Back to library
HomeHomeHow to Herd Clouds and Influence People
How to Herd Clouds and Influence People

How to Herd Clouds and Influence People

How to Herd Clouds and Influence People

Bob Tordella and Nathan Wallace

From chaos to control: one organization's journey to transform enterprise cloud governance.

Now available on Amazon.com: Paperback | Kindle

A Tale of Transforming Cloud Strategy into Governance That Actually Works

Day 1: Gary can't even log in on his first day as cloud architect at Goliath Federal Bank.

500 days later: He's transformed the organization's approach to cloud governance, turning chaos into control and resistance into collaboration.

What happened in between? The messy, human reality of enterprise cloud governance—where the biggest challenges aren't technical, they're organizational. Shadow IT teams, division politics, security incidents, and audit pressures all collide as Gary builds something that's never existed: cloud governance that enables innovation instead of killing it.

This isn't another best practices manual. It's the untold story of why cloud management is so hard at scale, and how one team learned to herd clouds and influence people.

Perfect for IT leaders, cloud architects, and anyone trying to transform technology and teams.

Praise for the book:

"I highly recommend it for anyone wanting change in their organization."
— Michael Hedgpeth, Co-Founder, People Work

"One of the most unique and entertaining technical books I've ever read."
— Dave Shrestha, Enterprise Cloud Architect

"Offers leaders the strategic insights necessary to transform cloud governance from a compliance burden into a competitive advantage."
— Meredith Stein, Co-Author, Unlocking the Power of the Cloud

"The details are spot-on and capture the real challenges of enterprise cloud transformation."
— Otto Aulicino, Sr. Director, IT Security

Get the book: Paperback ($19.99) | Kindle ($9.99)

Or read online for free below.

  • Day 1: Access Denied

    "Your account isn't set up yet."

    Gary stared at the login screen, then at the sticky note with his temporary credentials, then back at the screen. Somewhere in Goliath Federal's maze of cloud accounts lay the infrastructure he was hired to manage. If only he could get in.

    At his last company, this would have taken five minutes. A quick Slack message, an approval, done. But that was a different world - a 300-person tech company where everyone knew everyone meant Gary could just get things done when he needed to.

    "Classic Goliath," chuckled Dennis, a developer who'd been showing Gary to his desk. "Took me three weeks to get access to our development accounts. By t

    Day 1: Access Denied412 words

  • Day 8: Found the Cloud Spend. Sort Of.

    After a week of constant nagging, Gary was able to get access to one of the billing systems.

    Gary opened the cloud billing dashboard for Commercial Banking's accounts. The numbers made him blink. Twice.

    "Not what you expected?"

    A woman at the next desk had noticed his reaction. Her laptop displayed a complex spreadsheet with highlighted cells and multiple tabs.

    "I'm Fran," she said. "Finance. Been trying to reconcile those numbers for weeks."

    "They seem..." Gary searched for a diplomatic word.

    "High? Scattered? Impossible to track?" Fran supplied. "Yes to all three. And that's just Commercial. Wait till you see what the other divisions are sp

    Day 8: Found the Cloud Spend. Sort Of.269 words

  • Day 15: Shadow Accounts

    Gary was still digesting the cloud billing dashboard numbers from last week. After getting access to the primary billing system, he'd been working with Fran from Finance to understand Goliath's cloud spending patterns.

    "I think I've got a handle on these 300 or so AWS accounts we're tracking," Gary said, tapping his pen on a notepad filled with calculations. "Commercial Banking's spending seems particularly high, but at least we can see where most of it's going."

    Fran looked up from her computer with a knowing expression. "That's just the tip of the iceberg. I've been meaning to show you something else." She pulled a folder from her desk drawer and laid out sev

    Day 15: Shadow Accounts620 words

  • Day 16: Ticket Maze

    Gary couldn't stop thinking about the shadow accounts. Teams were bypassing official channels not out of rebellion, but necessity. He needed to understand why.

    "Mind if I shadow you for a bit?" Gary asked Dennis the next morning. "I'd like to see your provisioning process firsthand."

    Dennis looked surprised but nodded. "Sure. Actually, perfect timing. We need to set up a new development environment for a new module."

    They settled at Dennis's desk as he pulled up a browser. "So here's how it usually starts," Dennis explained, navigating to an internal portal. "The official way, I mean."

    Gary watched as Dennis logged into what appeared to be the main IT service cat

    Day 16: Ticket Maze730 words

  • Day 22: Inventory Quest

    A week after exploring the ticket maze with Dennis, Gary was still troubled by a fundamental question: what resources did Goliath actually have in the cloud? His growing collection of cloud cost reports raised more questions than answers.

    "You must be Gary." A man with ServiceNow stickers on his laptop walked up to his desk. "Adam from Asset Management. Heard you've been asking about our cloud inventory."

    "Fran mentioned you might help me match resources to costs," Gary said. "The numbers just don't add up."

    Gary turned his screen to show a spreadsheet. "According to billing, Commercial has over a thousand EC2 instances. But I can only see about four hundred i

    Day 22: Inventory Quest572 words

  • Day 30: Sarah's View

    Sarah took a sip of her coffee as she scrolled through the latest batch of security alerts. Another day, another hundred notifications about misconfigured cloud resources. She'd been the security lead for Goliath's cloud environments for two years, and some days it felt like she was the only one who could see the disaster waiting to happen.

    Her phone buzzed with a calendar reminder: "Cloud Security Sync with Gary."

    It had been a month since Gary had arrived with his ambitious ideas about bringing order to Goliath's chaotic cloud landscape. She liked him, he was sharp and didn't give up easily. But she'd seen this movie before, and it rarely had a happy ending. Usu

    Day 30: Sarah's View833 words

  • Day 38: Perfect Opportunity

    Gary studied the strange patterns in the cloud billing report. After weeks of digging through cost data with Fran, they'd uncovered something promising.

    "Look at this section," Gary said, highlighting a row in the spreadsheet. "AWS EBS storage volumes with no instance attachments. Hundreds of them, just sitting there, incurring charges."

    Fran leaned in for a closer look. "You're right. They're not attached to anything, but we're still paying for them every month." She did a quick calculation. "These unattached volumes alone are costing us over $30,000 a month across the accounts we can see."

    Gary did the math. "That's over $350,000 annually for storage nob

    Day 38: Perfect Opportunity547 words

  • Day 45: Early Adopters

    "I think this should work," Gary said, "But I'm not a developer. I need someone to check my logic."

    Gary reached out to Oscar. He wasn't a proper developer either, but he'd written enough automation scripts for Operations to spot potential issues. Oscar studied the Python script on Gary's screen. "The basic idea is sound. You're querying for unattached volumes, then tagging them for review. After your grace period, you'll snapshot the volumes, then delete anything still tagged." He frowned slightly. "But there are some edge cases you're not handling."

    Gary sighed. "Like what?"

    "What if a volume gets reattached during your grace period? You need to automatically

    Day 45: Early Adopters702 words

  • Day 52: Barry's Kingdom

    "The Commercial Banking Division isn't interested."

    Gary stared at the email, reading it for the third time. After the success with Peter's team and several other early adopters, he'd sent a proposal to extend the cost savings initiative across all divisions. Most had responded positively or at least asked for more information, except Commercial Banking.

    Their response was just six words, a blunt dismissal.

    "Did you see this?" Gary asked Fran, showing her the email.

    She grimaced. "Ah, you've met Barry. Well, not really met him, but felt his presence."

    "Barry?"

    "Barry Swinton, Commercial Banking's IT director. Twenty years at Goliath. Runs their IT function

    Day 52: Barry's Kingdom876 words

  • Day 60: Dennis's Dilemma

    Dennis closed the email about Gary's cost optimization efforts and stared at his screen. The proposal made perfect sense, a simple automation to clean up unattached volumes and reduce cloud waste. Peter's team was already using it with good results. His own team should probably do the same.

    And yet, he couldn't bring himself to reply.

    It wasn't that saving money was a bad idea. But adopting it now meant admitting something uncomfortable: they'd been wasting money all along. Money they could have saved months ago if they'd prioritized it.

    He glanced at the whiteboard across from his desk, where he'd mapped out the next six sprints for the mobile banking app. U

    Day 60: Dennis's Dilemma533 words

  • Day 75: Wall of No

    "The cost savings initiative isn't getting traction with the larger divisions."

    Gary looked up from his laptop as Fran dropped into the chair across from his desk. After the successful pilots with Peter's team and a handful of others, they'd presented the results to the rest of the organization, expecting broader adoption. Instead, they'd hit a wall.

    "What's the pushback?" Gary asked, though he had a good guess.

    Fran placed a folder on his desk. "Here are the responses. Commercial Banking we already knew about; Barry shut that down immediately. But even Retail and Wealth Management are hesitant."

    Gary flipped through the emails. The objections varied in wording bu

    Day 75: Wall of No757 words

  • Day 79: Divided We Stand

    Gary reviewed his slides one last time before the divisional IT leaders’ meeting. Charles had given him fifteen minutes to present the cost savings initiative and its results. Easy to understand data, compelling examples, straightforward next steps; it was all there.

    "Ready?" Charles asked, poking his head into the conference room where Gary was setting up.

    "As I'll ever be," Gary replied, trying the third dongle to finally get his laptop connected to the projector.

    The room filled quickly with division IT directors and their deputies. Barry arrived last, taking a seat directly across from Gary, his expression carefully neutral.

    Charles opened the meeting wi

    Day 79: Divided We Stand536 words

  • Day 80: Second Thoughts

    Gary replayed the meeting in his mind. What had gone wrong? The data was sound. The approach was proven. But he'd underestimated how protective divisions would be of their autonomy, and how easily they could delay action by demanding more analysis.

    Fran showed up at his desk. "How did it go?"

    "We got 'agreement in principle' and a list of barriers that will keep us from actually doing anything," Gary replied. "They all want more context, why resources exist, who owns them, and what business function they serve."

    "That's the tagging problem," Fran said. "Without consistent resource tagging, you can't tell what anything is for or who owns it."

    Gary thought abou

    Day 80: Second Thoughts338 words

  • Day 82: Tag Wars

    "temp-do-not-delete. Is this really a tag in production?"

    Gary stared at his screen in disbelief. He'd been reviewing resource tags across Goliath's cloud accounts for three days, building a case for standardization. What he'd found was digital chaos.

    "That server's been running for six months," Fran said, looking over his shoulder. "Monthly cost of about $500."

    "And no one knows what it's for?" Gary asked.

    "Well, someone naming it ‘temp-do-not-delete’ implies they knew at some point." Fran pulled up another screen. "But look at this monthly cloud cost review. See how many different values we have just for the 'environment' tag?"

    Gary scanned the list: "prod, pro

    Day 82: Tag Wars975 words

  • Day 83: Peter's Progress

    Peter watched yesterday's tagging standards meeting unfold with a mix of frustration and déjà vu. Another well-intentioned initiative that seemed simple in concept but proved complex in practice, bogged down by competing divisional requirements and organizational complexity.

    Gary's frustration was visible as the room emptied. Three simple, mandatory tags seemed like such an obvious starting point. But to the other divisions, it was either too simplistic or too intrusive. There was no middle ground to be found.

    When Peter showed Gary how his team had been handling tagging for the past two years, he looked like he wanted to bang his head against the wall. They'd

    Day 83: Peter's Progress972 words

  • Day 90: Endless Loop

    Gary stared at his inbox with growing frustration. Over a week had passed since he'd sent his revised tagging proposal to the divisional representatives, incorporating their feedback from the meeting. So far, he'd received exactly two responses.

    One from Peter's team: "Looks good. Ready to support implementation whenever others are on board."

    And another from Wealth Management: "Need more time to review. Will share feedback by next week."

    The rest? Silence.

    "Any update on the tagging initiative?" Fran asked, stopping by his desk.

    "Still waiting on responses," Gary replied. "I've followed up twice, but most teams aren't engaging, and getting a follow-up meeting

    Day 90: Endless Loop620 words

  • Day 97: Breaking Point

    Gary stared at the latest cloud cost report, his frustration mounting. Despite the success with Peter's team and a handful of others, the larger divisions continued to resist even the most basic optimizations. The wasted spend was now projected to exceed $1 million annually, money that could be funding innovation instead of idle resources.

    "Three months in and all I have to show is a few pilot projects," Gary muttered to himself. The early wins with friendly teams had created momentum, but that momentum had crashed into the wall of divisional politics.

