For example, AWS has servers (EC2) and attached storage (EBS) that form the basic
server/storage configuration. If you delete a server but do not specifically tell AWS to
delete the storage, the storage is left orphaned. Over time, orphaned block storage
becomes a risk to the company. Unless properly governed, unknown storage volumes
cost money and can potentially contain sensitive data. As you can imagine, compliance
teams do not like ungoverned storage disk(s) hanging around.
To date, we believe there are over 400 cloud management and compliance signatures
that need to be implemented in the MVC. These range from object storage controls, IAM
checks, encryption validation, key rotation schedules and many more. There are ven-
dors who provide governance frameworks to address certain operational domains, such
as security IPS/IDS or firewall rules. However, no one tool does them all. It takes a com-
bination of tools and custom software to cover all the bases.
At scale, Continuous Compliance is a combination of security, risk, compliance and
finance controls that are implemented using software. And like any software controls,
managing the profiles is where you gain your greatest benefits in the form of consistent,
repeatable outcomes with fewer errors.
#9 – Implement Automation Frameworks
Throughout these best practices, we speak of automation as a core tenet of implemen-
tation. Infrastructure as code is the mantra. At the core of cloud adoption is the automa-
tion of infrastructure builds for every application. The goal is to have each application
implemented and deployed through code. We want to take a DevOps mentality to the
development of our new cloud environment.
At the heart of a cloud native program are the MVC templates. Your goal is to get to
repeatable automation templates that carry the operational governance we spoke about
in the prior section. For example, onboarding a new application team to your MVC
should pull 90% or more of its code for the cloud platform from GitHub and the frame-
works you are managing.
Building a Minimum Viable Cloud includes producing repeatable automation templates
that are used to onboard new application teams. In the templates are the common IT
services, governance rules, tagging scenarios, metadata, VPC, IAM roles, image reposi-
tory and a host of common services delivered from your MVC Hub. The automation
templates save a ton of time and reduce a huge amount of risk by eliminating much of
the human error.
The new processes are focused on controlling the content of the automation templates,
code repositories and server image libraries. Change management is now around code
management within a group that has never done software development as a core disci-
pline. Thus, it is essential to foster a DevOps model of management and tighten the rela-
tionship with the software team.
SUMMER 2019 | THE DOPPLER | 55