Now that we are a few weeks into 2020, we should consider what lies ahead in the ever-evolving world of cloud governance. What seems certain is that when it comes to IT governance there is still the same need to balance the benefits of agility and speed which come from decentralisation, against key business risks be they security and/or cost management.
In fact, what is meant by cloud governance really depends on where you sit within an organisation. Microsoft has produced some interesting content on these different perspectives, which they have boiled down into “five disciplines.”
From my perspective, I think mostly around cost management and cost optimisation. Obviously, if you sit within a security related function within a company or are a vendor of security tools, cloud governance means something quite different. The other factor impacting perspective is where you stand on the so-called ‘cloud journey’. If you are still working on migrating your first workloads to the cloud you will have a completely different outlook than if you have been in the cloud for the last 10 years and built your entire business model from the ground up in the public cloud.
So, now that we are in 2020, what does this all mean? The cloud world is full of predictions, but one often cited that caught my eye is that in 2020, 83% of enterprise workloads will be in the cloud with approximately half of these being in the public cloud (AWS, Azure and GCP for example).
The growth in public cloud over the last decade has been enormous and with it a management task that has moved beyond a scale that humans can manage. Automation has been part of the cloud since its inception, but the move to automated governance has begun and without a doubt will continue to accelerate in the coming years.
Be it automated, from cloud guardrails which prevent misconfigurations which enable malicious attackers to penetrate what was considered well protected systems, to automated cloud cost control which automatically schedules resources to be available when required (and off when not) or adjusted to the right-size to meet the needs of the workload. It’s also not just the infrastructure layer that’s going to get automated as new tools emerge including application resource management, which enables the entire application stack to be automated using software.
In reality, most of what is termed ‘automation’ in the world of cloud governance in 2020 is really just recommendations, which are then manually implemented. These often still require sophisticated workflows, approval processes and signoffs from operations and business owners. Few organisations have moved to fully automated governance actions were, in essence, the machines are being used to manage machines.
Just as with the move towards autonomous vehicles, driver augmentation via adaptive cruise control, lane-centering et al is now considered almost standard on new cars, and so is at least some level of automation in governance is becoming a standard requirement. Being delivered a list of hundreds of recommendations in the last decade was considered a vast improvement on the status quo. In the next decade, these recommendations will likely increasingly become invisible as infrastructure optimisation is managed in an ongoing and continuous manner and will require little or no human input.
The range of governance tasks to be automated is also likely to grow. I can already observe the way cost management is increasingly being automated and our own customers are getting comfortable with more ‘set it and forget it’ automation processes based on policies they define. Teams anxious about cloud security are turning to a growing market of automation tools that cover monitoring, compliance, and threat management and remediate these issues in real-time.
There is certainly a lot of headroom when it comes to automating governance. It makes me wonder where we will be by 2030.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.