Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Download as PPTX, PDF•2 likes•1,462 views
This document outlines Microsoft's Cloud Adoption Framework (CAF) governance model for governing cloud adoption. It recommends starting with an assessment of the current state and future vision. Then establish a Minimum Viable Product (MVP) for governance using core Azure services like management groups, subscriptions, resource groups, Azure Policy and role-based access control. The MVP should focus on key areas like resource tagging, grouping and security baselines. Governance then evolves by maturing the MVP with each cloud release to better align with cloud adoption and IT functions.
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
- 1. <Title> Cloud Governance w/ the CAF governance model
- 3. Plan Rationalize Digital Estate Prioritize and create action plan Define and implement org and skills Readiness Ready Implement Azure readiness guidelines Create Azure landing zone Implement best practices Define Strategy Understand Motivations Business outcomes Business justification Migrate • Migration consideration • Migration Guide • Expanded Scope • Best Practices Innovate • Innovation considerations • Innovation Guide • Expanded Scope • Best Practices Adopt Govern Cost management • Identity Baseline Security Baseline • Resource Consistency Deployment Acceleration Manage Org Management Change Management Ops Management Microsoft Cloud Adoption Framework for Azure http://aka.ms/cloudadoptionframework http://aka.ms/caf/gov/access
- 4. The major drivers for IT governance Keep risk at acceptable levels Maintain availability to systems and services Consistently apply policy and audit compliance Protect customer data
- 5. Business Returns IT must rapidly produce measurable business returns to stay relevant Transformation Evolving how businesses operate and interact with the market Modernization Improving customer and employee experiences Business Transformation enabled by Cloud Technologies Key Business Drivers Growth Scaling products and services to meet ever growing business needs
- 7. Assess current state and future state to establish a vision for applying the framework Benchmark2 Establish a Minimally Viable Product (MVP) to serve as a foundation for governance MVP3 How Do I Get Started? Frame the conversation to mitigate tangible business risks through consistent governance Framework1 Mature with each release to align Cloud Adoption and existing IT functions Evolve4
- 8. Framing a Collaborative Governance Conversation
- 9. Assess current state and future state to establish a vision for applying the framework Assess2 Establish a Minimally Viable Product (MVP) to serve as a foundation for governance MVP3 Frame the conversation to mitigate tangible business risks through consistent governance Framework1 Mature with each release to align Cloud Adoption and existing IT functions Evolve4
- 10. CAF Governance Model Governance End State that fosters trust and builds confidence
- 11. Incremental Governance Execution DON’T build the Governance End State
- 12. Making Governance Actionable with Native Tools • Azure Blueprints • Azure Policy • Azure Cost Management • Azure Advisor • Azure Portal • Azure EA Content Pack • Azure Blueprints • Azure Policy • Azure Security Center • Azure Sentinel • Subscription Design • Encryption • Hybrid Identity • Azure Networking • Azure Automation • Azure Blueprints • Azure Policy • Azure Monitor • Azure Advisor • Resource Manager Templates • Resource Graph • Management Groups • Azure Blueprints • RBAC • Azure AD • Azure AD B2B • Azure AD B2C • Directory Federation • Directory Replication • Azure Blueprint • Azure Policy • Resource Grouping & Tagging • Resource Manager Templates • Azure Advisor • Azure DevOps • Azure Site Recovery • Azure Backup • Azure Automation Azure Monitor
- 13. Integrating 3rd Party Tools Cost Management 3rd parties • HashiCorp Terraform Security baseline 3rd parties • Splunk • HashiCorp Vault Discovery, onboarding, and recovery 3rd parties • ServiceNow • HashiCorp Terraform 3rd party identity providers • HashiCorp Vault Deployment 3rd parties • Nagios • HashiCorp Terraform • devops tools like Chef, Puppet, Zabix Monitoring 3rd parties • OpsCompass
- 14. Release Predict, don’t guess We could make educated guesses about future, milestone risks. We can accurately predict those risks per release. Release Release Release Release Milestone Release composition Each release represents a continuum of activities from planning to completion. Releases often span multiple iterations of effort or sprints. During planning, the team should be able articulate a fairly accurate description of the assets involved, workload criticality, data classification, deployment approach, and budget. These may change in the release, but are close enough for a safe governance prediction. Release
- 15. Governance Evolution The Cloud Governance Team then asks deeper questions to establish a governance release plan. Governance Integration During release planning, the Cloud Governance Team seeks to understand the release plan, so they can better integration. The following high level questions can help: • When will this release be completed? • What risks are introduced by this plan? • What needs to change to mitigate the new risks? Release Plan Will application criticality in this release impact policies regarding IT Operations or Cloud Operations? Will data classifications in this release impact policies regarding IT Security? Will the suggested deployment impact pricing, planned spend, or cloud budget? Will the application requirements impact identity policies or implementation? Will any of these answers impact configuration management implementations or require the implementation of new corporate policies?
