The perils of enforcing traditional IT governance in Azure 

You’re considering moving your software out to Azure, you’ve read a lot about the benefits of the cloud, scaling, security options, platform as a service workloads (PaaS), infrastructure as a service (IaaS), data analytics. There are a lot of considerations for moving to the cloud, but have you considered how you will enforce existing IT governance in the cloud? 

Moving these workloads to the cloud is a significant investment in defining an Azure architecture, changing code to better fit in Azure offerings, determining cost and scalability, in Azure all these tasks will help identify problems early.  On-premises, a mature operations team would be handing the deployments organization wide to already vetted and hardened environments.  Using the same extended governance in the cloud relies heavy on manual audits of resource usage and configuration. 

Govern with Confidence 

In Azure, you want the same confidence, we do not have the same internal self-service portal, the same operational teams, and other trusted staff, so development confidence can be hindered, will interpretation of policy and audit forestall code promotion and product delivery? 

It turns out moving your governance to the cloud can be codified to support your ventures!  Consider that we are moving a website to Azure and wanting to use an app service, but we want to ensure that from cost perspective we want to limit developers to use development SKU’s to keep our development costs lower.  By leveraging management groups, subscriptions, and policies we can enable our development staff to explore new frontiers in Azure with confidence they can deliver value without falling afoul of hidden electric fences. 

Develop with Confidence 

Using concepts such as Governance as Code resource policies can be stored in source control for teams to inspect, recommend change, and push changes out to Azure.  We may have a policy which limits the virtual machine OS to Data Center 2016 and effectively denies any other OS.  Because a new product we’re rolling out requires 2019 our development staff can view the policy, recommend a change, and integrate recent changes into our initiatives. 

1. Developers inspect policy rules around VM OS compliance 
2. Datacenter 2016 is the only available OS 
3. Checkout the source Governance Code and add Datacenter 2019 
4. Create a pull request 
5. Policy changes are inspected by appropriate groups. 
6. Complete pull request 
7. Pipelines run and update our policy 

We just accomplished something in minutes that could otherwise take hours using concepts of traditional governance. 

• Are you delivering slower than you want?
• Are developers constantly concerned about what they can create in azure?
• Do you have to rework because required resources aren’t allowed in azure?
• Are you concerned about maintaining compliance with organization goals and polices?  

If you answered yes to any of the above questions, download the Azure Governance Playbook and learn how to create the azure governance space that can enable your team to code with confidence.