Configuration Management
Just as in traditional IT management, you need to build
secure hosts in the cloud. In fact, host-based security is par-
amount, as cloud security is workload-centric vs. environ-
ment-centric. The biggest change for configuration gover-
nance in a cloud context is a singular focus on removing
manual review/config steps. The goal is to develop “gold
images” and “gold configurations,” and drive toward
immutable infrastructure.
To start, you will need to pay attention to your initial config-
uration for your host images, and minimize the drift of that
configuration over time, just like you should on-premises. In
on-premises environments, you would modify an initial
build through both patch and
change management processes,
depending on the update
needed. But in the cloud, with
new host deployment measured
in minutes, it is more efficient to
throw away a host and replace it
with an updated version of the
“gold image.”
is critical. If you do not have those elements, that gap needs
to be addressed as you move to the cloud.
On-premises assets can live long lives. You buy a server and
it can take weeks to months to acquire and deploy it. That
device may live in the data center for one to five years or
longer. Assets in the cloud get recycled much faster: you
can spin a server up, use it and spin it back down in 10 min-
utes. This short lifespan may not get captured by legacy
asset management processes. You cannot manage what
you cannot see, and in the cloud you cannot validate your
asset management accuracy by walking around and taking
a manual inventory. So, it is important to understand early
in the process what you have and to identify what is essen-
tial to track in your environment.
Governance is still
required in cloud
environments, but
there are places you
can streamline and
automate tasks.
Configuration management in
the cloud is essential, because
the more you automate and
“shift left” before execution, the better. In order to extract
the most value out of the cloud, you will want to streamline
configuration management workflows and embed automa-
tion as early as you can. In the cloud, humans do not touch
environments, and you do not change configurations on the
fly. If that initial system image is wrong, you replace it with
a new image that has all the capabilities you need. While it
is important to think through the changes this approach will
require, you can use your current processes initially. Getting
to this nirvana takes time, but making sure you understand
out of the gate the changes necessary for configuration and
patch management is essential.
Asset Management
Everyone claims to have a strategy for managing their IT
assets, but most companies do not execute their strategies
well. In the cloud, having a structured program with a simple
identification scheme able to handle short-lived resources
If you do not have a robust asset
management process in place, you
can start a new one in the cloud. This
should begin with the “big rocks“
first: Focus on a top-down inventory
of the enterprise, starting with the
first mover application and its envi-
ronments. As you transition more and
more workloads to the cloud, it will be
essential to know where they are.
Regardless of your asset manage-
ment maturity, you will need a simplified, focused tagging
strategy. It is critical to keep this tagging strategy simple to
start. Initially, track only key elements, such as Resource
Name, Application, Environment, Business Unit, Owner,
Security Classification, Retention.
Design your tagging strategy for ease of integration with
your existing management/governance process, including
any existing asset management process. The tagging strat-
egy will evolve as your cloud adoption matures, but keeping
it simple to start helps avoid unnecessary complications
from legacy asset tracking decisions.
Service Desk
Here, the overall processes stay the same in terms of
request tracking and escalation processes. But you will
need to anticipate how to integrate new alert data from the
cloud estate, as well as handle changes to how some tasks
are executed.
WINTER 2019 | THE DOPPLER | 71