# 4 – Cloud Account Structure
What is it ?
The avoidance of account sprawl . On the surface , accounts are a good way to enforce separation of environments . They enable separate billing , provide hard firewalls between business units , and offer clear ownership of resources . However , they do tend to get out of hand rapidly . AWS and Azure offer a variety of services and features that allow for flexible control of cloud computing resources and the account ( s ) managing those resources . These options are designed to help provide proper cost allocation , agility , and security , however clients are sometimes unsure of how best to implement an account structure strategy — especially when working with multiple , and even hundreds of accounts .
Why is it important for speed ?
The last thing you need is cloud account sprawl . It is an overhead that leads to uncontrolled spend , low resource utilization , and poor hygiene of services . Each organization is different and cost allocation , management of budget , and separation of systems is always critical in the implementation process . What you need is a crystal ball to predict what your platform will look like at scale . However , the good news is that you don ’ t need a real crystal ball , just a team who has already seen the end .
# 5 – IAM Policies and Roles
What is it ?
Identity and Access Management ( IAM ) policies and roles provide the ability to securely control access to services and resources for users — whether they are groups of individuals or roles required for tools to perform their jobs . Getting your users and groups sorted out can be tricky business and without a proper methodology for control , will block the agility play .
Why is it important for speed ?
Let ’ s say you ’ re provisioning a new RHEL stack for a mobile app developer ; however , you have not made IAM part of the provisioning code . The ID and access rights for the developer must go through the same on-premise process you ’ re trying to get away from . Although your stack is created quickly , the surrounding IAM process is not . Alignment with all the tools , roles , and users is critical Day-1 .
# 6 – Encryption and Key Management
What is it ?
Both AWS and Azure offer key management systems ( KMS ) as a service for the seamless centralized control over keys used to encrypt data on the cloud . KMS
56 | THE DOPPLER | FALL 2017