    Three separate tabs were open on his browser: a presentation deck from Commercial Banking showing their "cloud

    Day 97: Breaking Point825 words

  • Day 105: The Big Announcement

    "This is a mistake," Sarah whispered as Gary adjusted his collar in the reflection of his laptop screen. "You're moving too fast."

    "We've been moving too slow for months," Gary replied, reviewing his presentation slides one last time. "Sometimes you need to rip off the band-aid."

    The quarterly IT townhall was already underway when Gary and Sarah slipped into the back of the large conference room. Charles had been running through the standard updates, security metrics, project status reports, and the usual departmental highlights. Most attendees were half-listening while checking emails or finishing reports due later that day.

    Division IT leaders and thei

    Day 105: The Big Announcement1,178 words

  • Day 112: Barry's Victory

    Twenty years at Goliath gave Barry perspective. He'd seen central IT initiatives come and go like quarterly fashion trends. Grand visions announced with fanfare, implemented half-heartedly, then quietly abandoned when the next big idea came along. Gary's cloud standards push was just the latest chapter in this predictable story.

    Barry didn't set out to torpedo his initiative. The man had good intentions and some valid points about cost optimization. But the moment he tried to mandate how Commercial Banking ran its technology, the outcome was inevitable. His division generated a third of the bank's profits. They didn't take orders from support functions; they se

    Day 112: Barry's Victory862 words

  • Day 120: The Aftermath

    Two weeks after the townhall, Gary could still feel the ripple effects. Meeting invitations went unanswered. Emails received delayed responses. Teams that had been working productively with his group suddenly had "competing priorities."

    "This morning, I got copied on a message from Barry to his team," Fran said, stopping by Gary's desk. "They're implementing their own cost optimization initiative. Using a lot of the same approaches we presented, just with a different name."

    "And without collaborating with us," Gary added.

    "Without even acknowledging us," Fran corrected. "The message made it sound like it was their idea from the start."

    Gary wasn't surprised. I

    Day 120: The Aftermath708 words

  • Day 127: Warning Signs

    "You need to see this."

    Sarah placed a printed report on Gary's desk, her expression grave. It was a security scan of the Commercial Banking division's development accounts. Red highlights and critical warnings filled the pages.

    "These are just from the last two weeks?" Gary asked, flipping through the report.

    "Yes, and it's getting worse," Sarah replied. "We've gone from twelve critical findings last month to thirty-seven this month. S3 buckets with public access, IAM roles with admin privileges, missing encryption, API endpoints without proper authentication."

    Gary studied the report more closely. Most of the vulnerabilities were in development environments,

    Day 127: Warning Signs605 words

  • Day 134: First Alert

    Sarah had spent months getting her CNAPP tool access to Commercial Banking's most critical cloud production accounts. Since then, the backlog of critical security issues identified had been growing, and none of the alerts had received any response from application teams.

    She called Gary. He picked up right away.

    "Gary, remember that vulnerable IAM role we flagged in Dennis's FinTech environment with overly permissive S3 permissions? Our CNAPP tool just triggered a high-priority alert on suspicious activity patterns using that role."

    "What kind of suspicious activity?" Gary asked, already reaching for his jacket.

    “The CloudTrail audit logs from AWS are showing th

    Day 134: First Alert1,115 words

  • Day 137: Blind Spots

    "So do we know how many other accounts might have this vulnerability?"

    The question came from Charles, who had called an emergency meeting with Gary, Sarah, and the division IT leaders. Three days after Jason's unauthorized data migration had triggered their security response, the initial relief had given way to a deeper concern: if this could happen in one account, where else could it happen?

    Gary glanced at the presentation he'd prepared. "That's precisely the challenge we're facing. When we tried to compile a comprehensive inventory of similar IAM roles across all divisions, we hit a wall."

    Barry looked up from his notes. "What kind of wall?"

    "Remember the ta

    Day 137: Blind Spots920 words

  • Day 140: Sarah's Crisis

    Three years at Goliath, and Sarah had never seen anything like the past week.

    Her desk was covered with printouts of security findings collected over months. Vulnerable IAM roles, exposed S3 buckets, excessive permissions. Warnings that went unheeded, tickets closed without action.

    Now, suddenly, everyone cared.

    The Jason incident changed everything. Not because it was severe, but because it exposed all their vulnerabilities at once. Functionally, it was a stress test revealing how fragile their cloud security really was.

    Sarah stared at the list of accounts they were trying to inventory. Some they'd known about but couldn't scan. Others visible in billing bu

    Day 140: Sarah's Crisis739 words

  • Day 143: Hidden Connections

    It was day six of their account inventory initiative following the Jason incident. After Cathy's directive to identify all cloud accounts and their critical resources, Gary had been working out of a conference room that Charles's executive assistant had arranged for him. Sarah had been devoting significant time to help Gary, recognizing that this initiative directly addressed security vulnerabilities her team had been flagging for months. The room had quickly become cluttered with diagrams and notes. Whiteboards now covered every wall with account diagrams, IAM role mappings, and a growing list of security findings that seemed to multiply by the hour.

    "Wait,

    Day 143: Hidden Connections715 words

  • Day 146: Coming Together

    Three days had passed since they'd discovered the complex cross-account dependencies. What had started as mapping cloud accounts had naturally expanded as they uncovered more issues needing immediate attention.

    The conference room had transformed in the past week. Originally just a place to track accounts, it now served as a hub where people from different teams would stop by to work on specific problems they'd identified.

    "Dennis, what progress have you and your team made with those IAM permissions we discussed?" Gary asked as Dennis arrived with his laptop.

    "We've begun tackling the excess permissions issue from two angles," Dennis explained. "First, immedi

    Day 146: Coming Together585 words

  • Day 160: Audit Pressure

    "I think we're ready for tomorrow's follow-up meeting with Isabel," Gary said, reviewing the slides one last time with Sarah.

    Two weeks of work had given them unprecedented visibility into their cloud landscape. They had identified 128 critical security issues, with Dennis's team addressing a few of the most urgent ones, but the vast majority remained in various stages of assessment.

    "The metrics show what we've discovered," Sarah noted, "but Isabel emphasized that she expects more than just identification and ad hoc fixes."

    "Exactly," Gary replied. "She's looking for a sustainable process for managing these environments long-term, not just a one-time response

    Day 160: Audit Pressure705 words

  • Day 167: The Cloud Excellence Committee

    "So we're really doing this," Sarah said, studying the proposal Gary had just finished refining on his laptop.

    A week after the meeting with Isabel from Audit, Gary and Sarah were putting the final touches on the Cloud Excellence Committee charter. What had started as a response to compliance concerns had evolved into something more ambitious as they incorporated feedback from across the organization.

    "It's not what I originally envisioned," Gary admitted, "but it might be even better."

    On screen was the formal charter for the Cloud Excellence Committee (CEC). A Shared Services team from central IT that would bring together Security, Operations

    Day 167: The Cloud Excellence Committee1,163 words

  • Day 174: Executive Sponsorship

    "Check your email," Sarah said, poking her head into Gary's office. "Charles just sent something to all of IT."

    Gary opened his inbox to find a message from the Head of Technology Operations at the top of his unread list. The subject line was simple but impactful: "Cloud Excellence Committee (CEC) - Executive Announcement."

    As he read through the message, Gary felt a growing sense of surprise. This wasn't the usual corporate announcement filled with vague platitudes and general encouragement. It was detailed, specific, and most importantly, it put Charles's full executive weight behind the cloud transformation efforts.

    "The Cloud Excellence Committee r

    Day 174: Executive Sponsorship810 words

  • Day 180: Unexpected Ally

    Gary was reviewing the first draft of account consolidation recommendations when his phone buzzed with an unexpected message from Dennis: "Got time to talk about cloud organization?"

    After reading it twice to make sure he wasn't imagining things, Gary replied with a meeting time. Dennis had been cordial since the security incident and had participated in the cross-divisional work, but he certainly hadn't sought Gary out for additional initiatives.

    An hour later, Dennis arrived at Gary's office, laptop in hand and expression serious.

    "Thanks for making time," Dennis said, settling into a chair. "I've got a situation I think you might be able to help with."

    Ga

    Day 180: Unexpected Ally805 words

  • Day 187: Small Victories

    "So where do we stand?" Charles asked, leaning forward in his chair.

    A week had passed since the Cloud Excellence Committee's second meeting, and Charles had requested a status update from Gary and the team leads. The conference room held an unusual mix of participants: Gary, Sarah, Adam, Fran, and, most surprisingly, Dennis joining virtually from a business trip.

    "We're making progress on multiple fronts," Gary began, displaying a simple dashboard showing their initial initiatives: account consolidation, security remediation, and tagging standards. "But we need to be strategic about our focus."

    "Let's start with the account consolidation pilot with Dennis's

    Day 187: Small Victories762 words

  • Day 194: Fran's Finances

    She’d been working for a year now as Goliath Federal's Cloud Financial Analyst, and Fran still couldn't believe what she was seeing.

    The spreadsheet on her screen showed cost data from Dennis's accounts that had joined their consolidated account structure. For the first time, she had actual visibility across multiple business units. Not estimates or projections. Real, accurate, comprehensive numbers.

    When Fran took this job after eight years in traditional IT financial management, she thought she understood enterprise technology spending. You forecasted hardware purchases, tracked depreciation schedules, managed maintenance contracts. It was predictable, cycli

    Day 194: Fran's Finances881 words

  • Day 201: The Account Gateway Project

    "This is a natural next step from the account organization work," Gary explained, sketching a simple diagram on the whiteboard.

    Two weeks after prioritizing moving cloud accounts under a master organization, the CEC had turned its attention to planning the next strategic initiative. The account migration had gained enough momentum that they could begin thinking about what came next.

    "First question, what do we call these things?" Gary asked with a slight smile. "AWS calls them accounts, Azure calls them subscriptions, Google calls them projects. Let's just say 'cloud accounts' for sanity's sake."

    This drew a few chuckles around the room. These sma

    Day 201: The Account Gateway Project581 words

  • Day 208: Champions Assemble!

    "Tell me about this Cloud Champions program," Charles asked.

    Gary had just finished updating Charles on the Account Gateway progress and was about to leave when he raised the question.

    "It's not a formal program yet," Gary admitted. "Just an idea we developed in yesterday's CEC meeting. While the committee is helping align our Shared Services teams, we've noticed we need better connections to the divisions themselves. The initial surge of engagement after the Jason incident has naturally tapered off."

    "What we're seeing," Gary continued, "is that when changes come from central IT alone, there's often resistance or misunderstanding. But when someone from w

    Day 208: Champions Assemble!781 words

  • Day 215: First Light

    "It's not much to look at yet," Gary cautioned as he pulled up the new cloud report on the projection screen. "And I want to emphasize this is very much a work in progress."

    The CEC had gathered for their regular meeting, but today featured something new: the first version of what Adam was calling their "Single Pane of Glass" for cloud visibility.

    "We've been collecting data for weeks," Adam explained, taking over the presentation. "From the account organization work, security assessments, and cost analysis. Until now, all that information lived in separate tools and spreadsheets. This report brings it together in one place, at least what we have so far."

    The scr

    Day 215: First Light815 words

  • Day 222: Barry's Wall Cracked

    Twenty years at Goliath, and Barry had seen them all come and go. New leaders. New initiatives. New buzzwords.

    Barry had survived seven reorganizations, four strategic transformations, and more "game-changing" initiatives than he could count. Commercial Banking continued to deliver regardless, because they focused on their business, not the latest corporate fad.

    But this cloud stuff... it was different.

    Barry would admit, though never publicly, that Gary's team was actually making progress. Not the sweeping transformation they thought they were creating, but meaningful improvements in specific areas. The account organization had simplified their billing.

    Day 222: Barry's Wall Cracked930 words

  • Day 236: System Shock

    The alert came at 3:17 AM.

    By 3:30 AM, Gary was on the incident bridge call from his home office, trying to make sense of multiple voices talking over each other in barely contained panic.

    "Can someone give me the latest status?" Gary asked, cutting through the noise.

    Oscar took the lead. "Multiple production services down across three divisions. Started with an authentication failure in Commercial Banking, then cascaded to payment processing and customer account access."

    "Any recent changes?" Gary asked.

    "Commercial Banking deployed an identity federation update yesterday, but it passed all tests," Dennis replied. "AWS is also reporting degraded network conne

    Day 236: System Shock848 words

  • Day 243: Blame Game

    "I thought we'd moved past this," Gary muttered as he scanned the latest email thread.

