How to avoid chaos in the cloud

How to avoid chaos in the cloud

Summary: Enthusiastic adoption of cloud services leaves IT with a governance headache. Okta is one of a new breed of vendors aiming to help get on top of the problem.


Several years back, I joked that widespread enterprise adoption of cloud services would surely result in Gartner producing "a damning report on the unrecognized TCO of on-demand services," just as it once did for personal computing many years ago at the height of the PC boom. With any popular new technology, corporate adoption tends to run ahead of governance, and the result is an unplanned and unmanageable stew that introduces unexpected costs and headaches alongside the anticipated benefits.

For now, Gartner is aiming elsewhere, channeling dissatisfaction with the established enterprise software vendors. That's interesting in itself, as Gartner's advice is finely tuned to remain just a small step ahead of its clients' thinking, and so presages a tough few years for SAP, Oracle, IBM and Microsoft.

Meanwhile, the problem I predicted is well and truly here already, even if Gartner hasn't drawn attention to it yet. I wrote about it back in August:

"Very few enterprises that are adopting cloud applications and infrastructure are giving enough thought to governance. The result is a mish-mash of SaaS silos and cloud islands, with very little attention paid to data consistency and integration, and even less to policy management and oversight. This is bad enough in organisations that run all their operations in the cloud, but most enterprises are not in that happy space. The vast majority have to manage a hybrid infrastructure ..."

One vendor that's emerged to help enterprises get on top of what has been called a Franken-SOA of cloud services is Okta, which has some substantial VC backing. Led by Todd McKinnon, a former VP of products and platforms at, Okta provides a cloud-based identity store that's designed to connect into Active Directory or LDAP infrastructure so that an enterprise can extend its existing user provisioning and access policies to cloud services. "The big gap we see is that this generation of technology needs a system and a platform to manage and secure it," he told me last week.

McKinnon said that enterprises have been blind-sided by adoption of cloud services and their lack of readiness is opening up vulnerabilities. "It's very clear to me that the state of the art in security and how we manage these things today is like the consumer web in 1995," he said. "There's no strong authentication ... They don't have consistent security policies across all the services they use. Companies don't have good processes to ensure accounts are turned off ... This is critical IT infrastructure and this needs to be managed like we know how to manage IT assets."

These are early days in the cloud governance game, so organisations that want to get on top of their mish-mash of cloud services today are going to have to use a mish-mash of solutions. Okta has started out focusing on single sign-on and authentication. "In the future, our vision is to provide complete visibility into performance and availability and SLA conformance," says McKinnon, but for now anyone wanting to add those capabilities must go elsewhere. That may mean utilizing on-premise SOA monitoring and governance solutions, or even building a complete custom solution on recently-funded cloud management platform Servicemesh. Those alternatives look pricey compared to Okta, which, true to its roots, is targeting more of a midmarket customer profile.

Of course many readers may well feel that the best way to avoid these problems is to steer clear of cloud services altogether, but I suspect that's a rather short-sighted view. Enterprises are going to be adopting cloud services whether the IT team likes it or not, and the priority should be developing a governance and connection strategy to manage it all. I'm interested in hearing about other vendors with offerings in this space — please post a Talkback comment if you know of any or have deployed such solutions.

Topics: Data Centers, CXO, Cloud, Enterprise Software, IT Priorities, Software

Phil Wainewright

About Phil Wainewright

Since 1998, Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: How to avoid chaos in the cloud

    Avoid the cloud, avoid the chaos. It's been a stupid concept from day one and I've said so over and over and ... . The cloud is nothing but a marketing effort, even today when, if it was going to sift out, the sifting should be going on markedly fast.
    Share your data; join a cloud.
  • RE: How to avoid chaos in the cloud

    Simply do not go to the clouds! Cloud computing is nothing but a system being foisted upon us by businesses who want to not only control our software, but our data as well.
  • RE: How to avoid chaos in the cloud

    Good proactive thinking.
    Persevere on this line for the sake o newcomers to clouds and cloud computing.
    In any operation there should be some ORDER (Governance).
  • RE: How to avoid chaos in the cloud

    "Enthusiastic adoption of cloud services..."

    Good one... But, seriously...
  • RE: How to avoid chaos in the cloud

    I seem to recall myself as being the lonely voice ridiculing the "cloud" about two years ago in Talkback. It was always a stupid idea, appealing obviously to journalists and slippery promoters but nobody else.

    So I will stand here and take my well deserved bow.
  • RE: How to avoid chaos in the cloud

    "Avoid the cloud, avoid the chaos." "Simply do not go to the clouds" Well, it is a good point, but... What if we have the need to go to an external hosting? Because the problem is exactly the same. The main differerences are that Cloud sounds much cooler than Hosting, and price is lower.

    The point is that IT departments need to organize their plan for going to the Cloud. Even if they do not have the need. Why? Because, as the author says, any commercial department may (I do not want to say will) do it for their own if they do not find why provided this kind of service. A credit card is the only thing they need.

    So better make your plan... and keep thing under control.

  • RE: How to avoid chaos in the cloud

    Innovation: is an important issue for the specific enterprise and for the whole world. Without innovation there is no progress and hope.<br><br>The Buzz: The cloud buzz is huge don't get it wrong. People that still think that cloud is only a "marketing talk" are wrong ! Due to that companies (even giant ones) will vanish after this (learn from Kodak's case). <br><br> Maturity : The cloud is a revolution - <a href="" target="_blank" rel="nofollow"></a> . In regards to Phil's words I also believe that as an infrastructure underlying layer the cloud is in its early stages and it will take 2-4 year more to mature. <br><br>Manage your cloud: In the meantime companies must take action and start with a cloud POC. You should know that this includes a significant dedication and investment. I curate and generate informative materials to help new adopters not to get lost with their cloud management include storage and compute . I invite you to check - <br> <a href="" target="_blank" rel="nofollow"></a><br><br>Ofir @iamondemand
  • judiciously apply IT best practices

    Phil, organizations don't need a new breed of vendors. Organizations need to apply old concepts that you and I have been talking about for the last 13 years (i.e. federation, interoperability, open standards, security, service management). Building an integrated, hybrid environment has never been easy, and choosing the right technology and applying focused effort is required. I am actually delivering a webinar on the topic this week:
  • RE: How to avoid chaos in the cloud

    Simply avoid cloud because it is totally used for marketing.