With self-service and on-demand provisioning, IT teams can easily overspend in the cloud. Some organizations pay for resources they may never use just to ensure they are available in order to avoid performance issues. However, those resources still rack up costs even if they aren't in use.
To reduce cloud waste, enterprises need to assess access controls, policy enforcement and instance size monitoring. Implement these best practices to keep costs down.
Manage provisioning powers
Not everyone should have provisioning powers. There are various ways enterprises can restrict who can provision cloud resources, such as permissions, approval processes and purchasing control procedures:
- Role-based access control (RBAC). With RBAC, administrators can create roles and assign permissions based on individual users' responsibilities and access needs. For example, a cloud administrator might create a cloud provisioning role that enables certain staff to provision cloud resources, while limiting other users' access.
- Approval processes. Approval processes are a common feature in cloud management platforms and service management platforms. Creating approval processes is a standard method for controlling cloud resource provisioning. Your organization can require that authorized personnel, such as directors, review and approve requests to provision cloud resources before a team can provision them.
- Purchasing control procedures. To ensure that only authorized personnel can make cloud purchasing decisions, organizations can implement purchasing control procedures, such as requiring purchase requests to be approved by a designated manager or department. These procedures can be integrated into cloud procurement tools, such as AWS Service Catalog, or implemented through organizational policies and procedures.
Enforcing cloud provisioning practices and rules involves defining and implementing policies, automation, RBAC and cloud security posture management (CSPM) tools. CSPM tools continuously monitor and report on cloud resource usage and compliance. CSPM tools can also help detect and remediate any policy violations.
Automated tools ensure that all the cloud resources your team provisions and manages follow the policies that organizations establish. Automation proactively detects and remediates any cloud provisioning policy violations. However, while technology and automation are the foundation for enforcing cloud provisioning practices, organizations should still conduct regular audits to help identify gaps or areas of noncompliance, enabling organizations to make improvements proactively.
Additionally, a defined cloud governance framework for your organization provides a set of documented policies, procedures and standards for managing cloud resources. Your cloud governance framework should include the following:
- Policies for provisioning and deprovisioning cloud resources.
- Managing access and permissions.
- Monitoring and reporting on cloud usage.
There are also policies and guardrails that you can set to reduce the overprovisioning of your organization's cloud resources:
- Use resource tagging. Resource tags categorize resources and help prevent overprovisioning by helping identify and manage underutilized resources.
- Set resource quotas. Quotas for resources like instances, storage and network bandwidth can help prevent overprovisioning and ensure that resources are used efficiently.
- Set cost management policies. Cost management policies can help prevent overprovisioning by setting budget limits and monitoring cloud costs.
- Set autoscaling policies. Autoscaling policies can help prevent overprovisioning by automatically scaling resources based on demand.
- Implement identity and access management (IAM) policies. IAM policies can control who can access resources and what actions they can perform. Implementing IAM policies can help prevent overprovisioning by restricting access to cloud resources.
Right-size resources into ongoing cloud management activity. Continuous monitoring of resource utilization metrics from cloud instances, such as CPU, memory and disk usage, can detect if an instance is the correct size.
Enterprises should have a historical picture of the workload and application usage patterns on a cloud instance before determining how often to right-size it. While cloud providers offer documentation and best practices on right-sizing, the responsibility for right-sizing instances falls on cloud teams. Organizations need to invest in tools, training, processes and internal documentation.
Refactoring an application that's constantly inefficient is a judgment call based on priorities and cloud spending concerns. Here are some factors to consider:
- Severity of performance issues.
- Cost and effort involved in refactoring.
- Long-term benefits of improved performance by this instance.
Refactoring may be worthwhile if it can significantly improve performance, scalability or cost efficiency. Unfortunately, there's no definitive answer about refactoring applications. It comes down to the strategic importance of the application to internal or external customers.