Governance for Your Cloud

February 2, 2011

by Cloud Computing Team

Cloud computing needs governance - which is to say that cloud computing needs processes, policies, and procedures. In a way this is no different from IT more broadly. But virtualization, dynamically moving workloads and an increased reliance on third parties for many types of IT functions mean that well thought-out and documented processes, policies and procedures tend to be more important in cloud computing than with a more static and manual environment.

When people talk about security or risk in the cloud, they’re usually talking about governance. Security procedures and technology are part of governance, but governance is a broader concept. Legal and regulatory procedures, transparency, service levels, indemnification, notification and portability are all part of this bigger picture, especially as the discussion widens to include public cloud infrastructure providers and Software-as-a-Service (SaaS) vendors.

Consistency and portability are two of the most important pillars supporting well-governed cloud architectures whether on-premise, public or a hybrid architecture. These concepts are closely related, but they’re not the same thing.

Consistency refers to having a consistent runtime environment (such as an operating system or middleware) in different clouds, private and public. The same application should be able to run in both places. For starters, this means that you can take a given Linux, Java, PHP or whatever application and the target environment(s) will have the supporting software and hardware infrastructure that allows that application to run in the same way in all these places. The bottom line is that the user of that application should not be able to tell where it is running. (Of course, the IT operations people need to know where workloads are running as well as specifying up-front where different workloads are allowed to run.)

One of the ways that consistency breaks down is that public clouds encourage ad hoc development that doesn’t necessarily comply with an organization’s standards for applications run on-premise. This may be fine for prototyping or other work that is throwaway by design. However, it’s far too easy for prototypes to evolve into something more - as often happened in the case of early visual programming languages - and the result is applications that either have to be rewritten or that may have support, reliability or scalability issues down the road. Just because developers find that a given public cloud environment offers the cheapest and easiest path to write and test an application doesn’t mean total application lifecycle costs will be lower. Public cloud-based development will happen though, so the best strategy is to recognize this inevitability and channel it in a way that fits within organizational standards.

Consistency goes beyond just technical factors though. Consistency between on-premise and public cloud environments also requires that the full runtime - including the applications running on it - be supported and certified by the same ISVs and others when running in the cloud or in the cloud, a commitment that is as much about business relationships as technical ones.

Portability takes multiple forms. Portable computing creates scalable private clouds that can be federated to a public cloud provider under a unified management framework. Portable applications mean that developers can write once and deploy anywhere, thereby preserving their strategic flexibility and keeping their options open while lowering maintenance and support costs. Portable services simplify development and operations by eliminating the need to re-implement frequently needed functions in private clouds and enable the movement of data and application features across clouds. Portable programming models let existing applications be brought over to cloud environments or be evolved incrementally.

And, as with consistency, there are aspects of portability that aren’t primarily technical - such as whether software subscriptions and licenses can be transferred from one location to another. Consistent support and maintenance environments are also essential elements.

Cloud computing in some form will happen throughout all organizations whether it’s the formal evaluation and adoption of a new CRM platform through a formal IT process, the ad hoc use of public cloud infrastructure by developers, or the “bursting” of an on-premise cloud to a public cloud to gain temporary capacity. Especially given the importance of properly securing data and minimizing lock-in to specific third-party provider, it’s critical to bring cloud computing activity that involves corporate data or production applications under a common governance umbrella.

Cloud computing isn’t “risky” any more than IT more broadly is risky. Rather, like all IT activities, cloud computing projects should be undertaken in a way that both mitigates risk and that considers those projects in the context of IT as a whole.

To learn more about Red Hat cloud computing and portability, visit here.

Back to top