Governance in Cloud Computing and Azure

Title: COMP3xxxx Service Centered and Cloud Computing URL Source: blob://pdf/29c77789-eae7-4f81-9329-e428e524db9c Markdown Content: COMP 30231 -4 Cloud governance > Zoheir Ezziane ## COMP30231 Service Centric and Cloud ## Computing So far IS strategy and meeting business needs the role that cloud computing can play Implementing cloud services, the role of Enterprise Architecture and how patterns of business demand can create need for cloud services. Today Governance in cloud services implementation and management Real -life example: governance in MS Azure > 5/3/2025 2 ## Implementation lifecycle 5/3/2025 3 Governance Initial planning EA & cloud Determine target architecture Gap analysis and transition planning Implementation Two weeks ago Last week Today 5/3/2025 4 ## Video Time: Mr Chairman What is governance? Determines how decisions are made and by whom Determines who in the business is responsible for key activities and decisions and how they are made Determine who authorises expenditure and how Determines who are the final decision makers Specifies accountability and policies for controlling change > 5/3/2025 5 ## APM Definition Governance is the framework of authority and accountability that defines and controls the outputs, outcomes and benefits from projects, programs and portfolios. The mechanism whereby the investing organization exerts financial and technical control over the deployment of the work and the realization of value. APM Body of Knowledge 7th Edition, What is governance? | APM APM Association for Project Management > 5/3/2025 6 5/3/2025 7Components of governance 5/3/2025 8 Principles and policies Organization Financials Processes Metrics and tools Governance 1. Principles and policies Business rules: Decision -making hierarchy Why: Expectations; guidelines; safety; decreased number of errors 3 types of business rules: Coordination rules; Qualification and disqualification rules; Decision rules (evaluate and assign next step) > 5/3/2025 9 ## Governance 2. Organisation Executive ownership Leadership and key roles Levels of accountability E.g., steering committee? programme board? Etc. How key roles and key groups interact The role of the Enterprise Architect? What each role/group is responsible for (i.e., what they do) > 5/3/2025 10 ## Governance 2. Organisation - RACI Matrix > 5/3/2025 11 ## Governance 2. Organisation - RACI Matrix > 5/3/2025 12 Golden rule is that only one person/role can be accountable Governance 3. Financials The funding model can help to achieve financial stability and sustainability Specification of funding models: (1) Type (e.g., government or private); (2) the funding decision maker (e.g., government administrators or wealthy individuals); and (3) the funder's motivation (e.g., altruism or self -interest). > 5/3/2025 13 ## Governance 4. Processes Specific processes which must be followed Management processes Risk management Vendor contract management Performance management Standards Compliance Communications How, when, to whom, what should be communicated > 5/3/2025 14 CMMI can provide many of these components > https://cmmiinstitute.com/ > What is CMMI for Acquisition > (CMMI -ACQ)? | CMMI Consultants > (cmmi -consultants.com) Capability Maturity Model Integration Governance 5. Metrics and tools Align metrics to desired business & technology goals Service Level Agreements for vendors and cloud services QA / Testing Security Predictive metrics ( measure the causal factors leading to performance before the fact ) vs reactive ones ( What could be measured based on historical data after the fact ) > 5/3/2025 15 CMMI can provide many of these components Capability Maturity Model Integration Why governance? Governance failure may result in users turning away from the system and using workarounds There is evidence that some IT leaders think cloud computing replaces the need for governance not so! Migrating from in -house developed systems or heavily customised systems to cloud -based services is hard governance is more difficult and even more necessary Cloud service providers often offer only highly standardised governance models which may present too many risks to an organisation > 5/3/2025 16 ## Video Time: Hidden Cloud https://www.youtube.com/watch?v=UUEru7mB -dM > 5/3/2025 17 2. Governance in MS Azure Azure Governance in a nutshell Governance provides mechanisms and processes to maintain control over your applications and resources in Azure Designed to help plan initiatives and set strategic priorities Primarily implemented with two services Azure Policy Allows you to create, assign, and manage policy definitions to enforce rules for your resources Keeps resources in compliance with your corporate standards Azure Cost Management Allows you to track cloud usage and expenditures for your Azure resources and other cloud providers > 5/3/2025 19 ## Example of Azure Policy and Cost ## Management Web UIs > 5/3/2025 20 ## Azure services are designed to work ## together > 5/3/2025 21 Copyright Microsoft Corporation. All rights reserved. # Identity, governance, # privacy, and # compliance Copyright Microsoft Corporation. All rights reserved. ## Outline You will learn the following concepts: Azure identity services Azure governance features Azure privacy and compliance Copyright Microsoft Corporation. All rights reserved. Core Azure identity services Copyright Microsoft Corporation. All rights reserved. ## Compare Authentication and Authorization Copyright Microsoft Corporation. All rights reserved. ## Azure Multi -Factor Authentication Provides additional security for your identities by requiring two or more elements for full authentication. Something you know Something you possess Something you are Copyright Microsoft Corporation. All rights reserved. ## Azure Active Directory ( AAD ) Azure Active D irectory (AAD) is Microsoft Azure s cloud -based identity and access management service. Authentication (employees sign -in to access resources). Single sign -on (SSO). Application management. Business to Business (B 2B). Business to Customer (B 2C) identity services. Device management. Copyright Microsoft Corporation. All rights reserved. ## Conditional Access Conditional Access is used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies. User or Group Membership IP Location Device Application Risk Detection Copyright Microsoft Corporation. All rights reserved. Azure Governance Methodologies Copyright Microsoft Corporation. All rights reserved. ## Azure Governance Methodologies - Objective ## Domain Describe the functionality and the usage of: Role -Based Access Control (RBAC) Resource locks Tags: consists of a name and a value pair. E.g ,, apply the name Department and the value Finance to resources. Azure Policy Azure Blueprints Cloud Adoption Framework for Azure Copyright Microsoft Corporation. All rights reserved. ## Explore Role -based access control (RBAC) > Azure > Active Directory > Resource group > Resource group > User Apps User groups > Azure > subscription Fine -grained access management. Segregate duties within the team and grant only the amount of access to users that they need to perform their jobs. Enables access to the Azure portal and controlling access to resources. Copyright Microsoft Corporation. All rights reserved. ## Resource locks Protect your Azure resources from accidental deletion or modification. Manage locks at subscription, resource group, or individual resource levels within Azure Portal. Lock Types Read Update Delete CanNotDelete Yes Yes No ReadOnly Yes No No Copyright Microsoft Corporation. All rights reserved. ## Tags Provides metadata for your Azure resources. Logically organizes resources into a taxonomy. Consists of a name -value pair. Very useful for rolling up billing information. owner: joe department: marketing environment: production cost -center: marketing OR Copyright Microsoft Corporation. All rights reserved. ## Azure Policy Azure Policy helps to enforce organizational standards and to assess compliance at -scale. Provides governance and resource consistency with regulatory compliance, security, cost, and management. Evaluates and identifies Azure resources that do not comply with your policies. Provides built -in policy and initiative definitions, under categories such as Storage, Networking, Compute, Security Center, and Monitoring. Copyright Microsoft Corporation. All rights reserved. ## Azure Blueprints Azure Blueprints : R apidly build and start up new environments with a set of built -in components (such as networking ) to speed up development and delivery . Role Assignments Policy Assignments Azure Resource Manager Templates Resource Groups Copyright Microsoft Corporation. All rights reserved. ## Cloud Adoption Framework (CAF) Cost -reduction, innovation, governance, a new way of managing technology. Best practices from Microsoft employees, partners, and customers. Tools, guidance, and narratives for strategies and outcomes. Copyright Microsoft Corporation. All rights reserved. Privacy, compliance, and data protection standards Copyright Microsoft Corporation. All rights reserved. ## Security, Privacy, and Compliance helps to protect against known and unknown cyberthreats, using automation and artificial intelligence. nsure the privacy of organizations Respect local laws and regulations. Copyright Microsoft Corporation. All rights reserved. ## Compliance Terms and Requirements Microsoft provides set of compliance offerings (including certifications and attestations) of any CSP. Some compliance offerings include. CJIS Criminal Justice Information Services HIPAA Health Insurance Portability and Accountability Act CSA STAR Certification ISO/IEC 27018 EU Model Clauses NIST National Institute of Standards and Technology Copyright Microsoft Corporation. All rights reserved. ## Microsoft privacy statement The Microsoft privacy statement provides openness and honesty about how Microsoft handles the user data collected from its products and services. Copyright Microsoft Corporation. All rights reserved. ## Online Services Terms and Data Protection ## Addendum Online Services Terms: The licensing terms define the terms and conditions for the products and Online Services you purchase through Microsoft Volume Licensing programs. Data Protection Addendum: The DPA sets forth the obligations, with respect to the processing and security of Customer Data and Personal Data, in connection with the Online Services. Copyright Microsoft Corporation. All rights reserved. ## Trust Center Learn about security, privacy, compliance, policies, features, and practices across Microsofts cloud products. Copyright Microsoft Corporation. All rights reserved. ## Azure Compliance Documentation Microsoft offers a comprehensive set of compliance offerings to help your organization comply with national, regional, and industry -specific requirements that govern the collection and use of data. Copyright Microsoft Corporation. All rights reserved. ## Azure Sovereign Regions (US Government ## services) Meets the security and compliance needs of US federal agencies, state and local governments, and their solution providers. Copyright Microsoft Corporation. All rights reserved. ## Azure Sovereign Regions (Azure China) Microsoft is China s first foreign public cloud service provider, in compliance with government regulations. Summary and Seminar Topic Summary Effective governance is key to all aspects of the provision of cloud services before, during and after implementation Good governance covers topics related to finance and organisation Azure implements its own services to help you with your companys cloud governance > 5/3/2025 47 ## Seminar topic Consider the BBC The BBC is very large organisation They have many large projects These are often IT projects They make mistakes One such failed project is the Digital Media Initiative This seminar is about understanding the failures of the DMI You are a member of the BBC board, having just received the report from the National Audit Office you want to try and understand the failures in governance > 5/3/2025 48 ## Seminar topic Read National Audit Office Memorandum on BBC Digital Media Initiative (Executive Summary), January 2014 in NOW The Digital Media Initiative was cancelled in July 2013 after incurring costs of nearly 130 million Using the five components of governance outlined earlier, identify actions and steps (related to governance) the BBC should have taken to reduce risks or avoid issues related to the implementation of its Digital Media Initiative

Title: COMP3xxxx  Service Centered and Cloud Computing

URL Source: blob://pdf/29c77789-eae7-4f81-9329-e428e524db9c

Markdown Content:
COMP 30231 -4  Cloud governance

> Zoheir Ezziane

## COMP30231   Service Centric and Cloud

## Computing

So far

IS strategy and meeting business needs   the role that cloud computing can

play

Implementing cloud services, the role of Enterprise Architecture and how

patterns of business demand can create need for cloud services.

Today

Governance in cloud services implementation and management

Real -life example: governance in MS Azure

> 5/3/2025 2

## Implementation lifecycle

5/3/2025  3

Governance

Initial

planning  EA & cloud  Determine  target

architecture

Gap analysis and

transition planning  Implementation

Two weeks ago  Last week

Today 5/3/2025  4

## Video Time: Mr Chairman What is governance?

Determines how decisions are made and by whom

Determines who in the business is responsible for key activities

and decisions and how they are made

Determine who authorises expenditure and how

Determines who are the final decision makers

Specifies accountability and policies for controlling change

> 5/3/2025 5

## APM Definition

Governance  is the  framework  of authority and accountability that

defines and controls the outputs, outcomes and benefits from

projects, programs and portfolios.

The  mechanism  whereby the investing organization exerts financial

and technical control over the deployment of the work and the

realization of value.

