Security and Governance in an Enterprise Hybrid Cloud
A lot of vendors talk a good game. But do their management tools provide on-demand, self-service access to applications and application platforms while meeting enterprise governance, compliance and security requirements?
The Only Enterprise Grade Approach to Cloud Management Governance
To meet enterprise governance, compliance, security and user needs requires:
- A flexible policy creation and enforcement engine, that does not rely on manual workflow approvals/actions
- Application-level AND Infrastructure-level policy control
- Policy control throughout the full application lifecycle from initial development through production deployment and beyond
- An extensible meta-model that allows adding attributes and writing custom policies
- A visual policy editor for non-technical staff and direct programmatic editing for technical staff
The CSC Agility Platform™ provides the only enterprise grade policy engine that meets these requirements.
Talk is Cheap; What’s the Reality
Peel back the covers on other cloud management tools and you’ll find one or more of the following issues for enterprise customers.
Workflow-Based “Policy”, Not the Right Answer
Some cloud management tools tout their workflow-based approach to governance, compliance and security and “workflow policies.” But workflow is not policy. Workflow takes the existing manual actions and approvals in the current, inefficient IT operating model and executes them when someone makes a request. Workflows with enough decision points and manual approvals may approximate policy, but the resulting complexity makes it impossible to maintain or implement at scale.
Infrastructure-Only Policy Controls are Not Sufficient
Manhy cloud management tools focus on management and policy at the infrastructure level. But this is inadequate when the unit of provisioning and self service, on-demand access is the application, application platform or service. For example, unless governance, compliance and security policy is enforced at the application level, there is no way to ensure that an application using credit card data won't be deployed in a non-compliant public cloud.
Rigid, Pre-Defined Deployment Policy, Too Limiting
Some cloud management tool vendors provide pre-defined deployment policies that are inflexible and can’t be extended. For enterprises in highly regulated industries, this barely scratches the surface of what’s needed for their governance and security requirements. Enterprises require an extensible meta model, allowing the ability to add new attributes for policy reference. Enterprises require the ability to write completely custom policies and implement them rapidly. Policies can include:
- Regulatory compliance policies
- SLA policies including autoscaling
- Security zones policies for each SDLC stage
- Monitoring/auditing policies for each SDLC stage
- Fine-grain access control policies
- Enforcement of Standard Operating Environments (SOEs)
- Workload placement policies
- Backup and failover policies
- VM quotas and scheduling
- Metering/charge back policies