In recent times, organizations have been focusing on establishing governance practices for their service oriented architectures that address business alignment with services and service discovery and reuse. But what about services outside the walls of the organization? What about services hosted in the cloud?
These are some of the issues discussed by Larry Fulton, senior analyst at Forrester Research, was a keynoter at ebizQ's SOA Governance conference earlier this fall. (Archived presentation available here. Transcript available here.)
Concerns such as security and user privileges still need to be enforced through corporate policies. "When we talk about policies in the context of the cloud, it's no different," Larry says."When we talk about policies without a cloud, we're talking taking the derivative configurations, policy settings, and rules that come from those corporate objectives, and formulating them to where they make sense in the operational environment. The same thing has to happen if the service is in the cloud."
Larry adds that "if I'm going to hand data from my organization to a service in the cloud to act on, I need to have the same level of assurance that that data is protected from a security standpoint that the right kinds of things that are going to happen, that I'm going to be able to meet same service levels that my customers expect," Larry says. "The challenge, of course, is that we don't yet have a good way to sort of genericize those policies so that they can be taken along for the ride with the service request, or in advance of a service request."
Larry expects to see more of these concerns, "especially as we see more of this kind of services in the cloud thing." Ultimately, Larry says, what's going to happen first is that organizations that are operating those clouds will end up having to take some kind of leadership role to drive adoption up."
These are some of the issues discussed by Larry Fulton, senior analyst at Forrester Research, was a keynoter at ebizQ's SOA Governance conference earlier this fall. (Archived presentation available here. Transcript available here.)
Concerns such as security and user privileges still need to be enforced through corporate policies. "When we talk about policies in the context of the cloud, it's no different," Larry says."When we talk about policies without a cloud, we're talking taking the derivative configurations, policy settings, and rules that come from those corporate objectives, and formulating them to where they make sense in the operational environment. The same thing has to happen if the service is in the cloud."
Larry adds that "if I'm going to hand data from my organization to a service in the cloud to act on, I need to have the same level of assurance that that data is protected from a security standpoint that the right kinds of things that are going to happen, that I'm going to be able to meet same service levels that my customers expect," Larry says. "The challenge, of course, is that we don't yet have a good way to sort of genericize those policies so that they can be taken along for the ride with the service request, or in advance of a service request."
Larry expects to see more of these concerns, "especially as we see more of this kind of services in the cloud thing." Ultimately, Larry says, what's going to happen first is that organizations that are operating those clouds will end up having to take some kind of leadership role to drive adoption up."
Leave a comment