read

Operationalization of the Cloud Adoption Framework

By Scott Griffith

OpsCompass was started because we saw a need for better Security and Business alignment for Enterprise workloads moving to the Cloud.  More often than not, companies have turned toward manual processes and ineffective collaboration tools to manage Compliance, Security and Cost.  In this day of Automate Everything, companies are still using documents, emails and tribal knowledge to enforce point in time policies.  The public cloud provides an unprecedented amount of information on how companies use their environment as well as notification on the minutia of every change.  This provides a fantastic opportunity to automate and aggregate information on how your company is leveraging this new environment.  Take for instance a customer we worked with; they had recently completed a manual CIS audit of their cloud environment.  Once we connected the OpsCompass SaaS tool we found a CIS compliant score of 15 out of 100.  What’s more, during the days and weeks following the installation their score raised to 80.  The difference was in automating and giving visibility to the problems and creating a planned approach for review/remediation.  Operationalization of the Cloud Adoption Framework happened quickly while providing actionable insight. 

compliancescore-1

Microsoft Cloud Adoption Framework was developed as a set of best practices to provide an enterprise governed environment that can be tailored to your business and technical needs It is a well thought out framework that provides details on every step to achieve an enterprise quality governed, scalable cloud.  Over the last several months we have been working with organization and Microsoft on doing Rapid Prototypes for the Cloud Adoption Framework, like the one mentioned above. To make the Framework real we must take if from theoretical to actionable insights. It needs to be operationalized to affect your actions on a day to day basis.  By having categorization of alerts which allows you to route concerns quickly to the appropriate groups the govern and manage parts become real very quickly. 

 

caf-diagram-2

 

The CAF with the most important boxes highlighted. :)  ... the ones we impact the most 

We have taken a practical iterative approach to implement a governance Minimum Viable Product (MVP).  We start by taking a current assessment of your cloud posture, organizational structure, and resources. This snapshot provides a viewpoint of your current stance in the cloud.  Commonly people are surprised by seeing unknown subscriptions when they truly thought they knew all the information regarding their tenant.  This cloud viewpoint can happen within 10 minutes. From this vantage we begin to establish a Cloud Center of Excellence (CCOE), building needed best practices and implementing the appropriate landing zones for your MVP. 

Now that you have a framework completed it needs to be committed to your daily processes.  OpsCompass makes it easier and more cost effective to implement Governance and Management policies.  Because of the dynamic nature of your cloud platform, it necessitates a policy engine to access information about its use.  We have developed workflow routing that provides a categorization and manageable approach when changes and issues arise. Concerns can be viewed by Security, Finance or Technical teams. This lowers the cost of management and time to resolution by getting the right information to the right people sooner. Cultural changes need to happen to drive and update the processes to maximize and secure a cloud environment. By operationalizing the Cloud Adoption Framework you can have actionable insights to achieve this goal quickly and cost effectively.  

Tags: Featured, Governance, Cloud Adoption Framework, Compliance