APM Body of Knowledge 7th Edition,  What is governance? | APM

APM   Association for Project Management

> 5/3/2025 6

5/3/2025  7Components of governance

5/3/2025  8

Principles

and policies

Organization

Financials Processes

Metrics and

tools Governance  1. Principles and policies

Business rules: Decision -making hierarchy

Why: Expectations; guidelines; safety; decreased number of errors

3 types of business rules: Coordination rules; Qualification and

disqualification rules; Decision rules (evaluate and assign next step)

> 5/3/2025 9

## Governance  2. Organisation

Executive ownership

Leadership and key roles

Levels of accountability

E.g., steering committee? programme board? Etc.

How key roles and key groups interact

The role of the Enterprise Architect?

What each role/group is responsible for (i.e., what they do)

> 5/3/2025 10

## Governance   2. Organisation  - RACI Matrix

> 5/3/2025 11

## Governance  2. Organisation - RACI Matrix

> 5/3/2025 12

Golden rule is that only one person/role can be accountable Governance   3. Financials

The funding model can help to achieve financial stability and

sustainability

Specification of funding models: (1) Type (e.g., government or

private); (2) the funding decision maker (e.g., government

administrators or wealthy individuals); and (3) the funder's

motivation (e.g., altruism or self -interest).

> 5/3/2025 13

## Governance   4. Processes

Specific processes which must be followed

Management processes

Risk management

Vendor contract management

Performance management

Standards

Compliance

Communications

How, when, to whom, what should be communicated

> 5/3/2025 14

CMMI can

provide

many of

these

components

> https://cmmiinstitute.com/
> What is CMMI for Acquisition
> (CMMI -ACQ)? | CMMI Consultants
> (cmmi -consultants.com)

Capability Maturity

Model Integration Governance   5. Metrics and tools

Align metrics to desired business &

technology goals

Service Level Agreements for vendors and

cloud services

QA / Testing

Security

Predictive metrics ( measure the causal factors

leading to performance before the fact ) vs reactive

ones ( What could be measured based on historical

data after the fact )

> 5/3/2025 15

CMMI can

provide

many of

these

components

Capability Maturity

Model Integration Why governance?

Governance failure may result in users turning away from the

system and using workarounds

There is evidence that some IT leaders think cloud computing

replaces the need for governance   not so!

Migrating from in -house developed systems or heavily customised

systems to cloud -based services is hard   governance is more

difficult and even more necessary

Cloud service providers often offer only highly standardised

governance models which may present too many risks to an

organisation

> 5/3/2025 16

## Video Time: Hidden Cloud

https://www.youtube.com/watch?v=UUEru7mB -dM

> 5/3/2025 17

2. Governance in MS Azure Azure Governance in a nutshell

Governance provides mechanisms and processes to maintain

control over your applications and resources in Azure

Designed to help plan initiatives and set strategic priorities

Primarily implemented with two services

Azure Policy

Allows you to create, assign, and manage policy definitions to enforce rules for

your resources

Keeps resources in compliance with your corporate standards

Azure Cost Management

Allows you to track cloud usage and expenditures for your Azure resources

and other cloud providers

> 5/3/2025 19

## Example of Azure Policy and Cost

## Management Web UIs

> 5/3/2025 20

## Azure services are designed to work

## together

> 5/3/2025 21

# Identity, governance,

# privacy, and

## Outline

You will learn the following concepts:

Azure identity services

Azure governance features

## Azure Multi -Factor Authentication

Provides additional security for your identities by requiring two or more

elements for full authentication.

Something you know    Something you possess

## Azure Active Directory ( AAD )

Azure Active D irectory (AAD) is Microsoft Azure s cloud -based identity

and access management service.

Authentication (employees sign -in to access resources).

Single sign -on (SSO).

Application management.

Business to Business (B 2B).

Business to Customer (B 2C) identity services.

## Conditional Access

Conditional Access is used by Azure Active Directory to bring signals

together, to make decisions, and enforce organizational policies.

User or Group Membership

IP Location

Device

Application

## Azure Governance Methodologies  - Objective

## Domain

Describe the functionality and the usage of:

Role -Based Access Control (RBAC)

Resource locks

Tags:  consists of a name and a value pair.  E.g ,, apply the name

Department and the value Finance to resources.

