Learning How to Remove the Risk From Your Cloud Environment

Governance

I was an early adopter of Amazon’s AWS. I had been in the business of building out data centers for many years and was looking at a way to change my business from a reseller and integrator into a company that provided data center infrastructure as a service. I looked very seriously into making a significant investment in hardware, software and data center space to become a cloud provider.  

Fortunately, before I pulled the trigger, a friend called me up and told me about a new service from Amazon called AWS. At that point in time, AWS did not have the branding and exposure it does today. In fact, not many people knew about it at all. It was mostly being used by developers with small environments and minimal budgets for hardware. 

I quickly took my friend up on his offer to set up a demo of AWS. Upon seeing the speed at which I could spin up instances and add storage all with just the creation of an account and adding my credit card information, I knew immediately that building our own cloud was out of the question. Amazon had already spent the time and money in creating a scalable and automated cloud platform.  

I signed on as an AWS partner that week.  

Being early to the game has its advantages and I was certainly early to the AWS game. I didn’t know of anyone using AWS and most of the customers I was talking to claimed that a public cloud would never fly with their organization. Similarly to how we handled any new technology, I had my engineers test and evaluate the product, or in this case, the service. At that point in time, we were doing a fair amount of Microsoft SharePoint work so I suggested we create an environment(s) that could support 5,000, 10,000 and 50,000 users in SharePoint.  

I didn’t give any other instructions – just build it.  

They set out on their task and in a few weeks, they came back to me with a working environment.  We learned a lot from the deployment: how to configure networks, how to deploy instances and applications and how (through automation) we could recreate what we build on the fly. Everything looked great. That is, until I got my bill a month later for $27,000.  

I was shocked to see the cost. Wasn’t cloud supposed to be less expensive? I went to the engineers and asked what exactly they had done to create the environments. The issue, as it turned out, was that they followed my instructions too literally.  

They deployed one environment for 5,000 users, a separate one for 10,000 and another separate one for 50,000. What I was looking for was an environment running small instances and storage that had the ability to scale to the number of users requested. It was a mistake on my part in not being more specific as to what I was looking for. The cost was high, but the lessons learned more than made up for the high price.

Lessons Learned

I quickly learned that without governance, a cloud comes with tremendous risk. Also, the ability to spin up thousands of instances in minutes is a powerful concept, but it can also be a very costly one.  

I became very careful in managing our cloud accounts in the hopes of keeping the costs down, but inevitably something always seemed to go astray. I would almost always end up footing the bill for something that shouldn’t have been deployed, something not shut down or orphaned instances and the like. Fortunately, today there are tools that can be used to help govern and automate cloud environments.  

At HumanTouch, we work with a variety of tools and provide trained experts to help our customers maintain effective and efficient governance for their cloud environments. Our process for providing governance includes 

• compiling a complete cloud asset inventory from a multitude of cloud accounts –  this is the baseline required to enable automation of governance.
• creating compliance templates based on industry standards which will enforce those standards either automatically or with some human intervention.
• monitoring and mitigating security risks that can occur through misconfiguration from a lack of knowledge or user error.
• enforcing policies such as asset tagging which enables an organization to manage who is using what and how.
• deciphering complex and large billing reports and creating intelligent and easy to understand reports that can help organizations track spending across projects to departments.
• monitoring resource utilization to avoid the “orphaned” instance or finding oversized and underutilized instances. From this monitoring we can terminate unwanted services or resize services to appropriate scale.
• automating many of the processes such as starting and stopping instances or making sure snapshots are taking place.
• creating access management policies to better manage who has access to what and how much access they have.

HumanTouch delivers this governance and much more through our cloud managed services offering. 

‍

The cloud can be a wonderful thing, but without effective and diligent governance, it can be a risky endeavor. HumanTouch works closely with its customers to create an efficient cloud environment that is tailored to each individual customer’s needs. Our years of experience help simplify the process of assisting our customers in achieving a secure and cost-effective cloud environment that is easy to manage and maintain.

‍

‍