Cloud Governance for AWS

 Governance: Ensuring that organizational activities, like managing IT

operations, are aligned in a way that supports the organization's business
goals.
 Risk: Making sure that any risk (or opportunity) associated with organizational
activities is identified and addressed in a way that supports the organization's
business goals. In the IT context, this means having a comprehensive IT risk
management process that rolls into an organization's enterprise risk
management function.
 Compliance: Making sure that organizational activities are operated in a way
that meets the laws and regulations impacting those systems. In the IT
context, this means making sure that IT systems, and the data contained in
those systems, are used and secured properly.
https://aws.amazon.com/blogs/apn/governance-in-the-aws-cloud-the-right-balance-between-
agility-and-safety/

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf

https://www.slideshare.net/AmazonWebServices/aws-ps-
summit12beachgovernanceoverview

Cloud governance is a framework that guides how end users make use of cloud services by
defining and creating policies to control costs, minimize security risks, improve efficiency
and accelerate deployment. It’s imperative to have good cloud governance because it’s a
foundational element to your cloud practice that provides the ability to scale and be
successful.

Discover how CDW can assist you on your cloud journey with AWS.

Migrating to the cloud is an exciting journey as it provides greater flexibility to the IT teams
for creating resources and provisioning them. Gone are the days when it used to take weeks
and months to request resources and additional provisioning from the infrastructure teams.
Cloud vendors now provide the capabilities to create resources such as compute instances
plus add-on software, databases, firewall groups, storage, etc. via APIs.

The cloud-provided capabilities are very powerful and can potentially bring many
inconsistencies and resource ownership issues into the environment such as:

 Who created the resource

 For what purpose
 The disk not being attached to a compute instance
 Multiple versions of data backup and snapshot
CDW’s Governance Workshop for AWS

CDW’s Governance Workshop for AWS is a service that ensures best practices have been
followed and that your cloud architecture is sound and sustainable. It’s a series of workshops
focused around key areas including cost management, security and identity. This service is
great both for customers who have already started their cloud adoption journey or are just
beginning. CDW’s AWS engineers will tailor the content to you based on where you are in
your cloud adoption.

Below are some potential use case questions where CDW’s Governance Workshop for AWS
service can help. If you answer “yes” to the questions below, this service is perfect for you
and your organization.

High operation cost:

 Are your costs getting out of control, causing you to be over budget each month?
 Are your costs increasing and you don’t know why or how to stop it?
 Are you lacking visibility into which group/departments are consuming the most?
 Are you needing analysis on the right strategy to purchase Reserved Instances, Savings Plans
or using Spot Instances?

Loose cybersecurity posture:

 Are you lacking proper controls for handling breaches?

 Are you using your root account daily for your normal administrative tasks?
 Are you inconsistent in applying operating system (OS) and security patches to your running
compute instances?
 Are you missing an inventory list that includes the classification of data stored in your
account and appropriate control to protect data?

Account sprawl:

 Are you seeing an increase of AWS accounts but can’t control how or when they are being
created?
 Are teams using resources in more expensive regions without a justified reason?
 Are you lacking a process for how users are created and what level of access they receive?

Why You Need a Governance Service, Especially in Public Cloud

When determining if you need a governance service, keep in mind the convenience of cloud
also brings additional security concerns. The shift from on-premises IT infrastructure to the
cloud adds layers of complexity to your infrastructure architecture. It also means that more
people across your organization have the potential to impact that architecture because anyone
can create resources without being held responsible to decommission them.

Even when the cloud service itself is secure, if resources are deployed with poor access
controls or with configuration vulnerabilities your entire system can be at risk. Due to a lack
of perimeter security, it’s important to develop each cloud service with strong security in
mind. Therefore, it’s imperative to create and maintain a comprehensive cloud governance
model.

Implementing a governance plan is a good idea whether you have just begun your cloud
journey or have been operating in the cloud for a while. CDW has a defined methodology for
conducting our day-to-day operation according to published industry and AWS best practices,
and we can share our knowledge around controlling costs, addressing security concerns,
implementing automation and utilizing cloud native applications.

The Difference between Governance and Audit/Compliance

The overall objective of governance and audit/compliance is to identify and help mitigate
risks associated with an IT environment. However, they are not a substitute for one another.
Implementing a governance service does not mean that the IT environment complies with all
the compliance policies. They both fall under the general umbrella category of governance,
risk management and compliance (GRC).

In the greater scheme of things, governance focuses on the bigger organizational initiatives
specified by internal policies. Governance activities are more focused on broad, long-term
and strategic initiatives for an organization. In a majority of the cases, governance activities
are initiated internally by providing a strategic vision, for example how we ensure that
customers’ data is safeguarded, how we control access to critical data and so on. This ensures
that best practices, procedures and policies are applied to the overall performance and
direction of the organization.

Other examples of governance topics include:

 Escalating operating cost in the cloud

 Increased and complex risk profile of microservices running in the cloud
 Inconsistent development of applications in different departments within an organization
 Application architectures that are difficult to operationalize for activities, such as load
balancing and A/B testing
 Shareholders demanding ethics, transparency improves the reputation of the company as well
as helps manage risks
 Steps for preventing creation of data silos within different divisions in an organization
 Consistent threat modeling and prevention steps for newly deployed applications
 Ability to gather quality information quickly
 Ability to repeat processes in a consistent manner

Audit compliance, on the other hand, is for ensuring that employees are following
organizational policies in their day-to-day operational activities. Audit compliance can be a
short-term, tactical viewpoint for validating that policies are being followed. In most of the
cases, compliance is specified by agencies external to the organization. And there are
different compliance requirements specific to the industry or to the organization’s location
such as Personally Identifiable Information (PII), Personal Health Information (PHI), General
Data Protection Requirements (GDPR), etc.
Audit and compliance are mandatory, whereas governance is what the company wants to do
to provide an ethical value or to improve reputation. Failure to follow compliance guidelines
can result in penalties, fines and other legal actions against the company. However, each
company may prefer to handle governance differently.

Key Components of CDW’s Governance Service

CDW’s Governance Workshop for AWS is a less-invasive/high-impact engagement with

one-on-one AWS engineering support that doesn’t require excessive time or resources from
your organization. What follows is a sample of the high-level topics that will be discussed
across the three modules: cost management, security and identity.

 Account management
 Organizations and hierarchy
 Networking control
 Identity and access management (IAM)
 Role-based access
 Resources
 Security, auditing and continuous compliance
 Policies
 Automation
 Billing
 Tagging and resource tracking
 Naming conventions
 Alerting and monitoring

Using the cloud opens the door to a lot of potential opportunities. However, there is greater
risk of creating siloed services, making it difficult to manage the environment if the
development team is not aware of the best practices for operating in the cloud. CDW’s
governance service helps your organization by providing a list of best practices and a
prioritized list of recommended steps for the cloud. CDW Professional Services can assist
your company in this journey by helping lay a solid foundation on which additional services
can be developed for your organization.