Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Cloud governance is more than security

Damien Wong | Dec. 12, 2011
For many enterprises looking to increase operational agility, cloud computing increasingly looks to be a more flexible and efficient solution.

For many enterprises looking to increase operational agility, cloud computing increasingly looks to be a more flexible and efficient solution. 

 

Many of the technologies used by today's cloud environments -- both public and private -- are heavily based on open source software, which offers robust application frameworks, rapid development, adherence to standards, vendor neutrality, and avoidance of vendor lock-in.

It is no secret that more and more businesses are embracing cloud computing. According to IDC's 2010 Asia/Pacific (excluding Japan) Cloud Services and Technologies End-User Survey, 24 percent of organisations in the region are currently using cloud, with 6 percent actively researching or testing out cloud services. Additionally, 23 percent of respondents are planning to use cloud services over the next 12 months, while the remaining 47 percent have plans to use cloud services at some point after 12 months.

With thousands of services and data elements under management, there is a need to control how they are accessed, added, deleted, and altered, especially in environments that aren't under your physical control. Therefore, IT governance is critical to the success of cloud computing -- which is to say that cloud computing needs processes, policies, and procedures. Virtualisation, dynamically moving workloads and an increased reliance on third parties for many types of IT functions mean that well thought-out and documented processes, policies, and procedures tend to be more important in cloud computing than with a more static and manual environment.

Damien Wong

Governance is a broader concept than security and technology

When people talk about security or risk in the cloud, they are usually talking about governance. Security procedures and technology are part of governance, but governance is a broader concept. Legal and regulatory procedures, transparency, service levels, indemnification, notification, and portability are all part of this bigger picture, especially as the discussion widens to include public cloud infrastructure providers and Software-as-a-Service (SaaS) vendors.

Consistency and portability are two of the most important pillars supporting well-governed cloud architectures whether on-premise, public or hybrid architecture. These concepts are closely related, but they are not the same thing.

Consistency refers to having a consistent runtime environment (such as an operating system or middleware) in different clouds, private and public. The same application should be able to run in both places. For starters, this means that you can take a given Linux, Java, PHP, or whatever application and the target environment(s) will have the supporting software and hardware infrastructure that allows that application to run in the same way in all these places. 

The bottom line is that the user of that application should not be able to tell where it is running. It goes without saying that the IT operations people need to know where workloads are running as well as specifying up-front where different workloads are allowed to run.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.