Governance As Code

You can’t escape the fact that we are truly entering into an age of a programmable and data-driven world. The journey to meld silicon capability into new materials and then connect all the things to the internet is accelerating; it’s affecting data centers, our homes, our cars, our watches, our clothes, our cities.  We will soon have billions of accessible data end-points, ready and waiting for innovative use cases to create new data-driven experiences to make our lives better.

In this programmable world, applications become orchestrators of data and devices. Applications are no longer constructed islands of code and data; instead, applications are conductors of many different pieces of code, many data sets and many physical assets distributed across the globe – the new API driven world. Bringing these pieces together, like conducting an orchestra, is what coding is now about.

But what about governance? Much of the talk right now is about programmability and accessibility of cloud resources, but there is a third word that should always be used in conjunction with these, and that is governance. Programmability and accessibility create a new degree of openness and automation to cloud resources, but governance is what creates trust.  And without trust, the ability to truly innovate at speed is hampered.

This is where Governance-As-Code comes into play.

Imagine being able to define policy attributes that governed everything to do with an application – not just configuration management – but deployment, lifecycle, cloud resources, service gateways, connectivity, network, economics, access, geo-location.  And imagine if this could be done in code, stored in a repository (e.g. Github), tested, version controlled, etc.  And then automatically enforced as part of the application deployment and orchestration process across any cloud infrastructure. If we could do this, we would have a pervasive and dynamic way to create, manage, apply, and enforce policy – creating a governance framework for trust – across all of our application resources.

Creating trusted platforms is what Ericsson does today in the mobile world with our operator partners. Governments and emergency services depend on these mobile platforms every second of every day. Extending this industrialized approach from global mobile platforms to trusted cloud platforms is the driving force behind the Ericsson strategic adoption and investment in the Apcera platform. Whilst the Apcera platform provides application orchestration across multiple clouds, it also turns governance into code. In a way, it also turns the traditional Platform As A Service (PaaS) model upside down by creating flexible opinions-as-code in the form of policy.

Here are some simple Apcera governance-as-code examples, which can be managed in any code repo:

  • Package Versioning:


  • Cluster Permissions:


  • Cluster Resources:


  • Network Policies:


In short; to make the programmable world a reality, and accelerate innovation, we need to make sure that we are building on trusted cloud platforms that achieve the trifecta: Accessibility, Programmability & Governance. And the notion of governance-as-code is a pretty cool, dynamic and scalable way to do it!

Find more policy examples here ->

This blog post also appears on the Ericsson Cloud Blog:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s