Part 2: An Unimplemented Cloud Governance Model is a SCAM!
Define and Implement!
A well-defined and correctly implemented cloud governance model can be identified when a third-party "hero coder" working for your client angrily reports that they can’t get their work done. “I keep getting some damn error whenever I try to spin up these resources. Can you fix this, and fast? My work is at a standstill!”
In this case, an AWS service control policy has prevented resources from being accidentally deployed in the us-east-1 region. The cloud governance model specifies that the approved locations are regions within the EU, and nothing can be deployed outside of these regions under any circumstances.
At its best, collaboration with all parties is smooth and seamless, and the governance model doesn’t unnecessarily slow down development work. However, accidents like the one mentioned above do happen quite frequently, and it’s in everyone’s best interest that they’re prevented. To this end, it’s a good idea to create a short version of the governance model for partners, highlighting any potential restrictions. This way, no one gets frustrated, and projects start off with the right expectations.
Does It Have to Be Difficult?
When defining a cloud governance model, I’ve noticed that over 85% of the topics are the same for all organizations. Yet, in the consulting world, it’s always presented as “just for you.”
In my opinion, the focus in defining a governance model should be on the meaningful 15% that is unique to the specific target organization, while the remaining 85% comes as a given. This doesn’t mean that the 85% is useless or worthless to the client, but rather, we prefer to offer it as a service.
We believe our role is to educate client organizations on the fundamentals of cloud governance and help them define their unique aspects. We provide that 85% as predefined best practices, where we collectively gather the correct values. This means the cloud governance model should be parameterized so that the end result of the definition process is the configuration required for automation.
This configuration builds the technical solution in the cloud, known as the "Landing Zone," which implements all the services that monitor and protect the environments built there. In this way, policies ensure that everything is done "by the book." Of course, this is built using an automated platform without the need for a massive implementation project and months of consulting engagements. In short, we offer a technical solution as a service: "Governance made easy."
The original post was written on 22 October 2020; this is the updated version.
