It is no secret that federal agencies are under constant pressure to digitally transform and innovate. Agencies are on the hook to modernize processes and accelerate IT service delivery to better meet the needs of both citizens and stakeholders. At the same time, agencies must stay on pace with evolving policies and regulations. It is a true balancing act between driving value and remaining compliant.
When it comes to the cloud, there are self-service provisioning and automation capabilities that help pave the way to success. These features help engineering teams leverage DevOps practices to accelerate application development and establish continuous delivery. Yet, agencies quickly experience the phenomenon of “cloud sprawl”; as cloud resources are spinned out quickly, IT environments descend into chaos.
To avoid this fate, governance is needed. Security and financial controls have to be established without sacrificing speed of delivery. Guardrails—not speed bumps—must be in place that help define the necessary control boundaries and keep agencies on track.
This is true for both the native and hybrid cloud. Hybrid tends to be more infrastructure as a service, which has much more scalable, mature governance models and tooling. Cloud-native leans toward heavier use of serverless technology, e.g., native services managed by the cloud service provider, such as platform as a service and software as a service, which requires the use of more purpose-built techniques and tooling to establish an effective governance framework.
With CloudForte™ for Azure, we created accelerators to help our customers enforce the level of cloud governance that best aligns to their security and financial policies. This is accomplished using enhanced native cloud services. Azure Policy, Security Center, Log Analytics, and Automation services are enriched with innovative, prebuilt configuration templates and smart automation leveraging Azure SDK, Azure APIs, and Azure Functions.
We translate clients’ governance policies and operational requirements into automation scripts and establish a CloudForte Landing Zone. This zone is a set of prebuilt ARM templates and Azure policy definitions designed to better align customers' cloud subscriptions with their requirements. The CloudForte Landing Zone creates a safety bubble around the subscription—preventing and auto-correcting mistakes, such as open ports or unprotected blob storage, while still allowing for speed and governed self-service.