Time
34 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:01
Our first cloud governance principle is account management.
00:05
This module focuses on account methodologies such as native access self service in automation.
00:12
We'll also look at the benefit and building toe an organizational structure
00:16
put simply from the time you provisional cloud account until you shut it down.
00:21
An organization needs of you toe what's going on in their cloud accounts.
00:26
Where does the account live? Within the organization?
00:29
Who has access to this account?
00:31
What security and compliance policies govern this account?
00:36
Organizations all bring complexity, multiple systems and cloud provider needs.
00:41
People gaining access to tools and technology.
00:44
The cloud account or subscription is the most fundamental construct an isolation boundary of the cloud service provider.
00:52
When used correctly, an enterprise can limit its security and fiscal exposure by allowing developers and system owners to use as many cloud accounts is needed.
01:02
Using a multi account single tenant approach over a single account, multi tenant pattern prevents any single failure from disrupting business continuity,
01:11
so establishing an agnostic approach as a foundation. Oven organizations cloud infrastructure promotes the widest tool set
01:19
while still keeping your environment secure and compliant
01:23
with multiple service providers or a multi cloud approach an organization can lean forward and innovate without the restriction of one provider's service versus another.
01:34
This pattern, however, does come with management. Overhead.
01:38
Requests for new cloud accounts and new requirements can quickly overwhelm a cloud. Operations Teams ability to service new requests,
01:47
making the change control portion of this life cycle extremely difficult service,
01:53
along with supporting a multi cloud environment, providing native access to cloud service provider environments reinforces sound account management.
02:01
Many cloud platforms and services today try to simplify or streamline cloud services and offerings.
02:08
This simplification aims to make cloud adoption easier for organizations that are just starting their cloud adoption journey.
02:16
However, this same simplification often slows down or even inhibits organizations as they continue to scale and grow.
02:25
Cloud service providers are releasing new services and innovative features at a rapid pace. Sometimes it feels like they're released daily.
02:35
Providing native access to these cloud environments provides a host of benefits.
02:40
First off, you could ensure your users have access to the latest services. As soon as they arrive,
02:46
developers can forge ahead and innovate without needing toe. Wait for the service to be adopted to another tool or platform.
02:54
Secondly, the native environments provided by cloud service providers are often the native palette that most developers learn on and use every day.
03:04
There is an inherent comfort and confidence in the platform in its tools.
03:08
This also reduces the learning curve of the users as they don't have to adopt a new software platform or unfamiliar processes.
03:17
Finally, providing native access to the cloud establishes greater transparency across all users. And resource is this path of least resistance, AIDS and speed, agility and adaptability. Cloud resource is
03:31
self service is the cornerstone of making the multi cloud, multi cloud account or subscription patterns successful for an organization.
03:39
Subsequent automation of new cloud account provisioning and building the network inside the account ensure it's usable for their quester as quickly as possible.
03:50
And this idea of self service, built on a backbone of automation, goes further than just provisioning.
03:55
World class cloud governance platforms and processes connect and automate with other applications. Tools and resource is, for example, providing user access by connecting an active directory via LDA or to an identity provider like Octa, or one log in Via Samel
04:14
eliminates risk in providing the right user with the right access and permissions.
04:18
This concept holds true for integrating with security controls, change management systems and cloud auditing tools.
04:26
The more your cloud governance platformer processes can integrate and automate with other tools, the more robust and streamlined account management becomes its scale.
04:35
Let's look at an example within cloud tamer of self service and automation as it pertains to account provisioning. Here we can see an organization that's using the platform service now for I T management and building digital work flows.
04:49
Our user, Abraham Lincoln, is looking a provision. A new account
04:54
all eight needs to do is request a new account via a self service portal and provide some basic details around the new account,
05:01
a project or account name.
05:03
Information on where this account lives within the organization,
05:09
the account budget or other financial info
05:13
and any other details required to provision in the count successfully.
05:17
Once Abe's submits the request, service now takes over requesting proper approvals and verification of key information around the account.
05:27
Once those proper approvals have gone through, service now communicates with the cloud governance platform in this case cloud tamer, to provisioned the account in the correct area of the organization
05:36
assign the financials and establish user access.
05:41
In the end, all Abe has to do after submitting the request is log in, navigate to their new account,
05:47
Federated in and start working.
05:50
As you can see, integrating a solution like service now with your cloud governance platform helps greatly streamline the count provisioning process, eliminating as many manual processes and points of failure as possible.
06:04
Another best practice and account management that we've seen success in when working with cloud tamer customers is mapping the cloud environments to the company's organizational cloud infrastructure.
06:16
Then, by using the concept of inheritance weaken, define both boundaries and pathways for the very elements of the cloud infrastructure where users live their access policy boundaries. Compliance measures cloud financials, deployable infrastructure all built tied to an automated
06:36
by levels of inheritance
06:38
within an organizational structure.
06:42
Let's take a look at how we've applied this idea of organizational inheritance within cloud tamer.
06:47
Here we see a simple organizational chart made up of some of the basic units that define areas within the organization.
06:55
We start with a top level unit to represent the entire enterprise.
07:00
Below are several layers of units to represent other areas functional units or departments or applications within this organization's cloud infrastructure.
07:10
At the base level of the Orc structure is where we find the individual cloud accounts and subscriptions.
07:15
This organizational chart is more than just eye candy. It's building pathways for users, permissions, financials, policies and more.
07:25
Here we see a posse applied at the very top of the organ that restricts resource is on Lee being deployed in the regions inside the U. S.
07:32
This policy is applied the very top
07:35
and is inherited down toe all of the units underneath.
07:39
In this way, no matter where an a counter subscription lives within the organization and inherits this policy
07:46
as you traverse down the organizational chart, not only do you see these inherited policies but new policy layers, air added. For instance, under research and development, we have a unit of her organization for biomedical research.
08:01
Hear more policies in this case for HIPPA compliance have been applied locally at this level,
08:07
which are inherited to just the accounts and subscriptions housed underneath
08:11
these inheritance pathways established, robust and dynamic yet automated relationships between levels and units in your organization.
08:20
The organizational chart also gives users context into where their account or subscription lives within the organization.
08:28
This context empowers users to engage in the right conversations to understand more about why certain policies or rules are in place.
08:35
So to review establishing sound processes that provide native access to all environments and promote self service with a backbone of automation enable large organizations to govern account management at scale.
08:52
Also, we learned that modeling your cloud infrastructure, toe organizational chart, aids in creating enterprise specific pathways and boundaries of inheritance.

Up Next

Cloud Governance Principles

This Cloud Governance Principles course provides an introduction to cloud governance concepts and the growing importance of governance in cloud operations.

Instructed By

Instructor Profile Image
Matthew Duda
Customer Training Engineer at cloudtamer.io
Instructor