Lack of a proper governance strategy when adopting cloud applications and platforms is leaving enterprises with a mish-mash of SaaS silos and cloud islands, leading to poor data consistency and inadequate policy management and oversight.
Very few enterprises that are adopting cloud applications and infrastructure are giving enough thought to governance. The result is a mish-mash of SaaS silos and cloud islands, with very little attention paid to data consistency and integration, and even less to policy management and oversight. This is bad enough in organisations that run all their operations in the cloud, but most enterprises are not in that happy space. The vast majority have to manage a hybrid infrastructure that encompasses large swathes of existing on-premise IT assets along with a swelling population of SaaS applications and a handful of cloud infrastructure initiatives.
I've been advising enterprises to put a strategy in place that looks something like the schematic above, which comes from a webinar I presented on Focus.com back in April (unfortunately the webinar is now offline). Developing a strategy along these lines at least forces you to start thinking about the issues — such as how to extend access policies from the existing enterprise infrastructure out to cloud applications; how to automate other aspects of policy management; and how to manage connections between applications, data and other resources.
Although it's good to get your head around the issues, things go rapidly downhill from there. Practical action is difficult and requires a huge investment of in-house resources, because this whole area is very sparsely supported by vendors, whether they're cloud providers or conventional on-premise middleware and systems management vendors. While there are a smattering of players offering cloud integration, the governance layer is a largely uncatered for. There are just a few glimmers of innovation here and there: Ping Identity continues to advance its federated identity management offerings; ServiceMesh is an interesting start-up with a strong take on policy-driven cloud governance; another player that's crossed my radar is IT automation vendor UC4. I'm sure there are others I've missed, but there's currently no easy source of information about solutions in this much-neglected area, let alone guidance on best practice that enterprises should be following.