Rediger

Del via


Govern overview

The CAF Govern methodology provides a structured approach for establishing and optimizing cloud governance in Azure. The guidance is relevant for organizations across any industry. It covers essential categories of cloud governance, such as regulatory compliance, security, operations, cost, data, resource management, and artificial intelligence (AI).

Cloud governance is how you control cloud use across your organization. Cloud governance sets up guardrails that regulate cloud interactions. These guardrails are a framework of policies, procedures, and tools you use to establish control. Policies define acceptable and unacceptable cloud activity, and the procedures and tools you use ensure all cloud usage aligns with those policies. Successful cloud governance prevents all unauthorized or unmanaged cloud usage.

Diagram showing the process to set up and maintain cloud governance. The diagram shows five sequential steps: build a cloud governance team, document cloud governance policies, enforce cloud governance policies, and monitor cloud governance. The first step you perform once. The last four steps you perform once to set up cloud governance and continuously to maintain cloud governance.

Why govern the cloud?

Cloud governance is foundational to defining and sustaining the productive use of the cloud. Effective cloud governance regulates all cloud use, mitigates risks, and streamlines cloud interactions across the organization. It aligns cloud use with the broader cloud strategy and helps you reach business goals with fewer setbacks. Without cloud governance, your organization might encounter risks that cloud governance could prevent.

How to govern the cloud?

Cloud governance is a continuous process. It requires ongoing monitoring, evaluation, and adjustments to adapt to evolving technologies, risks, and compliance requirements. The CAF Govern methodology divides cloud governance into five steps. Complete all five steps to establish cloud governance and regularly iterate on steps 2-5 to maintain cloud governance over time:

  1. Build a governance team: Select a team of individuals to be responsible for cloud governance. The cloud governance team defines and maintains cloud governance policies while reporting on the overall progress of cloud governance.

  2. Assess cloud risks: Evaluate and prioritize potential risks associated with the use of the cloud. The risk assessment should identify risks unique to your organization. Consider all categories of risk, such as regulatory compliance, security, operations, cost, data, resource management, and AI risks. Use Azure tools to help assess cloud risks.

  3. Document cloud governance policies: Define the cloud governance policies that dictate the acceptable use of the cloud. These cloud governance policies set out the rules and guidelines for cloud usage to minimize the identified risks.

  4. Enforce cloud governance policies: Enforce compliance with the cloud governance policies using automated tools or manual procedures. The goal is to ensure that the use of cloud services is in line with the established cloud governance policies. Use Azure tools to help enforce cloud governance policies.

  5. Monitor cloud governance: Monitor cloud use and teams responsible for governance to ensure they're compliant with the cloud governance policies. Use Azure tools to help monitor cloud governance and set up alerts for noncompliance.

Cloud governance checklist

Use the cloud governance checklist to see all the tasks for each cloud governance step. Use the links to quickly navigate to the guidance you need.

  Cloud governance step Cloud governance tasks
Build a cloud governance team. Define the functions of the cloud governance team.
Select the members of the cloud governance team.
Define the authority of the cloud governance team.
Define the scope of the cloud governance team.
Assess cloud risks. Identify cloud risks.
Analyze cloud risks.
Document cloud risks.
Communicate cloud risks.
Review cloud risks.
Document cloud governance policies. Define an approach for documenting cloud governance policies.
Define cloud governance policies.
Distribute cloud governance policies.
Review cloud governance policies.
Enforce cloud governance policies. Define an approach for enforcing cloud governance policies.
Enforce cloud governance policies automatically.
Enforce cloud governance policies manually.
Review policy enforcement.
Monitor cloud governance. Configure cloud governance monitoring.
Configure cloud governance alerts.
Develop a remediation plan.
Audit cloud governance regularly.

Next step