Cloud Platform

Proper governance in the cloud with the Microsoft Cloud Adoption Framework

By August 26, 2022 September 9th, 2022 No Comments

Why does proper governance in the cloud matter? To put it simply, having the proper governance in place ensures control over the environment while retaining agility for developers to continue to build new products, innovate on existing services, and more. As organizations shift to a hybrid cloud or cloud-first digital estate to keep up with scalability and technology demands, we continue to see gaps in proper governance – leading to out of control costs, increased shadow IT, and a general lack of resource organization. All these scenarios can quickly become overwhelming and often lead to unnecessary effort spent in correcting errors.

Proper governance can include many aspects, and even the thought of implementing some basic governance can seem like an insurmountable task. For most of our Azure customers, when we review proper governance, we begin with the basic concepts to ensure alignment before moving beyond to some of the more detailed and nuanced aspects of cloud governance.

Resource organization, naming conventions, and resource tagging are a great foundation for beginning the governance process:

  • Resource organization: This includes the overall structure of the Azure tenant, including management groups, subscriptions, resource groups, and resources themselves. Resource organization is a critical aspect of ensuring controls are in place where they should be, as the structure of the Azure environment can enable customized scopes for assigning policies and role-based access control (RBAC). Within the hierarchy of the Azure environment, one thing to keep in mind is that the child “resource” will always inherit the roles and policies of the parent scope. Individual resources will always inherit the role assignments of the resource groups, which will inherit the role assignments of the subscriptions, which will inherit the role assignments of the management groups, and so on. This is important to remember when deciding how to architect the overall layout of the Azure environment, as being able to select the appropriate scope for applying role assignments or policies can help streamline controls in the environment.
  • Naming conventions: Perhaps one of the more obvious of the basic governance strategies, naming conventions, isn’t commonly misunderstood so much as not being clearly defined internally within an organization. Far too often we see customers implementing a mixture of various naming conventions, all attempting to demonstrate a clear understanding of a resource. Unfortunately, the lack of alignment across the organization means some resources aren’t named in the same fashion as others. This can cause difficulty in ensuring full inclusion of specific resources when setting up monitoring, policies, alerting and more. One of the most important recommendations we can make is to have the naming strategy clearly defined and agreed upon with all cloud stakeholders. Once there’s organizational alignment, the naming convention strategy should be documented on an internal resource – whether that’s a Word document, Excel spreadsheet, Wiki, or other method.
  • Resource tagging: Tagging Azure resources is one of the best ways to enable customized reporting and management of Azure resources. Tagging can be utilized to show costs on an application or department basis, define the environment it belongs to (production, development, etc), and help with business-critical classification. For example, an organization may have resources that support the finance department across several resource groups and subscriptions. If these resources are tagged with a key-value pair of “Department” and “Finance,”, it would be very easy to quickly understand the Azure costs associated with the resources supporting that department by using a tag filter in the invoice data. Tags can also be leveraged to show the date a resource was created, who created the resource, and similar information. In addition, tags can be freely edited at any time without any downtime or impact to the resources themselves.

Shape your cloud journey with help from the Microsoft Cloud Adoption Framework

Whether an organization is faced with the task of cleaning up an unorganized Azure environment or trying to develop a clear plan before adopting the cloud, there are a variety of tools to assist in this journey. First and foremost, Microsoft has published the Cloud Adoption Framework – a collection of best practices across every aspect of a cloud adoption journey. The framework is made up of seven core pillars:

  1. Strategy
  2. Plan
  3. Ready
  4. Adopt
  5. Secure
  6. Govern
  7. Manage

Every pillar has a robust set of resources and guidance to assist in aligning the Azure environment to best practices. A helpful resource for understanding how to structure the Azure environment and create a beneficial resource organization strategy is the Cloud Adoption Framework documentation on Azure landing zone design areas. Each landing zone provides guidance and template resources for generating the appropriate scalable landing zone for organizations of all sizes to adopt.

Another useful resource within the Cloud Adoption Framework is the documentation on recommended naming and tagging strategies. These provide a starting point for organizations to align with if difficulties arise in establishing an agreed-upon method.

While leveraging the Cloud Adoption Framework can help sort through the possibilities and help establish a proper governance strategy, it is incredibly important to create internal organizational alignment and document these strategies in a place where those that are interacting with Azure can reference them throughout the cloud adoption journey.

While this may just be the start of establishing a properly maintained Azure environment, one thing that’s important to remember for those who’ve already migrated workloads to Azure or have inherited a mess of a cloud environment – it’s never too late to start implementing the basics of Azure governance.

If you’d like to learn more about how your organization can incorporate the Microsoft Cloud Adoption Framework principles for your cloud migration journey, our Azure specialists are here to help. Contact info@invisocorp.com for more information.

Casey Shiels

Author Casey Shiels

More posts by Casey Shiels