您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

云治理功能Cloud governance functions

云调控团队确保正确评估和管理风险和风险容错。A cloud governance team ensure that risks and risk tolerance are properly evaluated and managed. 此团队可确保正确识别企业无法承受的风险。This team ensures the proper identification of risks that can't be tolerated by the business. 此团队的人员将风险转换为管理公司策略。The people on this team convert risks into governing corporate policies.

根据所需的业务结果,提供完整的云管理功能所需的技能包括:Depending on the desired business outcomes, the skills needed to provide full cloud governance functions include:

  • IT 管理IT governance
  • 企业体系结构Enterprise architecture
  • 安全性Security
  • IT 操作IT operations
  • IT 基础结构IT infrastructure
  • 网络Networking
  • 标识Identity
  • 虚拟化Virtualization
  • 业务连续性和灾难恢复Business continuity and disaster recovery
  • 其中的应用程序所有者Application owners within IT
  • 财务所有者Finance owners

这些基准函数可帮助你确定与当前和未来版本相关的风险。These baseline functions help you identify risks related to current and future releases. 这些工作有助于评估风险,了解潜在影响,并做出有关风险承受的决策。These efforts help you evaluate risk, understand the potential impacts, and make decisions regarding risk tolerance. 执行此操作时,会快速更新计划,以反映 云迁移团队不断变化的需求。When doing so, quickly update plans to reflect the changing needs of the cloud migration team.

准备工作Preparation

最小范围Minimum scope

涉及云调控活动中的下列参与者:Involve the following participants in cloud governance activities:

  • 关键角色中中级管理和直接参与者的负责人应代表业务,并帮助评估风险容差。Leaders from middle management and direct contributors in key roles should represent the business and help evaluate risk tolerances.
  • 云管理功能由 云策略团队的扩展提供。The cloud governance functions are delivered by an extension of the cloud strategy team. 正如 CIO 和业务负责人应参与云策略职能一样,他们的直接下属应参与云管理活动。Just as the CIO and business leaders are expected to participate in cloud strategy functions, their direct reports are expected to participate in cloud governance activities.
  • 如果业务人员是与业务线领导密切合作的业务部门的成员,则他们应该能够做出有关企业风险的决策。Business employees that are members of the business unit who work closely with the leadership of the line-of-business should be empowered to make decisions regarding corporate and technical risk.
  • 信息技术 (IT) 和信息安全 () 了解云转换技术方面的员工可能会担任旋转容量,而不是云监管功能的一致提供者。Information technology (IT) and information security (IS) employees who understand the technical aspects of the cloud transformation may serve in a rotating capacity instead of being a consistent provider of cloud governance functions.

投递Deliverable

云管理任务旨在平衡转换和风险缓解的竞争性强制。The cloud governance mission is to balance competing forces of transformation and risk mitigation. 此外,云监管可确保 云迁移团队 了解数据和资产分类,以及控制采用的体系结构指南。Additionally, cloud governance ensures that the cloud migration team is aware of data and asset classification, as well as architecture guidelines that govern adoption. 治理团队或个人还与 云的优秀 合作,运用自动化方法来控制云环境。Governance teams or individuals also works with the cloud center of excellence to apply automated approaches to governing cloud environments.

每月持续任务:Ongoing monthly tasks:

会议步调:Meeting cadence:

每个团队成员团队成员的承诺时间将代表其每日计划的很大百分比。The time commitment from each team member of the cloud governance team will represent a large percentage of their daily schedules. 贡献不会限制为会议和反馈周期。Contributions will not be limited to meetings and feedback cycles.

超出范围Out of scope

作为采用规模,云治理团队可能会不断地跟上创新步伐。As adoption scales, the cloud governance team may struggle to keep pace with innovations. 如果你的环境具有很高的符合性、操作或安全要求,则更是如此。This is especially true if your environment has heavy compliance, operations, or security requirements. 如果发生这种情况,你可以将某些责任转移到现有 IT 团队,以减少调控团队的范围。If this happens you can shift some responsibilities to an existing IT team to reduce scope for the governance team.

后续步骤Next steps

某些大型组织具有专门关注 IT 治理的专用团队。Some large organizations have dedicated teams that focus on IT governance. 这些团队专用于跨 IT 资产组合的风险管理。These teams specialize in risk management across the IT portfolio. 存在这些团队时,可以快速加速以下成熟度模型。When those teams exist, the following maturity models can be accelerated quickly. 但建议 IT 治理团队查看云监管模型,了解调控在云中的变化情况。But the IT governance team is encouraged to review the cloud governance model to understand how governance shifts slightly in the cloud. 关键文章包括将企业策略扩展到云和云监管的五个层面。Key articles include extending corporate policy to the cloud and the Five Disciplines of Cloud Governance.

无管辖: 组织经常进入云中,无明确的管理计划。No governance: Organizations often move into the cloud with no clear plans for governance. 在较长的时间之前,安全、成本、缩放和操作方面的问题会开始触发有关监管模型的需求的会话,以及与该模型相关联的过程的人员。Before long, concerns around security, cost, scale, and operations begin to trigger conversations about the need for a governance model and people to staff the processes associated with that model. 在这些话题开始之前,请务必先着手解决 "无管辖" 的对立模式。Starting those conversations before they become concerns is always a good first step to overcome the antipattern of "no governance." 有关定义公司策略的部分可帮助简化这些对话。The section on defining corporate policy can help facilitate those conversations.

阻止的监管: 当涉及安全性、成本、规模和操作无应答时,项目和业务目标往往会被阻止。Governance blocked: When concerns around security, cost, scale, and operations go unanswered, projects and business goals tend to get blocked. 缺乏适当的监管,会在利益干系人和工程师之间产生恐惧、不确定性和怀疑。Lack of proper governance generates fear, uncertainty, and doubt among stakeholders and engineers. 通过提前采取措施,在其跟踪中停止此操作。Stop this in its tracks by taking action early. 云采用框架中定义的两个管理指南可帮助你开始小规模,设置初始限制策略,以最大程度地减少不确定性和成熟的管理。The two governance guides defined in the Cloud Adoption Framework can help you start small, set initially limiting policies to minimize uncertainty and mature governance over time. 从复杂的企业指南或标准企业指南中进行选择。Choose from the complex enterprise guide or standard enterprise guide.

自愿管理: 每个企业中都有无畏头晕。Voluntary governance: There tend to be brave souls in every enterprise. 这些 gallant 很少有用户愿意进入并帮助团队从中了解错误。Those gallant few who are willing to jump in and help the team learn from their mistakes. 通常,这是调控的开始方式,尤其是在小型公司中。Often this is how governance starts, especially in smaller companies. 这些无畏头晕志愿时间来解决某些问题,并将云采纳团队推送到一致的、管理良好的最佳实践集。These brave souls volunteer time to fix some issues and push cloud adoption teams toward a consistent well-managed set of best practices.

这些人员的工作比 "无管辖" 或 "监管阻止" 方案更好。The efforts of these individuals are much better than "no governance" or "governance blocked" scenarios. 尽管其工作应 commended,但不应将此方法与管理混淆。While their efforts should be commended, this approach should not be confused with governance. 适当的监管要求的支持更多的情况是为了推动一致性,这是任何良好的管理方法的目标。Proper governance requires more than sporadic support to drive consistency, which is the goal of any good governance approach. 云监管的五个层面中的指南可帮助开发此专业。The guidance in the Five Disciplines of Cloud Governance can help develop this discipline.

云管理员: 此名字对象已成为在早期阶段管理中特殊化的众多云架构师的徽章。Cloud custodian: This moniker has become a badge of honor for many cloud architects who specialize in early stage governance. 当调控方法首次启动时,结果类似于调控志愿者。When governance practices first start out, the results appear similar to those of governance volunteers. 但有一个根本差别。But there is one fundamental difference. 云管理员有一个计划。A cloud custodian has a plan in mind. 在此成熟度的这一阶段,团队正在花费大量时间来清理他们之前的云架构师所做的烂摊子。At this stage of maturity, the team is spending time cleaning up the messes made by the cloud architects who came before them. 但云管理员将此工作与结构良好的公司政策进行协调。But the cloud custodian aligns that effort to well structured corporate policy. 它们还使用管理工具,如监管 MVP 中所述。They also use governance tools, like those outlined in the governance MVP.

云管理员和监管志愿者的另一个根本区别是领导支持。Another fundamental difference between a cloud custodian and a governance volunteer is leadership support. 由于其寻找和执行操作,志愿者会在正常情况上花费额外的时间。The volunteer puts in extra hours above regular expectations because of their quest to learn and do. 云管理员从领先地位获得支持以减少其日常职责,以确保可以在改善云监管的同时投资进行定期分配。The cloud custodian gets support from leadership to reduce their daily duties to ensure regular allocations of time can be invested in improving cloud governance.

