Advice from AWS on Achieving Cloud Governance at Scale

person checking off items in a checklist

AWS just released a new white paper with recommendations to help organizations achieve governance as their cloud use scales. If you’re encountering issues as you scale – or want to plan now for anticipated growth –  AWS Governance at Scale provides a detailed look at:

    • The management, financial, and compliance challenges encountered as cloud adoption grows
    • Traditional approaches organizations often take to govern cloud workloads – and their limitations
    • AWS’ approach to achieving governance at scale, derived from best practices and from customers who have successfully operated at scale
    • Decision factors to help you determine if you need a governance solution and whether you should build or buy
    • A capability checklist to use as you assess governance solutions

If you’re curious about and how the solution scores on the AWS capability checklist, contact us for a demo and discussion.

Marianna is the Product Marketing Manager.

4 Reasons Why Cloud Governance Matters

users trying to manually govern cloud accounts

Whether you’re dipping your toes into the cloud, or you’re fully immersed, chances are you’ve heard the term ‘cloud governance’. What do we mean when we talk about governance in the cloud and why does it matter?

Cloud governance is the development and implementation of controls to manage access, budget, and compliance across your workloads in the cloud. At first glance, this definition may sound a lot like the definition of IT governance, just ‘in the cloud’. In fact, it’s tempting – especially in an organization’s early days of cloud adoption – to attempt to apply traditional IT governance methods to the cloud. But traditional IT governance, which goes like this:

User request→Manager approval→IT review→IT approval→Provisioning

is pretty much antithetical to the decentralized, rapidly growing nature of the cloud, where what you want to get to is this:

User requests cloud account or service→Validation against policies and budget→Access

Without rethinking your governance process, it is impossible to achieve the agility, speed, and cost savings benefits truly possible in the cloud. We fundamentally believe automation is key to re-inventing this process in the cloud. The result is streamlined access for users and rules that will take care of establishing, verifying, and enforcing budget and policy compliance.

Here are four reasons why cloud governance is so critical today:

Governance makes it easier to manage cloud resources

Leading cloud service providers like AWS are now advising customers to move multiple-tenant workloads residing in a single cloud account or subscription into their own distinct account. Using multiple accounts to manage distinct cloud workloads is considered a best practice today to deliver precise access control and cost management, and limit the security and financial blast radius in the event of an issue. An effective governance strategy can help organize the volume of accounts most organizations need and provide visibility around key cloud activities and trends.

Governance helps curb shadow IT

When you don’t know what systems are in use – or where corporate data resides – your risk and spend increase. Employees turn to shadow IT when they are stalled or stymied in getting access to resources to do their job. Cloud governance helps put in place the required framework to easily request and access cloud resources, giving team members access to the breadth of allowed cloud resources within compliance and budget constraints. You reduce employee frustration and the likelihood of a staff member using their personal cloud accounts out of convenience. And, in the process, you raise leadership confidence in the move to the cloud.

Governance reduces risk

Whether it’s exposed data, non-compliance with policies or regulations, or cost overruns, there are risks when operating in the cloud. A cloud governance solution can help ensure S3 buckets have proper controls to keep them private, your resource use is compliant with regulations such as HIPAA and FedRAMP, and spend is enforced so limits are not exceeded.

Governance reduces labor

Instead of having your team use spreadsheets and similar manual processes to track accounts, cost, and compliance, you can set guardrails at the appropriate point in your organizational hierarchy and have these guardrails control access, budget, and policy for the specified projects. In addition, complete governance solutions provide enforcement actions as well, allowing you to do away with necessary follow-up actions after you receive an alert. Preventing budget overruns and non-compliant activities saves time and effort. The result of labor savings is more time to focus on value-add, mission-delivering activities.

So, we’ve defined cloud governance, and we know why it matters. Now, how do you get to cloud governance? Based on our consulting experience with customers, we identified three key pillars of governance@scale: account management, budget enforcement, and compliance automation. We built around these three pillars. In future blog posts, we’ll take a detailed look at these pillars and the role they play in cloud governance.

Brian is the VP of Products at Stratus Solutions, the developer of

Cloud Governance Featured on Government Matters

Stratus on Government Matters set

I had the opportunity to participate in a recent episode of Government Matters that was sponsored by Amazon Web Services (AWS). The broad theme of the episode was security in the cloud, and my portion of the discussion focused on how cloud governance helps to ensure cloud security.

Some of the topics I covered:

    • How federal agencies can govern their presence in the cloud at scale
    • Opportunities for agencies to tailor their cloud infrastructure to meet growing missions
    • The importance of compliance regimes, like FedRAMP, to the cloud security discussion

The episode is a great introduction to the problem was built to solve: how to govern cloud access and the use of cloud resources as organizations move more workloads to the cloud.

GovLoop has a nice summary of the discussion and a link to the episode replay.

Dede is the CEO of Stratus Solutions, the developer of