Most enterprises don’t have a well-developed governance approach for the cloud, not even an idea of a technology solution.
Enterprises are overwhelmed these days with other technology changes, including not just the move to cloud but devops, machine learning, and whatever other shiny objects pop up out of the market.
I view governance as the consistent enforcement of policies to place limits on how, when, why, and for what purpose a resource such as data, processes, APIs, storage, or compute is used. The best way to think about governance is as a series automated guardrails, in the form of policies, that keep you from running off a curvy road.
Of course, there is not one product that does everything, so governance solutions are a mix of products that include security, API management, resource management, and perhaps other technologies to address your specific needs.
There’s no “black box solution” for governance. That’s why enterprises need to treat governance strategically as both a concept and enabling technology. Few do.
Worse, most enterprises will move beyond the range of what can be done manually soon. Where 200 cloud services mixed with 100 legacy services was doable manually, the tipping point will soon come when the number of services can’t be effectively tracked by people. At that point, either you stop building or using cloud services or you face daily problems, such as data being edited by unauthorized users or, worse, running afoul of the law.
Either way, the result is the same: cloud migration projects’ epic fail.
I know that most enterprises have cloud migration projects, are building devops organizations, and deploying new security technologies. But the governance thing must be a priority as well. I understand it’s something that makes your job more complex, but the alternative sucks.