Service governance for the cloud: Ignore at your peril

Because the cloud service belongs to someone else, many architects don't think about its implications to delivery in the enterprise

Cloud computing needs service or SOA governance -- there is really no question about that. However, those architects charged with extending portions of their architecture out to the clouds are missing the service governance boat. The result is a complex federated system, with components existing inside and outside of the firewall, that is almost impossible to manage.

The trouble seems to be that many architects and other IT managers don't consider cloud computing platforms as "their architecture," so they don't put mechanism around those services to manage change and enforce operational policies. However, as on-premise systems become dependent on cloud-delivered services, they are exposed. Thus, any changes to those services, operational exceptions, or operational violations stop the system in its tracks.

[ Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. | Confused by the cloud hype? Read InfoWorld's "What cloud computing really means" and watch our cloud computing InfoClipz. ]

At a certain point -- when there are too many services in play, on-premise or cloud-based -- it's almost impossible to manage those services without some sort of runtime service governance mechanism. Service governance technology is all about placing policies that you define around all the services, on-premise or not, so you can make sure that the services are doing what they should be doing, that only specific resources can access them, and that any changes to them (which happen often within cloud providers) are brought to somebody's attention quickly so that corrective action is taken.

Service governance is not magic. A good service or SOA governance implementation takes careful planning, good policy design, and a well-thought-out runtime SOA governance technology to make it work. Here's some quick guidance:

  • Make sure to consider service governance as you define your architecture using cloud computing -- and when you select cloud computing providers. Some cloud computing providers are easier to govern than others; the interfaces vary greatly.
  • Focus on runtime rather than design-time service or SOA governance. Make sure that the service governance technology vendor has a well-thought-out cloud computing strategy -- and that it has actually been tested against several providers.
  • During the testing cycle spend a significant amount of time on testing the service governance implementation. Make sure that the policies are implemented and functioning correctly, and that any number of exceptions are caught and managed.
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies