As we lurch into the roaring twenties we thought it might be interesting to consider what lies ahead in the ‘exciting’ world of cloud governance. We are unsure exactly when ‘shadow IT’ reached ‘peak sprawl’ but it was likely at some point in the middle of the twenty-tens. What seems certain is that when it comes to IT governance there is still the same need to balance the benefits of agility and speed which come from decentralization, against key business risks be they security and/or cost management.

One thing for sure is that what is encompassed within cloud governance very much depends on where you sit within an organization. Microsoft has produced some interesting content on these different perspectives, which they have boiled down into a notional ‘Five Disciplines’. From our own perspective, we probably think mostly around cost management and cost optimization. Obviously, if you sit within a security related function within a company or are a vendor of security tools, cloud governance means something quite different. The other factor impacting perspective is where you stand on the so-called ‘cloud journey’. If you are still working on migrating your first workloads to the cloud you will have a completely different outlook than if you have been in the cloud for the last 10 years and built your entire business model from the ground up in the public cloud.

Now that we are in 2020, what does this all mean? The cloud world is full of predictions but one often cited that caught our eye is that in 2020 some 83% of enterprise workloads will be in the cloud with approximately half of these being in the public cloud (AWS, Azure and GCP for example). The growth in public cloud over the last decade has been enormous and with it a management task that has moved beyond a scale that humans can manage. Automation has been part of the cloud since its inception, but the move to automated governance has begun and without a doubt will continue to accelerate in the coming years. Be it automated, from cloud guardrails which prevent misconfigurations which enable malicious attackers to penetrate what was considered well protected systems, to automated cloud cost control which automatically schedules resources to be available when required (and off when not) or adjusted to the rightsize to meet the needs of the workload. It’s also not just the infrastructure layer that’s going to get automated as new tools emerge including application resource management, which enables the entire application stack to be automated using software.

In reality, most of what is termed ‘automation’ in the world of cloud governance in 2020 are in truth recommendations which are then manually implemented or for those who are able to align with internal process some kind of semi-automation such as the use of policies. These often still require sophisticated workflows, approval processes and sign-offs from operations and business owners. Few organizations have moved to fully automated governance actions were, in essence, the machines are being used to manage machines. Just as with the move towards autonomous vehicles, driver augmentation via adaptive cruise control, lane-centering, etc. is now considered almost standard on new cars, and so is at least some level of automation in governance is becoming a standard requirement. Being delivered a list of hundreds of recommendations in the last decade was considered a vast improvement on the status quo. In the next decade, these recommendations will likely increasingly become invisible as infrastructure optimization is managed in an ongoing and continuous manner and will require little or no human input.

The range of governance tasks to be automated is also likely to grow. We can already observe the way cost management is increasingly being automated and our own customers are getting comfortable with more ‘set it and forget it’ automation processes based on policies they define. Teams anxious about cloud security are turning to a growing market of automation tools that cover off monitoring, compliance, and threat management and remediate these issues in real-time.

For sure there is a lot of headroom when it comes to automating governance and we look forward to seeing where we land by 2030.