(ent304) governed, trusted, and rogue: the good, the bad, and the ugly inside the enterprise | aws...
DESCRIPTION
Most enterprises struggle with the delicate balance of enabling agility and innovation while ensuring proper compliance and corporate governance. In this session, we share lessons learned in identifying, consolidating, and governing AWS accounts across an enterprise while still allowing autonomy and innovation. We walk through the different ways enterprises manage their AWS accounts: governed, trusted, and rogue, the lessons learned in transitioning account types, and the benefits of each. Additionally, we share best practices for optimizing and controlling your AWS costs, managing security and user roles, and improving overall program management.TRANSCRIPT
November 13, 2014 | Las Vegas, NV
Mike Davis, SAS
The Evolution of Amazon Web Services at SAS
Transformation of how SAS consumes, manages, and governs the AWS ecosystem
What you will learn
Lessons, trials, and pitfalls encountered during the ongoing journey
Leader in business analytics software and services
HQ in Cary, NC
Founded in 1976
Revenue of $3 billion
~13,700 employees
Customers in 137 countries
Mike Davis
Cloud architect
20+ years in IT
AWS Certified Solutions Architect (pending)
AWS Certified Sysops Administrator (pending)
Architect, evangelist, advocate
“It’s Complicated”
Global production delivery
Development platform
Partner
Independent software vendor
Important strategic direction for SAS
Rogue
• “The ugly”
• No controls
• Personal / corporate credit cards
Trusted
• “The bad”
• Some controls
• Consolidated billing
Governed
• “The good”
• Managed, well documented, consistent AWS ecosystem with “guard rails”
• Detailed expenses by user and cost optimization
Rogue
• 4-5 years ago
• Users independent
• Wild Wild West
Trusted
• 2-3 years ago
• Secondary job for IT resources
• Recommendations
Governed
• 1 year ago
• Dedicated department
• Guardrails
Environment architecture, security, and policies
Expense optimization, visibility, and analytics
Knowledge and resources
Rogue
• Security? We don’t need no stinkin’ security.
• Ad-hoc usage & designs
• Too much individual discretion
Trusted
• Limited change
• Growth to 60+ separate business-level accounts; shared IDs
• Basic advice and recommendations
Governed
• Standardized accounts; AWS Direct Connect
• Federation with corporate identity management
• Roles and group policies mapped to business requirements
• Applications core to the business
• Common services leveraged across companyIT
• Development and test for product pipelineResearch and Development
• Enterprise customer-specific solutionsSAS Cloud Analytics
• Proof of concepts / Proof of Value
• Alliance effortsProfessional services
• Cloud delivered servicesSAS cloud solutions
Consolidated Billing Account
IT R&D SCA PSD SASaaS
Groups Policies
Federated Identity Broker
RolesPolicies
IAM
Groups
Users
Prod
Test
Dev
Sandbox
Secure
Rogue
• Un-optimized
• Visibility only at department financial level
• Monthly expenses
Trusted
• Consolidated Billing
• Explore & implement tools for reporting and tracking
• Insight into account usage and patterns
Governed
• Engage in Amazon programs for savings
• Leverage multiple billing tools, tags for comprehensive reporting
• Create IT policies for off-hour utilization
Rogue
• LMGTFY
• Tribal knowledge
• No one to fix things
Trusted
• Established relationship with Amazon account team
• Business-level support on revenue generating accounts
• Common clearing house of cross-enterprise projects
Governed
• Regular cadence meetings
• Enterprise-level support; Amazon Advisory Services
• Common documentation repository; on-site training
Enable Trust Guide
Effective Efficient
Cloud Delivery
http://bit.ly/awsevals