Article

What is cloud governance?

Cloud Governance
Time to read: 9 minutes

Cloud governance dictates how an organization operates services in the cloud based on a defined set of rules and policies. The structure provided by cloud governance ensures that an organization’s cloud services support operations and provide the necessary security.

Cloud governance is essentially the application of IT governance policies to cloud services, but to a far more extensive degree. Due to the breadth of services encompassed with cloud deployments, cloud governance must consider many areas to keep systems running smoothly and securely.

Cloud governance covers finance, operations, security, compliance, data management, application performance, asset management, and configurations.

Activities performed as part of implementing cloud governance rules, policies, and processes include defining, continuously monitoring, and auditing them. This ensures that resources are optimally allocated, coordinated, and controlled.

Examples of cloud governance rules include:

  1. Defining roles and responsibilities
  2. Determining alert escalation procedures
  3. Enforcing network policies
  4. Ensuring compliance with industry regulations
  5. Establishing and monitoring service level agreements (SLAs)
  6. Implementing disaster recovery policies
  7. Managing data lifecycles
  8. Enabling access control requirements
  9. Setting data classification schemes
  10. Specifying allowances for cloud services

Why cloud governance is important

A sound cloud governance strategy is important because it helps organizations realize the full benefits of the cloud and avoid costly missteps that are common in cloud deployments. Cloud governance provides a system that structures rules and provides guidance on how to best combine technology, people, and processes to achieve desired results, maintain security, abide by budgets, and optimize performance. Following are several ways that cloud governance supports the enterprise.

Cloud governance provides direction for how to manage workloads for optimal operational efficiency and security. For instance, cloud governance can include directives for when to move multiple-tenant workloads residing in a single cloud account or subscription into their own distinct accounts.

Improves cloud resource management

Cloud governance can segregate cloud workloads into individual accounts for departments, projects, or cost centers. This breakout helps control costs, increases visibility, and reduces security vulnerabilities.

Increases administrative efficiency

With cloud governance, policy definition and application are streamlined and can be applied across an organization. This centralizes control over cloud resources to reduce non-compliant activities and enable teams to manage costs more efficiently.

Minimizes cloud security risk

By establishing and enforcing rules, cloud governance is able to improve data protection, integrity, and availability. Cloud governance extends controls across all systems to protect information no matter where it resides.

Reduces shadow IT

Cloud governance makes resources more accessible, which encourages users to work within the established structure to procure cloud services. This reduces the use of non-sanctioned cloud resources and helps reduce the use of shadow IT systems.

Automation and cloud governance

Automated cloud governance policy management platforms store policies and monitor activities. If a policy violation is detected or an action requires approval before it is permitted, the system can automatically respond.

Cloud governance policy automation allows IT teams to govern by exception, saving time and allowing IT personnel to focus on more productive activities. Beneficial actions that a cloud governance policy management platform can take include:

  1. Advise when costs are projected to exceed a monthly budget
  2. Audit cloud usage
  3. Automate processes, including infrastructure provisioning, enforcement actions, resource allocation, cloud security, compliance, network management, and workload management
  4. Detect and fix vulnerabilities automatically
  5. Halt an action until the approval workflow process has been completed
  6. Revoke access to misconfigured accounts or any that exhibit suspicious activity
  7. Schedule workflows
  8. Send an alert about a violation (e.g., text, email)
  9. Suspend the launch of a virtual machine if its Central Processing Unit (CPU) capacity exceeds a certain level
  10. Terminate an activity that violates a policy
  11. Terminate a virtual machine with unauthorized open ports

Additional benefits realized with cloud governance policy automation include:

  1. Eliminating human error
  2. Gaining visibility into cloud usage
  3. Optimizing management of security, costs, operations, and performance
  4. Planning and managing budgets more effectively
  5. Scaling well beyond manual control capabilities
  6. Streamlining cloud governance

Cloud governance principles

Cloud governance principles provide the basis of an effective program. The following are essential for providing proper controls to optimize the use of cloud services.

Asset and configuration management

Keeping control of assets and their configurations is an important part of cloud governance.

With cloud deployments’ propensity to become a sprawl, cloud governance enables the order and processes necessary to maintain operational efficiencies, control costs, and ensure that security and privacy requirements are met.

Cloud governance provides direction for resource allocation and configuration.

Data management

Cloud governance plays an integral role in the management of the data lifecycle in an organization, including data classification, encryption, access, storage, and deletion. Establishing and enforcing cloud governance policies for data management ensures that the right controls are in place to make data accessible, protect sensitive data, and eliminate excess data that increases attack surfaces and storage costs.

