Policy Enforcement and Monitoring
Policy enforcement and monitoring
Of the ten suggestions just mentioned, policy enforcement and monitoring are particularly fundamental to SOA and cloud governance. IT can deploy a single entity, the virtual Policy Enforcement Point (PEP), to accomplish both tasks. Policy enforcement technology for clouds can create secure, managed communications between legacy applications in the enterprise and new applications residing in the cloud.
Policy is not just a way of articulating and enforcing security requirements; it is the integration glue between systems. A rich policy language meets the demands of business and IT, offering both high-level contracts such as SLAs and billing, as well as low-level details such as dynamic routing, failover and data transformation.
Deploying virtualized, distributed policy enforcement points in front of cloud applications allows organizations to protect and manage their services. Application-level policy enforcement gives fine-grained access control and in-depth understanding of use patterns of actual services, instead of virtual machines. Not only does this protect data and applications from unauthorized use, it ensures that the distribution of requests to virtualized application instances is properly managed.
In conclusion, governance-whether applied to the corporate, IT, SOA or cloud space-is about vision, oversight and control within a domain. Much of governance is about people working within a process; it's behavioral rather than a product. However, technology plays a critical role as an enablement tool to control, monitor and adapt-the three pillars of any operational governance program. Entities considering a move to the cloud would do well to examine closely both their technology and processes in order to take advantage of the promise and avoid the peril of the cloud.
K. Scott Morrison is VP of Engineering and Chief Architect at Layer 7 Technologies. He has extensive technical and scientific experience in a number of industries and universities, including senior architect positions at IBM. He has published more than 50 book chapters, articles and papers. He is co-author of the upcoming university textbook, "Cloud Computing: Principles, Systems and Applications" (to be published by Springer-Verlag). He has spoken at 70 shows around the world. He holds a Bachelor of Computer Science degree (honors) from Simon Fraser University. He can be reached at firstname.lastname@example.org.