    A week after the major cloud outage, what had started as a constructive post-mortem process had devolved into finger-pointing. The collaborative spirit during the incident had evaporated once the immediate pressure was off.

    The executive summary for the Executive Technology Committee had triggered the shift. Each division had carefully worded their contributions to cast themselves in the most favorable light.

    Commercial Banking minimized the role their authentication service played in the cascade failure. Retail Banking highlighted that their newer services had experienced minim

    Day 243: Blame Game655 words

  • Day 250: Unexplored Territory

    Gary studied the organization chart on his screen, focusing on the divisions they hadn't yet engaged in their cloud initiatives. While they'd made significant progress with forward-leaning teams like Peter's and even gained traction with more traditional divisions like Commercial Banking, several large portions of Goliath remained untouched by their cloud work.

    "Completely unexplored territory," Gary murmured.

    "What's that?" Sarah asked, stopping by his office.

    "I've been mapping our engagement across the organization," Gary explained, turning his screen toward her. "See these highlighted areas? Risk Analytics and Enterprise Data Services teams have been

    Day 250: Unexplored Territory725 words

  • Day 257: Charles's Strategic Pivot

    The conference room was quiet as Charles reviewed his notes before the IT Steering Committee meeting. As Head of Technology Operations, these quarterly gatherings with division IT leaders and business stakeholders were his opportunity to shape Goliath's technology direction. Today, he was taking a calculated risk.

    Gary's discovery of untapped divisions like Risk Analytics and Enterprise Data Services had given Charles an idea. For months, they'd positioned cloud as an infrastructure initiative, focusing on migration, standardization, and operational efficiency. But these data-intensive teams needed something different. They needed business capabilitie

    Day 257: Charles's Strategic Pivot808 words

  • Day 264: Turning Point

    "So where do we go from here?" Gary asked, looking around at the Cloud Excellence Committee members gathered in the conference room.

    Since launching their cloud dashboard, a pattern had emerged. New accounts provisioned through the Account Gateway showed significantly higher compliance rates than older environments. The baseline configurations implemented key controls from the start, while existing accounts struggled with manual remediation.

    "Let me show you something telling," Adam said, displaying a comparison chart. "Accounts created through the Account Gateway process show 87% compliance with our baseline standards. Pre-Gateway accounts average only 42%, des

    Day 264: Turning Point654 words

  • Day 271: Isabel's Assessment

    "Trust, but verify." That was the unofficial motto of the Internal Audit team at Goliath Federal Bank, and it was one Isabel lived by. Unlike many of her peers who treated cloud environments like traditional data centers, she'd recognized that cloud required a different approach entirely. The dynamic, software-defined nature of cloud demanded a more pragmatic stance balancing control with innovation, compliance with momentum.

    Isabel reviewed her findings in their GRC risk management platform one last time before heading to the quarterly Audit Committee meeting. She'd be presenting their assessment of the maturity of Goliath's cloud controls, and the stakes

    Day 271: Isabel's Assessment995 words

  • Day 275: Framework Emerges

    "These audit findings are both a challenge and an opportunity," Gary said, reviewing Isabel's report with the Cloud Excellence Committee. Just a few days had passed since her presentation to the Audit Committee, and the CEC had gathered for a focused working session on their response.

    "Isabel's assessment was fair," Sarah noted. "We've made significant progress on visibility and standards, but we're still struggling with consistent implementation and remediation."

    Gary nodded in agreement. "The audit findings highlight that we need to connect our cloud work to the bank's formal control requirements."

    "What exactly did the Audit Committee request?" Nancy ask

    Day 275: Framework Emerges800 words

  • Day 278: Framework Revealed

    Gary arrived early to set up for the cloud framework presentation. Just three days after the CEC had decided on their approach, this would be their first opportunity to share it with the broader organization.

    The meeting included the Cloud Excellence Committee members along with the Cloud Champions, those key individuals from each division who had emerged as natural advocates for cloud best practices. If they could gain support from this group, broader adoption would be much more likely.

    "Over the past several months, our team has been reacting to incidents, trying different recommendations, and learning through trial and error," Gary began once everyone ha

    Day 278: Framework Revealed974 words

  • Day 285: Cost Control

    "Cost optimization is just as critical as security," Fran emphasized, presenting to the smaller group that had assembled for the financial management session.

    One week after the presentation on CIS security controls, Fran had organized a focused workshop on cloud financial management. While security controls had understandably taken priority following Isabel's audit findings, the financial aspects of cloud usage couldn't be neglected.

    "Our cloud costs have increased 42% year-over-year, while our actual workload volume has grown only 18%," Fran continued, displaying a chart showing Goliath's cloud spending trends.

    The room included financial analysts from several

    Day 285: Cost Control600 words

  • Day 290: Barry's Shift

    Barry studied the CIS controls mapping document on his screen, brow furrowed in concentration. Five days after Fran's financial management presentation, Dennis had requested this meeting to discuss Commercial Banking's approach to the security controls.

    "So what's your assessment?" Barry asked, gesturing to the document.

    "It's more focused than I expected," Dennis replied. "Using CIS Benchmarks and mapping them to IAPPs addresses many security challenges we've been facing, particularly around providing actionable guidance for different cloud services."

    "And the phased approach makes sense," added Mike, Dennis's technical lead. "We can prioritize our efforts rat

    Day 290: Barry's Shift769 words

  • Day 302: Building Momentum

    "We've got a problem, but it's a good problem," Gary said, looking up from his laptop during the weekly CEC meeting. "The CIS implementation assessment requests are exceeding our capacity to support them."

    "It's not just the divisional IT teams," Sarah noted. "We're getting requests from individual application teams for guidance on specific controls. They want personalized advice on implementing benchmarks in their particular environments."

    "The approach we took with Risk Analytics and Enterprise Data Services is working well," Gary observed. "Being active in architecture reviews and providing implementation support has shown real value. Now other teams want

    Day 302: Building Momentum844 words

  • Day 309: Cloud Team Evolution

    Charles had called a meeting with the CEC members to discuss the team's growing responsibilities and organizational structure. It was time to elevate their approach and position.

    "Thank you all for coming," Charles began once everyone had settled. "I've been reflecting on how far we've come since we first brought Gary on board to help mature our cloud operations."

