How to Make Your Organization Successful in Public Cloud Tagging

This post originally appeared on the Gartner Blog Network.

If you use public cloud services at some scale, then you know you must tag your resources. You know you must use tagging so that your cost reports get nicely broken down; so that you can create resource groups to enable inventory, governance, automation and access control. You know this but, still, you are not doing it. Or maybe you think you are, but only less than half of your cloud resources are tagged in the way you want.

Unfortunately, this situation is something I hear in my inquiry calls more often than not. Why? Is it because of lack of enforcement measures? Is it because your cloud consumers are not disciplined? Or because tags are perceived just as administrative burden? The answer is all of the above. Tagging is a complex matter and some people assume that distributing a list of “mandatory” tags is enough. But that’s only the very beginning of your tagging strategy.

Common guidance on tagging usually stops at providing a list of suggested tags and describing the technical mechanisms for their implementation. While this is certainly important, such guidance often does not consider the organizational impact of metadata management in highly dynamic environments. Internal resistance within an organization is often the primary cause of the failure of tagging initiatives. That’s why I decided to publish a guidance framework for “Implementing a Tagging Strategy for Cloud IaaS and PaaS” (paywall). The framework is now available to Gartner for Technical Professionals subscribers and it is depicted in the figure below.

Defining your tagging dictionary is really just the beginning of your process, while enforcing tags is the very last step. The activities in between serve to internally promote the value of tagging and to lower the overhead for their implementation. Promoting tags requires the communication of their benefits and use cases. Implementing tags can be made easier through automation.

We developed this framework to make sure you’re successful in your tagging initiative. Cloud providers offer lots of native tools and constructs to manage your tags. However, tagging is not just a technical problem. By following the Gartner framework, you will also manage the organizational impact of tags, mitigate internal resistance and ease their implementation.

The Gartner framework is available today behind paywall with a 30+ page research note that explains its application in details. To know more about this research, you can also schedule an inquiry call with me (inquiry@gartner.com) or talk to your Gartner representative.

Lastly, feel free to follow me on Twitter (@meinardi) or connect with me on LinkedIn for further updates on my research. Looking forward to talking to you!

Neutralizing Shadow IT with Public Cloud Self-Service Governance

This post originally appeared on the Gartner Blog Network.

In today’s scenario where IT is at the core of business innovation, I hear organizations struggling with potentially opposing priorities. On one side, business users and developers want more agility and autonomy. On the other side, central IT must continue to achieve governance to minimize risks and improve efficiency at scale. Historically, organizations have prioritized a strictly controlled and centralized model, which was applicable because central IT was solely responsible for IT infrastructure and service delivery. However, since cloud computing, end users found an alternative path to achieving their goals, by going straight to cloud providers and bypassing central IT. Unfortunately, many of those shadow IT projects are not able to scale and expose the organization to uncontrolled risks.

Some organizations decided to address this well-known issue by reinforcing their measures to deny end user access to cloud services. Recently, a client told me how they’re blocking access on their firewall to all amazon.com IP addresses. Other organizations decided to apply their standard governance and operational processes to new cloud environments, often using the cloud just like another data center to simply provide compute, storage and network. Both of these solutions have proven to be unsuccessful as shadow IT continues to proliferate. In fact, none of these solutions enables end users to achieve the goals of becoming more autonomous and agile. Denying access or applying too much intermediation are not effective. Organizations who’ve been successful at neutralizing shadow IT have focused on enabling end users to achieve those goals while preserving the ability to enforce governance principles. To accomplish that, they’ve re-thought their operational and governance models and they became brokers of externally-sourced IT services.

Also cloud IaaS users want more autonomy and agility, they want to procure the infrastructure required to support their projects and they want to leverage the flexibility and scalability of public cloud providers as well as the access to the plethora of value-added services they offer. To support that, it is imperative that organizations develop a cloud IaaS self-service enablement and governance strategy. The figure below depicts the five approaches for self-service enablement that I collated in the recently published research note “5 Approaches for Public Cloud Self-Service Enablement and Governance” (paywall).

Some of the approaches described in the research provide fully automated provisioning workflows, others focus on regulating access and auditing end user activity and workload configurations. The illustrated approaches can provide different degrees of agility, access to innovation, end user autonomy, standardization, policy and control, provisioning automation and complexity. Therefore, it is important for organizations to understand their differences and trade-offs. However, there is no one-size-fits-all approach and technical professionals should master and implement all of them to address the different personas and use cases that live in the organization. The research also contains examples and code snippets on how to implement the described approaches on Amazon Web Services and Microsoft Azure.

To know more about this topic, you can:

Looking forward to hearing your comments!