云保护者: 由于云采用团队已实现了一种共同的监管实践,专用于调控的云架构师的角色会改变一些功能,这与云调控团队的角色相同。Cloud guardian: As governance practices solidify and become accepted by cloud adoption teams, the role of cloud architects who specialize in governance changes a bit, as does the role of the cloud governance team. 通常,更成熟的做法会使其他专家的关注,这些专家可帮助增强由管理实现提供的保护。Generally, the more mature practices gain the attention of other subject matter experts who can help strengthen the protections provided by governance implementations.

尽管这种差异很微妙,但在构建以管理为中心的 IT 文化时,这是一个重要区别。While the difference is subtle, it is an important distinction when building a governance-focused IT culture. 云管理者清理由创新云架构师制造的混乱,这两个角色天生冲突,目标对立。A cloud custodian cleans up the messes made by innovative cloud architects, and the two roles have natural friction and opposing objectives. 云保护者可以帮助保护云的安全,因此其他云架构师可以更快地移动,减少混乱。A cloud guardian helps keep the cloud safe, so other cloud architects can move more quickly with fewer messes.

云保护人员开始使用更高级的管理方法来加速平台部署和帮助团队自行满足其环境需求,使他们能够更快地移动。Cloud guardians begin using more advanced governance approaches to accelerate platform deployment and help teams self-service their environmental needs, so they can move faster. 此类更高级的功能的示例可在管理 MVP 的增量改进中发现,如安全基线的改善。Examples of these more advanced functions are seen in the incremental improvements to the governance MVP, such as improvement of the security baseline.

云加速器: 云保护者和云保管人会自然地收集脚本和管理工具,以加速部署各种应用程序的环境、平台甚至组件。Cloud accelerators: Cloud guardians and cloud custodians naturally harvest scripts and governance tools that accelerate the deployment of environments, platforms, or even components of various applications. 除了集中管理责任外,策划和共享这些脚本还会在整个过程中为这些架构师提供高度的补充。Curating and sharing these scripts in addition to centralized governance responsibilities develops a high degree of respect for these architects throughout IT.

公开共享其特选脚本的管理专业人员有助于更快地交付技术项目,并在工作负荷的体系结构中嵌入监管。Those governance practitioners who openly share their curated scripts help deliver technology projects faster and embed governance into the architecture of the workloads. 此工作负荷会影响和支持良好的设计模式,将云加速器提升到更高级别的管理专家。This workload influence and support of good design patterns elevate cloud accelerators to a higher rank of governance specialist.

全球治理: 当组织依赖于全局分散的 IT 需求时,在不同地理区域的操作和管理方面可能会有很大的差异。Global governance: When organizations depend on globally dispersed IT needs, there can be significant deviations in operations and governance in various geographies. 业务单元需求甚至本地数据主权要求可能会导致管理最佳做法干扰所需的操作。Business unit demands and even local data sovereignty requirements can cause governance best practices to interfere with required operations. 在这些方案中,分层调控模型允许最低可行的一致性和本地化的管理。In these scenarios, a tiered governance model allows for minimally viable consistency and localized governance. 有关多层监管的文章提供了更多有关达到此级别成熟度的见解。The article on multiple layers of governance provides more insights on reaching this level of maturity.

每个公司都是唯一的,因此它们是管理需求。Every company is unique, and so are their governance needs. 选择适合你的组织的成熟度级别,并使用云采用框架来指导实现此操作的做法、过程和工具。Choose the level of maturity that fits your organization and use the Cloud Adoption Framework to guide the practices, processes, and tooling to help you get there.

随着云监管的不断成熟,团队可以更快地采用云来节奏。As cloud governance matures, teams are empowered to adopt the cloud at faster paces. 继续采用云的做法往往会在 IT 运营中触发成熟度。Continued cloud adoption efforts tend to trigger maturity in IT operations. 开发云运营团队或与云操作团队同步,以确保监管是操作开发的一部分。Either develop a cloud operations team, or sync with your cloud operations team to ensure governance is a part of operations development.

详细了解如何启动 云调控团队云运营团队Learn more about starting a cloud governance team or a cloud operations team.

建立了 初步的云监管基础后,请使用这些最佳实践进行 管理基础改进 ,以提前了解采用计划并防范风险。After you've established an initial cloud governance foundation, use these best practices in Governance foundation improvements to get ahead of your adoption plan and prevent risks.