How to Carry Out Successful Cloud Governance and Adoption

 
 
By K. Scott Morrison  |  Posted 2009-11-19 Email Print this article Print
 
 
 
 
 
 
 

Cloud computing is a dilemma for today's CIO. The potential to cut capital expenditure and rein in operating costs is so compelling that CIOs will push aggressively for cloud adoption. However, good managers understand that cost savings isn't the only variable to consider when evaluating whether to adopt cloud computing. Here, Knowledge Center contributor Scott Morrison offers 10 tips for CIOs to follow to successfully implement their cloud governance and adoption initiatives.

Cloud computing introduces new security risks and compromises the traditional control of IT. Therefore, it is imperative that IT management establish firm control and oversight of cloud initiatives. Cloud governance, which is a logical evolution of current service-oriented architecture (SOA) governance strategies, offers a means to assert control over both internal and external applications and data.

Cloud governance provides a unified, application-centric view of IT throughout the corporate data center and into the cloud. It clears the way for secure, managed and incremental cloud adoption. But cloud governance can go badly awry if implemented too hastily or as an afterthought. The following are 10 tips to follow for successful cloud governance:

Tip No. 1: Start with enforcement

In cloud environments, distributed enforcement is a more difficult and more pressing problem than asset management. Look first for a policy enforcement point that simultaneously answers both of these needs. This offers immediate standalone value, but with the ability to integrate with heavyweight registry/repositories when this need develops.

Tip No. 2: Form factors that take you from the DMZ to the clouds

Enforcement and monitoring must scale with no functional differences, from the wiring closet to the virtual cloud. Hardware appliances will always have their place, but now so do virtual appliances that enforce policies and are capable of rapidly deploying in the cloud.

Tip No. 3: Distributed, virtualized management

Management systems for policy enforcement, whether on-site in traditional SOA or in the clouds, need to be distributable so that there is no single point of failure. These consoles manage mission-critical applications. If a local network becomes segmented or a cloud provider is inaccessible, the management components should be locally available on every enforcement point.

Tip No. 4: The ability to maintain a central system of record for critical assets

There must be a central, authoritative system of record for assets such as policies. Think of this as a library storing the laws of the land: the police reference it but certainly not on every call.

Tip No. 5: Loose coupling is a must between enforcement points and repository

Enforcement points must not be tightly bound to central repositories because of the latency and reliability issues in the cloud.




 
 
 
 
K. Scott Morrison is VP of Engineering and Chief Architect at Layer 7 Technologies. He has extensive technical and scientific experience in a number of industries and universities, including senior architect positions at IBM. He has published more than 50 book chapters, articles and papers. He is co-author of the upcoming university textbook, "Cloud Computing: Principles, Systems and Applications" to be published by Springer-Verlag. He has spoken at 70 shows around the world. He holds a Bachelor of Computer Science degree (honors) from Simon Fraser University. He can be reached at smorrison@layer7tech.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel