Most enterprises struggle with the delicate balance of enabling agility and innovation while ensuring proper compliance and corporate governance. In this session, we share lessons learned in identifying, consolidating, and governing AWS accounts across an enterprise while still allowing autonomy and innovation. We walk through the different ways enterprises manage their AWS accounts: governed, trusted, and rogue, the lessons learned in transitioning account types, and the benefits of each. Additionally, we share best practices for optimizing and controlling your AWS costs, managing security and user roles, and improving overall program management.

1. November 13, 2014 | Las Vegas, NV
Mike Davis, SAS

2. The Evolution of Amazon Web Services at SAS
Transformation of how SAS consumes, manages, and governs the AWS ecosystem
What you will learn
Lessons, trials, and pitfalls encountered during the ongoing journey

3. Leader in business analytics software and services
HQ in Cary, NC
Founded in 1976
Revenue of $3 billion
~13,700 employees
Customers in 137 countries

4. Mike Davis
Cloud architect
20+ years in IT
AWS Certified Solutions Architect (pending)
AWS Certified Sysops Administrator (pending)
Architect, evangelist, advocate

5. “It’s Complicated”
Global production delivery
Development platform
Partner
Independent software vendor
Important strategic direction for SAS

6. Rogue
•“The ugly”
•No controls
•Personal / corporate credit cards
Trusted
•“The bad”
•Some controls
•Consolidated billing
Governed
•“The good”
•Managed, well documented, consistent AWS ecosystem with “guard rails”
•Detailed expenses by user and cost optimization

7. Rogue
•4-5 years ago
•Users independent
•Wild Wild West
Trusted
•2-3 years ago
•Secondary job for IT resources
•Recommendations
Governed
•1 year ago
•Dedicated department
•Guardrails

8. Environment architecture, security, and policies
Expense optimization, visibility, and analytics
Knowledge and resources

9. Rogue
•Security? We don’t need no stinkin’ security.
•Ad-hoc usage & designs
•Too much individual discretion
Trusted
•Limited change
•Growth to 60+ separate business-level accounts; shared IDs
•Basic advice and recommendations
Governed
•Standardized accounts; AWS Direct Connect
•Federation with corporate identity management
•Roles and group policies mapped to business requirements

10. •Applications core to the business
•Common services leveraged across company
IT
•Development and test for product pipeline
Research and Development
•Enterprise customer-specific solutions
SAS Cloud Analytics
•Proof of concepts / Proof of Value
•Alliance efforts
Professional services
•Cloud delivered services
SAS cloud solutions

11. Consolidated Billing Account
IT
R&D
SCA
PSD
SASaaS
Groups
Policies
Federated Identity Broker
Roles
Policies
IAM
Groups
Users
Prod
Test
Dev
Sandbox
Secure

13. Rogue
•Un-optimized
•Visibility only at department financial level
•Monthly expenses
Trusted
•Consolidated Billing
•Explore & implement tools for reporting and tracking
•Insight into account usage and patterns
Governed
•Engage in Amazon programs for savings
•Leverage multiple billing tools, tags for comprehensive reporting
•Create IT policies for off-hour utilization

14. Rogue
•LMGTFY
•Tribal knowledge
•No one to fix things
Trusted
•Established relationship with Amazon account team
•Business-level support on revenue generating accounts
•Common clearing house of cross-enterprise projects
Governed
•Regular cadence meetings
•Enterprise-level support; Amazon Advisory Services
•Common documentation repository; on-site training

15. Enable
Trust
Guide
Effective Efficient Cloud Delivery

16. http://bit.ly/awsevals