As cloud usage grows, including multi-cloud, it is essential to have a governance model to improve security posture, ensure compliance, and manage costs. Cloud Governance, in general, is defined as the set of rules and processes that improve overall security and compliance and also ensures success in the cloud environment within a given budget constraint. While you manage the cloud and put knuckles where needed, you want to make sure it does not impact the speed of innovation. Governance at a high level includes defining access to resources, enforcing access, monitoring, and detecting issues, cost control, and performance analysis to reduce the cost.
The governance model is constantly evolving and is an iterative process. As you onboard additional cloud services or as you detect issues, you refine and update the model. It's a three-step process that begins with Resource Organization followed by Resource governance that includes Identity governance, Access governance, and Cost governance. No security implementation is complete without monitoring in place. As you detect issues with the model, you refactor and refine Resource Governance and/or Resource Organization.
This is the first blog in a series of four blogs on the governance model. In the next three blogs, we will go over the three steps of the model as described above.