For Your To-Do List: Extending Governance to the Cloud

Loraine Lawson
Slide Show

Seven Rules for Information Governance in the Cloud

A roadmap to information governance in the cloud.

I've written about the technology industry for more years than I care to admit. And in all that time, I can't think of one example where governance came first. It seems IT is always playing catch-up on governance. Inevitably, this causes problems, particularly with integration and security.


In the past, technology outpaced governance support, and in some ways, that may be inevitable. After all, it's hard to know what measures you need to take to stop problems when you don't know what the problems will be, particularly when you realize that governance isn't just about security.


But with SaaS, IT might finally have a chance to match governance with adoption. While SaaS is new in its delivery, in other ways, it's old hat: Data is data, services aren't so different than in-house services, role-based security is still role-based security and compliance requirements still apply.


If you're using cloud at all, it's time to think about governance, warns Phil Wainewright in a recent ZDNet blog post.


Wainewright is a veteran analyst and consultant who currently serves as vice president of EuroCloud, an independent non-profit organization that's promoting cloud adoption in Europe. As he and the nice graphic on governance framework point out, you'll be able to extend your existing governance policies from your internal infrastructure to cloud applications.


The real challenge will be how to manage and automate that. Right now, solutions are woefully hard to find, he adds:

Practical action is difficult and requires a huge investment of in-house resources, because this whole area is very sparsely supported by vendors, whether they're cloud providers or conventional on-premise middleware and systems management vendors. While there are a smattering of players offering cloud integration, the governance layer is a largely uncatered for.

He lists a few - Ping Identity, ServiceMesh, UC4. Obviously, he's focused on governance of services and not just data, since most of the integration players have added governance support for data. Also, I would add, IPSwitch says its network management and Managed File Transfer solution can be used for governance, so that's at least one other option.


Still, that's a mighty small number of vendors addressing governance of services, particularly when you consider Wainewright's point that service-oriented architecture provides such a fine starting point for cloud governance. He says:

This type of framework is well established in the field of service-oriented architecture, and therefore it's more a case of repurposing old skills and knowledge rather than having to invent an entirely new set of wheels - even though it comes with more of a REST spin than the old SOAP-based web services.

Governance will become more of an issue the more cloud applications your organization uses, so start thinking about it now, he advises.


In the meantime, as you work out governance, InformationWeek recommends some best practices for SaaS to make integration easier, and I would think a few would also help as you work through governance, including:

  • Get details from SaaS vendors on how they handle data import/exports and real-time exchange of information.
  • Ensure you're able to safely pass credentials to and from a SaaS provider's site. (Security, the article notes, is key to integration, so that's another bonus!)
  • Avoid point-to-point integration. "Job one for a cloud broker is to provide a sufficient level of workflow orchestration for your needs - both now and in a few years," the InformationWeek article states. "That's because if there's anything more painful than getting all your applications hooked into a broker, it's getting them unhooked while keeping your business rules and processes intact."

Add Comment      Leave a comment on this blog post
Apr 5, 2014 12:23 AM bharathi.b bharathi.b  says:
thanks for your valuable posting,it was very informative i am working in Erp in Chennai Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.