Enterprise IT Governance

The Alibaba Cloud Enterprise IT Governance solution provides a set of management capabilities covering users, permissions, resources, finance, and compliance for small, medium, and large enterprises, helping enterprise customers migrate to the cloud and maximize the value of IT resources.

Overview

Cloud computing has improved the efficiency of resource delivery and daily operations like never before. It has become a trend for enterprises to migrate to the cloud. After verifying information security and cost control, enterprises will migrate applications and entire data centers to the cloud to optimize business models and technical processes. As more departments and employees start to work on the cloud, enterprises are paying attention to cost optimization and IT governance. Enterprise IT governance is the rational planning and allocation of enterprise IT resources. The Alibaba Cloud Enterprise IT Governance solution provides a set of management capabilities to help enterprises of all sizes smoothly migrate to the cloud and maximize the value of IT resources.

The Challenges and Solutions of Enterprise IT Governance

  • Identity Management and Access Control

  • Multi-Account Management System

  • Audit and Compliance

Learn more about Alibaba Cloud Enterprise IT Governance solution

Contact Sales

Alibaba Cloud Landing Zone

Challenge

As your enterprise develops and builds your business on Alibaba Cloud, enhancing the security of Alibaba Cloud accounts, isolating the network, managing accounts for team members, and building a maintainable cloud environment are key to starting an enterprise's journey to the cloud.

Solution

Learn more about Alibaba Cloud Enterprise IT Governance solution

Contact Sales

Land on Alibaba Cloud with Eight Steps

Step 1: Building the Structure of Cloud Resources

The first step for your enterprise to migrate to the cloud is to build the infrastructure of resources on the cloud with multiple accounts so you can carry out effective authority control, compliance audit, network planning, and financial resources hosting. Alibaba Cloud provides multiple methods to organize the resource architecture on the cloud, which is reflected in the organization and division of each business line of the enterprise, forming a resource tree and laying the foundation for the subsequent governance of several other aspects. A multi-account management system on Alibaba Cloud should have three modules: Enterprise Management Account is the root account of the multi-account system and responsible for managing the organization, Shared Services Account deploys shared security and public services, and App Accounts are for each application that follows the enterprise's uniform controls but is maintained and used by each LoB.

Step 2: Integrating Corporate Identities and Planning Permissions

Logging into Alibaba Cloud from your identity management system, such as Identity Provider (IdP), adds pressure on the management and compliance of your enterprise. Through Alibaba Cloud’s role SSO, you can easily map enterprise employee identity or user groups to Alibaba Cloud’s role with specific authority. You also need to assign different permissions policies to different roles to ensure that permissions are minimized. The landing zone solution provides a series of best practices for pre-configured roles, permission policies, and SSO automation tools to help your organization quickly configure SSO and meet the identity integration requirements on the cloud.

Step 3: Setting up Compliance Auditing Rules

Compliance auditing rules are the key to achieve efficiency and control in the process of enterprise IT governance. Compliance and auditing have become one of the core requirements for enterprise IT governance especially since compliance has become a mandatory requirement for enterprises migrating to the cloud. There are three main ways to achieve compliance auditing: Preventative Control prohibits non-compliant operations, Detective Control sets up detective rules and monitors enterprise resources and Audit Log Persistence audits operation logs.

Step 4: Managing Costs and Expenditures

Cost analysis is a requirement for enterprises to migrate to the cloud. As enterprises grow, it needs to focus on the budget and spending of each business and department. The Showback Model or Chargeback Model are adopted according to the type of enterprise. Several common measures, such as account dimensional accounting and tag dimensional accounting, are available according to the structure planning of the enterprise's cloud resources.

Step 5: Planning the Corporate Network

Network architecture is crucial for an enterprise, which is related to the operation of enterprise business, the call between applications, the expansion of business, and the security of enterprise information. Network planning includes IP address planning, network connectivity, and access control for the enterprise network. The Alibaba Cloud’s IT Governance solution includes a variety of pre-defined network models that help enterprises unify network management and planning without building a VPC or V Switch. The models focus on planning which services in the security domain are interoperable within the enterprise network, which services can access or be accessed by the public network, and how to control the east-west and north-south traffic of a VPC to secure the enterprise. The related network resources and business resources are configured with unified monitoring rules and alarm rules to enable early detection and management of business problems.

Step 6: Configuring the Security Settings

The security services provided by Alibaba Cloud include data security, host security, and network and access security aspects to protect the security of enterprise data. The solution provides these services by leveraging Cloud Security Center (SAS), Cloud Firewall, and ECS Security Group.

Step 7: Monitoring the Network

The IT Governance solution leverages cloud monitoring capabilities and products, including Cloud Monitoring Service (CMS), Log Service, and Message Service, to redefine initial alerting rules, which enables enterprises to comprehensively monitor security risks and vulnerabilities.

Step 8: Creating New Accounts

As the enterprise conducts new business through new accounts, it also needs to meet enterprise IT governance requirements. Regulations and structures designed in the previous steps are implemented in the new account, such as identity integration, network architecture initialization, security protection configuration, and network monitoring. They are combined with preventive control policies to protect the account compliance baseline and avoid risky and non-compliant operations.

ACT87002 IT Governance on Cloud


This course introduces the IT governance challenges faced by customers when their IT systems move to the cloud, as well as the solutions and best practices in various dimensions, starting from account management, resource management, network design, security compliance, cost control and automated O&M etc.


View Details

ACT87002 IT Governance on Cloud

This course introduces the IT governance challenges faced by customers when their IT systems move to the cloud, as well as the solutions and best practices in various dimensions, starting from account management, resource management, network design, security compliance, cost control and automated O&M etc.

View Details

Featured Products

Resource Access Management

Secure your cloud resources to define fine-grained access permissions for users and groups.

ActionTrail

Implement security analytics, resource change tracking, and compliance audits.

Application Configuration Management

Centralize application configurations management and perform real time configuration push.

Resource Group

Sort resources that are allocated to an Alibaba Cloud account into different groups.

Learn more about Alibaba Cloud Enterprise IT Governance solution

Contact Sales

Customer Success Stories

The access control (Resource Access Management), operation audit (ActionTrail) and configuration audit (Cloud Config) provided by Alibaba Cloud help Mondelēz International build a secure, controlled and easy-to-manage cloud environment, providing a solid foundation for full digital transformation.

Back in 2015, Mondelēz International signed a strategic partnership with Alibaba to migrate the traditional IDC to Alibaba Cloud's public cloud platform, build a mid-end system, and construct dozens of business support systems, such as sales systems and order systems. With the development of the business, dozens of application ISVs and cloud MSPs have cooperated. Mondelēz International needed to achieve cloud resource isolation and access control for different IT providers and unified monitoring of cloud resource configuration compliance.

"Based on the OpenAPI and governance capabilities of Alibaba Cloud's open platform, we have built a hybrid cloud management platform. This makes our operations and maintenance more automated and the delivery of services to business teams more agile, standardized and secure."

-- Yadan Liu, Head of Infrastructure, huya.com

With Alibaba Cloud's development platform, huya.com built a hybrid cloud management platform to achieve unified operation and management to respond to the needs of the business team. Huya.com implemented an enterprise-level CMDB based on OpenAPI to unify the management and analysis of the self-built private cloud. Alibaba Public Cloud realized the full lifecycle management of users and used RAM's powerful authorization capabilities to avoid security risks and create an automated delivery process. The Business Team gained resource delivery experience with a 10x increase in overall efficiency.

Partners

Learn more about Alibaba Cloud Enterprise IT Governance solution

Contact Sales

Related Resources

Best Practice

Enabling Operation and Configuration Auditing on Alibaba Cloud

Achieve proactive governance based on effective auditing and automatic monitoring and alerting on all your cloud resources.

Best Practice

Managing Your Resources on Alibaba Cloud

Manage resources and organize accounts through the Resource Directory.

Document Center

Resource Management

Learn from Alibaba Cloud experts about Resource Management product information, API, purchasing guide, quickstart and FAQs.

Document Center

Cloud Config

Learn from Alibaba Cloud experts about Cloud Config product information, API, purchasing guide, quickstart and FAQs.

Document Center

ActionTrail

Learn from Alibaba Cloud experts about ActionTrail product information, API, purchasing guide, quickstart and FAQs.

Document Center

Resource Access Management

Learn from Alibaba Cloud experts about Resource Access Management product information, API, purchasing guide, quickstart and FAQs.

Start with Alibaba Cloud Solutions

Learn and experience the power of Alibaba Cloud with a free trial.

Contact Sales