Identifying the Right Governance Structure for Your Organization.
Every successful building project begins with a solid foundation. If you cut corners or skimp, you’ll pay the price sometime in the future. If you’re building a house, taking shortcuts with the foundation can lead to a house that settles over time and leads to cracked walls and unlevel floors. If you’re building out an Azure cloud improper planning for the foundation can lead to problems like difficulties maintaining compliance, blind spots in resource usage and hard to manage costs. Cloud governance is the answer to many of these problems and more.
Mapping your organization’s hierarchy of business units to Azure’s hierarchy of management groups, subscriptions and resource groups is a key activity when setting up your governance strategy. Azure Management Groups allow a flexible structure of unified policies and access management across specified groups or business divisions. Careful planning should be undertaken to ensure your hierarchy aligns to your organization’s needs and practices for billing and IT resource management. There are 3 primary patterns you’ll want to consider when setting up your hierarchy in Azure.
- Functional – in this pattern management groups are setup based on functional areas in the organization. For example, you could have groups representing IT, Marketing, Finance, etc.
- Geographic – in this pattern management groups are created for specific business regions such as Midwest, East Coast and West Coast.
- Business Division – in this pattern management groups align with divisions within your organization. It’s common for groups to be siloed according to product lines, or program groups.
Putting this into practice a sample Azure hierarchy could look like something like the image to the right. Azure Policies and Access Management rules defined at the management group level inherit down to the child subscriptions and resource groups. This allows teams within the organization to innovate, while at the same time applying guard rails to the resources that are provisioned across the entire organization.
When creating your management groups and subscription, keeping in mind consistency is a primary concern. Here are some other general recommendations:
- When first setting up a governance strategy for your organization’s management group and subscription hierarchy start with a minimum viable product (MVP), and adjust as needed. Azure management groups allow you to reorganize your management hierarchy and subscription group assignments so your organization can adapt to changing business requirements and lessons learned post-implementation.
- Use consistent naming conventions for management groups, subscriptions, resource groups and cloud resources.
- When deploying resource groups keep together resources that are developed, managed, and retired together to simplify lifecycle management.
- When deploying resources, it’s important to consider region selection as this can have a bearing on cost, SKU selection, and networking (monitoring, auditing).
Implementing automated policy controls as part of a larger Azure governance strategy is a smart choice. InCycle can accelerate your adoption effort by implementing proven cloud governance and automated policy-driven solutions for your organization. Download our Azure Governance Playbook today.