As more and more people adopt cloud computing, it’s become evident that business are struggling to manage the costs associated with operating cloud environments. After reviewing the many health checks we have performed on customers’ Microsoft Azure instances, we found that a staggering 75% of customers are paying too much for Azure. Of those customers, some are overpaying by as much as 70%*. Some of the main advantages of the cloud is the promise of a cheaper, faster and more resilient platform to run business applications. The challenge we are seeing, is that users of the cloud are adopting traditional on-premises methodologies, rather than adapting to the newer ways of cloud infrastructure management. To help overcome some of these issues, I have outlined the top 5 tips for efficiently running your Azure environment.
1. Are you tagging your resources?
Tagging is the cornerstone of all tracking within Azure. Tagging should be used similarly to metadata you apply to documents. It gives your Azure resources more context as to what their actual function is within the Azure environment. This can be very powerful, as many systems or applications often have multiple Azure resources (storage, network adaptor, etc.). By tagging your resources you can easily analyse costs associated with specific projects or systems, as well as build out automation and resiliency within your systems.
2. When was the last time you looked at Azure Advisor?
Microsoft does offer recommendations to customers around how they can use their Azure environment more effectively. Azure Advisor will do a high-level analysis of your environment in relation to high availability, security, performance, operational excellence and cost. It is suggested that Advisor be monitored on a regular basis, with recommendations being either implemented or addressed. This will help ensure the operation of your environment is in line with Microsoft best practice, as well as being the most cost-effective and efficient way to run your Azure instance.
3. Have you enabled Security Centre Standard?
Another fundamental gap we see with our customers, is how they secure their Azure environment. Any on-premises security architecture or framework should also be extended or applied to your Azure environment. Security Centre is a built-in function of Azure, that will monitor and report on the overall health of your environment. While all environments are covered with the “free” version, this doesn’t allow for root cause analysis, automated remediation or regulatory compliance mapping. It is advised that everyone upgrade to Security Centre Standard to take advantage of these extra features to ensure your environment is secure and protected.
4. How many Global Admins do you have?
One common issue we see, is the prominence of users with elevated access permissions within the Azure environment. The Global Admin role should be treated the exact same as an Enterprise Admin within on-premises Active Directory. Users should be profiled for their role and responsibility within Azure to ensure the correct access levels are provisioned. Through the use of Azure Policy (see below), users can still maintain a certain permission level, without having the need of Global Admin. There are other features like “just-in-time access” and “privileged access management” that will allow the ability to grant evaluated access on an approval and time-based scenario.
5. Have you enforced Azure Policy?
One of the biggest issues we see with customer environments is in relation to governance over the usage of Azure. While one of the benefits of using Azure is agility and speed to market, without appropriate controls, we have seen resource sprawl, and in most cases, “bill shock”. Through the use of Azure Policy, organisations can control the usage of an Azure environment, while still allowing its users to be productive. Azure Policy allows Admins to restrict or mandate certain functions within Azure. Policy is very similar to Group Policy in Active Directory. This allows organisations to enforce governance over the use of their Azure environment, while still allowing users to do what they need to do without too much restriction. It also helps alleviate human error. There are 236 native policies built into Azure. You also have the ability to create your own policy if you wish. Examples of policies within Azure are enforcing MFA on all Admin Accounts, making tagging a required field during resource creation or restricting what regions an Azure resource can be deployed to (data sovereignty as an example).
Regardless of where you’re at in your cloud journey, Data#3 can help.
Whether you are new to Azure or looking for advanced Azure services to take your business to the next level, Data#3 can help. We are proudly part of the Azure Elite program with Microsoft’s Azure engineering team and have the deep expertise your business needs to maximise its investment in Azure.
Reach out to me on LinkedIn to discuss further or contact Data#3 today.
Tags: Cloud, Microsoft Azure, Public Cloud