Very few enterprises that are adopting cloud applications and infrastructure are giving enough thought to governance. The result is a mish-mash of SaaS silos and cloud islands, with very little attention paid to data consistency and integration, and even less to policy management and oversight. This is bad enough in organisations that run all their operations in the cloud, but most enterprises are not in that happy space. The vast majority have to manage a hybrid infrastructure that encompasses large swathes of existing on-premise IT assets along with a swelling population of SaaS applications and a handful of cloud infrastructure initiatives.
I've been advising enterprises to put a strategy in place that looks something like the schematic above, which comes from a webinar I presented on Focus.com back in April (unfortunately the webinar is now offline). Developing a strategy along these lines at least forces you to start thinking about the issues — such as how to extend access policies from the existing enterprise infrastructure out to cloud applications; how to automate other aspects of policy management; and how to manage connections between applications, data and other resources.
Although it's good to get your head around the issues, things go rapidly downhill from there. Practical action is difficult and requires a huge investment of in-house resources, because this whole area is very sparsely supported by vendors, whether they're cloud providers or conventional on-premise middleware and systems management vendors. While there are a smattering of players offering cloud integration, the governance layer is a largely uncatered for. There are just a few glimmers of innovation here and there: Ping Identity continues to advance its federated identity management offerings; ServiceMesh is an interesting start-up with a strong take on policy-driven cloud governance; another player that's crossed my radar is IT automation vendor UC4. I'm sure there are others I've missed, but there's currently no easy source of information about solutions in this much-neglected area, let alone guidance on best practice that enterprises should be following.
One starting point has appeared recently, though, and from a solid background. This type of framework is well established in the field of service-oriented architecture, and therefore it's more a case of repurposing old skills and knowledge rather than having to invent an entirely new set of wheels — even though it comes with more of a REST spin than the old SOAP-based web services. As fellow ZDNet blogger Joe McKendrick reports, SOA guru Thomas Erl has recently adopted the new moniker of Service Technology for his expertise. His most recent book, SOA Governance: Governing Shared Services On-Premise and in the Cloud, is one of the first to consider the strategic role of governance across both cloud and on-premise resources.
What are your thoughts about joined-up governance and management of cloud in an enterprise IT environment? Add your comments and advice in Talkback below.