Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

10 Must-Have Automated Cloud Policies for IT Governance


Published on

As both cloud use and spend increase, enterprises need to implement automated cloud governance. IT leaders must avoid impeding the agility that cloud provides while ensuring efficient cloud spend and reducing risk. In this webinar, we will cover 10 automated policies that every enterprise should have as part of IT governance best practices for cloud.

Published in: Technology
  • FREE TRAINING: "How to Earn a 6-Figure Side-Income Online" ... ●●●
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

10 Must-Have Automated Cloud Policies for IT Governance

  2. 2. • Kim Weins • VP Cloud Strategy & Spend Optimization, Flexera • Ryan O’Leary • Senior Director, Product Management, Flexera Presenters
  3. 3. ● Developing a cloud governance process ● How to maintain agility and flexibility of cloud use ● How to automate the remediation of policy violations ● 10 automated policies that should be your top priority Agenda 2
  4. 4. Why Do Policies Need to Be “Multi-Cloud”? 3
  5. 5. Top Initiatives: Optimize Cloud, More Cloud 4
  6. 6. Few Organizations Are Automating Policies 5
  7. 7. A Common Policy Engine RightScale Cloud Management Platform Orchestrate, automate and govern workloads across all your environments. VIRTUAL SERVERS PUBLIC CLOUDS ANY CLOUD SERVICE PRIVATE CLOUDS BARE METAL SERVERS CONTAINER CLUSTERS RightScale Optima Work collaboratively across the organization to manage and optimize clouds costs. RIGHTSCALE EXTENSIBLE ORCHESTRATION API Policy-Based Governance User access controls and policies
  8. 8. Maturing Your Management of Cloud 7 Reactive Responsive PreventativeProactive Fire drill Manual policies and processes Automated policies and processes Prevent issues before they occur Automated Policies
  9. 9. Breaking Down a Policy
  10. 10. From Alert Only to Fully Automated Resolution 9 Alert only Alert Approval Automated resolution Fully automated resolution Move toward full automation as you gain confidence in policy conditions
  11. 11. Policies Go Beyond Costs 10 Policies Define and enforce governance rules Cost Unattached volumes Old snapshots Unused RIs Underutilized VMs ...and more Security Unsecured storage Open security groups Disallowed ports Open IAM policies ...and more Compliance Untagged resources Invalid tags Disallowed configurations ...and more Operational No recent snapshots No DB backup No required alerts Upsize instances ...and more
  12. 12. Customizing Out-of-the-Box Policies 11 Find untagged resources Apply default tags when possible Send an email alert/report Find untagged resources Apply default tags when possible Create a JIRA ticket Wait 48 hours and terminate/delete Out-of-the-Box Policy “Tag Checker” Customized Policy “Delete Untagged” Update resolution in JIRA ticket
  13. 13. DEMO
  15. 15. Policy: Reserved Instance Alerts 14 RI < 95% utilized? Y Email Alert/Report Pass N RI Alert Examples: -Expiration -Underutilized -Coverage
  16. 16. Policy: Unattached Volumes (UAV) 15 Unattached > x days? Y Email Alert Pass Action: Delete volume User specified to delete? Y N Email Alert N
  17. 17. Policy: Downsize Instances 16 < x% avg CPU and <y% max mem used Y Email Alert No action Action: Downsize User specified to downsize? Y N Email Alert N
  18. 18. Policy: Instance Scheduling via Tags 17 After shutdown & before start time Action: Stop instance Y After start time & before shutdown Action: Start instance Y Tag Syntax Example (M-F 8-5): instance:schedule=8-17;MO,TU,WE,TH,FR;America/New_York
  19. 19. Policy: Leverage Azure Hybrid Benefit 18
  21. 21. Policy: Security Group Anomalies 20 SG Has Anomalies Y Email Alert Pass N SG Anomaly Examples: -High Open Ports -ICMP Enabled -Rules without Descriptions
  22. 22. Policy: Open Storage Buckets 21 Public storage bucket? Y Email Alert Pass Action: Make private Check if public tag? N Y Pass Slack Alert N
  24. 24. Policy: No Recent Volume Snapshots 23 Volume has no snapshots in last x days Y Email Alert No action Action: Take snapshot User specified to downsize? Y N Email Alert N
  26. 26. Policy: Tag Checker 25 Has required tag? Has valid value? Y N Can auto-tag? Y N Email Alert Y N Fixed after x hours? Pass Pass Y Action: Terminate N
  27. 27. Policy: Disallowed Region 26 Allowed region? N Alert with Approval Y Pass Action: Tag as allowed Y Action: Terminate Approved? N
  28. 28. DEMO
  29. 29. Contact for more info Q&A 28