Governance for IaaS Environments

January 18, 2022

Governance for IaaS Environments

Let’s start with some humor: what’s the difference between a cloud architect and a meteorologist? The meteorologist can predict the future, while the cloud architect can’t. Sounds like a joke, but the lack of governance that can lead to unexpected cloud bills is not funny.

Governance is critical in any cloud environment, and it becomes more complex when we talk about IaaS (Infrastructure as a Service) environments. In an IaaS environment, the provider manages the infrastructure, like hardware and data centers, while the customer has control over the operating systems, middleware, and applications. Therefore, it’s vital to ensure that your IaaS systems follow best practices, policies, and regulations.

Let’s compare how different cloud providers address IaaS governance:

AWS

Amazon Web Services (AWS) offers several tools that can help enforce governance in IaaS environments. AWS Config is a service that provides a detailed inventory of AWS resources and tracks changes to those resources. AWS Config Rules is a feature that evaluates resource configurations against predefined best practices, and you can create your own custom rules. AWS Trusted Advisor scans your AWS infrastructure and provides recommendations for cost optimization, security, fault tolerance, and performance improvement.

Azure

Azure policies provide a set of rules that can enforce compliance requirements and best practices for all resources in a given Azure subscription. Azure Security Center can monitor the security state of services running on-premises, in Azure, or other cloud providers. Azure Monitor provides a centralized solution to monitor your infrastructure, systems, and applications using metrics, logs, and alerts.

Google Cloud Platform

Google Cloud Platform (GCP) allows you to define and enforce your policies using the Policy Library or Binary Authorization. You can monitor your system with Stackdriver Logging, Trace, and Monitoring. Stackdriver lets you analyze system logs, detect threats, and troubleshoot issues. You can also use GCP Security Command Center to assess risks, vulnerabilities, and compliance violations across your GCP resources.

In conclusion, each cloud provider offers a different set of tools and features to enforce governance in their IaaS environments. By implementing these tools, teams can ensure the security, compliance, and cost-effectiveness of their IaaS systems.

Thanks for reading! Let us know in the comments which cloud provider you prefer and why.

References

AWS Config: https://aws.amazon.com/config/
AWS Config Rules: https://aws.amazon.com/config/rules/
AWS Trusted Advisor: https://aws.amazon.com/premiumsupport/trustedadvisor/
Azure policies: https://docs.microsoft.com/en-us/azure/governance/policy/overview
Azure Security Center: https://azure.microsoft.com/en-us/services/security-center/
Azure Monitor: https://azure.microsoft.com/en-us/services/monitor/
GCP Policy Library: https://cloud.google.com/iam/docs/calling-specific-apis
GCP Security Command Center: https://cloud.google.com/security-command-center/docs/overview
Stackdriver Logging: https://cloud.google.com/logging/
Stackdriver Trace: https://cloud.google.com/trace/
Stackdriver Monitoring: https://cloud.google.com/monitoring/