Microsoft recently announced significant updates to the Govern section of its Cloud Adoption Framework (CAF) for Azure, enhancing cloud governance guidance across various domains, including identity, cost management, and AI, to support better organizations, from startups to large enterprises, in their cloud journey.
Cloud governance employs policies, procedures, and tools as guardrails to define permitted and prohibited cloud activities, mitigating risks while improving productivity. This comprehensive approach ensures all cloud usage is authorized, minimizing shadow IT. In addition, cloud security and operations play an essential role in maintaining and refining governance frameworks.
In a LinkedIn post, Stephen Sumner, a senior content developer (patterns & practices) at Microsoft, writes:
To control the cloud, you set up guardrails that allow for productive freedom but prevent the bad stuff. Guardrails are the policies, procedures, and tools you use to enforce control. With guardrails up, you're free to focus on using the cloud to reach business goals.
According to the company, the updated governance guidance in the CAF incorporates insights from customer experiences and recent technological advancements to present a streamlined, proven approach to cloud governance. These revisions offer several benefits, like a single, five-step process to establish and maintain cloud governance over time, including a checklist that outlines every task in that process.
Overview of the five-step process (Source: Tech Community blog post)
In addition, the guidance includes references and links to Azure tools and services that facilitate cloud governance, as well as examples of cloud governance documentation and recommendations for gathering the correct governance data, for instance, for the raci matrix. Finally, the company also updated the Cloud Governance assessment. This tool helps customers identify and address gaps in their cloud governance strategy and directs them to the relevant guidance in the new guidance to fix those gaps.
The other cloud companies, AWS and Google, also offer governance guidance in their respective cloud adoption frameworks. Customers can find them in the Google Cloud Adoption whitepaper and AWS CAF governance sections. Additionally, there are other cloud governance frameworks available, such as NIST Cloud Computing Framework, SOC2, and Cloud Security Alliance (CSA) STAR.
When asked how the new governance guidance can help address challenges in organizations facing challenges in areas such as AI and data governance, Sumner told InfoQ:
The new guidance includes examples showing how Azure can facilitate cloud governance across common categories to accelerate organizations' adoption of cloud governance. The guidance provides examples of regulatory compliance, cost, security, resource management, operations, data, and artificial intelligence (AI).
These examples offer a sample starting point for organizations looking to implement cloud governance in these categories of cloud governance. These are not the only categories relevant to cloud governance, but they are some of the most common. Given their rising importance, the data and AI governance examples expand the scope of the previous guidance and provide valuable and timely direction for many businesses.
Lastly, more details on the Microsoft Adoption Framework are available on the Microsoft Learn documentation pages.