- 17. Assess current state and future state to establish a vision for applying the framework Benchmark2 Establish a Minimally Viable Product (MVP) to serve as a foundation for governance MVP3 How Do I Get Started? Frame the conversation to mitigate tangible business risks through consistent governance Framework1 Mature with each release to align Cloud Adoption and existing IT functions Evolve4
- 18. Understand the business vision driving cloud adoption
- 20. Evaluating current state Security management appears to be an important area of focus for this customer.
- 21. Building a governance MVP
- 22. Assess current state and future state to establish a vision for applying the framework Benchmark2 Establish a Minimally Viable Product (MVP) to serve as a foundation for governance MVP3 How Do I Get Started? Frame the conversation to mitigate tangible business risks through consistent governance Framework1 Mature with each release to align Cloud Adoption and existing IT functions Evolve4
- 23. What and Why of Governance MVP
- 24. The basic foundation of all governance practices 2. Subscriptions: To group similar resources into logical collections 3. Resource Groups: To further group applications or workloads into deployment and operations units 1. Management Groups: To reflect security, operations and business/accounting hierarchies Sound Governance starts with resource organization strategies.
- 25. CRUD Azure Resource Manager Query Starting point for Governance MVP 2. Policy-based Control: Real-time enforcement, compliance assessment and remediation at scale 3. Resource Visibility: Query, explore & analyze cloud resources at scale 1. Environment Factory: Deploy and update cloud environments in a repeatable manner using composable artifacts Role-based Access Policy Definitions Resource Manager Templates Management Groups Subscriptions Resource Groups
- 26. Building the right MVP
- 27. Building the right MVP • Create the Subscription and Management Group, adhering to the naming standards and hierarchy decisions. • Create an Azure Blueprint name “Governance MVP”. Azure Resource Management templates and Azure Policy will be created and added to the Blueprint as assets. • Enforce RBAC requirement for the subscription in the Blueprint • Create an Azure Resource Manager Template for a VPN Gateway (To be used as needed) • Create an Azure Policy to apply or enforce the following: • Resource Tagging should require values for Business Function, Data Classification, Criticality, SLA, Environment, and Application. • Resource Grouping per Application Archetype should align to the application tag • Software Defined Network if the environment lists the Environment tag as DMZ (Demilitarized Zone), ensure the proper VPN is configured • Identity validate role assignments for each resource group and resource • Nether logging, reporting, nor encryption require a policy at this time
- 28. Microsoft is here to help Evolve Cloud Governance
- 29. Assess current state and future state to establish a vision for applying the framework Benchmark2 Establish a Minimally Viable Product (MVP) to serve as a foundation for governance MVP3 How Do I Get Started? Frame the conversation to mitigate tangible business risks through consistent governance Framework1 Mature with each release to align Cloud Adoption and existing IT functions Evolve4
- 30. Take Action
- 31. Assessment Link CAF Governance Journeys and MVP Design
- 32. Thank you
Editor's Notes
- #7: Governance is about meeting strategic objectives (performance) while meeting legal and regulatory, contractual and other obligatory requirements often supported by policies (conformance). The goal is to achieve both in a balanced way.
- #9: Started with notion that the value of cloud services (speed, agility, innovation, cost, security) is often negatively impacted by existing/legacy enterprise IT processes and practices (Legacy doesn’t work)
- #14: Talk track: The CAF model to governance is a way of approaching governance that allows us to decompose complex and emotional topics into smaller units of actionable change. In the sections on Defining Corporate Policy, we change the topic from alignment to current IT governance requirements to a realistic look at tangible risks created by cloud adoption. Those risks can generate policy & compliance statements and recurring processes, which augment existing IT Governance Policy. Actioning on those policy statements, is done in one of five buckets of activity that span the governance conversations. In each of the five disciplines, the Cloud Governance Team leverages the Configuration Management capabilities of the Azure Govern and Azure Manage tools to help IT Governance, IT Security, Identity, and Networking teams apply requirements consistently across all Azure adoption. In this session, we will focus on the tools that establish a foundation for governance in Azure, which can be used to accelerate all five disciplines. These tools will aid in ensuring that the requirements of each discipline is consistently applied, audited, & enforced.
- #16: What third parties can be used to accomplish similar goals?
- #26: Talk track: The CAF model to governance is a way of approaching governance that allows us to decompose complex and emotional topics into smaller units of actionable change. In the sections on Defining Corporate Policy, we change the topic from alignment to current IT governance requirements to a realistic look at tangible risks created by cloud adoption. Those risks can generate policy & compliance statements and recurring processes, which augment existing IT Governance Policy. Actioning on those policy statements, is done in one of five buckets of activity that span the governance conversations. In each of the five disciplines, the Cloud Governance Team leverages the Configuration Management capabilities of the Azure Govern and Azure Manage tools to help IT Governance, IT Security, Identity, and Networking teams apply requirements consistently across all Azure adoption. In this session, we will focus on the tools that establish a foundation for governance in Azure, which can be used to accelerate all five disciplines. These tools will aid in ensuring that the requirements of each discipline is consistently applied, audited, & enforced.
- #30: CSA, FTA, PSS, SSP or Partner can help modify the initial design based on Decision Guidance in CAF. Review and adjust this pattern to fit before presenting to the customer.