Automated Governance and Continuous Compliance in Azure Government

Purpose-built financial and security controls, integrated into Azure, can keep things on track while reaping the benefits of cloud

08-12-2020
Viktar Zherdetski
IT MODERNIZATION

It is no secret that federal agencies are under constant pressure to digitally transform and innovate. Agencies are on the hook to modernize processes and accelerate IT service delivery to better meet the needs of both citizens and stakeholders. At the same time, agencies must stay on pace with evolving policies and regulations. It is a true balancing act between driving value and remaining compliant.

When it comes to the cloud, there are self-service provisioning and automation capabilities that help pave the way to success. These features help engineering teams leverage DevOps practices to accelerate application development and establish continuous delivery. Yet, agencies quickly experience the phenomenon of “cloud sprawl”; as cloud resources are spinned out quickly, IT environments descend into chaos.

To avoid this fate, governance is needed. Security and financial controls have to be established without sacrificing speed of delivery. Guardrails—not speed bumps—must be in place that help define the necessary control boundaries and keep agencies on track.

This is true for both the native and hybrid cloud. Hybrid tends to be more infrastructure as a service, which has much more scalable, mature governance models and tooling. Cloud-native leans toward heavier use of serverless technology, e.g., native services managed by the cloud service provider, such as platform as a service and software as a service, which requires the use of more purpose-built techniques and tooling to establish an effective governance framework.

With CloudForte™ for Azure, we created accelerators to help our customers enforce the level of cloud governance that best aligns to their security and financial policies. This is accomplished using enhanced native cloud services. Azure Policy, Security Center, Log Analytics, and Automation services are enriched with innovative, prebuilt configuration templates and smart automation leveraging Azure SDK, Azure APIs, and Azure Functions.

We translate clients’ governance policies and operational requirements into automation scripts and establish a CloudForte Landing Zone. This zone is a set of prebuilt ARM templates and Azure policy definitions designed to better align customers' cloud subscriptions with their requirements. The CloudForte Landing Zone creates a safety bubble around the subscription—preventing and auto-correcting mistakes, such as open ports or unprotected blob storage, while still allowing for speed and governed self-service.

 

Security is all about staying ahead of threats. Our approach provides proactive governance and prevents non-compliant resources from being created. We provide automated remediation using a combination of the CloudForte ARM Template processor as well as Azure Policy and Automation services.

Cloud can be expensive if it is not used in the right way. Despite all of the benefits of speed and self-service, costs can quickly get out of control. There are a few common influencers, including underestimating the cost of resources and over-provisioning and failure to implement scheduled shutdowns and abandoned workloads.

To help mitigate these risks, CloudForte’s Lifecycle Manager provides financial guardrails for customer workloads. An example is the fidelity of line item billing data down to the Azure Offer Rate Card (SKU) and customer contract line item numbers. Lifecycle Manager can send alerts on actual and forecasted billing data. This is especially important for initial adoption and development workloads.

As we utilize the security innovations of the native Azure services, we harness the power of our Microsoft-certified professionals focused on continually enhancing our governance services and capabilities. Our experts continuously work with Microsoft to add new capabilities as they become available.

Successful digital transformation is a direct result of the ability to securely modernize IT service delivery while staying on pace with ever-evolving mission objectives. Like never before, clients need access to innovative, next-generation tools that will continuously satisfy regulations and re-enforce governance postures while also reducing the time-to-market for mission-critical IT services.

Through integrated governance tooling like the CloudForte for Azure guardrails, agencies can proceed on a successful path to secure and cost-effective cloud solutions.

Posted by: Viktar Zherdetski

Solutions Architect Director

An SAIC solutions architect director, Viktar Zherdetski helps our clients accelerate their cloud migration implementations, with the support of our key partners and providing architectural guidance. He leads the development of innovative service capabilities for cloud, with 20 years of software development experience, along with 10 in product management and several in cloud adoption. Viktar is an advocate for process automation and implementation of tools enabling teams to succeed and high-quality products clients love. And, he is passionate about team transformation and project acceleration through continuous learning, innovation, collaboration, and knowledge sharing.  

Read other blog posts from Viktar Zherdetski >

Connect with Viktar Zherdetski: linkedin icon

< Return to Blogs