Introduction: After more than ten years of development, cloud computing, from basic IAAS, big data, to various PaaS, has a rich product and ecosystem, which has effectively facilitated business growth and technological innovation, and improved business efficiency. The most intuitive feeling is that what used to take a few days to a month of resource delivery can now be achieved in seconds.

The video interpretation: yqh.aliyun.com/live/cloud\…

background

After more than ten years of development, cloud computing, from basic IAAS, big data, to various PaaS, has a rich product and ecosystem, which has effectively facilitated business growth and technological innovation, and improved business efficiency. The most intuitive feeling is that what used to take a few days to a month of resource delivery can now be achieved in seconds.

However, while obtaining the efficiency of cloud, we will also find that many enterprises will encounter the following problems due to the lack of unified management and governance planning:

  • The first is identity risk. For example, risky operations cannot be traced back to the responsible person, or AK is written in the code and accidentally leaked, leading to IT assets being controlled by hackers, or employees cannot recover their permissions in time after leaving, and employees conduct malicious operations. These are all risks that may be encountered in the identity field.
  • The second is runaway costs. A common problem is that there is no control at the beginning of the cloud on the enterprise, and multiple employees buy cloud resources without limit, resulting in out-of-control costs. Or enterprise resources belong to multiple accounts and are idle and cannot be reused due to detection difficulties.
  • The third category is management challenge. For example, without good planning, O&M personnel apply for some networks randomly to meet service requirements, resulting in network segment conflicts. Another example is the lack of standardized norms, leading to only human operation and maintenance, unable to be automated, stability is challenged, and overall operation and maintenance efficiency is low.
  • The fourth category is compliance risk. As the country’s regulatory requirements will be more and more stringent, do such compliance, many enterprises found that they have a lot of loopholes. In fact, these loopholes are caused by the lack of reasonable planning and security baseline at the beginning of the cloud.

So how can enterprises avoid these risks as much as possible, so as to efficiently and quickly implement cloud landing?

These problems seem scattered on the surface, but in practice, unified planning and governance will have a great impact on cloud efficiency in the enterprise. In the process of serving a large number of enterprise customers, Ali Cloud concludes that there are the following two types of cloud on enterprise customers:

  • Ragnar Vorstek and Ragnar Vorstek manage up to 10 billion impressions by mobile AD Petra. One group is managed by established global companies, such as Petra Vorstek and Ragnar Vorstek, who manage up to 10 billion IT users. So before the cloud, can put forward to ali cloud very accurate IT management requirements, such as network security compliance, financial and operational basis of governance framework set up well before cloud in our business, then in the process of on cloud can avoid these IT governance, quick delivery resources, faster enjoy cloud efficient, maximize the value of the cloud.
  • But there are also mobile mobile users up to 10 billion impressions. Other businesses, such as Internet pioneers, reach up to 10 billion impressions each, and reach up to 10 billion impressions each. If a unified governance plan is not made in the early stage of cloud service, problems will gradually be exposed in the process of cloud service, such as identity leakage, network address conflict, etc. At this time, it is necessary to invest a lot of manpower and material resources to continuously repair these problems, affecting the efficiency of cloud service delivery. In addition, in the process of repair, if there is no long-term consideration and only a temporary plan to solve the problem, it may leave a bigger hidden danger for the future, and the overall upward cloud curve will be longer.

From the analysis of the above two types of customers, IT can be found that no matter whether the customer is business first or governance first, unified governance management planning is needed from the early stage of the cloud, so as to make the enterprise’s IT management on the cloud more smooth.

Then whether does this management plan have method, how to land in the enterprise? Cloud governance center is our implementation of the landing of an important product.

Cloud governance center positioning

The cloud management center provides a unified platform for enterprises to manage and manage cloud resources. On the one hand, the cloud governance center provides friendly wizard, which can lower the learning threshold and quickly build the cloud framework on LandingZone in one stop.

On the other hand, the cloud governance center provides continuous observation and tracking of the governance situation. When the business and compliance requirements of enterprises change, it is easy to maintain and update, ensuring that the environment on the cloud can always meet the requirements of enterprises.

Core functions of the cloud governance center

Specifically, the cloud governance center has the following core capabilities:

  • The first is to help enterprises analyze the current governance status. Generally, operating systems have a root or admin administrator account. However, on Aliyun, we suggest customers to use the management structure of multiple accounts. They need to create a cloud account with the highest authority, called master account, which can manage the cloud resources of the whole enterprise. The security requirements of this account are very high, so the decision is critical. For enterprises that log in to the cloud for the first time, the cloud management center can set the current blank account as the administrator account. For enterprises running services on the cloud, the cloud management center can analyze the current account status and help customers decide whether to optimize or create a new management account.
  • The second capability is to automatically configure the multi-account environment. Multi-account is the basis of the cloud framework on LandingZone. The cloud governance center can help customers plan the current multi-account structure, including business relationships, resource directories, and necessary functional accounts, such as log and shared service accounts.
  • The third ability is to set up compliance baseline. Many customers have the need of compliance, but do not know how to set up and which are the necessary compliance rules. Cloud governance center will recommend enterprise available compliance rules, the main use of ali cloud configuration audit ability and the ability to control strategy, these rules strategy will be automatically applied to all accounts under the enterprise, does not need client is configured to each account, can guarantee the enterprise all cloud account regulated, so as to reduce business risk.
  • The fourth capability is an account creation capability under development called account factories. As a best practice, we recommend that each independent business unit create an account for management to facilitate settlement and isolation of resources and permissions. However, a new account needs to be supervised by the enterprise and compliance configuration, such as security group, tag and user role, needs to be set in advance, which is a complicated process. Through the account factory in the cloud governance center, consistent compliance cloud accounts can be easily created and quickly delivered to the business team for use. For the business team, they do not need to care too much about security, network and resource compliance rights when they get such an account. They just need to focus on the needs of the business to create cloud resources and migrate the business to the cloud.
  • The fifth function is sustainable governance. The cloud governance center monitors the compliance of all account resources in the enterprise, including whether the enterprise resource catalog is modified, whether there is permission to create without permission, whether any account does not meet the baseline requirements and which account is in arrears, etc. In addition, the cloud management center can improve the observability of cross-account resources. Administrators can observe the distribution and change trend of all enterprise resources.

The cloud governance center scenario

In terms of scenarios, when an enterprise encounters the following problems, it can use the cloud governance center to implement unified governance.

The first is the lack of unified management of a large number of accounts. Because each cloud account is managed by each business line, enterprises cannot know how many accounts there are. Improper account management may lead to enterprise data leakage.

The second is the enterprise’s employee account management chaos. Some enterprise accounts have excessive authorization, and the accounts of resigned employees are not recovered uniformly, which may lead to the risk of malicious operation.

Third, enterprises need to meet the requirements of internal and external supervision, unified collection of logs, set unified compliance rules.

open

The above describes how to use the cloud governance center to build a unified IT governance environment. If you are interested, you can search “Cloud governance Center” on the official website of Ali Cloud to open a trial.

The original link

This article is the original content of Aliyun and shall not be reproduced without permission.