Seven Rules for Information Governance in the Cloud
A roadmap to information governance in the cloud.
I've written about the technology industry for more years than I care to admit. And in all that time, I can't think of one example where governance came first. It seems IT is always playing catch-up on governance. Inevitably, this causes problems, particularly with integration and security.
In the past, technology outpaced governance support, and in some ways, that may be inevitable. After all, it's hard to know what measures you need to take to stop problems when you don't know what the problems will be, particularly when you realize that governance isn't just about security.
But with SaaS, IT might finally have a chance to match governance with adoption. While SaaS is new in its delivery, in other ways, it's old hat: Data is data, services aren't so different than in-house services, role-based security is still role-based security and compliance requirements still apply.
Wainewright is a veteran analyst and consultant who currently serves as vice president of EuroCloud, an independent non-profit organization that's promoting cloud adoption in Europe. As he and the nice graphic on governance framework point out, you'll be able to extend your existing governance policies from your internal infrastructure to cloud applications.
The real challenge will be how to manage and automate that. Right now, solutions are woefully hard to find, he adds:
Practical action is difficult and requires a huge investment of in-house resources, because this whole area is very sparsely supported by vendors, whether they're cloud providers or conventional on-premise middleware and systems management vendors. While there are a smattering of players offering cloud integration, the governance layer is a largely uncatered for.
He lists a few - Ping Identity, ServiceMesh, UC4. Obviously, he's focused on governance of services and not just data, since most of the integration players have added governance support for data. Also, I would add, IPSwitch says its network management and Managed File Transfer solution can be used for governance, so that's at least one other option.
Still, that's a mighty small number of vendors addressing governance of services, particularly when you consider Wainewright's point that service-oriented architecture provides such a fine starting point for cloud governance. He says:
This type of framework is well established in the field of service-oriented architecture, and therefore it's more a case of repurposing old skills and knowledge rather than having to invent an entirely new set of wheels - even though it comes with more of a REST spin than the old SOAP-based web services.
Governance will become more of an issue the more cloud applications your organization uses, so start thinking about it now, he advises.
In the meantime, as you work out governance, InformationWeek recommends some best practices for SaaS to make integration easier, and I would think a few would also help as you work through governance, including: