However much I fume against the specious arguments often advanced in favor of implementing private clouds, even I have to admit that sometimes an enterprise has no choice but to go private, despite the often dubious economics. It’s all down to governance. Public cloud providers are notoriously poor at documenting their SLAs — if they offer them at all. Few provide enough granularity in service provision to allow enterprises to be confident in their control over exactly where and how data is stored and processed. The saving grace of private cloud is that at least an enterprise can be confident of implementing its own governance model.
That’s something that needs to change if enterprises are to exploit the full business benefits the cloud brings. On the one hand, providers certainly have to wise up to governance concerns. On the other hand, enterprises have to adjust their expectations too, recognising that the cloud requires more nuanced and adaptable governance processes and systems. That’s the conclusion of a report that has just been made public, of which I’m a co-author with Matt Deacon of inThink. Living With Clouds: Evolving A Governance Framework For Cloud Computing (PDF) documents the outcome of discussions among a group of IT architects that took place on a snowy day in February this year near Oxford, UK. The work was funded by Microsoft [see disclosure] but Matt and I have now opened it up for public discussion because we feel the framework provides a useful foundation for further elaboration.
The starting point is one that I’ve discussed previously on this blog. As the report states, “Cloud governance needs are poorly defined and ill served both by governance tools and by providers, many of whom serve a volume market where few customers see governance as an issue.” But it’s not only the supply side that has shortcomings — the enterprise also has to review its governance processes and capabilities. “Cloud adoption usually requires a reworking of governance and management practices to accommodate more frequent, rapid, distributed change, along with greater use of automation, instrumentation and activity monitoring,” says the report.
The proposed framework assesses the governance needs of individual applications and business contexts and then compares them to what providers are able to offer. “Rather than rejecting the cloud outright, enterprises must find a way of defining the governance needs appropriate for each use case and assessing whether the cloud options available are sufficiently mature to meet those needs,” the authors write.
The framework offers a five-point rating scheme across seven separate evaluation topics:
- Service management
- Change management
- Service mobility
- Data protection & sovereignty
- Legal and financial
- Risk profile
If a provider scores higher on each category than the requirement, then adoption should go ahead. If it doesn’t you may want to explore other options, although it’s important to be flexible. A pressing business case may justify relaxing the governance specification, especially if the cloud provider is on track to bring its offering up to spec in future releases.
Looking ahead to the future, the report notes that enterprises must have a plan for making their governance systems more “cloud-ready,” so that when provider maturity improves, they can take advantage of what becomes available in the market. “The ultimate objective will be to manage an integrated, hybrid environment in which public and private resources, cloud and non-cloud, all co-exist,” the report concludes. “That will require a more automated management infrastructure that can interconnect with cloud service providers to monitor on-going compliance with governance policies.”
As fellow ZDNet blogger Joe McKendrick reported a few days ago, cloud management is a hard nut to crack. But enterprise IT doesn’t have a choice whether or not to face up to it. It’s time today to start formulating a strategy for cloud governance.
What’s your feedback on the suggested framework — or any other approaches you’d recommend?
(Cross-posted @ ZDNet | Software as Services Blog RSS)