madison

Software as Services

Phil Wainewright
Home / News & Blogs / Software as Services

Time to think about cloud governance

By | August 2, 2011, 4:22am PDT

Summary: Lack of a proper governance strategy when adopting cloud applications and platforms is leaving enterprises with a mish-mash of SaaS silos and cloud islands, leading to poor data consistency and inadequate policy management and oversight.

Very few enterprises that are adopting cloud applications and infrastructure are giving enough thought to governance. The result is a mish-mash of SaaS silos and cloud islands, with very little attention paid to data consistency and integration, and even less to policy management and oversight. This is bad enough in organisations that run all their operations in the cloud, but most enterprises are not in that happy space. The vast majority have to manage a hybrid infrastructure that encompasses large swathes of existing on-premise IT assets along with a swelling population of SaaS applications and a handful of cloud infrastructure initiatives.

I’ve been advising enterprises to put a strategy in place that looks something like the schematic above, which comes from a webinar I presented on Focus.com back in April (unfortunately the webinar is now offline). Developing a strategy along these lines at least forces you to start thinking about the issues — such as how to extend access policies from the existing enterprise infrastructure out to cloud applications; how to automate other aspects of policy management; and how to manage connections between applications, data and other resources.

Although it’s good to get your head around the issues, things go rapidly downhill from there. Practical action is difficult and requires a huge investment of in-house resources, because this whole area is very sparsely supported by vendors, whether they’re cloud providers or conventional on-premise middleware and systems management vendors. While there are a smattering of players offering cloud integration, the governance layer is a largely uncatered for. There are just a few glimmers of innovation here and there: Ping Identity continues to advance its federated identity management offerings; ServiceMesh is an interesting start-up with a strong take on policy-driven cloud governance; another player that’s crossed my radar is IT automation vendor UC4. I’m sure there are others I’ve missed, but there’s currently no easy source of information about solutions in this much-neglected area, let alone guidance on best practice that enterprises should be following.

One starting point has appeared recently, though, and from a solid background. This type of framework is well established in the field of service-oriented architecture, and therefore it’s more a case of repurposing old skills and knowledge rather than having to invent an entirely new set of wheels — even though it comes with more of a REST spin than the old SOAP-based web services. As fellow ZDNet blogger Joe McKendrick reports, SOA guru Thomas Erl has recently adopted the new moniker of Service Technology for his expertise. His most recent book, SOA Governance: Governing Shared Services On-Premise and in the Cloud, is one of the first to consider the strategic role of governance across both cloud and on-premise resources.

What are your thoughts about joined-up governance and management of cloud in an enterprise IT environment? Add your comments and advice in Talkback below.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Software as Services”

Topics

Governance, SOA, Service-Oriented Architecture (SOA), Software As A Service (SaaS), Web Services, Managed Hosting, Middleware, Cloud Computing, Strategy, Enterprise Software, Software, Emerging Technologies, Management, Phil Wainewright

Since 1998, Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant.

Disclosure

Phil Wainewright

Phil Wainewright's work as an independent consultant brings him into direct or indirect business relationships with several of the companies that he writes about, or their competitors. Phil is committed to maintaining the independent and opinionated stance that his writings are well known for and does not enter into contracts that would limit his freedom of expression in any way. However it is important in the interests of full disclosure to inform readers of those relationships so they can form their own judgement.

Read the complete list of Phil's relationships.

Biography

Phil Wainewright

Since 1998, Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant. He founded pioneering website ASPnews.com, and later Loosely Coupled, which covered enterprise adoption of web services and SOA. As CEO of strategic consulting group Procullux Ventures, he has developed an evaluation framework to help ISVs and enterprises select cloud platforms, and advises US and European vendors on messaging, positioning and go-to-market. His newest role as an industry advocate is vice-president of EuroCloud.

Talkback Most Recent of 7 Talkback(s)

  • Totally agree... enterprises need to think hard about cloud governance
    When you're talking about extending cloud to large enterprises, you quickly realize you're talking about an intricate policy and governance maze. You've got complex relationships between different cloud workloads, users, types of projects, cloud environments, security, regulatory constraints, cost constraints, etc. Ultimately, you need an extensible policy engine to govern and automate the optimal placement for all this, otherwise you can end up jeopardize many of the business benefits you were seeking in the first place (faster time-to-market, cost savings, self-service, auto-scaling, etc).
    ZDNet Gravatar
    dericktownsend
    2nd Aug
  • Cloud Control emerging as a top IT imperative
    Great post Phil. Based on numerous conversations with people in centralized IT organizations who are gradually shifting from being cloud skeptical to cloud first (sometimes kicking and screaming), I recently outlined 5 ways IT can establish "cloud control":

    1) Develop a cloud-first strategy.
    2) Establish the role of Data Architect.
    3) Set up clear guidelines and standards when it comes to selecting the right cloud solution.
    4) Don't start from scratch.
    5) Don't wait to integrate.

    Here's the post: http://sandhill.com/opinion/daily_blog.php?id=80&post=767

    I'm interested in your feedback and any practical recommendations for people looking to move the next level of cloud adoption and maturity.
    ZDNet Gravatar
    dcunni
    2nd Aug
  • Make Cloud Governance a Logical Extension of SOA Governance
    I've often joked that the cloud gives SOA something to do--precisely because cloud done right should build on the concepts and approach SOA?s proponents have been advocating for years. Strong governance is probably the most important thing you can bring from SOA to the cloud. Ungoverned cloud lets data, application, and identity silos proliferate. It subjects insecure applications to the blowtorch of the public Internet. Surely, we can learn from existing enterprise-based solutions and apply this to the cloud environment.

    This is exactly what our cloud customers are doing today with technology from Layer 7 http://www.layer7.com Our SOA gateway solutions for run time governance have been extended into the cloud to provide seamless governance solutions.
    ZDNet Gravatar
    KScottMorrison
    2nd Aug
  • IT Should Facilitate, Not Complicate Cloud Governance
    I proclaimed in January that 2011 would be the year in which IT and business decision-makers should regain control of the ad hoc and unplanned adoption of Cloud services within their organizations so they can maximize its potential value, http://www.internetevolution.com/author.asp?section_id=983&doc_id=203021. The key will be to establish reasonable rules that encourage end-users and business units to fully leverage Cloud services in a more planned and effective fashion, and not force them to continue to circumvent IT because it is an obstacle to success.
    ZDNet Gravatar
    jkaplan@...
    3rd Aug
  • RE: Time to think about cloud governance
    Phil - what you have in mind when you say "Governance" ? Is it only SaaS/cloud apps inventory management ? I think that there is much more to think of .. single sign on, security, automation and more ..
    Ofir , I Am OnDemand.com
    ZDNet Gravatar
    ofirn76
    3rd Aug
  • RE: Time to think about cloud governance
    Off topic slightly, but still relevant to this posting. I find the intrusive comments/tweet/vote overlay highly irritating and disruptive to reading the blog itself. Please remove
    ZDNet Gravatar
    dpbicket@...
    5th Aug
  • RE: Time to think about cloud governance
    Thank you Posting. God bless your vision!,Everything you give us is adding value to your services.Welldone,more grease to your elbow.,
    hey thanks for this informative post, I learned a lot! I hope more people get into this post, I?ll do my best to spread the word. Thanks!
    Wow that is really awesome.. Great presentation!
    cheap hosting reviews
    ZDNet Gravatar
    cheaphostingreviews
    26th Aug

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources