Developing a best-practices cloud governance model is a foundational and critical activity to facilitate the systemic, supportable, and sustainable execution of a successful cloud transformation strategy. This best-practices model includes a standards policies, automation that consistently applies and enforces policies and controls, self-service capabilities that that enable development agility and speed, and automated monitoring and cost management that ensure operational integrity. A well-developed cloud governance model enables customers to effectively develop, leverage, and optimize the AWS cloud operating model to improve operational integrity, reliability, performance, and transparency. This session highlights the necessary and recommended elements of a best-practice governance model including policy considerations and recommendations, self-service automation methods towards IT-as-a-Service, and use-case examples.

1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Matthew McGuire, GSA, Director, Technology Solutions Division
Guy Cavallo, TSA, Executive Director, IT Operations
Brian Anderson, AWS, Sr. Consultant, Professional Services
June 20, 2016
Governance Strategies for
Cloud Transformation

2. Goals for the session
• Definition and overview of cloud governance
• Cloud center of excellence (CCoE)
• Stages of cloud governance
• Cloud governance best practices
• GSA — Review of business services platform (BSP)
• TSA — Discussion of governance
• Question and answer

3. Definition of cloud governance
The decision-making criteria, processes, and policies involved in the
planning, architecture, acquisition, deployment, operation and
management used for operating IT services in the cloud.
— Cloud governance allows IT to innovate,
automate, and quickly deploy code and
infrastructure while maintaining the
necessary requirements for security, audit,
control, and compliance.

4. Goals for cloud transformation

5. Why governance?
1. Reduction in access and security risks
2. Development of cloud standards — delivery, tools, process
3. Management of application design: CI and CD design
4. Cost optimization
5. Increased innovation for business units
6. Elimination of rogue IT and disparate cloud initiatives
7. Management of the consumption of cloud resources

6. Cloud governance opportunities
• Speed — Enable business at cloud speed and cost
• Integration — Complementary to existing enterprise
IT governance processes, policies, and tools
• Balance — Appropriate coverage for key decisions, investments,
and risks while achieving the benefits of the cloud
• Proactivity — Anticipate and prevent shadow clouds and
unauthorized cloud activities that expose organizational risks
• Enablement — Appropriate cloud decision making without friction

7. Cloud center of excellence
(CCoE)

8. Cloud center of excellence (CCoE)
The cloud center of excellence is a
team of executives and IT area
experts that authors cloud governance
to enables business units to access a
self-service model and provides a
catalog of standardized and templated
instances from which to select and
autoprovision

10. Stages of cloud governance

11. Levels of cloud
governance
L0 – Decentralized
control
L1 – Centralized
control
L2 – Decentralized
control with
automation
L3 – Centralized
control with self-
service

12. Three phases of cloud governance
Beginning
• Minimal
integration
• Reactive
environment
• Cost overruns
• Manual
deployments
• No cloud
structure
Adopting
• CCoE is in place
and policies are
maturing
• Policies
matched to
process
• Designing for
cost
• Rapid
deployment
Mature
• Full automation
and self-service
• Benefits of cloud
services realized
• Agility and control
• Optimized for
cost
• Secure and
compliant
environment

13. Phase 1: Beginning
1. Create the CCoE to develop and own governance and its policies
2. Develop governance model and establish policies for:
• Security
• Account management
• Cost
• Network
• Instance and storage
• Service management
• Monitoring and reporting
3. Begin to modify the deployment process and policies and look to automate
• Develop governing policies to enable automated approval cycles
• Develop financial policies to enable BUs to quickly stage POCs

14. Phase 2: Adopting
1. Develop self-service policies
2. Develop data governance policies
3. Develop continuous integration / deployment policy
4. Develop design-for-cost architecture guidelines
5. Develop cloud audit and compliance policies
6. Develop a common API design framework

15. Phase 3: Mature
1. Develop advanced automation techniques and policies to promote
further cost reduction, agility, and resiliency:
• Automated testing and code promotion from each tier to production
• Automated DR and recovery testing — Chaos Monkey / Chaos Gorilla
• Automated instance power down / power up for non-Reserved
Instances
• Utilization of Spot Instances — when and where to use
2. Develop transition policies to define services and SOA
3. Develop policies allowing existing applications to test-for-cost
(scale up / scale out)

16. Cloud governance best practices
• Establish a CCoE and begin developing/updating policies
• Tailor your governance process to your organization’s particular risk
tolerance
• Decide where to leverage existing processes versus establishing
new ones
• Make the process as lightweight as possible and as informative as
possible to create a positive user experience
• Start early in the transformation so you can get business and IT
feedback and support
• Rely on use-case reviews to improve your processes

17. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Matthew McGuire
Director, Technology Solutions Division
June 20, 2016
GSA Business Services Platform
Enabling Greater Agency Agility to Drive Mission Impact

18. The GSA cloud
transformation
”Worked fine in dev…” “...OPS has problems”
Then (data center)
• Days/months to provision
• Months to app ATO
• One off configs for every app
• Size to peak demand
• Long, painful outages
• Everything needs software

19. What is BSP and how does it transform IT
Now (BSP)
• Minutes to provision
• Weeks to app ATO
• Standard app stacks/services
• Automated scalability
• Immediate server redeployment
• Automated — Infrastructure as code,
continuous delivery
• Secure — Multitenant, security driven
architecture
• Cost effective — Pay for what you use
• Metrics — Visibility into usage and cost
• Modernization platform — Get to the cloud

20. BSP is a modernization platformSecuritycontrolinheritance
Degree of automation and cloud optimization
Mode 2
OS
optimization
Mode 3
Fully
automated
stack services
devops
Orchestration
Infrastructure
as code
• Choose the mode
that best suits
your application
and level of cloud
optimization
• Mode 3 apps
inherit >85% of all
ATO security
controls
Mode 1
Compute,
network,
storage
MIGRATED APPS
APP
DATA
OPTIMIZED APPS AUTOMATED APPS
APP

21. 1. Choose app stack
Template file
• Component
Configs
• Cluster Sizes
• Auto Scaling
• Etc.
3. Stage content
4. Run preconfigured
orchestration job
5. Application fully
deployed
6. Invoke Ansible callback
7. Run Ansible config roles, including app deployment
5. Deploy
infrastructure
AWS IAM
1. Jenkins initiates deployment through Ansible Tower
2. Generate custom
AWS Identity and
Access Management
(IAM) policy and
Amazon CloudFormation
template
2. Customize stack
Developer experience
Orchestration workflow

22. Security & Reliability

23. Benefits
Enabling greater agency agility to drive mission impact
• Speed and flexibility
• Configuration control
• Scalability
• Security
• Reliability

24. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Guy Cavallo
Executive Director, IT Operations
Transportation Security Administration

25. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Question and Answer