Cloud governance and security typically work together, so you can't select the right security approaches and technology...
without first understanding your governance strategy. What's more, cloud governance comes in many flavors, including service level, data level and platform level. It's important to understand each type of governance before choosing the best option for your organization.
Service-level or API governance installs policies around access to services exposed by public or private clouds. Users who request access to cloud services have to go through a centralized mechanism that checks the requester's authorization. This mechanism also forces compliance with predefined policies that dictate when and how to access the cloud services. Companies that provide API/service management and governance products include Mashery and Apigee.
Data-level governance, much like service-level governance, focuses on both storage and data management. Once again, policies are placed around data and data storage systems to define and control access.
Data-level governance is becoming more important for businesses that implement cloud computing. The Cloud Security Alliance (CSA) has a Cloud Data Governance Working Group that defines approaches and standard technology. Perspecsys and Acaveo are among the vendors in the cloud data governance market.
Platform-level governance, sometimes called a cloud management platform, is related to platform management itself. This means placing automation services around cloud platform governance and management, including provisioning and deprovisioning cloud resources as needed by applications or data.
The objective of platform-level governance is to provide a single point of control for complex, distributed, and heterogeneous public and private cloud-based resources. This allows policies to define when and where resources are put to work and to ensure users use only what's necessary. The end result is not overpaying for subscription-based services, and the system works around issues like outages. Platform-level governance product vendors include RightScale and ServiceMesh -- now owned by CSC.
Creating your own approach
To define your business and technical requirements, your customized cloud security and cloud governance approach requires a great deal of work. Once that's accomplished, it's easy to create a comprehensive strategy and implement the right technology.
Most organizations continue to have concerns about cloud computing risks. Those risks, however, are substantially fewer than the risks associated with many of the traditional systems in use today.
The cloud has too many benefits to ignore, and the risks around security and governance are now solvable problems.
About the author:
David "Dave" S. Linthicum is senior vice president of Cloud Technology Partners and an internationally recognized cloud industry expert and thought leader. He is the author or co-author of 13 books on computing, including the best-selling Enterprise Application Integration. Linthicum keynotes at many leading technology conferences on cloud computing, SOA, enterprise application integration and enterprise architecture.
His latest book is Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide. His industry experience includes tenures as chief technology officer and CEO of several successful software companies and upper-level management positions in Fortune 100 companies. In addition, he was an associate professor of computer science for eight years and continues to lecture at major technical colleges and universities, including the University of Virginia, Arizona State University and the University of Wisconsin.
How hybrid cloud improves governance
Office 365 silent patch a governance issue?
Top five tips on cloud compliance