IT Governance: Everyone needs it even when they think they don’t

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: ITOps Talk Blog articles.

Accelerate. Speed. Velocity. Businesses need to be agile. They need to quickly adopt to new business trends or else they are behind the game. What does everyone do? They start running… Accelerating your business to achieve success is a must but often the need to accelerate causes lapses in controls to meet compliance and regulation standards. With cloud technologies bursting everywhere, it’s quick and easy to deploy. In a matter of minutes, you can be up and running BUT it can be dangerous if you don’t have the right plan in place…

 

Just like a company has a culture, even if it's not trying to, your company has governance, even if it doesn't think it does. Governance isn’t something you can buy. It’s the framework of how you run your business operations. It’s the ongoing process of managing, monitoring, and auditing the use of resources to meet the goals and requirements of your organization. These goals and requirements are unique to each organization so it's not possible to have a one-size-fits-all approach to governance. BUT everyone should have some sort of governance plan.

 

Governance Is about applying internal controls and measurements. The policies within your organization serve as the early warning system to detect potential problems. The Governance controls are disciplines that help the company mitigate risks and create guardrails. There 5 disciplines when we think about cloud governance which are:

 

  • Cost Management
  • Security Baseline
  • Resource Consistency
  • Identity Baseline
  • Deployment Acceleration

How can you have acceleration but have governance that is intentional?? Doesn’t it slow down business? In traditional IT operations, yes, governance can slow an agile business but with today’s technologies you can have both.

 

Let’s look at who needs governance….

 

  • Do you want to control cost?
  • Do you have a budget?
  • Do you require Data access management?
  • Does everyone in the organization need access to all data?
  • Are you concerned about Data integrity?
  • Are you in a specific industry? Healthcare, Finance, government Do you want customers? Your customers are going to want to know how you secure their data if you are providing a service to them.

If you can answer any of these, then you need governance. These are guardrails that you implement so that your teams of developers and IT operations can do their job while maintaining governance and staying compliant.

 

Because governance requirements will evolve throughout your journey, a different approach to governance is required. Companies can no longer wait for a small team to build guardrails and roadmaps on every highway before taking the first step. Business results are expected more quickly and smoothly. IT governance must also move quickly and keep pace with business demands to stay relevant.

 

The cool thing about building out these guardrails is that you do it from the start and you don’t have to do it in one shot. You can implement this framework in an incremental approach. Start simple and basic then build it up as you start to scale your business. If you are an already established enterprise you can still do an Incremental approach but most likely will have a more accelerated timeline to get compliant. Regardless the size of your organization, you’ll need to establish a foundation for where you would like to be in the future so that when you are there the framework has been built and you are just filling in the details and scaling.

 

Start off small then build out

Rome wasn’t built in day so do not expect to have all your governance set in a day. That is not achievable or realistic. What is achievable is building a plan. Start off with the foundational layers and then build out into a full governance plan. A simple example would be the following:

 

  • Phase 1 – Start Basic
    • Define User access - Role Based Access Control ( RBAC) - Who needs what access to where. Using Role Based Access Controls (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
    • Define Security baseline – Azure Policy - Azure Policy determine what actions can be executed within your Azure tenant. These policies enforce different rules and effects over your resources. Why are these important? It’s important because the policies not only control and secures your environment but it also controls your budget which I’m is probably really important for most businesses.
  • Phase 2 – Building out
    • Evolution of polices and controlling resources – Your governance policies will evolve over time as your business evolves. Periodic reviews of policies to ensure they are current is an ongoing process.
    • Cost Management - Cost management is the process of effectively planning and controlling costs involved in your business. This is normally performed by finance, management, and app teams to determine what is appropriate for your business. Azure Cost Management helps businesses plan their Cloud services with cost in mind. We all have budgets and controlling costs is a must for businesses so Azure Cost Management helps to analyze costs effectively and take action to optimize your cloud spending.
  • Phase 3 – Scaling your “governance” with Azure BluePrints
    • Build your Azure BluePrints - Azure Blueprints is the orchestration of your governed subscriptions. Azure blueprints allow you to quickly automate the creation and implementation of your policies. All these settings and permissions that you've created with RBAC and Azure Polices can now be quickly applied to every new subscription that is being spun up in your environment. Azure Blueprint takes the manual labor of applying your policies and controls out of the picture.

The example above is a simplified scaled down governance approach, for more detailed plans see more here. These example plans can walk through governance for a small or large enterprise.

 

Acceleration with Guardrails

As you have just read today, applying governance or “guardrails”, can be achieved AND still allow you the speed you need to accelerate your business. It doesn’t happen overnight. These phases of introducing governance give you the guardrails not to run yourself into the ground; you can successfully execute on this series of sprints and tackle the marathon of building and running a successful enterprise. Building these guardrails will not only keep you compliant, It will ensure the integrity of your data, secure and save you money.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.