A New Cloud Account and It’s Full Speed Ahead, Right?

Working within a traditional enterprise IT structure as a developer can be… challenging, to be polite.

There are slowdowns and challenges everywhere you look.

Whether it’s a delay getting a virtual machine spun up or the long wait in getting a network address assignment or even the hoops required to jump through the change advisory board (CAB), it’s frustrating.

One of the promises of working in the cloud is speed. The freedom to spin up and down new resources as you see fit. For most developers, expectations line up with a dream of an ideal, open environment free of constraint.

No Restrictions

A new cloud account—regardless of cloud, Microsoft Azure, AWS, or Google Cloud—is essentially unrestricted. The sky is truly the limit.

Each of the big three provides some idea of an organizational structure with default settings for new accounts, but for the most part, a developers first cloud account starts fresh.

Finally, freedom from the enterprise IT machine and all its pieces. The CAB, networking group, operations, security, none of them will slow down your innovation.

Over the top? Maybe, but it’s also not far from the truth of what most developers feel.

But is this how it should be?

Most will point to the simple fact that they “know what they’re doing” even though 65-70% of all cloud security issues are due to simple mistakes.

But that won’t happen to you. You’re an above average driver…so to speak.

That’s Not How Averages Work

Of course, you know that’s not how averages work. If everyone is an above average driver, then they aren’t really measuring against the average!

Keeping with the driving analogy, getting your first cloud account or having unrestricted access to an existing account is similar to feeling like driving on your own for a road trip.

The open road, the ability to make decisions about where you’ll go, how fast you’re going, the freedom is exhilarating.

If it wasn’t, there wouldn’t be so many road trip movies and stories!

But even in this scenario (and analogy) there are rules.

You can’t drive as fast as you want, there’s a speed limit. You can’t hit other cars on the road, that’s illegal. You must signal when you change lanes. And so on…

The rules are there to keep everyone—yourself included—safe.

Guardrails

On top of the rules that dictate how you have to drive your car, there are a bunch of other features on the road to help keep everyone moving safely.

Lane markers, road signs, guardrails in tight turns, and more. All these work together to create a safe environment for you and the other drivers.

If we connect the analogy back to the issue at hand, all these things should be done in the cloud as well.

That new account of yours? It should have some restrictions and guardrails in place to help you develop and innovate as quickly as possible while making sure you don’t make any obvious mistakes.

Modern Approach

Finding the right balance of controls (stopping things from happening) and guardrails (helping guide you to more resilient decisions) is critical to you and your team’s success.

Unfortunately, this is where frustration sets in as traditional approaches don’t scale to cloud speeds.

It’s easier for older enterprise IT systems and bureaucracy to slow down cloud development to a crawl rather than adjust to a more modern way of thinking.

However, when properly applied, the ideas of controls and guardrails only help speed up innovation.

After all, the brakes aren’t just there to bring you to a complete stop in your car…they also make sure you can corner as fast as possible.

Balance

Your team should be using multiple cloud accounts. In each of the big three clouds, they are a free boundary that helps to make sure you aren’t crashing into each other while you developer or—more importantly—that you aren’t crashing production!

But these accounts shouldn’t be unrestricted.

They should come preconfigured with a reasonable set of controls and guardrails.

Here is a sample starting checklist. Make sure that;

  1. The root account is locked down, using multi-factor authentication, and not used for anything but the initial configuration of the account (AWS, Azure, Google)
  2. API call auditing is active (AWS, Azure, Google)
  3. Billing alerts are on and actively monitored (AWS, Azure, Google)
  4. Centralized security and operations accounts have permissions they can use to monitor the new accounts
  5. You have a plan for identity and access management that focuses on roles and the principle of least privilege

Still Free, But Safer

These simple steps will not slow you down. In fact, they offer a strong start and ensure that you are going to run up an unreasonable bill or open your resources unwittingly.

Moving fast in the cloud doesn’t mean ignoring process, procedures, and security. It means ensuring that these things are done in a systematic way and are heavily automated.

What are the first things you do with a new account? Do these types of steps help you? Do you think they would slow you down? Let’s talk about it in the forum…

Join the Community

We’re building a community for people serious about succeeding in the cloud.

JOIN NOW

Welcome to SkycraftersTM!

We’re a community for those who want to grow their skills, build their career, and innovate by learning and sharing best practices for secure and scalable cloud operations.

Join the Community