating in the cloud

Keep up to date with our News and Announcements.

Stay up-to-date with all things Black Marble

Governance: The forgotten Key to managing and operating in the cloud

January 10, 2024

With cloud adoption growing at a phenomenal rate, it is essential that organisations create the right structures to manage, support, and constrain how the cloud is used and developed. There are many reasons to go to the cloud but some of them inherently bring risk into the equation of cloud goodness.

Any kind of change generates new risks. Cloud governance capabilities ensure that risks and risk tolerance are properly evaluated and managed.

Governance can mean many things, but the core definition for any organisation should be: Governance ensures we are getting what we want, how we need it, when we want it, in a provable repeatable way.

Governance encompasses the processes, roles, and responsibilities to guide the development and subsequent use of your cloud solutions. To repeat, it is important to create the right structures to manage, support and, if necessary, constrain how the cloud is used and developed.

In general, the main reasons organisations give for cloud migration are:

  • Speed of delivery
  • Working outside the bounds of IT control (Shadow IT)
  • Reduction of cost ability to use unique features of the cloud such as scale, geo replication etc.

We need to look at each of these parts with a governance perspective.

  • What we want: if the requirements are for cost, are we looking at and managing the cost to ensure we are getting the savings we desire?
  • When we want it: are we getting the speedy delivery but with the other governance constraints?
  • How we want it: as a bare minimum any solution must comply with security needs alongside all regulation and legal compliance issues. This is an - often-overlooked area when considering working outside the bounds of IT.

Failures in governance can regularly lead to unexpected high billing, GDPR and other data sovereignty and compliance issues and no audit trail in case of litigation or investigation.

Areas of governance can be broadly thought of as…

  • Technology: which services are acceptable for use in projects.
  • Location: is the solution geo dependant with for function or data sovereignty
  • Security: the overall application use of security both user and system.
  • Purchasing: How you report on, analyse costs and bill.

With all these areas it is common to see governance being ignored as it is felt that it is the easiest solution. This could not be further from the truth. Organisations that promote governance first find that the implementation and cost do not significantly impact the projects or delivery.

However, with all areas to consider, how does an organisation manage governance at scale and ensure compliance. The only real solution, like with most of the cloud, is automation to enforce governance. Azure has a set of supporting technologies that allow automation.

  • Policies: enforce or audit rules to ensure compliance.
  • Blueprints: automate setup of resources, policies, and users.
  • Management groups: enable governance in multi-tenant and cross-regional scenarios.

The benefits of governance:

  • Easier error monitoring and handling.
  • A secure, scalable, and easy to manage solution.
  • Clear ownership of solutions.
  • Clear responsibilities within solutions.
  • Clear documentation of corporate risk.
  • Clearly defined compliance and security checks.

Now is the time to embrace governance.

Join Black Marble as we share our knowledge and learnings in our Essential Guide to the Cloud series of webcasts and take advantage of our excellent white papers to help understand the process of success in cloud adoption. Contact us for any of our Essential Guide to the Cloud white papers, including “Delivering an Enterprise Cloud Operating Model”, “Positively Impacting your Organisation with Collaborative Working”, “Successful Software Delivery with DevOps”, and “Business Process Automation and Integration in the Cloud” or to be kept informed as each new paper is published.