How important is governance for cloud applications? The short and simple answer, in my humble opinion, is a lot. In fact, it can’t be emphasized enough.
Governance is the act of policy establishment, continuous monitoring, and the separation of authorities and duties within a system. So, as a concept, it’s realized by identity and access management (IAM) services that are a cornerstone for any modern IT infrastructure or cloud application.
Cloud applications offer services to different users within the same platform. A property known as multi-tenancy, which is required for cloud applications. When cloud applications manage resources that belong to an organization or a team, you really want a governance model in place. Why? To regulate the access among the members of the organization on these resources, and how they are distributed and managed. It needs to be a key part of your overall cloud management strategy.
So how do we handle governance for cloud applications? Let me explain.
Governance for cloud applications our way
Here at Stackmasters, as a Python Developer, I get to design and implement a cloud application, which provides an API for cloud management. This software service automates recurrent routine tasks that occur in the management of a cloud environment. So things like the installation and configuration of an application stack (e.g. a web site) as well as whole workflows. Task automation, then, simplifies the cloud management for organizations and teams, and acts as a helping tool for cloud administrators and DevOps teams by allowing system changes through API calls in standard fashion.
Now, we want this API to be easily accessible from different clients – be it CLI’s or a front end client running on a browser, or just a shell. What do we need to achieve this accessibility? Simple, we need a service to authenticate the user and perform permission checking. At the same time, we need to keep usage statistics for different users.
For the implementation of this service, we use Role Based Access Control (RBAC) resource governance approach, which sets the ‘role’ as the basic authorization unit. We create roles by combining different permissions and we assign these roles to users or groups of users. Clever eh? Nope, just the right governance for cloud applications framework for us.
Find the right fit for your company
While there are many other resource governance methodologies and techniques, the above approach seems to be the right fit for our application. The reasons are simple, it is down to its simplicity and robustness. It is also logically close to the multi-tenant environments and governance models we have seen in many cloud technologies we use every day.
For example, OpenStack’s identity service: Keystone, which offers API authentication, service discovery and distributed multi-tenant authorization. This one is based on the idea that identification should be a separate, standalone and isolated service. Keystone’s architecture inspired me on designing our identity service. We have used some ideas, such as the way tenants are organized and used, acting as the base unit of ownership or the way user roles are applied to define the level of authorization rights.
The secret to governance for cloud applications is basically that there is no secret. It’s one of the central cogs in your system management in this modern age of digital transformation. It decides the policies you establish, the monitoring you will have in place, and separates authorities and duties within your system. Any modern IT infrastructure or cloud application worth its salt must ensure that they have the right governance in place. So, if you are not making it a priority already get on the case today!