Cloud Governance : Department Catalog Policy

Cloud Governance means many things to many people. Heck, just the word cloud means different things depending on who you are talking to. While definitions can vary, controlling access to cloud resources is invariably a central piece of any governance program.

This blog post will explore using the Jamcracker Platform to implement cloud access policies via Department Catalogs, letting the right users get access to the appropriate resources and services based on their Department.

What are Department Catalogs
Department Catalogs are subsets of a master catalog that allow different groups of people to see, request and access only the resources and services that they should, based on your business policy. Department Catalogs satisfy the need to let different users see what is allowed, request access to, and use cloud services and resources based on the Department (e.g. Sales, Marketing, Development etc.) or any other grouping that makes sense to segment users (Geographic location, cost center, etc).

Whether you use actual organizational departments on any other grouping does not matter – you can use any logical construct to give access to different services and resources to different groups of people. It also does not matter whether you are trying to limit access to infrastructure as a service (IaaS) resources like VMs or storage, software as a service (SaaS) like Salesforce.com, or LogMeIn Pro, or platform as a service (PaaS) such as cloudmunch. Using department catalogs, you can restrict access to any IaaS, SaaS or PaaS resources or services to any definable groups of users.

Why use Department Catalogs?
There are many reasons why this can be valuable to your organization. For example, maybe you want to allow development and QA to create and run workloads into private virtualization platforms such as VMWare or Openstack but, only let IT place workloads into public clouds. Perhaps you want to allow only Sales and Marketing to get access to Box.com, while making everyone else use Microsoft SharePoint online for internal collaboration. You might even have to manage multiple disparate accounts with a service provider, and need to make sure that employees at each of your departments is only given access to a services under the appropriate account.

You certainly do not want to have to manage this on a per user basis. The administrative overhead of defining this access for every person would be quickly get overwhelming for any midsize or larger business, and defining access for groups of people is a far better approach. You can always create special “departments” for those who have unique needs and authorization, but it is important to group people into department or similar constructs to control access for many people at once.

How to use Department Catalogs
Department Catalog Management is very simple. Assuming that you have already added all the required resources and services to your portal’s catalog, and your departments or groups are already defined. You simply visit the Manage ->My Company -> Catalog page

and edit the department catalog of interest by hovering over Actions and selecting View Details.

In the View Catalog screen, simply select or de-select the Apps (resources and services) that you want to allow this Department to use and click Save & Finish.

The platform will warn you if you are removing any resources or services that are currently in use, so that you can take appropriate action (such as contacting the user and advising them that they need to use a different app, or perhaps even move the user to a different department or group.)

In the screens above, the next time a Finance user views the catalog, the list of apps you have selected will be the only ones that users in the Finance department can see, request or access.

Have a comment or question regarding this post? Contact us.