Introduction of the Public Cloud has dramatically changed the speed at which companies adopt new technologies and expand their infrastructure. In our on-premises data center, we are used to the fact that in some cases, it can take up to a year from the day we start planning until we start using new hardware. We have to get it approved and added to the IT budget, make an order, secure a data center rack. Someone then has to connect it, install it, add licenses. We need to take care of storage, networks, clusters, backups. That all takes time and skills.
In the cloud, creating any number of Windows or Linux servers is a matter of minutes. The same is true for networks, storage, applications, and other resources. Fast access to unlimited resources enables businesses to respond immediately to increased needs and ensure rapid growth. In addition to the benefits, however, this may have an unexpected impact. This speed and accessibility quickly gets under your skin and creates a momentum that is difficult to stop. We may create an uncontrolled and confusing environment that is not compliant with the rules or the requirements of the organization. Ultimately, the uncontrolled use of cloud resources can result in a significant increase in cost.
Without proper governance, it is difficult to keep track of who created what and if the resource is still needed. That can lead up to paying for resources that we no longer need, or deleting something we need. There are many different types of resources, and following the naming convention for all of them isn’t easy. If we leave every engineer and developer manage their part of the cloud and create whatever they want wherever they want, we can end up having resources in different regions all around the world. That can negatively impact availability and speed. They can also create unnecessarily large VMs. It’s nice to have a few TBs of RAM and a few extra graphics cards in our VM, but that can quickly eat up the entire IT budget. We often have to comply with some regulations. Chances are, not every IT in every department of our company is aware that according to a specific law or regulation, we have to archive data for 7 years, and they can’t leave the EU.
That is why we need Azure Governance. We need to make sure that the flexibility and speed of the cloud are controlled and don’t work against us instead.
If we approach to control of the environment traditionally, we can entrust management to an individual or a team of people. This team processes every request from application and service administrators, and decide how and where to create and configure Azure resources. I think this system can work in smaller companies. In a large or very dynamic environment, we will have to sacrifice speed, and yet we cannot prevent human error.
The advantages of the cloud are agility and speed. Fortunately, Azure offers us the tools to maintain speed while maintaining control of the environment. If a set of rules and policies replaces manual control, we can then allow application and service managers, developers, and external vendors to manage and expand their environment. During creation or configuration, they will have to follow those rules we set up for them.
Microsoft Azure Governance includes a variety of tools to manage, monitor, and audit access and provisioned resources. It helps us create and enforce a set of rules and determine who and how can configure Azure resources. Some of those tools are Azure RBAC, Azure Resource Graph, Azure Resource Locks, Azure Tags, Azure Policy, Azure Blueprints.
I hope this article was useful to help understanding why everyone needs Azure Governance. In the following articles in the Azure Governance series, I’m going to cover specific tools and the best practices.
Stay tuned and keep clouding.