    He looked around the room at the assembled team. "When we hired Gary, we needed someone to make cloud a first-class citizen within central IT, to find patterns across our scattered workloads, and to bring some cohesion to our approach. A lot has progressed since then."

    Charles continued, "We've

    Day 309: Cloud Team Evolution731 words

  • Day 315: Conference Invitation

    "The CloudNexis conference," Gary said, studying the invitation in Charles's office. "They want you to present on Goliath's cloud journey?"

    Charles nodded. "They've been reaching out for years. I've always declined as we weren't ready to share our story. But after everything we've accomplished in the last few months..."

    "A lot has changed," Gary agreed. "From struggling to identify shadow accounts to building a real cloud management approach."

    "Which is why the timing of this works well," Charles said. "Our management formally approved your newly defined role as Cloud Governance Director, reporting directly to me. Real expectations now to build a formal

    Day 315: Conference Invitation499 words

  • Day 329: Alert Fatigue

    "Teams are overwhelmed with alerts," Gary explained, spreading printouts across the conference table. "After talking with several application teams, I'm hearing the same feedback repeatedly."

    Two weeks had passed since the CloudNexis invitation, during which Gary had been deeply engaged in defining his new role. He'd spent time with key business units and application teams, getting a more complete picture of their challenges with cloud adoption.

    Today's meeting with Sarah, Adam, Fran, and Oscar was focused on a persistent problem: teams struggling to respond effectively to cloud issues despite having monitoring tools in place.

    "Here's what I'm hearing from almo

    Day 329: Alert Fatigue762 words

  • Day 336: Lost in Translation

    "It looks like a technical document written by security engineers for other security engineers," Dennis said bluntly, sliding Gary's cloud framework document across the table. "My developers won't read past the first paragraph."

    A week after identifying the visibility gap, Gary had attempted to translate their cloud control framework into implementation guidance for application teams. He had approached it like a standard operating procedure that was technical, comprehensive, and meticulously documented. The feedback was direct. The guidance wasn't connecting with the people who needed to use it.

    "I appreciate the honesty," Gary replied. "What specifically

    Day 336: Lost in Translation755 words

  • Day 343: Control Rollout

    "Sending better emails isn't enough," Gary said, opening their follow-up meeting on control implementation. "We need a more structured approach to rolling out controls across the organization."

    The team had gathered to build on their improved communication template. Dennis's feedback on their prototype had been positive, but highlighted a deeper challenge: even well-crafted guidance would fail without a thoughtful implementation strategy.

    "I've been thinking about this in terms of organizational change management," Gary continued. "Each control we implement represents a change that teams need to absorb and adopt. We need to treat these rollouts with the same c

    Day 343: Control Rollout806 words

  • Day 350: Exception Dilemma

    "Our team needs an exception for the 'No Public AWS EBS Snapshots' control," Dennis explained, pointing to the architecture diagram on his screen. "We have these snapshots shared with our disaster recovery provider, who operates in a separate AWS account."

    Gary had convened a meeting with Dennis and his team to discuss their first formal exception request since implementing the snapshot restriction control rollout. While most applications had been able to comply without issue, Dennis's disaster recovery integration posed an edge case to consider.

    "The security scan flags them as non-compliant because they're not private to our account," Dennis continued. "Bu

    Day 350: Exception Dilemma679 words

  • Day 357: Remediation Roundabout

    "I feel like I'm spending half my day just managing this spreadsheet," Gary muttered, scrolling through the massive tracking document that had become the center of his working life.

    Seven days after their first major exception discussion, the “No Public AWS EBS Snapshots” rollout had moved to the "Check Phase” for several test accounts, with automated scanning and generating alerts for non-compliant buckets. What had seemed straightforward in theory was proving far more complex in practice and repeating where the team had been before the rollout process.

    Gary toggled between the security dashboard and his tracking spreadsheet, manually reconciling the d

    Day 357: Remediation Roundabout715 words

  • Day 364: Enforcement Experiment

    "How exactly would automated enforcement work with our current setup?" Sarah asked, studying the whiteboard where Gary had sketched out some initial ideas.

    A week after identifying the remediation challenges, Gary, Sarah, and Oscar were brainstorming solutions to the growing alert fatigue problem. The manual remediation approach clearly wasn't scaling, and teams were increasingly asking for help.

    "We've already defined the Enforce Phase in our rollout model," Gary replied, "but we need to determine how it works in practice. I'm thinking we could start with a simple script that automatically sets snapshots to private."

    Sarah nodded slowly. "Our security

    Day 364: Enforcement Experiment761 words

  • Day 371: Risk Analytics Opportunity

    "We'd like to build a new fraud detection system using cloud-based AI and machine learning services," Robert explained, spreading architecture diagrams across the conference table. "But we need help making sure we do it right from the start."

    "Tell me more about what you're trying to accomplish," Gary said, studying the diagrams.

    Robert, the Risk Analytics director, explained their vision, "This would consist of a machine learning system that could analyze transaction patterns to identify potential fraud in real-time. We believe we need to leverage additional cloud native AI and ML services like AWS Bedrock, SageMaker and Comprehend, but we’re conce

    Day 371: Risk Analytics Opportunity685 words

  • Day 378: Bridging Visibility to Action

    "So that's our current process," Gary concluded, gesturing to the whiteboard filled with arrows connecting various tools, spreadsheets, and manual steps. "It's functional, but it isn't scalable."

    Gary had called a working session with the core members from the Cloud Excellence Committee to evaluate their cloud governance approach. Sarah from Security, Fran from Finance, Adam from Asset Management, Oscar from Operations, Nancy from Networking, and Isaac from Identity Management gathered around the table, studying the increasingly complex diagram.

    Gary had mapped out their governance ecosystem on the conference room whiteboard. The resulting diagra

    Day 378: Bridging Visibility to Action1,206 words

  • Day 385: Platform Exploration

    "Let me summarize what we've found," Gary said, gesturing to the whiteboard where he'd organized their findings. He and Mark had spent the week researching cloud governance platform options, with input from Sarah and Fran on specific requirements.

    "We evaluated five distinct categories of solutions," Gary continued, writing each on the whiteboard.

