Stuck waiting on IT resources? Is your business continuing to be held back by the length of time it takes to spin up VM servers or to add network and storage capacity? Is there a new application or capacity upgrade that's needed right away? What is corporate governance and how does one improve upon it?
The barriers to building new IT services for your business have never been lower -- the latest hardware and software technology have become commoditized and delivered through many flexible consumption models. In contrast with the value of high-velocity technology innovation are the complexities of maintaining security controls, reliable deployments, network scale, and lean resource allocation. These challenges have kept many common IT practices in the slow lane for too long, waiting for human approvals and waterfall style resource planning processes.
When your IT infrastructure and user base has a need for speed, public cloud self-service elasticity can help. Whether it's simply faster resource availability or prototyping the latest high-performance CPU and storage with a new application, self-service operations grow an organization's IT staffing without adding headcount.
How can you balance the high velocity needs of your organization with the controls required to keep your data, finances, and users secure? How do you prevent greedy users from going "Maverick"? And how can corporate governance improve these processes?
Governance policy to the rescue!
If you think governance only means virtual handcuffs, slowing progress down, and endless meetings which feel like "Fighting City Hall", you've got the wrong idea. It has been well-proven that when you know how to properly implement corporate governance policy, it helps IT users move faster. This is because more users can self-service and fulfill their own requests through automation while simultaneously staying within a business compliant financial, security, and consumption model.
If we use a transportation metaphor, imagine commuting to work in your new electric car without governance like speed limits, lane keeping, or traffic lights. You wouldn't be able to get to work since the streets would be gridlocked and full of crashed vehicles. The governance of the road helps us all move faster in the same direction. It's also important that the governance rules, like speed limits, are set reasonably-- fast enough for efficiency, yet slow enough for safety.
Knowing how to implement governance policy for corporate IT services and taking advantage of the automation inherent to public cloud is critical to enable self-service operations. Users can be free to do as much or as little as an organization decides. While defining the detailed governance rules themselves can be challenging when starting from scratch, eventually the rule book becomes well known and everyone can benefit. Technology partners like LucidPoint can help you get started introducing meaningful methods of how to improve corporate governance policy to your organization and provide data points from similarly sized peers in common industry verticals.
How do we improve corporate governance? It's no secret that public cloud providers want their tenants to use as much paid resource consumption as possible. After all, these are capitalistic providers and they're revenue driven. In fact, most public cloud providers have several "unlimited" and "uncapped" utilization quotas by default. This allows you to consume as much compute, storage, or network as you ask for -- but can also lead to accidental overages. What's interesting about elastic cloud resources at hyperscale is that a low quality or misconfigured request can drain your whole IT budget in an instant. Improving corporate governance in this way contrasts to traditional on-premises IT services, which are constrained by fixed quantities of compute and storage, public clouds provide resource elasticity to accommodate huge requests. If a user sends an expensive resource request, the cloud services can allocate resources dynamically, churn through the request, return results quickly, and bill you for the utilization. When cloud users don't have governance in place, or don't understand the nuanced details of cloud resource billing, surprisingly high cloud billing charges disrupt IT budgets. These dangers can kill the success of strategic cloud adoption or reinforce the slower processes to waterfall IT requests through manual scrutiny in order to police a requestor's behavior.
How to Improve Corporate Governance for Public Cloud:
1 - Use the cloud platform's security policy constraints to set a tight default security posture for all users and workloads. Administrators can override constraints as business needs justify it while ensuring the adopted defaults are inherently appropriate for your organization.
2 - Disable unlimited default quotas where possible. Set reasonable consumption limits within expected orders of magnitude for resource utilization. This prevents accidental billing overages.
a - Google BigQuery Custom Quotas
b - AWS Service Quotas
3 - Use billing analytics and budget tools to alert on current conditions and predict future spending. Controlling costs requires effort: both measurement and continuous improvement.
4 - Treat Cloud Service consumption differently than traditional on-premises IT infrastructure. The challenges and opportunities of cloud are inherently different when using elastic resources and may not align well to your existing processes for control and monitoring.
5 - Educate your user community on the power and responsibility of self-service operations. Move faster by moving together safely and intelligently.
With a solid foundation of governance to control data security, spending, and more, opening up the self-service pathways for broader user communities becomes possible. With self-service capabilities governed to business requirements, users anywhere in the organization can experiment, deploy, and grow the technology capabilities of your business. Free IT staffing through distributed self-service? Yes, please!
Key takeaway: In the cloud era, knowing how to improve corporate governance enables speed of innovation and reinforces safety. Governance prevents a Maverick, but satisfies the ongoing NEED FOR SPEED.
LucidPoint Sr. Solutions Architect
With no end in sight to employees working remotely, new concerns have arisen regarding how to secure remote collaboration tools. This was a much easier task when everyone was in the office, but now with everyone working remote, can it still be as secure as it was?
When we discuss company-wide remote collaboration tools, several issues must be taken into consideration:
Google has addressed the above concerns by offering secure collaboration via Google Workspace (formerly G Suite). With Google Workspaces and Google Cloud Platform security, companies can leverage their current hardware infrastructure and add on Google’s BeyondCorp model. Using both Google Workspace and the BeyondCorp model, companies can enforce the security necessary to adhere to strict company and/or industry guidelines within a remote setting. One key feature of workspaces is called “context-aware”. Utilizing the Google Cloud Platform security settings of “context-aware”, administrators can define specific access level conditions that include geographical location, specific IP ranges, and various device policies, such as the requirement for device passwords, Operating System versions, device approvals, and encryption, as well as whether a device is user-owned or company-owned. Then, those specific access conditions can be assigned to Google Workspace application(s).
To take full advantage of Google Workspaces application access control within a BeyondCorp model, you may want to start by loading your company-owned devices. One approach might be to use your company’s existing asset database (or spreadsheets) as your source (export), then import those serial numbers into Google’s company-owned inventory. If your old database has an API, it might be as easy as writing a script to pull the data, parse the data, then use Google's device API to import the data. If the company is already taking advantage of the Google Cloud Platform (GCP), you might even go a step further and write a Cloud Function that automates the export/import. The function of Google Cloud Platform security could be as simple as using Cloud Pub/Sub to trigger the script that parses the data and imports it into the Google Company-owned device database. Depending on the API capability of the existing asset database, you might even be able to integrate exports within your Cloud Function versus Pub/Sub detecting and triggering when someone drops a .csv into your storage bucket. Using spreadsheets may not be the most refined approach, but the ability to be able to take incremental steps to get fully automated makes the solution flexible enough to accommodate many scenarios.
As you dive deeper into securing your access levels via Google Cloud Platform security, you may need to understand what the business currently has in place so that you can accommodate those security tools or minimize duplicate/conflicting tools. Google security settings can be managed via the Google Admin Console. In the console, you can set up “context-aware” by assigning access levels to the key applications that meet specific conditions.
Once all of your Google Cloud Platform security settings are in place, take a look at what else Google has to offer. For those teams that need that good ol’ whiteboard sessions, Google Jamboards and Google Drawings are a great substitute until we can return to our offices. Being able to collaborate in real-time and quickly spawn a Google Doc, Slides, or a whiteboard (jamboard) and have all team members begin editing in real-time can be very productive.
Google Workspaces has made it possible for companies to continue to collaborate and innovate in these unprecedented times. Remote employees continue to feel engaged and part of the team. While we cannot predict the future of remote work, we do know that Google has made the shift to all remote work seamless and engaging.
LucidPoint Sr. Cloud Engineer