Lack of Cloud Governance: A Potentially Fatal Flaw in Enterprise Cloud Adoption

By Derick Townsend (Profile)
Share
Tuesday, September 20th 2011
Advanced

Many enterprises realize that successful cloud implementations require the adoption of new IT capabilities, such as automated workload management, self-service provisioning, cloud security, and others. Yet, many of these organizations still don’t recognize a critically important challenge they must also address to avoid it becoming a fatal flaw in their efforts to deploy business workloads into the cloud. That fatal flaw is insufficient cloud governance. Even companies experiencing good results with their virtualization management efforts rarely have a solid understanding of cloud governance. That needs to change, because cloud governance ultimately enables many of the core business benefits of cloud adoption.

It’s About Time to Market

The real value of cloud computing is achieved when it can streamline the entire enterprise software development and deployment lifecycle, and dramatically reduce time to market for software projects. The agility that cloud computing creates for IT can then be extended throughout the organization to directly benefit business users. IT will be able to respond more quickly to their needs and deliver new applications and software updates rapidly, which in turn helps them achieve their business goals faster and reduce time to market for their products and services, significantly reducing opportunity costs.

IT-intensive industries and global enterprise are full of examples where IT agility equates directly to market share, revenue growth, and profitability. Examples include traditional insurance carriers that need to quickly roll out the latest policy rate/quote functionality to their websites to avoid hemorrhaging customers to more nimble competitors with a direct sales model; or the global bank that needs to rapidly roll out customized consumer and commercial services in a new geography faster than competitors to grab market share. Regardless of the specific example, it’s clear that business units stuck with slow moving IT organizations delivering in six or nine-month software development lifecycles can be at a huge disadvantage.

Many organizations are starting to recognize that cloud computing can provide self-service access and on-demand deployment of IT resources to increase agility and competitiveness. However, they tend to limit their view of governing these new capabilities in the context of their traditional IT operations, which often consist of partially automated virtual machine provisioning processes along with manual processes still in place for VM configuration and approvals. They may view cloud as a relatively simple extension of these existing IT operations, and believe they are already well positioned to deliver all the significant business benefits of cloud computing to their organizations.

But as cloud computing begins to support more diverse business workloads, the complex relationships among all the stakeholders and types of projects and workloads, along with multi-layered regulatory and cost constraints, create an intricate policy maze. Trying to enforce consistent policies on this complexity with semi-manual processes or inadequate governance tools can jeopardize the benefits of cloud computing we’re seeking in the first place including:

  • Immediate self-service access to cloud services. That is, exposing services to end users to achieve true self-service functionality, which requires automated policies enforcement to prevent unauthorized access, security breaches, and cost overruns.
  • Automatic configuration and scaling of cloud workloads up and down to meet changing demand. This requires the ability to impose policy-defined boundaries and restrictions around elastic scaling behavior to balance performance, costs, and risks.
  • Optimizing the placement of portable cloud workloads and leveraging an organization’s mix of internal private clouds and external private and public clouds. This requires the ability to restrict deployments to satisfy cost, performance, regulatory compliance, or other parameters.