Governance gap pushes enterprise to private cloud

Governance gap pushes enterprise to private cloud

Summary: Providers and enterprises alike have to evolve their governance strategies for the cloud, argues a report that proposes a new framework for cloud governance.

SHARE:
TOPICS: Cloud
4

However much I fume against the specious arguments often advanced in favor of implementing private clouds, even I have to admit that sometimes an enterprise has no choice but to go private, despite the often dubious economics. It's all down to governance. Public cloud providers are notoriously poor at documenting their SLAs — if they offer them at all. Few provide enough granularity in service provision to allow enterprises to be confident in their control over exactly where and how data is stored and processed. The saving grace of private cloud is that at least an enterprise can be confident of implementing its own governance model.

That's something that needs to change if enterprises are to exploit the full business benefits the cloud brings. On the one hand, providers certainly have to wise up to governance concerns. On the other hand, enterprises have to adjust their expectations too, recognising that the cloud requires more nuanced and adaptable governance processes and systems. That's the conclusion of a report that has just been made public, of which I'm a co-author with Matt Deacon of inThink. Living With Clouds: Evolving A Governance Framework For Cloud Computing (PDF) documents the outcome of discussions among a group of IT architects that took place on a snowy day in February this year near Oxford, UK. The work was funded by Microsoft [see disclosure] but Matt and I have now opened it up for public discussion because we feel the framework provides a useful foundation for further elaboration.

The starting point is one that I've discussed previously on this blog. As the report states, "Cloud governance needs are poorly defined and ill served both by governance tools and by providers, many of whom serve a volume market where few customers see governance as an issue." But it's not only the supply side that has shortcomings — the enterprise also has to review its governance processes and capabilities. "Cloud adoption usually requires a reworking of governance and management practices to accommodate more frequent, rapid, distributed change, along with greater use of automation, instrumentation and activity monitoring," says the report.

The proposed framework assesses the governance needs of individual applications and business contexts and then compares them to what providers are able to offer. "Rather than rejecting the cloud outright, enterprises must find a way of defining the governance needs appropriate for each use case and assessing whether the cloud options available are sufficiently mature to meet those needs," the authors write.

The framework offers a five-point rating scheme across seven separate evaluation topics:

  • Service management
  • Change management
  • Service mobility
  • Security
  • Data protection & sovereignty
  • Legal and financial
  • Risk profile

If a provider scores higher on each category than the requirement, then adoption should go ahead. If it doesn't you may want to explore other options, although it's important to be flexible. A pressing business case may justify relaxing the governance specification, especially if the cloud provider is on track to bring its offering up to spec in future releases.

Looking ahead to the future, the report notes that enterprises must have a plan for making their governance systems more "cloud-ready," so that when provider maturity improves, they can take advantage of what becomes available in the market. "The ultimate objective will be to manage an integrated, hybrid environment in which public and private resources, cloud and non-cloud, all co-exist," the report concludes. "That will require a more automated management infrastructure that can interconnect with cloud service providers to monitor on-going compliance with governance policies."

As fellow ZDNet blogger Joe McKendrick reported a few days ago, cloud management is a hard nut to crack. But enterprise IT doesn't have a choice whether or not to face up to it. It's time today to start formulating a strategy for cloud governance.

What's your feedback on the suggested framework — or any other approaches you'd recommend?

Topic: Cloud

Phil Wainewright

About Phil Wainewright

Since 1998, Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • I'm sorry I agree with the need to stay updated with the idea...

    I believe a public cloud is too risky for business, and a private cloud is a strong investment and too big a management risk at this time. As an IT tech, I am surprised at this push towards the "cloud" so much. I work with medium enterprise all the way down to the small business person level and the main question i am getting from them all is why? I know that the set up is a logical outcome of the domains and forrest and workstation networking capabilities, however is it the best and most secure avenue for data storage and production? IMO, i say no.
    AL_tech@...
  • Contradictory goals

    One of the stated benefits of cloud way back when (last year) was a [i]simplified[/i] governance and delivery structure. Companies weren't supposed to worry about exactly where the service originated, things "just happened" without lots of gory details and needless fiddling.

    But of course, that wasn't what IT departments really wanted. They [i]want[/i] to have a hand in all the gory little details, partly because the cloud vendors haven't performed even to minimum standards. But also partly due to job security: if it really is easy to use the cloud, then many more in-house IT jobs are unnecessary.
    terry flores
  • Hybrid environment is the realistic future

    Governance is definitely the key issue for enterprises to stay private. I cannot agree more on the point about companies need to stay private because that way they can at least have control over where and how the data is stored, and maintain their own governance model around critical data. The most efficient and practical solution is working towards a hybrid model - keeping data private but leverage cloud services that provides the benefits of mobility and scalability.
    JuliaMak
  • no cloud at all

    do not use the cloud it is not safe at all and they know it
    ttx19