What is Cloud Governance?
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
before we go any farther,
let's take a moment to find the phrase cloud governance.
While early concepts of cloud computing date back to the 19 sixties, the modern term as it relates to the public cloud was popularized with Amazon releasing its elastic compute cloud or easy to in 2006. By the mid 20 tens, cloud computing had developed a basic feature set,
so the primary focus shifted towards security and control.
Large cloud service providers of the time Amazon, Microsoft and others began to publish an update, their own approach and best practices for organizations to secure control their cloud as they scaled.
At the same time, managers inside organizations needed a way to provide best practices, perform automated integrity checks without hindering the speed of product development.
So providers and organizations both starting to establish some best practices,
some processes and rules the early paintings of cloud governance.
Let's use this as the basis of our definition.
Cloud governance is a set of rules under which an organisation can operate in the cloud to ensure ongoing compliance in long term business objectives.
Sounds simple enough.
But establishing soundcloud governance amongst all the parties involved becomes daunting quickly.
It may already be clear by now,
but governing the cloud is massively complex due to its elastic and ever evolving nature.
Don't just take my word for it.
Let's look at the numbers.
57% of I T leaders have exceeded their cloud budgets at some point.
Think about that.
That's almost two out of three a majority now.
This may not come to a surprise to some, as one of the defining attributes of the cloud is extreme elasticity and rapid scalability,
providing a developer with a cloud account. Her subscription today would be akin and days past to giving each Dev their own data center
with the ability to spend up nearly unlimited compute notes and limitless volumes of storage. If left unconstrained by any policy,
in fact, a cloud tamer. Many of our first customers approached us with stories of accidentally or inadvertently spinning up tens to hundreds of thousands of dollars of cloud Resource is in a single weekend.
While self service drives the agility in the cloud, it's not hard to envision an organization with dozens hundreds or thousands of users making uninformed decisions that have adverse effects on the budget
and the clouds. Complexity is not limited to just cost concerns. 81% of global Cloud decision makers say security is the top challenge in the cloud.
Maintaining an organization security posture is now a shared responsibility between you and your cloud provider.
This is a major departure for those accustomed to securing defending a private data center.
In almost all cases, higher level of security can be achieved by migrating to the cloud.
But the ways and means of securing your position in the cloud differs based on cloud service provider and requires a high degree of automation. High level of complexity.
Another aspect of complexity Here is the rate of change that occurs within the cloud.
For many organisations. New cloud services air released faster than the security team's ability to evaluate and certify these new services.
And if you work with more than one cop provider, this level and frequency of change management represents an Achilles heel if you don't have the instrumentation and automation to prevent, detect intermediate quickly and effectively.
Lastly, the broad team of people leading building securing an administering, clouded structure add complexity to our overall equation here,
and there's not enough of that,
86% of I T decision makers believe that a shortage of qualified engineers will slow down cloud products in 2020.
There's a clear skills gap in many organisations today, especially when you factor in the need to find skills across cloud providers. You don't often find an individual who is both an azure expert and an AWS expert.
Cloud platform and information security in particular, identify those areas lacking in experience and when looking to hire, you run into a tight labor market in this field.
So how do you address this challenge? Continuous automation compliance is key but makes up a small percentage of the security processes applied in cloud environments. Today, over 35% of security processes are still manual.
This shows there's clearly room for growth in the use of automation. But getting the right staff with the right skill in place adds to the overall complexity.
Hopefully, it is painfully clear by now that governing the cloud is complex yet critically necessary. Without governance, cloud environments are left unchecked, potentially spiraling out of control between the pace of change in business landscapes, new services being adopted by engineering
and the rapid growth in many cloud environments.
There is no way an organization can keep up without a cloud governance strategy
soon. Now that we have a solid definition of cloud governance and understand the complexity behind it,
let's take a look at how organizations adopt the cloud at scale.