Demystifying the role of governance in aws cloud operations

As more and more businesses tap into the infinite capacity offered by the cloud, two concerns increasingly require their attention: operations and governance.  This is particularly true with powerful cloud platforms like Amazon Web Services (AWS) Cloud, whose agility, speed, elasticity and innovation are made available on easy-to-use models, thus offering tremendous capability, along with geographical reach.

AWS offers tools that enable it to commoditize itself at the behest of the applications. Using these tools, however, leads to a double-edge sword: While businesses can maximize the AWS cloud potential with maximum automation, this can result in cloud sprawl if the power is not used judiciously.

Agile Operations: The Need of the Hour

This is why, in the new cloud paradigm, operations should harness the power of the cloud, seamlessly achieving a no-ops state. The more the applications are interwoven with AWS native services, the less operations effort is required.

Here is a typical reference model to set up ”all-AWS” cloud operations:

In this model, several AWS services are being used to serve various cloud operational functions in a highly automated manner, including the following:

• Businesses can use the ITSM system of their choice and integrate it with the AWS services. They can also provide next-generation interfaces to users, using AWS services such as Amazon Lex (for building conversational interfaces), Amazon Polly (a text-to-speech service) and Amazon Alexa (a cloud-based voice service).

• The AWS Service Catalog can be used to create and organize blueprints that can be consumed through DevOps or a portal. AWS also provides various easy-to-use native DevOps services, which enable the rapid building of continuous integration/continuous delivery pipelines that can be integrated with the AWS Service Catalog.

• The resources provisioned in AWS are monitored through extensive monitoring and management tools, such as Amazon Cloudwatch, AWS CloudTrail, VPC Flow Logs, Amazon Inspector, Amazon GuardDuty, Amazon Macie, etc. The monitoring data is reported back to the ITSM system through a layer of correlation and analytics enabled by services such as AWS Glue and Amazon Athena, leveraging the Amazon Elasticsearch Service. Depending on the complexity of the environment, Amazon SageMaker can be used for machine learning modeling.

• The business’s ITSM system can invoke AWS Systems Manager to auto-remediate the sanitized events reported by the event management system and can leverage AWS Config to manage configuration drift.

• For dashboarding and reporting, businesses can use the AWS-native QuickSight or bring in their own visualization and analytics tools, such as Kibana, Grafana or eMite and integrate with the data sources.

• Alternatively, businesses can subscribe to AWS Managed Services (AMS).

What’s Next: Governance

Once the ecosystem is built and operating efficiently, the next issue is establishing “continuous governance” to ensure that cloud activities don’t overspill set boundaries. The goal is to ensure a systematic approach is followed without losing focus on the key aspects of cloud operations.

Four distinct types of governance need to be considered:

• Technology governance ensures that the resources are up to date on the latest technologies. It also involves leveraging the new services launched by AWS and incubating them into workload architectures. Multiple technological aspects need to be managed through a single console, including patch management, software updates, tooling/integration, AI/ML automation and assurance of technology currency, which leads to innovation and technology enablement. Controls must also be applied to how teams consume AWS resources to limit cloud sprawl by applying the resource policies baked into ready-made blueprints. Using these blueprints ensures compliance from the aspects of security, availability, backup and disaster recovery. Technology governance should also help with managing AWS resources in a guard-railed approach through policy based control, role-based access control, DevOps and Agile operations, orchestration and provisioning through self-service capabilities for the client’s environment.

• Service governance ensures that services are rendered in accordance with agreed-upon service level objectives by brokering with AWS and other service providers. It also includes maintaining records of automation efficiency, reductions in incidents and events, change automation, anomaly detection and resolution, new service creation and systems of engagement. IT teams should strive for service transparency in SLA adherence, partnerships and systems of record/systems of engagement (ITIL processes) and provide a dashboard view to internal customers on SLA adherence and other key service management metrics.

• Financial governance provides a bird’s-eye view of the financial landscape of the entire organization, with the ability to click all the way through with budgeting and financial policy controls. With financial governance, IT teams can enable transparency in budgeting, metering and chargeback, financial approvals and spend optimization.

• Security & compliance governance focuses on implementing, auditing and managing the controls mandated primarily by the corporate security team. The business’s cloud operations should ensure the right security measures and metrics through regulatory compliance, threat & vulnerability management, data security & privacy, identity & access management and security incident response.

Cloud Control with all the Cloud Benefits

By focusing on these four pillars of governance, businesses can ensure not only that they’ve implemented the necessary controls for optimized and secured cloud management, but also that they’ve maximized cloud benefits in a structured manner. For example, we helped a leading humanitarian organization reduce its infrastructure, support and maintenance costs by 45%, while increasing the performance of its business services by 300%, with seamless elasticity.

This type of approach to cloud operations and governance will be essential as businesses continue to turn to the cloud with an insatiable need to seamlessly consume compute resources and the latest technologies, in their quest to innovate and compete in a digital landscape. With all the crucial ingredients now in place, we can now shift to autopilot mode.