September 23, 2021
Establishing Azure Cloud Governance
CDW offers numerous workshops to address specific governance questions.
Denise Nickels and Elan Shudnow
Many organizations are looking to establish an Azure cloud footprint. This may be for numerous reasons. Some examples include your colocation facility lease is expiring, your server infrastructure is aging and you don’t want to spend the necessary capital to purchase new server infrastructure, etc.
What cloud customers may do is deploy cloud infrastructure and later, down the road, they may realize that there were no Azure governance standards put in place to establish the following:
- Automation
- Visibility
- Resource tracking at scale
- Role-based access controls
- Continuous compliance
- Security configurations
- Landing zone
Discover how CDW services and solutions can assist you with your Azure needs.
Depending on the amount of Azure infrastructure put in place, it could be a very daunting task to establish Azure cloud governance and retroactively apply these governance policies to existing resources. An example is renaming resources to abide by a new governance naming standard, which quite often, is not allowed.
Azure Governance Workshops
We recommend establishing Azure cloud governance prior to migration or deployment of any new Azure resources. We do this by following the Azure cloud governance strategy set forth within the Azure Cloud Adoption Framework.
Our Azure Governance Workshop includes:
- Discovery:
Evaluation of your Azure environment (tenant and subscriptions)
- Governance overview:
Identify governance disciplines that align to the business goals and success criterion
- Strategy:
Define business strategy to drive adoption efforts that capture targeted business value in a cross-functional model
- Cost management:
Develop policies and controls for cloud cost management for greater visibility on Azure costs
- Security:
Define and understand your security requirements and how they impact your environment
- Resource consistency:
Consistent configuration of resources and eliminated risks related to onboarding and drift
- Identity:
Ensure security identity perimeter and access requirements
- Deployment acceleration:
Best practices to implement for deployments
Let’s look at a few of these and provide some examples as to why they are important and what is discussed within each.
Strategy
The cloud delivers technology that helps drive business strategies to become more agile, reduce costs, accelerate time to market and enable expansion into new markets. Our Strategy workshop defines the business strategy to drive adoption efforts.
Some examples discussed, but not limited to, include:
- Motivations such as a data center exit, reduction in capital expenses, reduction of disruptions, improvement of IT stability, increase in business agility, optimization of internal operations, improved customer experiences, market disruption with new products or services, scaling to meet geographic demands and many more.
- Business Outcomes such as data innovations, data democratization, fiscal outcomes, agility, global reach and many more.
Cost Management
For most customers, managing the cost of their Azure infrastructure is a major concern. Balancing performance demands, adoption pacing and cloud service costs can be challenging. Our Cost Management workshop defines the cost management model in order to ensure there are safeguards in place to align costs within organizational thresholds.
Some examples discussed, but not limited to, include:
- Online pricing calculator
- Total cost of ownership calculator
- Digital estate planning
- Azure cost management tool
- Region deployment and bandwidth considerations
- Subscription billing boundaries
- Spending limits and quotas
- Reservations for up to 75 percent cost savings
Security
Just as with cost management, for most customers, managing the security of their Azure infrastructure is a major concern. In a cloud-centric world, organizations quickly find that static security processes cannot keep up with the pace of change in cloud platforms. Our Security workshop defines security processes and tools to leverage in Azure that will keep up with the fast pace of change.
Some examples discussed, but not limited to, include:
- Azure Active Directory including Privileged Identity Management, Identity Protection, access reviews, multi-factor authentication, etc.
- Azure Key Vault
- Azure Security Center
- Azure Information Protection
- Azure Defender
- Network security
- Privacy
- Compliance
- Role-based access control
Identity
Most organizations that are looking into Azure will quickly realize there are a multitude of capabilities around user identities regardless of the cloud provider that hosts the application or workload. Our Identity workshop compliments the Security workshop, defines cloud authentication and authorization across cloud adoption efforts.
Some examples discussed, but not limited to, include:
- Active Directory Domain Services (ADDS) both on-premises and within Azure
- Azure Active Directory (AAD) such as cloud-only identities and synchronized hybrid identities
- Azure Active Directory Domain Services (AADDS) federated identities
- Authentication models such as password hash synchronization, pass-through authentication, Active Directory Federation Services (ADFS) and third-party identity providers
- Conditional access
- Lifecycle
- Multiple-forest topologies
Resource Consistency
Establishing policies relating to the operational management of an environment, application or workload is critical to ensuring consistent resource deployment. Our Resource Consistency workshop defines how to deploy resources in a consistent method so that they can be discoverable by IT operations, are included in recovery solutions and can be onboarded into repeatable operations processes.
Some examples discussed, but not limited to, include:
- Tagging strategies such as owner, environment, cost center, etc.
- Azure policy enforcement such as allowed resources, allowed regions, allowed virtual machine SKUs, etc.
- Management groups for RBAC and Azure policy assignment structure
- Resource organization
- Azure Blueprints
- Azure Monitor
- Azure Service Health
- Azure Resource Graph
Deployment Acceleration
Just as with resource consistency, the Deployment Acceleration workshop is focused around ensuring consistent resource deployment, but is more focused around policies governing asset configuration or deployment. Defined deployment and configuration strategies allow for accelerated deployments and consistent configurations by leveraging reusable assets, whether through manual or automated methodologies.
Some examples discussed, but not limited to, include:
- Agile, Scrum, and Kanban
- Continuous integration
- Continuous delivery/deployment
- Infrastructure as Code leveraging various tools such as Azure Resource Manager (ARM) templates and Terraform
- Configuration management leveraging various tools such as Azure Desired State Configuration (DSC) and Ansible
- Image management leveraging various tools such as Azure Image Builder and Packer
- Azure Policy as Code
- Code repositories
- Azure Automation
How CDW Will Help You
CDW has extensive experience conducting Azure governance workshops based on the Azure Cloud Adoption Framework. Our Azure consultants and engineers are committed to building a solid Azure foundation based on your defined organizational strategy, no matter where you are in your cloud journey.
We at CDW strive on the success of our customers and we very much look forward to working with you on your Azure cloud governance.