Addressing IT Governance in the Age of CloudHelping enterprises who are conducting an AWS cloud migration as part of a technology transformation project, we are often asked about IT governance and how to ensure policies and controls are consistently applied between old and new environments. Ensuring the goals of IT governance — from management to security, and from cost to performance — is central to the Flux7 approach. In today’s article, we’ll share how we help accomplish these governance goals for our customers and as a result, how you, too, might consider approaching IT governance in the cloud.

When it comes to IT governance, we start with the Flux7 Enterprise DevOps Framework (EDF), using it as a guide to developing solutions for our customers. The EDF incorporates governance and AWS principles for IT Management, cost control, security, performance, and resiliency.

For a deeper dive on the EDF, download our paper, DevOps on AWS: The Flux7 Enterprise DevOps Adoption Framework

The EDF and the Flux7 DevOps consulting engagement process offer several elements that address the governance of cloud environments:

Now that we’ve explained a little about the technology within the EDF and how it helps address IT governance, let’s turn to look at some examples of how we have used this approach to deliver governance for customers.

Config Governance, Regulatory Compliance with CIS

For a large hotelier, who has Tier One PCI compliance needs, we implemented CIS Level 2 Alerting Framework using AWS Config. (A Level 2 CIS hardened image is preconfigured to meet CIS Benchmarks in environments where security is paramount, acting as a defense in depth measure.) Additionally, we helped to automate the implementation of open source and AWS WAF managed rules set to protect the company’s external facing services, ensuring availability and a superior customer experience.

Cost Governance & Secret Management

We had the opportunity to work with a large telecommunications company on a cost control and alerts project. As a standard part of our cost governance practice, we develop an account structure that assists in the segregation of cost. AWS Config was implemented to ensure that unauthorized use of AWS resources was flagged and alerts were sent to the appropriate parties. We also helped develop a tagging policy specific to cost governance that the customer can now use to identify cost centers associated with resources for cost allocation and tracking.

In addition, we helped the firm implement DevOps at scale by creating a repeatable pattern for 120 applications. It became clear, as we progressed developing the pattern, that a secret solution was needed; we chose HashiCorp Vault to retrieve and inject secrets as the applications were deployed in the AWS Landing Zone. Since these applications were also external facing, we helped develop and deploy an effective and secure AWS WAF solution.

IT Asset Governance

Last, we had the opportunity to work with the innovation lab for a large manufacturer who had specific IT Management needs around asset inventory. To help them address the issue, we developed and deployed AWS Systems Manager Inventory in the firm’s environments, in a repeatable and automated manner. Custom rules were co-developed or handled by the customer team and updated through automation pipelines implemented by the Flux7 AWS consulting team.

Cost governance was also important to this customer, so our team developed and deployed a solution for Jenkins to use Spot instance for its slave when possible, thereby saving up to 90% off of on-demand prices. Lastly, the hardening process and services described above were extended as part of the Account creation automation we put in place, helping ensure the firm’s environment included AWS security best practices.

IT Governance can help organizations align IT with business strategies to ensure regulatory obligations, cost goals, customer data privacy, and other business initiatives are met. Using the Flux7 EDF as a framework for IT Governance in conjunction with our customers’ DevSecOps objectives, we identify specific needs, create a custom plan of action and work as partners with our customers, teaching as we go, to actively build a solution that delivers governance with agility. Interested in learning more? Reach out to us today. 

Subscribe to the Flux7 Blog

from Flux7 DevOps Blog