Governance is nothing new. It’s been around in one form or another since the days when big mainframes dominated all of IT. However, most cloud leaders still don’t get what it is or how it works best, and so many cloud projects run off the road. I’m often astonished by the number of people in IT who don’t yet understand why we need cloud governance to make cost optimization and security work properly.
Most of what I assert here is supported by a recent study by Stacklet, a governance technology provider. This study surveyed 700 IT professionals and found that 86% of the respondents agreed that cloud governance tends to be a pivotal inhibitor to cloud adoption. The study goes on to state that cost optimization and cloud security are also core areas where governance tools and approaches are critical to success.
Let’s look at three issues.
First, most cloud-building executives and other professionals have heard of cloud governance. Many believe (right or wrong) that cloud governance is already implemented within their cloud deployments. They also believe their governance approaches and technology systems lack the visibility and cross-organization collaboration needed for cost optimization and better security.
Second, we’ve done a pretty good job of spreading the word about cloud security, cloud databases, cloud analytics, and emerging technologies such as serverless and artificial intelligence. Now it’s time to evangelize the value of governance and educate ourselves about new tools that can provide a complete cloud architecture. The goal is an architecture with all the guardrails to ensure that users, developers, and others who use your cloud-based systems will not add additional risk or costs.
Third, many people assume that governance will be native to specific cloud-based technologies such as databases or security. However, governance is an entirely different area of focus. Governance requires us to consider how we put policies around the use of cloud resources such as storage and compute, as well as services such as microservices or traditional services that may be a part of an application or cloud resource API.
Moreover, we need to define how we can configure these governance systems using approaches such as “governance as code,” whereby modern governance systems can leverage dynamic behavior. For example, don’t just deny access to a resource, say storage, at a time of day based on a set policy but due to more complex logical operators, such as who, what, when, where, or how somebody or something is attempting to access that resource. Examine the context. Rather than apply static policies that are often found in older governance approaches (time of day) and tools, today’s governance systems utilize AI to “interpret” and “learn” behaviors that static policies cannot predict.
I don’t want to get into another round of, “You need to understand this cloud technology, too.” I understand that it’s another plate to spin, but we do need more focus on cloud governance. Hopefully, most of us won’t have to suffer the consequences of neglected cloud governance to learn this lesson.
It’s not too late to learn what cloud governance is and how to use it.