About Alif : Alif empowers Microsoft MSP-CSP partners to provide exceptional IT services to their clients to ensure that the partners reduce their costs and focus on their business. We provide white-labelled managed services for technologies like Microsoft Azure, Microsoft 365, Microsoft Dynamics 365, Microsoft Security, SharePoint, Power Platform, SQL, Azure DevOps and a lot more. Our headquarter is in Pune, India whereas we work with over 50 partners across the globe that trust us with their client delivery.
“Governance” is the framework that determines how your organization conducts business activities, based on objectives and responsibilities. And when we talk about Cloud Governance, there are a number of principles that are relevant: Subscription Management, Cost Management, Security, Resource Consistency, Identity Baseline & Deployment Acceleration.
Governance in Azure is one aspect of Azure Management. Management refers to the tasks and processes required to maintain your business applications and the resources that support them. Azure has many services and tools that work together to provide complete management. These services aren't only for resources in Azure, but also in other clouds and on-premises. Understanding the different tools and how they work together is the first step in designing a complete management environment.
Benefits of Azure Governance
Enforce and audit your policies for any Azure service
Create compliant environments using Azure Blueprints, including resources, policies, and role-access controls
Ensure that you’re compliant with external regulations by using built-in compliance controls
Monitors spend and encourage accountability across your entire organization`
The following diagram illustrates the different areas of management that are required to maintain any application or resource. These different areas can be thought of as a lifecycle. Each area is required in continuous succession over the lifespan of a resource. This resource lifecycle starts with the initial deployment, through continued operation, and finally when retired.
No single Azure service completely fills the requirements of a particular management area. Instead, each is realized by several services working together. Some services, such as Application Insights, provide targeted monitoring functionality for web applications. Others, like Azure Monitor logs, store management data for other services. This feature allows you to analyze data of different types collected by different services.
Baseline of Azure Governance
Your use of Azure is subscription-based. Essentially, this is an agreement with Microsoft that you can use the Cloud platforms and services. If you purchase a SaaS service from Microsoft, you pay per user license. If you purchase PaaS or IaaS services, you pay according to your use of resources. If you don’t want everyone in the organization to have access to all the data, you need to define the user access rules. Role Based Access Control (RBAC) allows you to manage which roles have access to which Azure resources, and what they can do with which resources.
As an organization, you want to be in control of costs. That’s why it’s useful to determine the sources of your Cloud spend in advance, so that you can allocate resources and budgets to business units, products, and roles within your organization. You can then link warnings or automatic triggers to these budgets to prevent them from being exceeded. You can also easily manage your costs and budget in Azure Cost Management.
Security is one of the most important parts of your Governance plan. You don’t want everyone to have access to your data, and you want to make that clear to your customers. With Azure Policy, you can create and set out your Azure policy. The security rules resulting from this policy are automatically implemented in your environment. New and existing resources are audited for this. By enforcing these policies, you ensure that your organization complies at all times with your company’s standards and service level agreements.
Resource Consistency focuses on ways to establish policy for the operational management of your environment or application. It ensures that your resources are configured consistently, so that they are discoverable by IT Operations. Azure Resource Manager – an implementation and management service for your resources – enables you to achieve consistency in your resources.
Identity Baseline complements your security policy. Nowadays, network security is increasingly focused on identity. In the Identity Baseline, you define authentication and authorization requirements by using Azure Active Directory.
The final step is to define deployment, configuration alignment, and script reusability in your Governance plan. This leads to “Deployment Acceleration,” speeding up the process. The above-mentioned tools have capabilities that will help you achieve Deployment Acceleration.
Governance in the Microsoft Cloud Adoption Framework for Azure
Putting a business in the cloud creates new paradigms for the technologies that support that business. These new paradigms change how those technologies are adopted, managed, and governed. When you can delete and rebuild an entire virtual datacenter with a line of code that's executed by an unattended process, it's time to rethink traditional approaches. This reasoning is especially true for governance.
Cloud governance is an iterative process. For organizations with existing policies that govern on-premises IT environments, cloud governance should complement those policies. The level of corporate policy integration between on-premises and the cloud varies depending on cloud governance maturity and the nature of the digital estate in the cloud. As the cloud estate changes over time, so do cloud governance processes and policies. Use the following exercises to help you start building your initial governance foundation:
1. Establish your methodology: Establish a basic understanding of the methodology that drives cloud governance in the Cloud Adoption Framework to begin thinking through the end state solution.
2. Use the governance benchmark tool: Assess your current state and future state to establish a vision for applying the framework.
3. Establish an initial governance foundation: Begin your governance journey with a small, easily implemented set of governance tools. This initial governance foundation is called a minimum viable product (MVP).
4. Improve your initial governance foundation: Throughout implementation of the cloud adoption plan, iteratively add governance controls to address tangible risks as you progress toward the end state.