Six Tips for Compliant Cloud Computing
It's complicated, but these tips will help you get your arms around the issues.
One of the things everyone likes about the cloud is the simplicity of it. Whether you're talking about services or computing power, the overall concept is that you can just sign up, enter a credit card number and get what you need. It's implicit that you avoid all the wrangling with IT over things like architecture, integration, governance, technology and bureaucratic, blah, blah, blah.
Be honest, businesses: Down deep, didn't you know it was too good to last?
More and more, I'm seeing discussions-largely aimed at enterprise IT-about how cloud has to be viewed as part of the overall enterprise architecture-which, in turn, means you have to start thinking about broader issues, including governance. And I can't help but think that this will impact how easy it is for business units to deploy cloud-based solutions in the near future.
It's inevitable, really, because as simple as we want to make technology-whether it's mobile phones, websites, SaaS or cloud-IT systems are like ecosystems: A butterfly flaps its wings and it triggers a virtual tsunami of woes somewhere down the line. Governance, security, architecture-these are the tools for taming the chaos and silos, no matter what form they take.
Benjamin Moreland, a senior analyst for consultant firm Celent's insurance practice, recently compared the current use of cloud computing to SOA's early care-free days when everyone thought it was as simple as deploying a few Web services, and boom!-instant transformation. Then came the reality: If you really want the benefits, you've got to do the heavy work of architecture, governance, process management and so forth:
While, technically speaking, cloud solutions do leverage the Internet and virtualization, neither of which is new. However, if using these technologies is so easy, why do companies, especially insurance companies struggle with gaining the benefits of cloud? I believe the answer is identical to why many insurance companies were not as successful with SOA at the beginning - a lack of strong governance and an understanding of the full picture.
He's talking specifically about cloud computing as the use of computing resources (i.e. a server's processing power) via the Internet, but I think you can see how this concept could also impact cloud-based software services.
Another sign that we're maturing in how we view the cloud: I'm seeing lot more vendors and analysts talking about PaaS and integrating cloud functions into their middleware stacks.
The most recent is Red Hat, which last year acquired Makara and this year is laying out plans for how it will use the tools it's acquired. The end goal is a PaaS-platform-as-a-service-which can be used to build, deploy and manage software services either in public or private clouds. To do this, Red Hat plans to integrate Makara's tools and cloud application platform with JBoss Enterprise middleware, according to Integration Developer News.
Red Hat envisions its PaaS appealing to enterprises, cloud service providers, ISVs and SaaS providers, helping them deploy internally, externally and between the two, with the underlying open source infrastructure.
What I found particularly interesting is how much the article uses very traditional enterprise IT concepts-middleware reference architecture, governance, lifecycle support-in a discussion about cloud. Mind you, Red Hat isn't alone in this-it's just an excellent recent example from a new entrant.
Governance, management, architecture and integration are all good reasons for expanding your thinking on cloud and what it means, but there is one other major reason: security. Paul Fremantle, a UK-based chief technology officer and co-founder of WSO2, explored this issue in a recent BriefingsDirect with InterArbor Solutions Principal Analyst Dana Gardner:
I'm a firm believer that the real success in cloud is going to come from designing systems that are inherently built to run in the cloud, whether that's about scale, elasticity, security, or things like multi-tenancy and self-service. The first and most important thing is to use middleware and models that are designed around federated security.
That discussion provides an in-depth look at what modern middleware can do to support PaaS and cloud computing. It can be download as a podcast or transcript or simply read online. Definitely check it out.