Why Cloud Governance should be Considered Early and Often

The question of when to really start considering cloud governance has come up many times in my engagements with companies, and my answer is always “early and often.”  Those of you reading have most likely pitched the move to cloud to your company or are the recipient of such a pitch, and in either case at least some of the rationale has been to save money in the form of resources or time.  The data is there to back it up, but it doesn’t come without the need to closely monitor such an approach in order to maximize the monetary potential therein.

As any former or current software engineer can attest, making critical architectural decisions well past the design phase in a development cycle can result in a hefty toll in effort (and as a result cost). By the same token, making crucial decisions about naming conventions and tagging or labeling rules to ensure traceability as well as provisioning approaches too far into the cloud journey can result in similar setbacks.  This means that many of the savings you sought in the cloud are never realized.

Recently, I worked with a company that had committed to incorporating public cloud but hadn’t considered the ramifications of a lack of governance.  The result was a plethora of separate pay-as-you-go accounts commissioning VMs, making it difficult to trace the usage and spend back to the proper divisions and departments within the company.  Simply having the company card to expense the account was all that was needed.  Additionally, there was a distinct lack of foresight when it came to taking advantage of cost savings opportunities such as Microsoft Enterprise Agreements or Amazon Reserved Instances.  Upon learning the error of their ways, they dedicated personnel to the monumental task of bringing all of these disparate accounts under one umbrella. And while they are making strides, all of the historical data that could have been very useful for forecasting future usage and spend will require a very laborious exercise to assimilate.

When considering your approach to private, public, or hybrid cloud, you need to ensure that your cloud usage can be thoroughly analyzed at a regular cadence, not only for the purposes of tying it back to business units within the company, but also for planning and budgeting.  This is especially true of private clouds where companies host their own data centers.

A few years back, I was engaged with a software company that was assessing their need to purchase more hardware to support their private cloud.  Various development teams were clamoring for additional resources as their provisioning needs outweighed the capacity available to them, but the individual I was working with wasn’t so sure about that.  After ingesting their cloud usage, which included data such as who provisioned what and to which team he or she belonged to at the time, we were able to identify a disproportionate number of underutilized (and basically abandoned) VMs and the individuals and groups responsible for them.  In the end, it was the loudest amongst those requesting the additional hardware that were the worst offenders when not properly decommissioning unnecessary VMs. In one specific case, there were two QA accounts auto-provisioning hundreds of VMs for testing purposes over a period of months to only use for a matter of days before unceremoniously abandoning them.

All this said, constant vigilance need not come at the cost of a manual, cumbersome process.  The nature of what needs to be done is very conducive to automation, and companies shouldn’t dedicate their tech-savvy employees to the menial task of munging spreadsheets.  It all starts with a well-conceived plan for how to tie cloud usage and spend back to the business and deliver it in a timely, relevant way.  That’s manna to business leaders seeking competitive advantages and economic value in today’s world of cloud.