Navigate Cloud Governance with Microsoft’s Five Essential Disciplines

Feb 16, 2023

We at Planet Technologies are no stranger to migrating users, files, and workloads to M365 and Azure cloud environments.  In doing so, we work with our customers to strategize and develop, their tenants and solutions to be highly secure and compliant. Organizations looking to update their environments often hear many buzzwords in the process, including security, compliance, and governance.   But how much attention is really given to governance? How much attention does it deserve?

When there is a meeting on my calendar to discuss these three topics, we will mostly cover security, including multi-factor authentication, single sign on, or maybe alignment to compliance standards such as NIST 800-171 or 800- 53, HIPAA or CJIS. Unfortunately, governance isn’t brought up as often but can be just as critical if not more so in any cloud deployment. This can be colored with a broad brush of grey, as many governance solutions can fall into a security or compliance discussion, and we can walk away thinking we did our due diligence on the topic of governance. But is that true?

What is Cloud Governance?

Cloud governance is a set of principles and corresponding solutions defined and configured within your organization to provide effective and efficient management of your cloud environment.

It’s difficult to understand why there are not more discussions focused solely on achieving “effective and efficient management.” Fortunately, Microsoft has created a list of categories called the “Five Disciplines of Cloud Governance” that can help your organization thrive.

Microsoft’s Five Disciplines of Cloud Governance

  1. Cost Management – Identifies potential cloud-related risks related to IT spending and provides risk-mitigation guidance to the business and IT teams responsible for deploying and managing cloud resources.
  2. Security Baseline – Identifies potential security threats to your cloud environment and establishes procedures for addressing these threats. This should be a priority for any IT security or cybersecurity team. The Security Baseline discipline ensures technical requirements and security constraints are consistently applied to cloud environments, as those requirements mature.
  3. Identity Baseline – Provides the core mechanisms supporting access control and organization within IT environments, and the Identity Baseline discipline complements the Security Baseline discipline by consistently applying authentication and authorization requirements across cloud adoption efforts.
  4. Resource Consistency – Focuses on ways of establishing policies related to the operational management of an environment, application, or workload.
  5. Deployment Acceleration – Establishes policies to govern asset configuration or deployment including deployment, configuration alignment, and script reusability.

It’s easy to see how any talk of governance could quickly go down the security or compliance rabbit hole, as a security conversation would touch on two or three of these disciplines while compliance is often addressed in at least two of these “buckets.” But cloud governance is a large and in-depth conversation on its own, and it’s time to give governance its moment in the spotlight.

Many financial analysts, corporations, and governments are preparing for an economic downturn. The severity of course is never known beforehand, but most organizations prepare for all possible scenarios. Cloud governance should be a required discussion regardless of external factors or pressures, but especially in a time of smaller staffing and lighter budgets, it’s a critical conversation.

Contact your Planet Technologies Cloud Strategist and get this conversation started today! We’ve got you covered.