Azure Policy

Azure Blueprints

## Explore Role -based access control (RBAC)

> Azure
> Active Directory
> Resource group
> Resource group
> User Apps User groups
> Azure
> subscription

Fine -grained access management.

Segregate duties within the team

and grant only the amount of

access to users that they need to

perform their jobs.

Enables access to the Azure portal

## Resource locks

Protect your Azure resources from accidental deletion or

modification.

Manage locks at subscription, resource group, or individual resource

levels within Azure Portal.

Lock Types  Read  Update  Delete

CanNotDelete  Yes  Yes  No

## Tags

Provides metadata for your Azure

resources.

Logically organizes resources into

a taxonomy.

Consists of a name -value pair.

Very useful for rolling up billing

information.  owner: joe

department: marketing

environment: production

cost -center: marketing

## Azure Policy

Azure Policy  helps to  enforce organizational standards and to assess

compliance  at -scale. Provides governance and resource consistency  with

regulatory compliance, security, cost, and management.

Evaluates and identifies Azure

resources that do not comply with your

policies.

Provides built -in policy and initiative

definitions, under categories such as

Storage, Networking, Compute,

## Azure Blueprints

Azure Blueprints : R apidly build and start up new environments with a set

of built -in components (such as networking ) to speed up development and

delivery .

Role Assignments

Policy Assignments

Azure Resource Manager Templates

## Cloud Adoption Framework (CAF)

Cost -reduction, innovation, governance, a new way of

managing technology.

Best practices from Microsoft employees, partners, and

customers.

Tools, guidance, and narratives for strategies and

Privacy, compliance, and data protection

## Security, Privacy, and Compliance

helps to protect against known and unknown

cyberthreats, using automation and artificial intelligence.

nsure the privacy of organizations

## Compliance Terms and Requirements

Microsoft provides set of compliance offerings (including certifications

and attestations) of any CSP. Some compliance offerings include.

CJIS

Criminal Justice Information Services

HIPAA

Health Insurance Portability and

Accountability Act

CSA STAR Certification  ISO/IEC 27018

EU Model Clauses  NIST

National Institute of Standards and

## Microsoft privacy statement

The Microsoft privacy statement provides openness and honesty

about how Microsoft handles the user data collected from its products

## Online Services Terms and Data Protection

## Addendum

Online Services Terms:  The licensing terms define the terms and

conditions for the products and Online Services you purchase through

Microsoft Volume Licensing programs.

Data Protection Addendum: The DPA sets forth the

obligations, with respect to the processing and security of

Customer Data and Personal Data, in connection with the

## Trust Center

Learn about security, privacy, compliance, policies, features, and

## Azure Compliance Documentation

Microsoft offers a comprehensive set of compliance offerings to help your

organization comply with national, regional, and industry -specific requirements

## Azure Sovereign Regions (US Government

## services)

Meets the security and compliance needs of US federal agencies,

## Azure Sovereign Regions (Azure China)

Microsoft is China s first foreign public cloud service provider, in

compliance with government regulations. Summary and Seminar Topic Summary

Effective governance is key to all aspects of the provision of cloud

services   before, during and after implementation

Good governance  covers topics related to finance and organisation

Azure implements its own services to help you with your companys

cloud governance

> 5/3/2025 47

## Seminar topic

Consider the BBC

The BBC is very large organisation

They have many large projects

These are often IT projects

They make mistakes

One such failed project is the Digital Media Initiative

This seminar is about understanding the failures of the DMI

You are a member of the BBC board, having just received the report

from the National Audit Office  you want to try and understand the

failures in governance

> 5/3/2025 48

## Seminar topic

Read  National Audit Office Memorandum on BBC Digital Media

Initiative (Executive Summary), January 2014  in NOW

The Digital Media Initiative was cancelled in July 2013 after

incurring costs of nearly 130 million

Using the  five components of governance  outlined earlier, identify

actions and steps (related to governance) the BBC should have

taken to reduce risks or avoid issues related to the implementation

of its Digital Media Initiative

Transcript for:Governance in Cloud Computing and Azure

Transcript for:
Governance in Cloud Computing and Azure