Cloud computing has generated a tremendous amount of interest and excitement in recent years. There is broad agreement that the cloud can address a wide range of IT challenges in new and useful ways. With all the enthusiasm, it can begin to seem that cloud computing solves everything. However, according to analysts, that’s simply not true. One of the aspects of cloud that often escapes critical evaluation is governance – the question...
of how all the loose associations upon which cloud depends are to be maintained and operated in a way that is reliable and trustworthy.
In fact, notes Joe McKendrick, analyst at McKendrick & Associates, many of the challenges with cloud governance are exactly the same as those that companies have been wrestling with for service oriented architecture (SOA) for many years; namely, who controls the viability, reliability and security of the services being delivered?
“An enterprise seeking to leverage services from a cloud environment needs to understand, first, what qualities and characteristics and dependencies are associated with the service; and second, how that service can be best orchestrated into their existing environment,” says McKendrick.
One answer is to look at what’s been done in SOA over the past five to six years to see what governance best practices will work, says McKendrick. Many enterprises deliver cloud-based services, either internally to business units or to external customers or partners. The design-time governance practices and tools seen in the SOA space can be very readily adopted to meet these requirements.
Echoing the notion that best practices start internally, Michael Dortch, principal analyst and managing editor at DortchOnIT.com, says “Cloud governance isn't going to work if it's just ‘cloud governance.’ Good governance of business resources, including but not just limited to IT resources, is good governance, whatever's being governed and wherever it happens to be.” Thus, says Dortch, effective cloud governance must be part of policies and practices sufficiently flexible to embrace both incumbent and new resources equally, and in a way that is sufficiently consistent and comprehensive to satisfy key business needs and goals.
Dortch says governance needs to start with the decision makers who are building service-oriented architectures. They need to incorporate effective, business-driven management and governance tools and practices into those SOAs from the ground up for maximum business value and minimal disruption of business or IT operations. “Those decision makers must extend the most successful of these efforts into the cloud along with their IT architectures,” he adds.
For McKendrick, success in cloud deployments boils down to one critical element whether the focus is external, from the public cloud, or within a private cloud inside the enterprise. That element is trust. “Without trust that the service will perform as promised, in a secure, reliable way, there can be no effective business value to a service. That's a lesson learned the hard way in SOA work over the past decade, and it's a lesson that needs to be revisited in the cloud era,” he says.