Extending your infrastructure into the cloud is an exciting time for most companies and IT departments. It’s a time to test out new concepts and ideas, learn new technologies, and update your infrastructure. It’s typically in this moment that you realize the lack of documented governance within your environment, or how out of compliance your environments are. This in and of itself leads to the most headaches when moving into the cloud and is the starting point of many of our engagements here at Stratum. For instance, you may not be aware of the various naming conventions in use. You may not even know how many overlapping networks exist within your organization. In the cloud a lack of controls is greatly exacerbated and can lead to disorganization and quickly balloon costs. However, do not worry. Establishing and Creating an IT governance life cycle for review of those policies can help keep you from disastrous and frustrating outcomes.
What is Governance
In this series of posts, we will discuss IT governance, and why it is necessary to have this established before going into the cloud. Governance is a necessity within all companies, and typically there exist governance within the business. Governance is the combination of Regulations, Requirements, Policies, and Compliance checks that enable your organization to clearly say, “yes we are what we are, and this is how we know it, and can prove it!”
Where do I start?
So where do you begin? You begin by establishing the big 4.
- The laws and rules your company must comply with or are governed by. You will use this to define your requirements.
- What your business unit does and how it will achieve those goals. You will use requirements to create your policies.
- Policies are the written down list of rules. This documented list will be used to control the build of the environments and evaluate your compliance.
- How much you follow the rules to meet your goals. After compliance checks, you will have the list of items to remediate within your environment.
These 4 key steps are critical in keeping your environment running smoothly and securely. This series is meant to assist with the starting of this conversation.
Links to additional parts of the Governance Lifecycle: Part 1: Where to Start Part 2: Regulations – It’s the Law! Part 3: Requirements – Your Benchmark for Success. Part 4: Policies – Know the Rules Part 5: Compliance and the Will to Succeed!