Security & Compliance Blog Multi-Cloud Blog

Cloud Governance Best Practices

Monica Brink
3 minute read
Monica Brink

I apologize—I know it’s not a funny, wry, or ironic title. Articles about cloud are often followed up with some hyperbole about how cloud computing will help solve world peace. But I’m confident you, our readers, have moved on from the cloud hype—that you’ve recognized that, while cloud is not a silver bullet for anything, it is undeniably an essential part of your overall IT strategy—and it’s time to cut the cute stuff and get real.

Getting real means moving on from ad hoc and opportunistic approaches to cloud computing in favor of an approach that is managed and optimized. It means ensuring IT process integration and applying data center levels of compliance and governance to cloud computing. And it means developing a cloud management strategy that is robust and flexible enough to adapt to changing business needs over the long term.

There’s a consensus brewing across the market that cloud computing (at least the successful kind!) is not easy. Sorry to burst your bubble there if you are still in the mindset of cloud = fast provisioning of virtual machines. As organizations move beyond this “provision-only” mindset and seek to support lines of business with full-stack provisioning of dev platforms and applications across private and public clouds, the cloud management task becomes exponentially complex. There is the orchestration task across resources, users, and services to consider, and importantly, managing risk becomes a big factor.

Oh, and if you’re wondering what sort of risks I could possibly be referring to here (Shadow IT anyone?), check out some of the blogs from my colleague Dom Wellington on security threats across both the data center and public clouds that just seem to be growing every day—here’s a sample. Now, Dom can be a scary guy when it comes to talking about IT security threats—but the risks are real. So, the challenge for you then becomes how to deliver all of this cloud governance and compliance and risk management without sacrificing the very agility you were seeking with cloud computing in the first place! Whew, this cloud computing gig isn’t for the faint of heart—that’s for sure.

So, let’s get even realer—what are the cloud governance best practices that are essential for enterprise cloud success for the long term? In a recent study on the cloud market, IDC* found that:

more mature cloud architectures depend on policy-based automation and self-service to rapidly provision new services and ensure compliance with corporate standards and service-level agreements (SLAs).

It quickly becomes apparent that automated service provisioning across multiple platforms and management of the full lifecycle of the service, as well as cloud governance and compliance processes, are crucial to ensuring cloud performance and managing risk.

There is a way through this somewhat daunting maze—it’s a cloud management platform that not only provides a self-service portal from which users can request VMs and have them rapidly provisioned (that’s the easy part!). It’s a CMP that provides orchestration across infrastructure silos so that full-stack services (not just servers) can be rapidly provisioned in a consistent way across any environment—be that environment a private cloud, multiple public clouds, or legacy data center infrastructure.

And, it’s a cloud management platform that ensures fully integrated IT processes including change management, CMDB updates, regulatory and operational compliance, configuration management, and patching can be automatically applied to the service at time of provisioning so that the essential speed of service delivery is not sacrificed for increased cloud governance.

It’s also a cloud management platform that looks beyond the “provision-only” mentality to the ongoing management and health of the service by ensuring performance monitoring, early notification of service failures, automated remediation, and auto scaling of resources to match changing service requirements.

It’s managing the full lifecycle of the cloud service—from provisioning to change management to monitoring to compliance to performance and decommissioning. Anything less than this is selling your cloud initiative short—and quite possibly cutting it off at the knees before it can really have a chance to prove value to the business. With cloud computing in the enterprise turning the corner from cute and cuddly to real and spiky, now is the time to develop that long-term cloud strategy and ensure you have the cloud management capabilities to deliver the goods.

Find out more about BMC Cloud Management.

*‘Hybrid Cloud Strategies Create Management Challenges’ by Mary Johnston Turner IDC #252655, December 2014

Forbes: How leaders are managing the complexity of cloud

Cloud complexity can make it hard to realize the full benefits of digital transformation. Want to keep things simple? Find out how leading CIOs are keeping their environments, vendor relationships, and management practices lean and efficient.

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing

BMC Bring the A-Game

From core to cloud to edge, BMC delivers the software and services that enable nearly 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
Learn more about BMC ›

About the author

Monica Brink

Monica Brink

Monica is Director of Solutions Marketing for IT Operations and AIOps solutions at BMC software. With over 14 years global B2B marketing experience in enterprise software across IT operations management, AIOps and cloud computing, Monica has worked with large and medium sized companies across the US, Europe, Middle East and Australia driving adoption and communicating the value of market leading IT solutions.