Taking steps to clarify cloud governance

By David Worthington

February 20, 2009 —

The concept of “governance” means different things to different people—and in fact, even the word itself is open to debate. However, no matter how you slice it, the consensus is that governance will play a crucial role in the ascension of cloud computing, and that cloud computing can complement governance existing processes.

Cloud services are standardized offerings that are delivered through a common service catalogue. The services are rapidly provisioned and delivered out of a highly elastic and scalable infrastructure with a pay-as-you-go model, said Ric Telford, vice president of cloud services at IBM.

Just as with traditional back office applications, compliance is key. "Anything that an organization could engage in that would need to be monitored by senior management at least on an occasional basis to make sure that the company is behaving properly in the modern world" should be governed, said Denis Pombriant, managing principal analyst of Beagle Research Group.

In cloud computing, providers should be transparent about the services that they offer, with clearly stated service-level agreements, he said. At the same time, enterprises need to assume responsibility to ensure that mission critical business processes are safely supported by on-demand technology to minimize the loss of service and data loss, he added.

"Governance in the cloud means the same as governance in SOA, except service level is 1,000 times more important," said Ross Mason, CTO and founder of MuleSource. Developers that consume third-party services through interfaces across the Web need to know about SLAs, he added. "One of the piece of [cloud] governance is to provide that crucial information."

"Cloud computing begets good IT governance; a focus on IT governance leads you to the cloud," said Telford. It you are building a cloud, it will have the attributes of good governance, such as financial visibility into the cost of services and the ability to more accurately deliver on SLAs by taking control over how resources are provisioned, he explained.

"As IT organizations seek to adopt the benefits of cloud computing, it's important that they do it in a way that aligns with their own IT governance strategies," said Ariel Kelman, Salesforce.com’s senior director of platform product marketing. Cloud adoption, he said, should be done in a way that does not disrupt but reinforces governance processes.

One of the unsung benefits of cloud computing is reintroducing the centralized control enjoyed during mainframe era, Kelman said. Some Salesforce customers are using the cloud to eliminate rogue applications in their organizations that can cause compliance issues, including databases and spreadsheets, he noted.

Software-as-a-service and platform-as-a-service have huge potential for governing applications, said Xactium CEO Andy Evans. Xactium produces a Salesforce-hosted service for managing corporate governance, risk and compliance requirements.

The cloud enables enterprises to provide central points of information for sharing and managing risk data, he explained. "When you turn a spreadsheet into a cloud application that is then part of multi-tenant platform, it becomes controllable and manageable by the IT department; data is accessible across the organization, or can be invisible."

While the cloud may offer advantages in enforcing governance processes, the onus is still on the developer to manage services from the easiest stages of development, Salesforce's Kelman noted.

Customers should do some due diligence on development technologies that help maintain governance regardless of what environment they run in, said Kelman. Cloud databases still must have built in audit trails, he noted.

Organizations that use cloud services also need a way to validate services and have rules and policies around users, said Michael Crandell, CEO and founder of RightScale Inc., the developer of a cloud computing management platform. Cloud server templates should be trusted enough to be launched predictably and automatically, and in that way, they become a tool for governance and compliance management, he observed.

"As much as security is an open question in the cloud, in some ways it's easier to control what's going on in the cloud," Crandell said.

On-demand vendors operate a myriad of data centers that have extraordinary policies for redundancy and security, including physical security, which most enterprises lack, Beagle Research's Pombriant noted. "My reading of the market though is that big hacking stories have been about hackers getting into conventional IT departments that should have had very secure technologies and processes in place to secure customer data."

However, he acknowledged that cloud services are most often used to handle front office data, and that the most sensitive information in the enterprise, such as consumer credit card data, still reside on internal servers.

Some people that think it's a fad and don't have a cloud strategy, said IBM's Telford. "But when you are focused on IT governance and do the right things with architecture and strategy, you have basically built a cloud. Cloud computing is the evolution of optimized and well-defined IT infrastructure."

Related Search Term(s): cloud computing

Share this link: http://www.sdtimes.com/link/33287

Electric Cloud floats into Amazon's EC2 Electric Cloud's ElectricAccelerator and ElectricCommander ALM tools now work with Amazon's Elastic Compute Cloud.

Platform Computing brings HPC to cloud management A newly released beta of Platform ISF aggregates resources from virtual machines, clusters and grids.

Short Takes: October 15, 2008 Our editors take a look at how Oracle's OpenWorld is becoming more eco-conscious, why the iPhone is better than the BlackBerry, the convenience of watching TV shows online and tips from Secure Computing on securing your infrastructure.

Comments

03/16/2009 12:39:00 PM EST

Force.com I think will prove a formidable force (no pun intended) for the enterprise platform. I went on to read this at the xactium web site www.xactium.com/grc.php which is an excellent guide/overview (billed as a white paper) for the power of this GRC platform. GRC is coming away from point solutions and looking for platform. This looks like a strong contender because it's on a strong tried and tested platform.

United KingdomMike Fair

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST