From “Roughcast House” to “Fine-Decoration House” — Enterprise IT Governance Solutions for On-Cloud Management and Governance

Catch the replay of the Apsara Conference 2020 at this link!

By Alibaba Cloud Open Platform

The Challenges of Enterprises’ Migration to the Cloud

With the rapid development of cloud technology in recent years, the concept of Cloud-Native is generally understood and accepted. More enterprises are choosing to migrate to the cloud to implement digital transformation. From moving traditional applications to the cloud or developing new products and businesses based on Cloud-Native technology, enterprises hope to utilize cloud technology for flexible innovation of their business at a low cost and to maximize the value of cloud migration.

However, with the increasing adoption of cloud technology, business and resource types and scales are increasing. Enterprises are also encountering new problems:

  • How can we ensure identity security on the cloud?

These problems can affect the stability and development speed of business, cause security risks, and endanger the foundation of enterprises’ survival. Therefore, before migrating to the cloud, enterprises need to plan and create a secure, controllable, and compliant “Landing Zone” for each business to be migrated to the cloud, except for adapting business applications to the cloud environment. By doing so, business developers are allowed to focus on their own business for quick iteration and innovation of the business based on cloud capabilities in the Landing Zone. Developers can take efficiency and controllability into account to achieve the maximum value of cloud migration.

The key procedure of this part of the work lies in the improvement of enterprises’ IT governance infrastructure.

Overview of Enterprise IT Governance

Enterprise IT Governance is a series of strategies, principles, and implementation processes that guide enterprise IT planning and operation, which allows IT personnel to control business risks at the IT level. In addition, Enterprise IT Governance can also ensure efficient and stable operation of enterprise business. A complete set of on-cloud Enterprise IT Governance infrastructure includes the following features:

  • Unified Framework: Enterprises need to plan a unified IT governance architecture and apply relevant standards to specific business for the management and governance of each business.

To maximize the value of cloud migration, enterprises don’t need to spend a lot of effort into learning on-cloud capabilities. More importantly, they need to conduct unified planning and implementation in the early stage. Instead of creating a poor “roughcast house,” this way, a secure and controllable Landing Zone can be created for business on the cloud. In recent years, many enterprise customers of Alibaba Cloud have also been troubled by these problems and they turned to Alibaba Cloud for the best practices. For helping these enterprises quickly access Alibaba Cloud, the Alibaba Cloud Open Platform Team summarized the best practices based on several enterprises IT governance capabilities and pain points in enterprises’ cloud migration. The team released the Enterprise IT Governance solution and three sets of specific implementation plans for enterprises in different sizes, as well as automated tools for quick implementation. Now, let’s take medium- and large-sized enterprises and multinationals as examples to learn the design concept of the Enterprise IT Governance solution.

The Design Concept of the Enterprise IT Governance Solution

This solution serves as a model for enterprise users to construct a complex cross-account enterprise IT governance system on Alibaba Cloud. The framework includes the following aspects:

  • Enterprises’ On-Cloud Resource Structure: The first step for enterprises’ cloud migration is to construct the infrastructure of on-cloud resources through multiple accounts. Based on the infrastructure, enterprises can carry out effective permission control, compliance audits, network planning, and financial trusteeship. By using various methods provided by Alibaba Cloud to organize resources, enterprises can easily and effectively build on-cloud resource architecture and copy it for organizing and dividing various business lines. By doing this, resources can form a clear “tree” and enterprises can lay the foundation for subsequent governance of other aspects.

Compliance and audit can be implemented in three ways:

  • Preventive Management: It refers to forbidding non-compliant operations, such as changing basic configurations of the solution, connecting to public networks, and creating unencrypted disks, thus complying with the corporate compliance principles.

Solution Implementation

With the design concept of the solution, the next step is how to construct and implement the infrastructure according to the characteristics and development stages of enterprises, assisting enterprises to quickly turn the “roughcast house” into a “fine-decoration house”. It is impossible for an implementation solution to perfectly match the demands of every enterprise in real practices. Enterprises must customize and combine different solutions based on their own demands and design principles. These three representative solutions mentioned above are the best solutions proposed by Alibaba Cloud for start-ups, medium- and large-sized enterprises, and multinationals. For more information, you can visit the Alibaba Cloud Open Platform website. For start-ups, operation steps and codes that are automatically generated can be obtained on the official website to implement such a solution. As for other enterprises, please contact your Alibaba Cloud sales representative or service manager.

During the implementation process, the ideal state is full automation. Based on the concept of Infrastructure as Code (IaC) and several tools, including Terraform, the Alibaba Cloud Open Platform provides automated deployment scripts and codes and makes them available open on the Aliyun Landing Zone Github to help you quickly deploy a solution or integrate it into the internal automation process system.


With the arrival of the Cloud-Native era, enterprises will face more new challenges on the cloud. The Alibaba Cloud Open Platform Team will continue to optimize products and solutions, accumulate additional best practices, and help enterprises manage and make good use of the cloud, allowing enterprises to innovate more quickly based on Cloud-Native capabilities.

If you encounter any problem or have any suggestions when migrating to the cloud, please feel free to contact us. You are also welcome to follow the latest development of our team and learn the latest best practices for cloud migration.

Original Source:

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store