Limit the “Blast Radius”
Enable Cost Transparency
Minimize Complexity
Maintain Compliance
Secure Access
Increase Developer Agility
Increase Resiliency Posture
Figure 2: CloudOps Guiding Principles
Security
Security implementation should be planned to ensure that the addition of multiple cloud vendors does not add additional risk or minimize visibility for the
organization’s security posture and response. Security has several key categories that must be addressed uniformly across cloud providers:
Policy – Policy is the set of organizational guidelines that control how the business functions, the levels of risk taken, processes followed and rules for data
handling. The policy for an organization will not change and will be applied
uniformly across cloud providers.
Controls – Controls are the process-based implementations of the policy. The
controls are workflows, checks and approvals to ensure that policy is being followed. Controls are commonly seen as passwords, access control lists and
other boundaries to allow and prevent access to data and services. Controls
will be broadly the same across cloud platforms, with only minor differences to
account for technology differences between vendors.
Technical Implementation – Controls are implemented through technology, so
this tier can vary significantly from vendor to vendor because of differences in
how they provide services and access to them. This technical implementation
will be a major component of the MVC and architectural elements in the cloud,
ensuring that a strong platform is built for the organization to safely consume
services within corporate policy.
Governance – Governance is the enforcement of policies across technology
and cloud platforms. While governance can be a manual process to validate
that policy is being followed, it should be automated in a cloud environment, to
maximize agility for users of the cloud platform.
80 | THE DOPPLER | FALL 2016