Skip to main content

Cloud Governance in Enterprise


  1. Access Controls
  2. Financial Controls
  3. API (Application Program Interface) Integration
  4. Logging and Auditing
  5. Key Management and Encryption

Access Controls:

it is essential to prevent multiple employees making changes or modifications at the same time. Instead of providing access to the whole IT team, it is good to limit access to specific people or specific team. All others can have their modifications done to the application through raising requests to a specific set of individuals. In some enterprises, they have implemented role-based security model. Here, the roles would be super-administrators, administrators, developers, managers and employees. Different roles would have different access levels. For example, super-administrators or super-admins would have complete access to everything – including the ability to assign administrator roles to people. Managers might only have approval rights for specific team-related requirements. They might have limited access to specific modules related to their team or department - in the application. Thus, by limited access, all the cloud-based assets can be effectively controlled and managed.


Financial Controls:

Implementing financial controls helps organisations having a lot of teams and cloud-based projects running in parallel. The finance team would allocate specific budgets to each cloud-based project based on the scope and requirements. Some of the cloud-based applications might have high infrastructure and software requirements and hence the finance team has to allocate bigger budgets. This holds true for high-impact projects, mission critical projects and projects carried out for premium clients of the organisation. Multi-national corporations have implemented effective governance measures to track the budgets for each and every project in the cloud and effectively control the spending based on periodic reviews on a monthly, quarterly or yearly basis.

API (Application Program Interface) Integration:

API integration becomes important when the cloud-based application or infrastructure is to be shared with other applications developed by third-party developers outside the organisation for various business reasons. Necessary protocols and policies are to be communicated while the API is shared with the public. Strict regulations have to be implemented to provide restricted access to outsiders.

Logging and Auditing:

Almost all corporations log every activity across the private, public and hybrid clouds. Activities like changes to code, changes to database, addition or modification or edits done to a specific application are all tracked and logged. These log files are audited regularly by system administrators and quality assessment professionals to ensure everything is executed as per the cloud governance policies. Any discrepancies are monitored, and necessary corrective measures are taken. The Sony PlayStation Network hack that happened in 2011 came to the limelight when system administrators did a periodic audit of the log files. They figured out malicious activities that were logged in the activity log and thus went on to track the whole hacking attack.

Key Management and Encryption:

Few corporations have achieved excellence in implementing cloud governance across their geographies. One of the unique security architectures found to be implemented in such corporations enforces separation of roles through sophisticated algorithms running independently. These independent algorithms guard all the security keys and credentials across the cloud-based applications. They do not essentially run on the same servers where actual applications are hosted, and hence, they have no access to confidential data. That means, the servers and storage capacity of such corporations contain all the confidential and non-confidential data in an encrypted format but encryption keys are operated and managed by independent algorithms available outside these servers. This not only makes cloud governance efficient, but also provides high security levels and avoids security breach and data theft during hacking attacks.

Comments

Post a Comment

thank you for visiting :)

Popular posts from this blog

Special Permissions in linux

The setuid permission on an executable file means that the command will run as the user owning the file, not as the user that ran the command. One example is the passwd command: [student@desktopX ~]$ ls -l /usr/bin/passwd -rw s r-xr-x. 1 root root 35504 Jul 16 2010 /usr/bin/passwd In a long listing, you can spot the setuid permissions by a lowercase s where you would normally expect the x (owner execute permissions) to be. If the owner does not have execute permissions, this will be replaced by an uppercase S . The special permission setgid on a directory means that files created in the directory will inherit their group ownership from the directory, rather than inheriting it from the creating user. This is commonly used on group collaborative directories to automatically change a file from the default private group to the shared group, or if files in a directory should be
Post a Comment
Read more

The Seven-Step Model of Migration

Irrespective of the migration approach adopted, the Seven-step Model of Cloud Migration creates a more rational point of view towards the migration process and offers the ability to imbibe several best practices throughout the journey Step 1: Assess Cloud migration assessments are conducted to understand the complexities in the migration process at the code, design and architectural levels. The investment and the recurring costs are also evaluated along with gauging the tools, test cases, functionalities and other features related to the configuration. Step 2: Isolate The applications to be migrated to the cloud from the internal data center are freed of dependencies pertaining to the environment and the existing system. This step cuts a clearer picture about the complexity of the migration process. Step 3: Map Most organisations hold a detailed mapping of their environment with all the systems and applications. This information can be used to distinguish between the
Post a Comment
Read more

RequestsDependencyWarning: urllib3 (1.24.1) or chardet (3.0.4) doesn't match a supported version

import tweepy /usr/lib/python2.7/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.24.1) or chardet (3.0.4) doesn't match a supported version!   RequestsDependencyWarning) Traceback (most recent call last):   File "<stdin>", line 1, in <module>   File "/usr/local/lib/python2.7/dist-packages/tweepy/__init__.py", line 14, in <module>     from tweepy.api import API   File "/usr/local/lib/python2.7/dist-packages/tweepy/api.py", line 12, in <module>     from tweepy.binder import bind_api   File "/usr/local/lib/python2.7/dist-packages/tweepy/binder.py", line 11, in <module>     import requests   File "/usr/lib/python2.7/dist-packages/requests/__init__.py", line 97, in <module>     from . import utils   File "/usr/lib/python2.7/dist-packages/requests/utils.py", line 26, in <module>     from ._internal_utils import to_native_string   File "/usr/lib/python2.
Post a Comment
Read more

tag