How to Carry Out Successful Cloud Governance and Adoption

Cloud computing is a dilemma for today's CIO. The potential to cut capital expenditure and rein in operating costs is so compelling that CIOs will push aggressively for cloud adoption. However, good managers understand that cost savings isn't the only variable to consider when evaluating whether to adopt cloud computing. Here, Knowledge Center contributor Scott Morrison offers 10 tips for CIOs to follow to successfully implement their cloud governance and adoption initiatives.


Cloud computing introduces new security risks and compromises the traditional control of IT. Therefore, it is imperative that IT management establish firm control and oversight of cloud initiatives. Cloud governance, which is a logical evolution of current service-oriented architecture (SOA) governance strategies, offers a means to assert control over both internal and external applications and data.

Cloud governance provides a unified, application-centric view of IT throughout the corporate data center and into the cloud. It clears the way for secure, managed and incremental cloud adoption. But cloud governance can go badly awry if implemented too hastily or as an afterthought. The following are 10 tips to follow for successful cloud governance:

Tip No. 1: Start with enforcement

In cloud environments, distributed enforcement is a more difficult and more pressing problem than asset management. Look first for a policy enforcement point that simultaneously answers both of these needs. This offers immediate standalone value, but with the ability to integrate with heavyweight registry/repositories when this need develops.

Tip No. 2: Form factors that take you from the DMZ to the clouds

Enforcement and monitoring must scale with no functional differences, from the wiring closet to the virtual cloud. Hardware appliances will always have their place, but now so do virtual appliances that enforce policies and are capable of rapidly deploying in the cloud.

Tip No. 3: Distributed, virtualized management

Management systems for policy enforcement, whether on-site in traditional SOA or in the clouds, need to be distributable so that there is no single point of failure. These consoles manage mission-critical applications. If a local network becomes segmented or a cloud provider is inaccessible, the management components should be locally available on every enforcement point.

Tip No. 4: The ability to maintain a central system of record for critical assets

There must be a central, authoritative system of record for assets such as policies. Think of this as a library storing the laws of the land: the police reference it but certainly not on every call.

Tip No. 5: Loose coupling is a must between enforcement points and repository

Enforcement points must not be tightly bound to central repositories because of the latency and reliability issues in the cloud.