Balancing Control and Agility to Achieve

Size: px

Start display at page:

Download "Balancing Control and Agility to Achieve"

Augusta Johnson
5 years ago
Views:

1 Balancing Control and Agility to Achieve Dede Dascalu CEO, Stratus Solutions

2 Stratus Solutions is a technology partner that enables purpose-led organizations to achieve more. #951 (2017) Headquartered in Fulton, MD Founded in 2008 Full-Time Staff 100+

3 Agenda What Looks Like Building Blocks Design Considerations

4 What Looks Like

5 The Journey to Cloud Adoption Limited Accounts Multiple Accounts OR Single Account Specific Systems Manual Governance Numerous Systems Manual Governance Numerous Systems Manual Governance

6 Growing Cloud Adoption Source: AWS

7 Tradeoffs In Developer Controls and Developer Agility Cloud broker Prescribes limited access to the AWS platform based on catalog templates or via middleware Suitable for meeting common requirements of less-technical internal users Traditionally doesn t allow developers to access cloud APIs Relies too much on humans and manual processes Minimally encumbered AWS accounts Complete power of the AWS platform; every approved feature available immediately Native access to the AWS Console, CLI, API Enables powerful DevOps CI/CD pipelines Requires a comprehensive foundation for managing access, security, collaboration Requires the building or buying of a solution that can manage access, budget, compliance of many AWS accounts

8 Elements of

9 Elements of Entry points Methods of access to the cloud environment Central Services Common services accessible by cloud tenants Networking Enterprise networking strategy for intra-aws Account communication and ingress/egress control Security Services Central log aggregation and analysis Certification and Accreditation Strategy (SSPs) Methodology to reach ATO fast with a repeatable process Governance of Cloud Accounts Tools for account management, budget enforcement, compliance automation + Access to AWS CLI, API, Console Connections to On-Premise Resources Enabling access between on-premise and cloud resources

native AWS Console Internet access Centrally hosted developer

10 Cloud Governance Architecture Case Study AWS account mgt., budget enforcement, compliance automation Federated access to native AWS Console Internet access Centrally hosted developer tools Local and remote entry point access Log aggregation, continuous monitoring

Adhere to IT budgets in a pay-per-use model?

11 Challenges with Governance of Cloud Accounts Determine the current state of all cloud users and their access rights across your enterprise? Adhere to IT budgets in a pay-per-use model? Ensure deployments and operations are compliant with relevant legal, regulatory, and/or contractual policies?

12 Design Considerations for Dept. A Company X Dept. B Dept. C Account Management Centralized management of all cloud accounts Federated single sign-on and 2-factor authentication (MFA) Automated, self-service account creation with native Console, CLI, and API access Project 1 Project 4 Project 6 Project 2 Project 5 Project 3

13 Design Considerations for Dept. A Company X Dept. B Dept. C Account Management Centralized management of all cloud accounts Federated single sign-on and 2-factor authentication (MFA) Automated, self-service account creation with native Console, CLI, and API access Project 1 Project 2 Project 4 Project 5 Project 6 Budget Enforcement Hierarchical budget alignment to projects and organizational units with real-time spend tracking Configurable enforcement actions to alert, freeze spending, and terminate cloud resources Project 3

14 Design Considerations for Dept. A Company X Dept. B Dept. C Account Management Centralized management of all cloud accounts Federated single sign-on and 2-factor authentication (MFA) Automated, self-service account creation with native Console, CLI, and API access Project 1 Project 2 Project 4 Project 5 Project 6 Budget Enforcement Hierarchical budget alignment to projects and organizational units with real-time spend tracking Configurable enforcement actions to alert, freeze spending, and terminate cloud resources Project 3 Compliance Automation Inheritable access policies to restrict use of non-compliant cloud services Compliance tools for continuous security control monitoring and reporting