As enterprise IT teams become a broker of cloud services, they need to embrace a new approach to cloud governance. Frictionless governance embeds and automates necessary controls to drive delays to zero by offering developers and business units cloud resources as quickly as teams can obtain them directly from cloud providers.
4. • The State of Cloud Governance
• Traditional vs. Frictionless Cloud Governance
• Elements of Cloud Governance
• Inventory
• Provisioning
• Operations
• Financial
• Security
• Wrap-Up
Agenda
4
4
6. “Change thinking from “why use the cloud?”
to “why not use the cloud?”
and institute a “cloud first” consideration
for every project on an
application-by-application basis.”
The Cloud Imperative
6
Photo credit: Andy Spearing
https://creativecommons.org/licenses/by/2.0/
7. 7
Photo credit: Benjamin Watson https://creativecommons.org/licenses/by/2.0/
..but lack of visibility and control
can keep IT up at night
8. 8
Photo credit By Emw (Own work)[GFDL (http://www.gnu.org/copyleft/fdl.html), via Wikimedia Commons
IT needs governance,
but not barriers to agility
9. Speed
Enable business units to act faster
Frictionless Cloud Governance
Safety
Policy-driven governance & compliance
Freedom
Diverse workloads & resource pools
10. Traditional vs. Frictionless
10
User Requests Provisioning
Submit for Manager Approval
Manager Approval
Submit for IT Review & Approval
IT Review & Approval
CMDB Updated
User Chooses from Catalog
Provisioning Complete
• Complies with standards
• Validated against budget
• CMDB updated
Approval-Based Governance
Frictionless Governance
Provisioning Complete
Wait
Wait
Wait
Wait
15. You Can’t Control What You Can’t See
15
Many Cloud Accounts
AWS
Azure
Google
CloudStack
OpenStack
vSphere
Account
Account
Account
Account
Account
Account
Account
Account
Account
Account
Account
Account
Account
Account
Account
Account
Account
Account
Account
• Connect to all cloud
accounts
• Discover all
instances
16. Organize & Find
• Add and Remove tags
on resources
• Powerful and fast
search
• Filter showback reports
with ease
Organize and Tag Resources
16
22. Single pane of glass!
• Complete view of your
cloud based workloads
• Public, private and
virtualized
• Where workloads are
running, how many
resources are being
used
• Compute, Network and
Storage
Operational Dashboard
22
23. Ensure consistency!
• Automated tasks
• Snapshots and backups
• Restore resources (e.g. DBs)
• Spin up and shut down test
and dev environments
• Maintenance tasks
• Automatically applied
• When an end user launches
an application stack
• When any resources is
launched, automatically tag
them
Automated Operations
23
24. Aggregated
Monitoring!
• Operational health of the
system
• Load high or low
• As release goes live
• Automated self-healing
• Auto-scaling
• Stranded in booting/
terminating issues –
Disaster recovery
• Alerting
• Issues that can not be
automated
• Issues with applications
Monitoring & Alerts
24
25. Quick Response!
• Security issues for:
• Operating Systems
• Stack Components
• Your application (e.g. holes
in APIs)
• Find affected resources
• Develop/test the fix
• Patch live workloads
• “No patch” strategies
• Patch templates in
repository and re-launch
• Move traffic to patched
system
Updates & Patches
25
27. Aggregated cost
tracking!
• Current spend of all
cloud providers
• Analyze trends to
understand who is
using more
• Determine if you are
on or off track
Multi-Cloud Cost Tracking
27
28. Understand spend!
• Analyze usage
• Usage changes, cost
changes
• Slice and dice
• Drill down to details
• Create reports for
business units,
applications, teams
• By accounts, instance
types, regions
• Tags let you do slice
and dice on anything
Analytics and Reporting
28
29. Plan future costs!
• What-if scenario building
• New cloud projects
• Compare clouds or
instance types
• Purchase Reserved
Instances
• Grow or shrink usage
• Create Alerts from these
scenarios based on
actual or forecast
Forecasting & Budgeting
29
30. Proactive!
• Specify allowed instance
types
• Limit to instance types
where you have RIs
• Set schedules and end
dates for applications
• Buy using different
purchase options (some
clouds automate this for
you)
Proactive Spend Optimization
30
31. Reactive!
• Identify unused
instances and shut them
down
• Analyze utilization based
on CPU, memory or IO
• Adjust instances to
match purchased RIs
• Sell RIs that you are no
longer using, or are
under-utlized
Reactive Spend Optimization
31
34. A Nightmare w/o
Account Aggregation!
• Setup Cloud Accounts and
Credentials in every cloud
provider?
• Manage each one
independently?
• Train personnel on how to use
each respective cloud account
for each cloud provider?
• Document different procedures
for provisioning/de-provisioning
cloud accounts?
Cloud Account Management
34
Virtualized
Environments
Public
Cloud
Bare
Metal
Private
Cloud
35. Multi-Cloud Identity and Access Management
35
Agency B
User A
User D
User C
Enterprise Account
Account 2
Account 1
Authenticate with
passwords or SSO
Admin
Virtualized
Environments
Public
Cloud
Bare
Metal
Private
Cloud
Authenticate with
cloud credentials
• Identity and Provisioning
• Authentication and
Federation
• Authorization and User
Profile Management
• Support for Compliance
Centralized Access
Controls /RBAC
Integrate with your
existing Identity mgmt
36. • Asymmetric keys private/public
• Key Management
• NISTIR 7966 http://tinyurl.com/lhtujnv
• Practice Key rotation /enable expiration
• Centrally manage vs. Independently manage
• Establish Security Policies/Procedures
• Detect when new keys are introduced to the
Organization
• Key storage options
• Hardware Security Modules
• On-premise
• Cloud services
• RightScale
• Encryption of keys -MUST
Key Management -- SSH
36
37. Ensure compliance
37
o Know who changed
what, where and when
o Integrate with your
SIEM / Logging Facility
o Maintain audit logs and
reports in-line with your
log retention
requirements
o Available via API to
integrate with other
systems
Gain Visibility with Audit Trails
38. • Definitive Guide to Enterprise Cloud Governance: A Frictionless
Approach
• www.rightscale.com/governance
Questions?
38