CLOUD SMART REQUIRES CLOUD GOVERNANCE

When we look back on 2020 and early 2021, I believe we’ll see that COVID-19 had significant impact on the growth of cloud computing at government agencies as well.

Whether it’s SaaS-based collaboration services or the use of cloud computing infrastructure as a service (IaaS), government agencies increasingly turn to the cloud as part of their IT modernization efforts toward being ‘Cloud Smart’. Growing adoption typically means more users in the cloud, more workloads running in the cloud, and more than one cloud provider. Attempting to manage this growth means that agencies invariably encounter three specific challenges on the path to a healthy cloud:  Account Management, Financial Management, and Compliance Management. 

These three items are typically lumped together under the cloud governance umbrella. Cloud governance is the development and implementation of controls to manage access, budget, and compliance across your workloads in the cloud.

Challenges with a Home-Grown Governance Approach

Agencies who are just starting out or have no formal plan for the adoption of cloud solutions might look to get by with home-grown governance solutions that rely on spreadsheets and manual effort.  This creates a variety of challenges:

  • When done manually, approval to create new accounts in the cloud can take days or  weeks to get approved, let alone provisioned.

  • If an agency is following best practices from the commercial cloud providers, they will quickly end up with several accounts, and it becomes very difficult to effectively manage these accounts. 

  • Manually keeping track of cloud spending and allocating cost to the appropriate program requires a team of people just to try and make sense of the bill from the provider. 

  • Agencies must ensure that each account has the appropriate policies in place. When this is  tracked through some spreadsheet or checklist that, at best, is updated every so often, there is no way to actually enforce the policy.

Beyond operational challenges, you have the  dynamic of managing all the stakeholders that care about a well-governed cloud. System Administrators and individual programs  care about Account Management. CFOs, Finance, and Billing are usually concerned about Financial Management. Security and Compliance Officers are generally more focused on Compliance Management.  These three areas tend to align to different parts of an organization, but they are all key to an agile and robust cloud governance program. 

Governance Technology Choices: Broker or Enable

Government agencies quickly realize that home-grown governance solutions are difficult to scale, and their time is better spent on focusing on their actual mission. As agencies move away from these bespoke approaches and adopt technology solutions to support their cloud governance, they must choose between cloud broker technology and cloud enablement technology. Cloud brokers hijack the native cloud experience and force engineers to learn the broker technology and not the underlying cloud service provider (CSP).  For cloud engineers and developers who know how to use the native consoles and command line interfaces, this becomes a hinderance to their productivity. The other issue is that the rate of change for CSPs happen far faster than a cloud broker can keep up with. If an organization is using a cloud broker and a CSP releases a new offering, it could take months before the cloud broker is able to support that new service. 

Instead of a cloud broker, government agencies can leverage cloud enablement technology. Solutions that fall into this category deliver the native cloud experience, fully embracing the CSP and allowing an organization to define polices and controls using the CSP services.  These cloud enablement solutions become a central place to manage multiple accounts – across multiple CSPs – while ensuring continuous compliance and budget enforcement.