Here at Scalr, we often work with IT organizations that are evaluating or adopting a Cloud Platform (such as AWS, Google Compute Engine, OpenStack or CloudStack), largely due to the nature of the software we are building (the Scalr Cloud Management Platform).
In our experience, IT departments that evaluate clouds are very aware of their business’s requirements for a cloud platform. They know that their cloud needs to be self-service, that it needs to be fast, that it needs to be flexible, etc.
But what about IT’s own requirements? Regardless of whether the company adopts cloud or not, IT is responsible for:
The security of the company’s infrastructure
The cost of operating said infrastructure
The enforcement of change management policies across said infrastructure
Oftentimes, IT departments are not sure about how to solve those problems once the company adopts cloud. In this post, we’d like to share our experience working with IT departments that have successfully identified and solved these problems.
The Underlying Problem: With Cloud, IT Is Accountable, But Giving Up Control
In a non-cloud environment, IT can enforce policies by carefully reviewing provisioning requests that are made by developers, and making sure they comply with the company’s policies.
However, when the company adopts cloud, developers gain the ability to provision resources on a self-service basis: they can use their cloud’s API to provision the resources that they need. IT is kept out of the loop, and is left unable to enforce its policies.
In turn, this means that IT must now rely on developers to:
Follow IT’s security policies
Follow IT’s cost-control policies
Follow IT’s change-management policies
Unfortunately — and regardless of their best intentions — developers usually fail to meet IT’s requirements, if only because they already have plenty on their plate, and because they aren’t particularly qualified to follow numerous and ever-evolving IT policies.
One solution is for IT and developers to work more efficiently together (that is, to adopt DevOps). and that’s ultimately what the organization should strive for. But regardless of how enthusiastic the organization is about DevOps, IT departments usually need a bit more control and guarantees than “let’s trust that people will do the right thing”.