SaaS Governance Should Be Part of 'Regular' IT Governance


Given my recent interest in compliance in the cloud, you can imagine my curiosity when I first read about Intel's "Bringing Departmental SaaS Usage Under IT Governance" webcast. So Tuesday, I took an hour to listen in hopes that The 451 Group's Dennis Callaghan and Intel's SOA products director, Girish Juneja, would help me pull together just how technology should -- or is going to -- figure into the whole picture when it comes to cloud compliance and governance.


I've already learned, thanks to conversations with Proskauer Rose attorneys Tanya Forsheit and <strong>Nolan Goldberg</strong>, about the importance of detailed service agreements with SaaS or cloud computing providers. But is there technology that can help manage SLA compliance and the security and privacy policies necessary to make cloud computing work in a way that doesn't automatically run afoul of regulatory requirements?


The short answer is yes. But not much yet, it seems, because enterprises and SaaS vendors alike are still trying to wrap their heads around the the whole concept of SaaS governance. Rather than thinking about SaaS governance as a separate animal, the presenters said, companies should be thinking of SaaS governance as part of their overall IT governance. Callaghan pointed out that SaaS procurement is more often the responsibility of IT rather than business managers. What's more, Callaghan told us, IT will be looking at "external SaaS capabilities with the same eye for security, governance and service level agreements as required by traditional apps."

In light of that, then, enterprises should apply SOA governance and security for SaaS to penetrate across enterprise applications. Similarly, Callaghan said, SaaS vendors should offer SLA management features. That's where Intel's SOA Expressway comes in, Juneja told us. SOA Expressway is "a software appliance designed to simplify, accelerate, and secure the enterprise SOA architecture." Among other things, the technology's detailed user- and service-auditing capabilities can help companies meet data transparency and regulatory compliance requirements.


Since Intel sponsored Tuesday's webinar, I knew we'd here about Intel's products, but other companies offer similar tools. And as SaaS adoption continues to increase, the number of available management and governance tools also will increase. As CA's product management VP, Tom McHale, told me recently:

The reality is, if you're running a business and you're buying extra processing and storage and infrastructure, you still have to manage that stuff. The fact that it's virtual hardware somewhere is important, but it still has to be managed like your normal infrastructure. The fact that you're putting it on the cloud doesn't mean that you can forget about it.