    Developer-Centric & Open-Source Tools

    "Several platforms, both commercial and open-source, promise complete flexibility through code-based policy engines," Mark explained. "They're powerful, offering customization through infrastructure-as-code approaches."

    Gary nodded. "But they essentially require us to

    Day 385: Platform Exploration730 words

  • Day 392: Business Case

    "Automating the cloud governance process sounds promising," Charles said, reviewing the presentation Gary had prepared. "But help me understand why we can't accomplish this with our existing tools and processes."

    Gary, Mark, Fran, and Sarah had gathered in Charles's office to present their business case for a cloud governance platform.

    "Our cloud adoption has accelerated faster than we anticipated," Gary began. "Mark is spending most of his time helping teams onboard to our landing zones, while I'm trying to manage the growing backlog of governance issues our visibility tools are identifying."

    Gary displayed a dashboard showing alerts from their monitoring tool

    Day 392: Business Case1,120 words

  • Day 399: Savings Mandate

    "Fifteen percent reduction in cloud spend across all divisions. By the end of next quarter." Fran said in the doorway, startling Gary in his office.

    An email from Charles forwarded a mandate from the CIO about a company-wide cost-cutting initiative. Shared Services was tasked with leading the effort, and cloud spending was squarely in the crosshairs as one of the most controllable expenses.

    "Travel expenses first, then technology investments," Fran remarked, recalling the message. "Hope this doesn't affect our plans to bring a crowd to CloudNexis."

    They'd just started their platform pilot after Charles's approval. Their sandbox environments were connected, an

    Day 399: Savings Mandate681 words

  • Day 406: Growing Momentum

    "In just one week, we've removed nearly 1,100 aging snapshots across four accounts," Gary explained, displaying the dashboard on the conference room screen. "The annualized savings is approximately $38,000, and that's just from a single control in a handful of accounts."

    Charles reviewed the metrics carefully. A week after implementing their first automated cost control through the governance platform, Gary had called this meeting to share the initial results. Fran sat nearby, adding context to the financial data.

    "Beyond the direct savings," Fran added, "we've established continuous compliance with IAPP control DM-42 for backup retention. The platform is now

    Day 406: Growing Momentum668 words

  • Day 413: Barry's Pivot

    Barry reviewed the latest implementation metrics from the snapshot cleanup control. In just one week, Commercial Banking had removed 843 aging snapshots, yielding $22,000 in annualized savings with virtually no disruption to their development teams.

    "The automated enforcement is working well," Mike reported during their morning update. "No manual intervention or exceptions required from our side."

    Barry nodded, tapping his pen against the polished surface of his desk, a habit that over his twenty years at Goliath had become a tell that he was genuinely pleased with something. "What's next?"

    "Gary's team is proposing idle resource shutdown as their next control,

    Day 413: Barry's Pivot552 words

  • Day 420: Platform Commitment

    "Two weeks, two controls, and tangible results," Gary summarized, presenting the dashboard metrics to Charles. After their initial pilot with the snapshot cleanup control and the recent expansion to idle resource management, this meeting would determine their formal commitment to the governance platform.

    "The numbers are compelling," Charles agreed, studying the data. "Nearly $100,000 in annualized savings identified already, with minimal disruption to teams."

    Gary nodded, feeling confident in their approach. "We strategically chose cost optimization controls for our initial pilots because they demonstrate immediate, tangible ROI that's easy to measure. Th

    Day 420: Platform Commitment861 words

  • Day 431: Governance Review, Part One

    "Let's take stock of where we are," Gary announced, bringing up a dashboard on the conference room screen. Eleven days had passed since their formal commitment to the governance platform, and today would be their first structured governance review, now establishing the process they'd promised Charles they would follow.

    The core team had assembled for the review session, with representatives from Security, Finance, Operations, Asset Management, Networking, and Identity Management.

    "I've organized this review into four sections," Gary explained. "Account onboarding status, active controls evaluation, application team feedback, and future control plan

    Day 431: Governance Review, Part One756 words

  • Day 431: Governance Review, Part Two

    Gary pulled up their prioritized list of potential controls, shifting the discussion from current progress to the future direction.

    "We need to evaluate what comes next after we complete our current migration efforts," he began. “Let’s assume we could implement just two new controls per month to allow time for teams to adapt while maintaining steady progress."

    Fran displayed their analysis, extracted from monitoring tools. "We've aggregated recommendations from our FinOps platform, CNAPP tool, and operational monitoring systems."

    "We've tried developing scoring models, but honestly, the prioritization comes down to judgment calls," Gary admitted.

    Day 431: Governance Review, Part Two691 words

  • Day 435: Change Absorption Capacity

    "Why are we limiting ourselves to two controls per month?"

    Oscar's question from the governance review meeting had been nagging at Gary for days. It seemed like a reasonable challenge. They had the platform, they had identified dozens of needed controls, so why move so slowly?

    Gary had called Sarah and Mark into his office to hash this out properly.

    "I keep coming back to Oscar's point," Gary began. "We have the capability to deploy controls faster. Are we being artificially conservative?"

    Sarah pulled up her laptop, showing their current deployment timeline. "Let's think about what 'two controls per month' actually means for teams. Each control r

    Day 435: Change Absorption Capacity576 words

  • Day 437: Preventive vs. Detective Controls

    "Should we prevent teams from creating public S3 buckets, or just detect and fix them afterward?" Sarah asked, pulling up a specific example on her laptop.

    Two days after their change absorption discussion, Gary had gathered the core team to tackle another fundamental governance question: how much should they prevent versus detect and correct?

    "It's the classic security versus agility debate," Gary replied, studying the example. "But I think we're approaching this wrong. It's not just about risk level; it's about what happens when we get the decision wrong."

    Mark looked puzzled. "What do you mean?"

    "Prevention can break legitimate automatio

    Day 437: Preventive vs. Detective Controls663 words

  • Day 441: Remediation Challenge

    "What do you mean the test database is offline?" Gary asked, the urgency in Dennis's voice immediately putting him on alert. It was 7:30 AM, and he'd barely settled at his desk when the call came in.

    "The security group rule standardization control suddenly started enforcing in our dev environment," Dennis explained. "It removed a rule that our database cluster depends on. The developers can't access their data."

    Gary felt his stomach tighten. Ten days after their governance review, they'd been making steady progress migrating controls to the platform. The control had passed through the “Preview” and “Check” phases, but enforcement wasn't supposed to aff

    Day 441: Remediation Challenge642 words

  • Day 443: Policy Logic and Control

    "We need to talk about control logic," Gary said, settling into the conference room where Sarah, Mark, and Oscar had gathered for a follow-up discussion.

    Two days after Dennis's team had experienced the automated remediation triggered by a tag misspelling, the implications were still reverberating through the Cloud Governance Team's thinking about policy design.

    "The incident exposed something fundamental about how we're designing our controls," Mark began, pulling up their current policy configurations. "We're writing logic that assumes perfect conditions without thinking through all the scenarios."

    Sarah nodded. "Our security group control was desi

    Day 443: Policy Logic and Control585 words

  • Day 448: Exception Process

    "We need to talk about what happens when controls don't fit," Gary said, sketching on the whiteboard in the conference room. "Not just the edge cases, but the everyday reality of managing alerts and exceptions."

    A week after the tag misspelling incident, the Cloud Governance Team had convened to address a growing challenge: how to handle the flood of alerts that didn't require immediate action, shouldn't be ignored indefinitely, but also didn't need policy changes.

    "I'm getting the same question from multiple teams," Sarah began. "How long can they leave a security finding open before it gets escalated? And what's the difference between muting an alert versu

    Day 448: Exception Process800 words

  • Day 455: Landing Zone Evolution

    Following the Cloud Governance review meeting a few weeks ago, the team had gathered to discuss how to evolve their Account Gateway landing zone approach.

    "Even with our standardized Account Gateway process, configurations drift over time," Mark explained. "We set up the right logging configuration initially, but someone later modifies it manually or disables it entirely. We only discover the issue during our quarterly audits, if at all."

    Oscar nodded in agreement. "It's happening with security groups and IAM policies as well. What we configure during landing zone deployment isn't necessarily what exists six months later."

    This was the fundamental chal

    Day 455: Landing Zone Evolution747 words

  • Day 462: Governance Roadshow

    Gary reviewed his notes from the governance meeting held a few weeks ago, focusing on the action item he'd committed to address: developing a proactive communication strategy for cloud services across the organization. Isaac's comment during that meeting had stuck with him. Afterward, Gary followed up to understand how a developer in Claims Processing hadn't even known that cloud services were officially supported at Goliath.

    "Morning, Mark," Gary said as his cloud architect entered the conference room. "Thanks for making time to discuss the communication strategy we talked about in the governance review."

    "Happy to help," Mark replied, settling into a cha

    Day 462: Governance Roadshow786 words

  • Day 469: Audit Progress

    "I never thought I'd say this, but I'm actually looking forward to our audit review," Gary said, arranging documents on the conference room table. "Isabel's going to be surprised by how far we've come."

    What had once been a source of anxiety was now approached with confidence, reflecting the significant progress they'd made since her initial findings.

    Sarah, who had helped him prepare for this discussion with Isabel, was sitting next to Gary. “These numbers speak for themselves. Our account coverage increased significantly, folding in more cloud accounts into our process. With the growing compliance adherence percentage of our controls, and the expansion of new

    Day 469: Audit Progress874 words

  • Day 476: Charles's Evolution

    Twenty-eight years at Goliath Federal Bank, and Charles was still learning new ways to approach technology leadership.

    Charles reviewed the quarterly reports on his desk, traditional infrastructure metrics alongside Gary's cloud governance dashboard. The contrast was striking. The traditional PowerPoint presentation reflected Goliath's methodical, risk-averse approach, while the cloud metrics showed something different: adaptive decision-making, detailed real-time insights, and continuous improvement.

    When the board had first approved Goliath's cloud strategy three years ago, Charles had approached it like any other infrastructure initiative. They just tre

    Day 476: Charles's Evolution684 words

  • Day 483: Presentation Preparation

    "How to Herd Clouds and Influence People," Gary muttered, staring at the title slide on his laptop. The conference was just two weeks away, and as he reviewed his presentation, something felt off about his approach.

    His phone buzzed with a calendar reminder: a 1:1 with Charles in ten minutes.

    Charles asked about Elena's progress and their latest control rollouts before turning to the presentation. "How's the CloudNexis presentation coming along?"

    Gary hesitated. "I submitted the initial slides last week after I got approval from Communications, but I'm having second thoughts about the whole approach."

    "What doesn't feel right about it?" Charles aske

    Day 483: Presentation Preparation531 words

  • Day 497: Clouds on the Horizon

    The sprawling expo floor of CloudNexis buzzed with activity as Gary and the Goliath contingent dispersed to explore. Charles had already arrived a day early for the executive track, but had secured conference passes for a surprisingly large group from Shared Services: Mark, Sarah, Fran, Oscar, Adam, Nancy, and Isaac. And application teams got the budget to attend as well. Gary knew Peter, Dennis, Mike, Barry, Jennifer, Robert, and Eric were all traveling. It was a shame Elena couldn’t make it, but Goliath was well represented.

    "Let's meet at the Financial Services Luncheon at noon," Gary suggested. "That gives everyone a few hours to explore the floor, ge

    Day 497: Clouds on the Horizon1,226 words

  • Day 498: The Presentation

    Gary stood at the side of the stage, reviewing his speaker notes one last time. In moments, he would step into the spotlight to deliver a presentation he hoped would strike the right balance between governance principles and practical examples.

    The presentation wasn't the end of their journey but a milestone along a continuing path. For Gary, this felt like a transition from a career focused on execution to leadership. From his days at his prior company executing in a silo without organizational complexities, to building a capability for a massive decentralized organization, to now sharing wisdom with others beyond the walls of his organization.

    Taking a mome

    Day 498: The Presentation1,530 words

  • Appendix: How to Herd Clouds and Influence People Presentation

    The following is the presentation Gary delivered at CloudNexis.

    Slide 1: "How to Herd Clouds and Influence People"

    "Thank you for that introduction," Gary began, then paused, taking in the packed room. "I have to admit, I'm a bit surprised to see so many people interested in a talk about herding clouds. I thought everyone might have mistaken this for the AI session down the hall."

    A ripple of knowing laughter spread through the audience, easing his nerves.

    "But the fact that you're all here tells me something important. It tells me that organizations across industries are recognizing that managing cloud environment

    Appendix: How to Herd Clouds and Influence People Presentation4,740 words