Is your Cloud Governance Agility Enough to Keep up with DevOps?

Written by

Agility rules the roost when it comes to DevOps, yet many formal cloud governance models plod along following age-old structured methods. Shifting workflow models is not an easy task, nor should it be done without the proper organizational support. After all, without the proper organizational support to maintain cloud governance, you open yourself up to a myriad of potential security threats, among other issues.

Now, you may be thinking that a governance framework sits above development, operations, security, etc., and therefore doesn’t need to adapt to ‘the latest craze’ in organizational integration. How wrong you’d be. DevOps has been embraced by companies to address the waste that comes from operating in departmental silos.

Once organizations begin implementing DevOps processes, teams can work quickly - incorporating feedback fast and using automation to make tasks repeatable and efficient, so they can continually adjust to changing needs and bring new value to their organization.

Like agile development, DevOps is a workflow and culture that affects all aspects of a company. Part of the reason organizations are attracted to DevOps is that it reduces monolithic handoffs and delays, and implements small, frequent changes in response to business demands, customer feedback and system performance. DevOps, when done well, can make a business more agile. And it will slam headlong into your governance model, unless the later can embrace the speed and flexibility under which the company is driving.

By leveraging the same agile process as DevOps, organizations can align their governance model in the same manner that reflects and supports the agile, iterative paradigm. Below are five key principles to follow when planning for an agile cloud governance model:

?          Automate deployment and collaboration - DevOps practitioners should not be hampered with the deployment of systems and services; especially as more of these processes can now be automated. Governance needs to align with this agile deployment change management process. For example, if you want an agile delivery organization to work towards a common security strategy then the strategy or goal should be collaborative and transparent.

?          Gear policies towards enabling business goals – An agile governance approach should enable business goals by allowing for innovation to help hit key business benchmarks. Automation approaches require no extra effort on the part of the developer, and provides immediate feedback as to the security and quality of the process being deployed in direct support of an agile governance business enablement strategy.

?          Implement an automated governance strategy that protects data prior to its generation - The cloud lets organizations set up templates (like AWS CloudFormation Templates) that can properly migrate policies, product and portfolios. These templates can be controlled based on business unit and pre-approved processes, with recurring permissions management reviews that allow for maximum security automation. The templates can also ensure compliance with corporate and industry-defined governance policies by automatically correcting unauthorized changes to features, permissions, and settings.

?          Monitor continuously and in real-time - While implementing an automated governance strategy should ensure the security of your organization’s data - it is best to also use a business intelligence equipped dashboard to provide you with real-time updates. This allows for both teams and their stakeholders to monitor the progress in a continuous real-time manner (and to be aware of any anomalies as they pop up).

These five principles will prove a reliable guide for bringing alignment to your cloud governance and DevOps culture. A great improvement in efficiency and effectiveness can be achieved this way. Once aligned, there will be a seamless transition between the detection of an issue and the trigger an assessment of one or more controls across an organization.

For more on DevOps, listen to the afternoon keynote of the #IMVC17 at 1650 DST with Joshua Corman

What’s hot on Infosecurity Magazine?