The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

Improve your governance in Oracle Cloud Infrastructure

Julien Lehmann
Director of Cloud GTM JAPAC
This is a syndicated post, view the original post here

What is Cloud Governance

When I say cloud governance, most people immediately associate that word with bureaucracy restrictions, red tape, and just general inefficiency. However, a good cloud governance framework should improve efficiency, accelerate growth, and reduce risks especially as a remote workforce creates uncertainty and unchecked threats. So there’s never been quite as pressing a time as we are in right now to address governance.

Governance is actually just a set of well-thought rules you create, monitor, and amend as necessary in order to control costs, improve efficiency, and eliminate security risks. Let me guide you through the services Oracle Cloud Infrastructure offers you to help build your governance.  And first, let me point out that some cloud service providers view governance security features as an additional source of revenue, as opposed to a standard service. Oracle provides all the features to all customers by default and mostly with free services because good governance is just not an option. 

Keep your budget under control

Price is a big parameter in favor of starting your journey to the cloud and it's usually starting nicely. But soon as your environment grows and as you start moving production workloads to the cloud, controlling cloud cost is the most common challenge people encounter. The unpredictability of the cloud cost combined with the complexity of the invoices is creating headaches for enterprises that need to control their budget and distribute their IT costs by department or project usage at the end of the month.

When Oracle designed its cloud offering, we wanted to help address enterprise needs, so we included the following elements to control your costs from the start:

  • Compartments: Using compartments as logical isolated entities allows you to separate resources in distinct projects in which you can track usage as well as limit consumption to the resources that are necessary.
  • Budget and Quotas: The budget and quota service are dedicated to helping you to monitor and control your cloud consumption either based on cost (budgets) or on resources available to your team (quotas). This way you to get a clear view of the consumption per item but as well to trigger an event such as a notification or a corrective action as soon as the trend of consumption is heading towards or above your budget. The budgets can be defined per resources, per compartment, or by tags assigned by default to specific resources so that you can have multiple ways of monitoring and controlling your consumption. 
  • Unified billing: For larger organizations that are managing several tenancies, Oracle offers as well the possibility to combine the billing and the contracts for those tenancies into one to simplify your administration as well as benefit from the possibility of combining the commitments together. 

Optimize your cloud performance/cost ratio

Cloud lives on the promise of scalability and the possibility to scale up or down horizontally as the demand increase so that IT cost could reflect the evolution in the IT demand as close as possible. Often though we see customers that are not profiting from that promise and either oversize their VM and just wrongly manage their storage incurring unnecessary cost unwillingly. 

  • Cloud Advisor: This recently launched service is designed to analyze your usage and help you adjust your resources according to real consumption alerting you when your resources are too large for your needs or unused like non-attached block storage. Basically, Cloud Advisor helps you reduce your cloud cost without impacting the performance. 
  • Operations Insights: This service, launched as well recently, is dedicated to optimizing your database usage. With functionality such as capacity planning and performance analysis using machine learning, it can predict utilization using up to 25 months of historical data and identify under-utilized servers for repurposing.  This way, you get better performance to keep up with your user demand without overbuying. See a 10 minutes demo of Operations Insight here

Reduce your security risks

Governance and security are tightly intertwined. But as countless recent data breaches are teaching us, complexity is the enemy of security. With this idea in mind Oracle took a very different approach towards security: Focusing first on tenancy deep isolation from attacks and from each other and second developing a series of security services accessible for free (or with very generous packages) that are simplifying security based on Oracle best practices such as:

  • Security Zones: In such zones, you will be locating your most confidential asset and let Oracle enforce security rules on the resources located in that zone so that insecure posture would just not be possible. This way human errors or unintended misconfigurations are avoided. 
  • Cloud Guard: Cloud Guard service can analyze data, detect threats and misconfigurations automatically, then hunt and kill those security threats on your behalf. Oracle Cloud Guard can proactively protect your assets at all times and automatically intervene without human intervention. This service allows you to get a full review of the security posture of your environment in a single pane of glass and suggest a remediation path. Then you can choose to apply automatically such remediation by default in the future. 

See a brief demo of both Security Zones and Cloud Guard in action here.

  • Oracle Vaults: Encryption is the number one rule to secure your content. In Oracle Cloud we made the choice to encrypt all the content in transit and at rest by default. This encryption can be done using Oracle managed keys but you can as well create or import your keys in our FIPS 140-2, Level 3-certified, hardware security module (HSM). We propose as well other vaults to store your encrypted secrets, your database keys or soon your certificates.
  • Web Application Firewall (WAF):   As part of our advanced network solution portfolio the use of WAF should not be an option for any application that is exposed to the internet. That’s why we’ve developed that service including the sophisticated Bot Management solution to fight malicious bots into our portfolio and made it available with a generous package. Oracle WAF service can protect you against malicious bots and Layer 7 DDOS. Layer 3 DDOS mitigation service is already integrated by default in all OCI regions across the world.

With this approach focusing on simplifying security, we resist the temptation of becoming a feature factory and multiplying the knobs and levers and rather provide a holistic security platform so that security is not anymore a blocker but a guardrail to keep your assets safe. 

And comply with your regulation

At last, if you are in a regulated industry you want to be sure your governance includes compliance considerations as well. Oracle Cloud has a wealth of information on various audits and attestations for common industry standards like PCI DSS, ISO 27,001 and SOC reports. All our reports and certificates are easily accessible on our console so feel free to consult the ones that relate to help achieve your own compliance goals.


Governance is a good thing

Governance and security are big topics in the cloud world but they shouldn't be feared or dreaded. If they just create a layer of bureaucracy and slow things down then you're doing it wrong. Approach governance as a way to empower and enable your organisation to maximise their cloud value, avoid costly problems and generally avoid all out anarchy.

Making it easier to implement and maintain good governance in the cloud is at the core of Oracle's approach. If you’re in the Cloud or moving to the Cloud you might want to take a look; there is no harm in being better informed. Discover more about Oracle Cloud here.




Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha