In my two-plus decades as a technologist, I\u2019ve remained focused on solving the challenges of complexity. How do you collapse complexity, even as it\u2019s increasing with every day, month, year? This is true across all of IT, but particularly with respect to the cloud.\nThe last decade has spawned fantastic innovation in the cloud, but also complexity like we\u2019ve never experienced. This rapid pace of change\u2014and growing complexity of decentralized implementation\u2014have the potential to slow our adoption of the cloud, and with it, impair our ability to realize cloud\u2019s promise to deliver superior agility and innovation to businesses.\nSimply put: the rate of change in the cloud has surpassed the capability of humans to keep pace.\nSo, has \u201cdigital transformation\u201d evolved from an amorphous buzzword into a force of nature that\u2019s truly bested us? Have the machines won? Should we all just call it quits? At least for the cloud, the answer is \u201cno\u201d and governance as code is the reason why.\nA wise man (OK, it was me) recently predicted that 2018 would bring about the \u201cemergence of roles, processes and technology supporting governance at cloud scale.\u201d While this means huge gains for cloud users, it also involves a pretty seismic shift in the way businesses manage their infrastructure.\nWhy humans can no longer keep up\nThe management of all business services, applications and infrastructure exists in feedback loops that require constant optimization around cost, availability, performance, security and usage. In the pre-cloud era, these feedback loops were so slow they were often not noticed. But today, the intervals are trending towards real-time and testing the limits of our ability to keep pace. In the post-cloud era, it is common to see a three-to-four-order of magnitude increase in the pace of change in equivalent business systems. This rapid acceleration can place IT teams in a reactive, \u201cfire drill\u201d mode that fosters mistakes, makes it hard to drive standardization and best practices, and detracts from the overall success of the business.\nBefore the cloud, applications and infrastructure were centrally controlled by an IT department through centralized management and governance. With the emergence of cloud, there has been a shift in the ownership model that has turned this tried and true approach on its head. The cloud is being adopted and managed not solely by IT, but throughout the enterprise. It\u2019s not uncommon for a large enterprise to have more than 500 teams building, deploying and managing their own cloud applications and infrastructure.\nIn this highly decentralized world, manual governance is no longer sufficient; organizations must find automated ways to maintain governance without sacrificing agility. This governance must be based on internal policies, best practices and reference architectures.\nIn the future, governance as code will be the backbone driving our IT systems and services. It will enable us to deliver consistent, efficient and highly repeating business outcomes at the lowest possible cost, with the maximum availability and security, while also allowing our people to expand into new and higher value-add roles across business.\nOK\u2026but what is governance as code?\nIf you\u2019re involved with managing applications and infrastructure, chances are you\u2019re already relying on declarative and code-driven management of your deployment and configuration. Frameworks like Terraform, Ansible and Chef have fulfilled the promise of infrastructure as code: the ability to rapidly provision, deploy, and configure resources and systems in the cloud. Infrastructure as code has enabled us to move at cloud-speed, eliminating humans from our provisioning processes.\nUnfortunately, once these applications, infrastructure and resources are deployed, we\u2019ve been relying on a combination of people, tools and scripts to keep business running. In many cases, we hope to adhere to standards, implement best practices, maintain security and follow internal policies to ensure we are not taking on any undue risk in our businesses. Too often, we are falling back on our people as a safety net.\nInfrastructure as code is what DevOps and TechOps teams do; governance as code is about codifying how applications and infrastructure should run.\nConsider a future in which smart software actually understood the business service you were delivering\u2014including the underlying applications and resources interoperating to deliver this service\u2014and was capable of weighing performance, reliability and budgetary need to optimize to meet your business needs. In the event a user did deviate from best practices, systems based on governance as code would make a recommendation and drive the necessary changes to maintain the desired state. Some of these changes may involve interacting with people (e.g. opening ServiceNow ticket), but increasingly, many will be done automatically.\nGovernance as code means incredible gains from an efficiency and innovation standpoint. It draws upon principles of machine learning, automation, governance and policy management to remove the legwork from cloud management. In many ways, governance as code will parallel high-frequency trading, which relies on smart business and strategy-aware software and algorithms to achieve outcomes not possible with humans. With governance as code, IT teams can define and automate best practice policies that manage all aspects of services, applications and infrastructure across cost, availability, security, performance and usage.\nIt\u2019s pretty cool stuff.\u00a0\nPutting it into practice\nWhile governance as code is all about smart software, executing a successful initiative requires putting an enterprise-wide strategy in place and a substantial cross-organizational investment. Due to the decentralized adoption of the cloud, it is essential that any implementation complements, supports and enhances the adoption and usage of the cloud across the enterprise.\nAs with all major technology changes, it will require modifications in people, process and technology. Since everyone loves a good list, here are the four steps to follow to implement governance as code:\n\nGet stakeholder buy-in. A good governance as code strategy starts by getting cross-organizational commitment to the need for a revised strategy and agreement on the proposed solution.\nGather ye experts. If you have not invested in building a Cloud Center of Excellence (CCoE), it is imperative to form one now. A successful governance initiative is often driven as an extension of a successful CCoE strategy.\nMap out your attack plan. Establish a governance strategy and be sure to define and adopt policies with cross-departmental best practices in mind.\nDefine & automate policies. Capture your best practices, standards, reference architecture and internal constraints from your organization and teams and automate these rules in the policy engine of your choice. Automating makes life easier and is essential to governing at cloud-speed.\nTrack and trend. Integrate the policies with internal incident and ticketing systems, as well as deliver violations, recommendations and reports to stakeholders, teams and departments. Setting metrics for a cloud program isn\u2019t easy, but done right, it gives you a real way to benchmark and measure ROI.\n\nWe need governance as code \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\nThere has been a disruption in cloud\u2019s complexity core and that disruption needs to take what is done today by people\u2014with their unique intellect and understanding of technical problems\u2014and codify it in terms of rules that policy engines can execute and identify when users deviate from best practices.\nGovernance as code means up-leveling your approach to IT and declaring the state you want your application and\/or infrastructure to operate to via code. One of the best (and, not-so-conveniently, most challenging) realities of cloud computing, is that it\u2019s a relatively new technology that\u2019s been hugely disruptive in a relatively short period. The combination of the rapid pace of change and the highly decentralized adoption of the cloud has brought us to a tipping point. Governance as code taps into collective mindshare from past successes and failures to make it easier for IT teams to maintain speed with control through a sound governance strategy.\nWe need a fundamentally new approach to managing the cloud that allows decentralized teams to adopt the cloud and run at cloud-speed, while still maintaining the best practices and optimum security\/efficiency required by our business.\nWe need governance as code.