As the process of using cloud services from enterprise to infrastructure-services is gradually shifted to more core business use cases, including, of course, core platforms and applications, strengthening governance in a holistic manner is key to risk management and end-user organization Trust. Because applications are now at the top of the IT value stack, and are often confronted with the business in front of it, this ensures appropriate governance at this level. Of course, this governance is not just about infrastructure, but about the broader context and environment of the application itself.
because of the significant impact on cloud applications, providers should also focus on unknown user issues in cloud governance, and it is critical to explore some best practices for translating enterprise rules and it resource use case permissions into cloud governance strategies. Includes how the provider assists customers to ensure that cloud resources are properly accessed, prepared, secured, operated, and monitored, to security and compliance.
While this guide applies to businesses that have established private cloud, the external services and hybrid cloud implementations provided by cloud providers still have a role to play in providing the platform to ensure customer control.
Translating rules and permissions into application-core policies
Regardless of how simple the underlying IT infrastructure is, deployment and management applications and platforms need to focus on the specific application of the tube-and-rice strategy. An enterprise-class cloud governance model application follows the following policy type implementations:
User/Group Access: Controls cloud service access, including role-based access control and federated identity authentication management.
Asset rights: Restricts user access to specific asset types, such as stacks, scripts, templates, and topologies.
Deployment: Limit workload deployment and data access to a broad-based policy-based authentication environment (PCI, HIPAA, localization policy, geographic constraints, and other governance and security directives).
Programming: Applying multi-tier policies across assets and services to ensure configuration management standards and standard operating environments (SOE).
Service level protocol: dynamically expanding applications and platform topologies based on composite automatic extension rules and performance criticality.
Security: Enforces security zone compliance through policies that are host-based and hypervisor firewalls, anti-virus software, managed intrusion detection systems (HIDS), virtual networks, data encryption, and other security tools.
Lifecycle events: Implementing policies in multiple lifecycle events, such as startup, shutdown, and system development Lifecycle (SDLC) code propulsion.
Backup and failover: Enhancing high availability and disaster recovery policies.
Resource constraints: Limits the maximum number of deployment instances.
Leases and schedules: limits leases and schedules for deployment instances.
chargeback/measurement: Limits resource consumption and measures consumption based on custom price models.
Dynamic policy: Monitor the flow of events from workloads and Third-party systems, and perform composite event associations to implement predefined policies and actions when thresholds are exceeded.
Ensure that cloud governance policies are synchronized with multiple change requirements
Face Reality: Corporate governance is fickle. New rules, changing internal standards, entering new markets or regions, and other market changes have led to frequent changes, making governance clouds tricky. It is necessary to allow it to quickly customize policies to address a broader range of current and future business requirements. The creation and execution of unrestricted child policy scopes may be implemented by using the policy engine of the extended meta model. This allows the customer or provider to create a new attribute policy that can be used to refer to making decisions. For example, the new Metamodel extension, which includes new security zone definitions, forces the classification of cloud workloads through their deployment strategy. Such a definition ensures that the workload adheres to the control constraints.
The cloud-based IT operations model is a new, transformative approach to delivering IT services to most customers. Therefore, the right and the scope of the function will govern the control will be difficult to control. In general, the main theme of the cloud governance strategy is to provide services directly to end-users who need it, access it resources on demand, and allow these IT resources to respond automatically to requirements and environmental changes. Governance policies can be developed not only by the different stakeholders within the enterprise, but also by the cloud service provider governance and the controller's own IT resources consumption.
Here are some policy-based governance scenarios that illustrate the usefulness of these strategies.
Implement a Readiness constraint policy for different teams, projects, and workloads. For example, market projects are tested for EC2 public cloud in the Amazon, but the German development team must and can only deploy locally based cloud, while the payment processing team can only deploy a PCI-compliant cloud.
Let IT resources be limited to the project Map team or leasing, provisioning, or quantity based on individual instances. For example, an employee of an application development team uses up to two use cases in a private cloud. It is possible that the Hadoop project can only be deployed between weekdays seven o'clock in the afternoon to five o'clock in the morning. The potentially outsourced user interface (UI) team can only get a 90-day instance lease on Amazon EC2 and will automatically exit after that.
Strengthen dynamic policies to respond to intrusions or/and misappropriation of instances. For example, an event association should include (1) a managed intrusion detection system sending a "critical" alert type for an instance in the public cloud, combined with (2) High outbound traffic threshold overflow and (3) High CPU utilization, the policy result is to release the instance and automatically redeploy a new instance in a secure private cloud.
Cloud applications are accelerating and many companies are facing governance challenges. Customers expect to quickly release a full governance portfolio of cloud-based services, delivering the needs of agile software developers and business users while controlling costs and ensuring compliance. The enterprise needs an extensible policy-based control point for cloud governance, which strengthens the unrestricted scope of customization policies to address changing business requirements. With the right cloud management platform, providers can provide a wide range of demand control points for governance, compliance, and security across public and private cloud plans to help transform it into cloud-based operations models.
"Edit Recommendation"
VMware and EMC work together to develop best practices for cloud application development and large data mobile cloud applications data security is still public cloud application biggest barrier 2012 Enterprise Cloud application: Highest data security concerns clear private cloud application network and security barrier "responsible editor: Xiao Yun TEL: (010) 68476606"