Welcome!

Agile Computing Authors: Carmen Gonzalez, ManageEngine IT Matters, Liz McMillan, Craig Lowell, AppDynamics Blog

Related Topics: @CloudExpo, Microservices Expo, Agile Computing, Cloud Security, @BigDataExpo, SDN Journal

@CloudExpo: Article

Governance Strategies for Successful Cloud Initiatives

How to create and enforce policies and governance in an automated way, while maintaining cloud computing’s self-service promise

At the top of many IT group's list of concerns lie security, compliance and internal process governance - both in static data centers and in dynamic clouds. Indeed, governance should not be overlooked. And, as they say in many security circles, the best measure of successful security is silence. Although the discussion around governance in the cloud has evolved, many organizations still struggle with questions such as:

  • Which apps should we deploy to public clouds?
  • When and where should cloud environments be encrypted?
  • Who has access to cloud-based applications and infrastructure?
  • Which firewall rules should apply?
  • How do security rules differ from app to app based on the application's lifecycle phase?

At the heart of these questions and concerns is how to manage the security and compliance risks inherit in enterprises and how to build and apply fine-grain cloud controls to manage the deep complexity inherent within cloud environments. In this article, I'll take a look at how to create and enforce policies and governance in an automated way, while maintaining cloud computing's self-service promise.

Create and Enforce Governance Policies
Policy-based governance controls based on an extensible meta-model enable the creation and enforcement of an unlimited range of custom policies, which are critical for large enterprise success and innovation.

A broad range of policy types are needed to properly govern the deployment and management of applications and platforms in the cloud, especially when self-service, on-demand access is provided to business users and development teams. An enterprise-grade cloud governance model should be implemented with policy types that encompass:

  • User and group access
  • Deployment criteria that ensure workloads are deployed properly based on data and sensitivity level, such as geographical constraints or credit card data
  • Orchestration of configuration management controls; the ability to ensure secure and compliant versions of application artifacts, middleware and O/S are deployed across cloud environments and remediating any manual changes

In addition, IT should use policies to enforce security zone compliance, orchestrate host and hypervisor based firewalls, AV, HIDS, virtual networking, data encryption, and other security tools and utilities. All of these controls should be tuned to apply across the various stages of the application lifecycle (i.e., Development, QA, UAT, Production, etc.).

Fulfill the Self-Service Cloud Promise

Self-service and governance may seem at odds, but in the world of cloud computing, they come together to deliver agility with control. While the benefits of self-service are obvious - and the reason many enterprises embrace the cloud to begin with - allowing business users and developers to directly access needed IT resources through a self-service interface, IT resources become more responsive to business needs. As a result, business agility improves and the business as a whole benefits.

Governance exists to balance self-service as it imposes a set of rules for how resources should be accessed, by whom, at what times, in what quantities, and for which purposes. In the same way that traffic rules enable people to use roads to get where they need to go quickly while eliminating accidents, cloud governance seeks to ensure that cloud usage is well ordered so that self-service can happen seamlessly and without manual intervention for the business, ensuring ideal use of resources, compliance with regulatory mandates and, most important, optimal business outcomes.

Ensure Adaptability of Policy Controls
Regulations, industries and business don't stand still. As a result, when creating governance policies, IT must do so in a way that is easily adapted to meet future requirements. An extensible policy framework that allows IT to rapidly customize policies to address a broad range of current and future business needs is required for successful cloud governance. The ability to create and enforce an unlimited range of custom policies is accomplished through a policy engine with an extensible meta model, allowing enterprises to create new attributes that policies can reference to make decisions.

The dynamic nature of cloud computing may appear a hurdle to effective governance, but the reality is that static data centers also present their own, unique security, regulatory and governance challenges. While both can be secure and compliant, at the end of the day, it is about building and enforcing proper controls for the business's various activities. A policy-based security strategy will help enterprises simultaneously meet the promise of self-service cloud computing while providing a fully governed, successful cloud initiative.

More Stories By Eric Pulier

Eric Pulier, CEO at ServiceMesh, Inc. Named one of 30 e-Visionaries by VAR Business, he is a popular public speaker at premier technology conferences around the globe. Pulier is member of Bill Clinton’s Clinton Global Initiative, and is the Executive Director of the Enterprise Leadership Council.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
Unsecured IoT devices were used to launch crippling DDOS attacks in October 2016, targeting services such as Twitter, Spotify, and GitHub. Subsequent testimony to Congress about potential attacks on office buildings, schools, and hospitals raised the possibility for the IoT to harm and even kill people. What should be done? Does the government need to intervene? This panel at @ThingExpo New York brings together leading IoT and security experts to discuss this very serious topic.
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Complete Internet of Things (IoT) embedded device security is not just about the device but involves the entire product’s identity, data and control integrity, and services traversing the cloud. A device can no longer be looked at as an island; it is a part of a system. In fact, given the cross-domain interactions enabled by IoT it could be a part of many systems. Also, depending on where the device is deployed, for example, in the office building versus a factory floor or oil field, security ha...
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Dave McCarthy, Director of Products at Bsquare Corporation; Alan Williamson, Principal...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, discussed recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model for ...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
Successful digital transformation requires new organizational competencies and capabilities. Research tells us that the biggest impediment to successful transformation is human; consequently, the biggest enabler is a properly skilled and empowered workforce. In the digital age, new individual and collective competencies are required. In his session at 19th Cloud Expo, Bob Newhouse, CEO and founder of Agilitiv, drew together recent research and lessons learned from emerging and established compa...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.