Challenges of All-Cloud IT Governance

Large companies have complex organizational structures and dozens or even hundreds of business units (such as subsidiaries, divisions, product lines, departments, and project teams). Each business unit is responsible for building one or more application systems. The cloud transformation of these application systems will result in hundreds of service systems on the cloud and massive cloud resources. In addition, a large number of users, including enterprise employees, outsourced employees, and partners, need to access and operate these cloud resources. Risks such as resource idleness, misoperations, malicious operations, data leakage, and permission misconfiguration increase exponentially with the scale of cloud use. Large businesses must build a lean, centralized, and structured IT governance system to effectively control these risks, maximizing business benefits. CIOs and CTOs need to design a cloud IT governance system before migrating service systems to the cloud. In practice, the following challenges are often encountered:

• Business unit security and fault isolation. Businesses need to ensure that cloud resources, applications, and data are isolated between service units.
• Reduced impact scope of a single fault
• Flexible cloud resource adjustment adaptive to frequent changes in organizational and service architectures
• Network architecture across business units and controllable network connection channels
• Centralized management and control over the border network ingress and egress of multiple business units
• Production, development, and test environment planning
• Public resource sharing across multiple business units
• Centralized monitoring, O&M, and management of cloud resources across multiple business units
• Centralized budgets and costs management across business units Cloud costs optimization
• Prevention of cloud resources overuse
• User grouping User group authorization
• Compliance with enterprise, industry, and national security standards for cloud resources, data, and applications
• Mitigation of risks raised by misoperations, malicious operations, and permission misconfigurations
• Prevention of data leakage caused by user credentials losses
• Cloud migration of the original IT governance model as much as possible

To address these challenges, a comprehensive cloud IT governance solution and best practices are required to effectively manage business units, users, permissions, cloud resources, data, applications, costs, and security. Huawei Cloud uses the Landing Zone solution to address these challenges. Landing Zone is an aviation term, which refers to the area where helicopters and other aircraft can land safely. The solution is named Landing Zone because it can safely and smoothly migrate enterprise service systems to the public cloud. The purpose is to systematically address the IT governance and security compliance challenges brought in large-scale cloud migration.