Financial management

Building financial management into cloud governance helps keep cloud usage within budget. Using cost controls, reporting, and alerts as levers, cloud governance policies help organizations utilize cloud resources in a fiscally responsible way. Cloud governance establishes the guidelines and policies to optimize usage and avoid cost overruns.

Operations management

Operations management focuses on setting parameters for how cloud resources deliver services. Cloud governance policies related to operations management include directions for how to execute the key operations functions.

Performance management

Cloud governance includes providing direction for the monitoring and management of application performance and infrastructure resources. Cloud governance helps deliver efficient and expected levels of IT service.

Security and compliance management

Security and compliance management functions related to cloud governance should build on security policies, programs, and processes already in place.

Cloud governance frameworks

Cloud governance frameworks detail the functions that fall under cloud governance principles. These are required to establish controls and optimize the use of cloud resources.

Each of these elements is interwoven to create a rich cloud governance program that directs operations without encumbering users. Examples of what is included in each area of cloud governance frameworks are the following.

Asset and configuration management

  1. Controlled processes to deploy clusters or use cloud services
  2. Specifications regarding what to run or deploy in an environment to support applications
  3. Directions for controlling the use and storage of secrets, such as credentials and encryption

Data management

  1. Data access
  2. Data lifecycle management
  3. Data privacy
  4. Data quality
  5. Data security
  6. Data stewardship

Financial management

  1. Allocating and tracking cost and data usage
  2. Budgeting
  3. Forecasting
  4. License management

Operations management

  1. Creating rules and processes that control how to create new applications or workloads that run in the cloud
  2. Defining requirements for monitoring and logging
  3. Deploying application code to various environments
  4. Determining how resources are allocated
  5. Establishing how to determine resource requirements for new applications
  6. Estimating compute, storage, and network requirements
  7. Setting rules for how the state of the cloud is monitored to ensure SLAs are met
  8. Specifying identity and access management requirements

Performance management

  1. Latency to retrieve data, load webpages, or call an API function
  2. Number of connected and active users
  3. Number of database transactions per time period

Security and compliance management

  1. Application security
  2. Backup and recovery
  3. Business continuity planning
  4. Data encryption and key management
  5. Identity and access management
  6. Monitoring and reporting
  7. Privacy policies and controls
  8. Risk assessment and management

Choosing a cloud governance solution

Cloud governance tools serve several purposes, such as:

  1. Demonstrating compliance with standards and regulations
  2. Enabling a high level of automation across a wide range of enterprise data sources, including multiple clouds and hosted applications
  3. Managing and protecting data
  4. Providing robust search capabilities
  5. Simplifying reporting

When choosing a cloud governance solution, the complexity of the strategy should be considered. For large organizations with a nuanced cloud governance strategy, specialized tools are helpful. These can help with management functions, such as resource allocation and cost management.

Another consideration when selecting cloud governance solutions is how they support the overall strategy and implementation of best practices, including the following.

Cost management

Cloud governance policies can be used to direct the implementation of cost management controls and reporting, as well as ongoing monitoring and optimization to continue to improve results. In addition, cloud governance policies can provide guidance for capacity management, including processes for identifying when unused resources should be deprovisioned, and analyzing where managed services should be used.

Operational excellence

Cloud governance can be used to dictate how resources are provisioned, with a focus on replacing manual processes with automation.

Performance optimization

Cloud governance policies can be used to direct how workloads should be evaluated and deployed for optimal performance.

Security

Cloud governance policies need to consider how security is handled and by whom. Understanding the divisions of security responsibilities between service providers and customers is crucial. Then, cloud governance policies should be applied to enforce security related roles and rules.

Cloud governance: A logical extension of general IT governance

While many of the principles of IT governance apply to cloud governance, they are not the same. Cloud governance goes beyond general IT governance to account for the expansive nature of cloud computing. With the use of cloud computing growing, it is imperative that organizations take time to rethink general IT governance and incorporate best practices for cloud governance.

Take control of your cloud platform.

Learn more about SailPoint Identity Security.

Mark and Sumit

S1 : E2

Identity Matters with Sumit Dhawan, Proofpoint CEO

Join Mark McClain and Sumit Dhawan to understand the future of cybersecurity and how security teams can support CISO customers in the midst of uncertainty.

Play podcast
Mark and Ron

S1 : E1

Identity Matters with Ron Green, cybersecurity fellow at Mastercard

Join Mark McClain and Ron Green to understand the future of cybersecurity and the critical role identity security plays in safeguarding our digital world.

Play podcast
Dynamic Access Roles

Dynamic Access Roles

Build the next generation role and access model with dramatically fewer role and flexibility

View the solution brief