From “Roughcast House” to “Fine-Decoration House” — Enterprise IT Governance Solutions for On-Cloud Management and Governance

The Challenges of Enterprises’ Migration to the Cloud

With the rapid development of cloud technology in recent years, the concept of Cloud-Native is generally understood and accepted. More enterprises are choosing to migrate to the cloud to implement digital transformation. From moving traditional applications to the cloud or developing new products and businesses based on Cloud-Native technology, enterprises hope to utilize cloud technology for flexible innovation of their business at a low cost and to maximize the value of cloud migration.

  • How can we isolate resources and permissions for multiple projects?
  • How can we ensure network isolation and security among different business?
  • How can we allocate spending on the cloud to different business teams?

Overview of Enterprise IT Governance

Enterprise IT Governance is a series of strategies, principles, and implementation processes that guide enterprise IT planning and operation, which allows IT personnel to control business risks at the IT level. In addition, Enterprise IT Governance can also ensure efficient and stable operation of enterprise business. A complete set of on-cloud Enterprise IT Governance infrastructure includes the following features:

  • Up-to-Date Compliance: In the early stage of cloud migration, enterprise IT governance requirements should be met. In later stages, up-to-date compliance should also be provided automatically to ensure continuous business iteration and the rapid growth of new businesses.
  • Separate Management: When the IT governance architecture is established, business teams can conduct O&M by themselves to reduce the pressure on the IT O&M team, except for maintaining the IT infrastructure.

The Design Concept of the Enterprise IT Governance Solution

This solution serves as a model for enterprise users to construct a complex cross-account enterprise IT governance system on Alibaba Cloud. The framework includes the following aspects:

  • Identity Integration: Enterprises usually have their own identity management system and it is essential for enterprises to log on to Alibaba Cloud through their own management system. The Role-Based Single Sign On (SSO) of Alibaba Cloud allows enterprises to map employee identities or user groups to Alibaba Cloud roles with specific permissions to facilitate organizational management. Except for identity management, enterprises also need to assign different permission policies to different roles to minimize permissions. This solution provides a series of best practices for preset roles and permission policies as well as SSO automated tools to help enterprises quickly complete SSO configuration.
  • IT Compliance and Audit: IT compliance and audit is the key to achieve “efficiency” and “controllability” in the enterprise IT governance process. Besides, it has also become one of the core requirements of enterprise IT governance, particularly after classified protection compliance became a mandatory requirement for enterprises’ cloud migration.
  • Detective Management: For some suggested compliance principles, enterprises can set detective rules instead of preventive management and continuously monitor resources. When non-compliant resources are discovered, the solution can send an alert, and these resources can be recorded and fixed automatically.
  • Long-Term Storage of Audit Log: Logs of on-cloud operations, resource changes, and network traffic can be stored for a long time in case of auditing.
  • Fees and Costs: Cost Analysis is the basic demand for enterprises’ cloud migration. It is a prerequisite for enterprises to be assured if they can calculate spending and make the costs more predictable. The larger the size of an enterprise is, the more attention needed to be paid to the budget and spending of each business and department. There are two cost allocation modes, namely Showback and Chargeback, according to the type of enterprise. Besides, there are several common methods, such as account-based cost allocation and tag-based cost allocation, according to the planning of enterprise on-cloud resource structure.
  • Network Planning, Security Protection, and Monitoring: Network architecture is crucial for an enterprise, which is related to business operation, application calls, business expansion, and information security. This part mainly includes enterprise IP address planning, network connection, and access control. The focus is to plan which security domains of the enterprise network can be interconnected, which service can access or be accessed by the Internet, and how to control horizontal and vertical traffic for ensuring information security. Furthermore, enterprises need to set unified monitoring and alerting rules for relevant network resources and business resources to detect and resolve business problems in advance.
  • New Account Baseline: When an enterprise carries out new business through a new account, it is also needed to meet the requirements of enterprise IT governance principles. To do so, enterprises need to implement the design principles mentioned above when using a new account, such as identity integration, initializing network architecture, configuring security protection, and conducting monitoring and warning. At the same time, enterprises should hold the account compliance baseline in combination with preventive management to avoid misoperations that may result in non-compliance and risks to enterprises.

Solution Implementation

With the design concept of the solution, the next step is how to construct and implement the infrastructure according to the characteristics and development stages of enterprises, assisting enterprises to quickly turn the “roughcast house” into a “fine-decoration house”. It is impossible for an implementation solution to perfectly match the demands of every enterprise in real practices. Enterprises must customize and combine different solutions based on their own demands and design principles. These three representative solutions mentioned above are the best solutions proposed by Alibaba Cloud for start-ups, medium- and large-sized enterprises, and multinationals. For more information, you can visit the Alibaba Cloud Open Platform website. For start-ups, operation steps and codes that are automatically generated can be obtained on the official website to implement such a solution. As for other enterprises, please contact your Alibaba Cloud sales representative or service manager.


With the arrival of the Cloud-Native era, enterprises will face more new challenges on the cloud. The Alibaba Cloud Open Platform Team will continue to optimize products and solutions, accumulate additional best practices, and help enterprises manage and make good use of the cloud, allowing enterprises to innovate more quickly based on Cloud-Native capabilities.

Original Source:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store