Cloud done the right way – Start with a Foundation

Within any Cloud Environment, a solid Cloud Foundation is an essential part of the journey. The creation of a suitable foundation should ideally occur well before any workload is onboarded or any service provisioned. In my role as an Architect, I regularly engage with customers and organizations looking to progress or begin a Cloud Journey, and therefore I am regularly involved in designing and implementing Foundational Cloud environments. Many organizations are keen to understand the core components of, and business value of a foundational environment, particularly as these environments often incur costs – so ensuring value and a clear understanding of the benefits is key.

📑 As a note, this article is simply my thoughts, tips, guidance, and links to key resources – it is not exhaustive. My advice, as with anything, would be to research your exact needs and requirements when designing a Cloud Foundation. And, if you are in any doubt – consult with a partner to help with the design, implementation, and support. ✅

Azure Architecture Center – Microsoft’s Reference Material to help support your organization’s Cloud Environment or a specific application.

What actually is a Cloud Foundation Environment?

If you do a web search for “Cloud Foundation” you’ll get ALOT of results… I tried whilst writing this post and got over 600,000,000 – which sadly means it’s unlikely any of us will have time to read all of these. However, it does mean, there is a huge range of material out there which can be used to great benefit. The obvious downside here is that this also means there will be varied content – different opinions and views, both technical and non-technical, on what is best for different organizations and Cloud environments.

A Cloud Foundation is much like the foundations you’d create if you were starting a building project – it sets up the project to succeed and creates the essential supporting elements that are required to start building, and for the building to stay up for years to come.

Another great place to start if AWS is your chosen Public Cloud: Cloud Foundations on AWS – Solutions for establishing your cloud presence on AWS.

In my view – a Cloud Foundation can be defined as follows:

✅ A Cloud Foundation is an environment that allows an organization to consume Cloud Services, both now and in the future, in a compliant, optimal, and secure manner.

It’s worth noting, that in a typical search for “Cloud Foundation environment” you’ll find many more adjectives used to describe them – however, they all largely (in my opinion) come down to the 3 core aspects above – compliant, optimal, and secure. I’ve broken these down below to highlight some of the core areas within each of the core aspects:


✅ Compliant:

A foundation allows an organization to consume Cloud in ways that are…
  • In line with relevant legislation, governance or compliance frameworks, legal policies, data sovereignty & protection requirements etc. 
  • Aligned to vendor backed reference architectures, best practises, and methodologies.
  • Aligned to your organizations own internal policies and procedures. This covers aspects like auditing, authentication, frameworks, naming/tagging requirements etc.
  • Financially compliant – within budgets, controls, and the financial reporting and visibility needed to succeed.
  • Aligned to organizational needs around Availability, Business Continuity, and DR. Considerations around core business applications and their specific needs often come into play here.
  • Aligned to specific application requirements – this is key when considering core business applications or services. Take an example of running Citrix Cloud – this has specific supporting elements/services that would need to be considered and planned into a foundation before deployment. It’s important to get these in place from the outset – so that future consumption or growth isn’t problematic. Thankfully in this case, the docs from Citrix are awesome!
  • Connected to the wider organizational network, if required. It’s important to ensure planning for Cloud Consumption includes network considerations and future growth needs.

✅ Optimal:

Allowing Cloud to be optimal by providing or allowing…
  • A clear route to growth – the right Cloud Foundation should not prevent growth in the Cloud or cause excessive numbers of actions required to consume additional services. Foundations = planning for growth. Typical blockers here are usually constrained or overlapping IP Ranges, or lack of democratisation resulting in individual points of authority/control.
  • A clearly defined route for new consumption or services – removing blockers and problems to testing and then adopting new services or workloads. The right Cloud Foundation should provide development and testing access to your chosen platform.
  • Financial longevity – ensuring you have clear insights into billing, costs, and cost changes or forecasts.
  • An organized environment – through the use of appropriate naming, tagging, and organisational structures.
  • Resources to operate in a reliable manner – so this means considering, and providing elements like replication, availability, backup and DR.
  • Operational efficiency and excellence – ensuring relevant practises and procedures. This often means adopting new ways of working with and managing Cloud environments. E.g., Infrastructure as Code; Terraform, Bicep, CloudFormation etc.
  • Internal technical staff and teams to work efficiently without technical blockers or legacy processes. Suitable account structures are key to this – ensuring that departments and business units have the ability to work in an autonomous way.
  • Cloud consumption by the required teams in an appropriate manner – this means that internal teams need to be supported, via relevant training and certification, or 3rd party support for example. Going into the Cloud without this is likely to lead to problems.
  • Sustainability. This is key to ensure that the environmental impact of consuming Cloud computing is limited and provides enhanced sustainability against traditional resources. There is wealth of information on this subject, for example; AWS WAF Sustainability and Microsoft Learn – Sustainability outcomes and benefits for business.

✅ Secure:

Ensuring security as a result of…
  • Policy Based Compliance and Control – enabling compliance and control without the need to regularly configure or define this on a per-resource basis. Treating resources as child objects of a compliance policies with centralised control, is essential.
  • Suitable levels of logging, monitoring, and auditing. Suitable here is an almost infinitely flexible term – one organizations “this is ideal” is another Organization’s “this is totally unacceptable”. It’s important to define key metrics and levels of monitoring and auditing required. SIEM solutions can help here and provide actions to remediate security issues.
  • Insights based around core metrics and KPIs – this one is also extremely variable, required insights into Resource Health and an organizations applications or services will also vary greatly. The key here is to define these metrics/KPIs, and action suitable insights and monitoring upon them.
  • Suitable monitoring dashboards and notifications. Again here, “suitable” as a definition will vary, but it’s important to consider what monitoring data and dashboards need to be visible. Whilst you don’t want to be overloaded with monitoring data, it’s important that it provides the right insight into the health of your environment.
  • Relevant authentication policies, practices, and ongoing management. This is key – on numerous occasions poorly configured authentication solutions or lack of multi-factor authentication has caused big problems for lots of organizations, so ensuring authentication policies and practises are in place, and working(!), is essential. This goes well beyond just making sure everyone is using MFA or similar – think about policies for managing accounts, joiners/leavers, auditing, alerting and more.
  • Adherence to frameworks or compliance. Whilst I mentioned this earlier, and also mentioned using vendor reference architectures and guidelines, it’s worth mentioning again around security. Often organizations have specific security standards they need to meet – so these need to be considered and actioned as part of any Cloud Foundation. Vendor architectures can provide much needed support when designing for security.

Help and Guidance

Thankfully, there is a huge amount of help and guidance available for getting the right Cloud Foundation in place. Across the various Public Cloud providers, one of the best places to start is by reading the various frameworks and reference architectures. I’ve included links below to Vendor Reference Architectures, Centers, and Frameworks, as well as two useful links for wider Cloud Security reading. I would recommend starting with these first – and then branching out to other frameworks around compliance or security, to broaden your approach and knowledge.

Vendor Architecture Centres and Reference Architectures:

I hope this post has been useful and provided a helpful insight into how a Cloud Foundation can help all types of Organizations – until next time! ✅

Skip to content