<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2012313439098820&amp;ev=PageView&amp;noscript=1">
Posted by Dana Epp

Azure Policy : Fundamentals for cloud governance

What can WE do to maintain control of our cloud resources while still giving our people the power to embrace technology and innovate while helping to prevent Shadow IT? In the latest episode of #KnowOps we talk about how we can handle cloud governance with the use of Azure Policy.

Hope you enjoy it.

Show Transcript

 

Do you ever feel like you're losing control of IT as more stuff can run in the cloud?

I mean, Forrester Research says that something like 65% of all dollars spent in tech is happening by non-tech buyers now. And 73% of those buyers don't wanna buy from the channel or from IT partners. They wanna go straight to the vendor like Microsoft. This concept of shadow IT isn't something we can take lightly. But as Cloud admins, we also need to try to understand the root psychology behind this. Why are people going and getting their own Cloud resources? What can we do to maintain control, while still giving our people the power to embrace technology and innovate? How can we be empathetic with their needs while also respecting the company's business goals, budgets, and compliance needs? Let's talk about that.

Dana Epp here, welcome to the channel that helps aspiring Azure administrators like you and me to know Ops, and, well, master the Microsoft Cloud. I'm glad you're here. If you haven't yet, please smash the subscribe button so you can be notified when I release new videos each week.

So imagine for a moment that we lived in an ideal world. Our businesses are thriving, transitioning to the Cloud is happening at a rapid pace, and our digital transformation projects have been going flawlessly.

Now wake up!

Doug in Development decided to spit up an E64 series virtual machine. Hey, it's just 7 bucks an hour, and he only needs it for a few hours to complete a critical data dumping task. But he didn't tell anyone he provisioned it and then he forgets to shut it down. On your next bill you see a jump of over five thousand dollars for that one resource.

Now, how many Dougs in Dev, Sallys in Sales or Mikes in Marketing do you have?

Public Cloud computing makes it far too easy for virtually anyone to spin things up. And if you aren't giving them what they need, then they're gonna go to their managers who will pull out their credit cards and provision it with a few clicks anyways. Which means it's still gonna hit your company's books, but now you have more subscriptions and maybe even more as your tenants to deal with, if you even know about it at all.

Sound familiar? This happens every day, to Microsoft's delight! I mean, your company consumed the compute right? You have to pay the bill, helps with their business model, but what about yours? This is where Azure Policy comes in. It allows you to easily apply guardrails on all your Cloud resources, and let's you have real time control and Cloud compliance at scale. Doug felt he needed that resource to get his work done. We want to empower him and not hinder him, But if that wasn't acceptable against your organization's business roles, you should've been able to stop him from provisioning that and offer him an alternative right then and there, so he knows what's acceptable. And that is exactly the sort of thing that Azure Policy can do for you.

Think of Azure Policy as a service that can manage assign and implement policy to enforce and audit your business roles for cloud usage. It helps to establish Cloud governance through a set of initiatives that you define, that group policies together to meet your individual business goals. In Doug's case, you could've set a policy to allow authorized developers access to provision, certain types of virtual machines and not others, and then enforce tags to be applied to allocate the spend to their department and to force shut down of those resources when no longer in use.

If this concept's new to you, I recommend you watch the episode I did on Azure Tags. I'll leave a link to it in the description. [Watch Video]

Azure Policy is extremely flexible. It assesses properties within virtually any Azure resource, and allows you to audit, deploy, and deny based on your defined needs. All enforcement is evaluated directly within the arm management plane, which means it can block deployments or changes to enforce the guardrails that you set out. Combined with Azure's role based access control, it's the one-two punch to help you get control over your Azure Cloud governance. This allows you to empower your organization to leverage the Cloud without stopping innovation, while giving you the clarity and control you need. And isn't that the nirvana we're all looking for?

Now one tip as you start with Azure policy, when first getting started it may not be a good idea to set your policies to deny everything to begin with. Instead, set the effect to audit so you can log these events and see how the policy rules you define actually work. You can then switch it to deny once you're confident in how it all functions. Azure Policy is a powerful tool to have in your administrators belt, to help you with cloud governance and control your compliance needs. Use it to empower your people, while still giving you the comfort to keep everything in check in Azure.

So what do you think? Is Azure Policy something you're gonna take a look at? I certainly hope so. And I hope you found this useful. Let me know by hitting the like button. And if you haven't yet, smash the subscribe button so you can be notified as I publish more videos. Until then, thanks for watching, we'll see ya in the next episode.

Topics: Cloud Operations (CloudOps), KnowOps

Comments