Time to think about cloud governance

Time to think about cloud governance

Summary: Lack of a proper governance strategy when adopting cloud applications and platforms is leaving enterprises with a mish-mash of SaaS silos and cloud islands, leading to poor data consistency and inadequate policy management and oversight.


Very few enterprises that are adopting cloud applications and infrastructure are giving enough thought to governance. The result is a mish-mash of SaaS silos and cloud islands, with very little attention paid to data consistency and integration, and even less to policy management and oversight. This is bad enough in organisations that run all their operations in the cloud, but most enterprises are not in that happy space. The vast majority have to manage a hybrid infrastructure that encompasses large swathes of existing on-premise IT assets along with a swelling population of SaaS applications and a handful of cloud infrastructure initiatives.

I've been advising enterprises to put a strategy in place that looks something like the schematic above, which comes from a webinar I presented on Focus.com back in April (unfortunately the webinar is now offline). Developing a strategy along these lines at least forces you to start thinking about the issues — such as how to extend access policies from the existing enterprise infrastructure out to cloud applications; how to automate other aspects of policy management; and how to manage connections between applications, data and other resources.

Although it's good to get your head around the issues, things go rapidly downhill from there. Practical action is difficult and requires a huge investment of in-house resources, because this whole area is very sparsely supported by vendors, whether they're cloud providers or conventional on-premise middleware and systems management vendors. While there are a smattering of players offering cloud integration, the governance layer is a largely uncatered for. There are just a few glimmers of innovation here and there: Ping Identity continues to advance its federated identity management offerings; ServiceMesh is an interesting start-up with a strong take on policy-driven cloud governance; another player that's crossed my radar is IT automation vendor UC4. I'm sure there are others I've missed, but there's currently no easy source of information about solutions in this much-neglected area, let alone guidance on best practice that enterprises should be following.

One starting point has appeared recently, though, and from a solid background. This type of framework is well established in the field of service-oriented architecture, and therefore it's more a case of repurposing old skills and knowledge rather than having to invent an entirely new set of wheels — even though it comes with more of a REST spin than the old SOAP-based web services. As fellow ZDNet blogger Joe McKendrick reports, SOA guru Thomas Erl has recently adopted the new moniker of Service Technology for his expertise. His most recent book, SOA Governance: Governing Shared Services On-Premise and in the Cloud, is one of the first to consider the strategic role of governance across both cloud and on-premise resources.

What are your thoughts about joined-up governance and management of cloud in an enterprise IT environment? Add your comments and advice in Talkback below.

Topics: Emerging Tech, Browser, CXO, Cloud, Data Centers, Enterprise Software, Software, Software Development

Phil Wainewright

About Phil Wainewright

Since 1998, Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Totally agree... enterprises need to think hard about cloud governance

    When you're talking about extending cloud to large enterprises, you quickly realize you're talking about an intricate policy and governance maze. You've got complex relationships between different cloud workloads, users, types of projects, cloud environments, security, regulatory constraints, cost constraints, etc. Ultimately, you need an extensible policy engine to govern and automate the optimal placement for all this, otherwise you can end up jeopardize many of the business benefits you were seeking in the first place (faster time-to-market, cost savings, self-service, auto-scaling, etc).
  • Cloud Control emerging as a top IT imperative

    Great post Phil. Based on numerous conversations with people in centralized IT organizations who are gradually shifting from being cloud skeptical to cloud first (sometimes kicking and screaming), I recently outlined 5 ways IT can establish "cloud control":

    1) Develop a cloud-first strategy.
    2) Establish the role of Data Architect.
    3) Set up clear guidelines and standards when it comes to selecting the right cloud solution.
    4) Don't start from scratch.
    5) Don't wait to integrate.

    Here's the post: http://sandhill.com/opinion/daily_blog.php?id=80&post=767

    I'm interested in your feedback and any practical recommendations for people looking to move the next level of cloud adoption and maturity.
  • Make Cloud Governance a Logical Extension of SOA Governance

    I've often joked that the cloud gives SOA something to do--precisely because cloud done right should build on the concepts and approach SOA?s proponents have been advocating for years. Strong governance is probably the most important thing you can bring from SOA to the cloud. Ungoverned cloud lets data, application, and identity silos proliferate. It subjects insecure applications to the blowtorch of the public Internet. Surely, we can learn from existing enterprise-based solutions and apply this to the cloud environment.

    This is exactly what our cloud customers are doing today with technology from Layer 7 http://www.layer7.com Our SOA gateway solutions for run time governance have been extended into the cloud to provide seamless governance solutions.
  • IT Should Facilitate, Not Complicate Cloud Governance

    I proclaimed in January that 2011 would be the year in which IT and business decision-makers should regain control of the ad hoc and unplanned adoption of Cloud services within their organizations so they can maximize its potential value, http://www.internetevolution.com/author.asp?section_id=983&doc_id=203021. The key will be to establish reasonable rules that encourage end-users and business units to fully leverage Cloud services in a more planned and effective fashion, and not force them to continue to circumvent IT because it is an obstacle to success.
  • RE: Time to think about cloud governance

    Phil - what you have in mind when you say "Governance" ? Is it only SaaS/cloud apps inventory management ? I think that there is much more to think of .. single sign on, security, automation and more ..
    Ofir , I Am OnDemand.com
  • RE: Time to think about cloud governance

    Off topic slightly, but still relevant to this posting. I find the intrusive comments/tweet/vote overlay highly irritating and disruptive to reading the blog itself. Please remove
  • RE: Time to think about cloud governance

    Thank you Posting. God bless your vision!,Everything you give us is adding value to your services.Welldone,more grease to your elbow.,
    hey thanks for this informative post, I learned a lot! I hope more people get into this post, I?ll do my best to spread the word. Thanks!
    Wow that is really awesome.. Great presentation!
    <a href="http://webhostingreview.info/cheap-hosting/">cheap hosting reviews</a>