Welcome!

IBM Cloud Authors: Zakia Bouachraoui, Pat Romanski, Elizabeth White, Liz McMillan, Yeshim Deniz

Related Topics: Microservices Expo, Java IoT, IBM Cloud, Weblogic, Open Source Cloud, @CloudExpo

Microservices Expo: Article

Making Cloud a Reality for Enterprises via SOA Governance

Governance is the key for enterprises to successfully deliver applications in the cloud

Cloud computing is slowly gaining credibility and traction in the enterprise world. As giants such as Google and Amazon productize their massive cloud infrastructures, moving enterprise applications to the public cloud seems a more realistic possibility. The advantages of an enterprise application leveraging the public cloud sound like utopia - lowered total cost of ownership and overhead costs, ease of maintenance, inherent high availability and scalability that is built into the infrastructure. Yet when the theory of moving to the cloud is put into practice, the biggest hurdle that stalls the success of the transition is governance. This article analyzes its importance and the various aspects of governance in the realm of cloud computing.

Governance in the Cloud
Many organizations are reluctant to move forward with a cloud computing strategy because of justified concerns related to security, compliance and control. Without a doubt, information is the biggest strategic asset for any organization. The fear of compromise can throttle the transition of enterprise applications to the cloud. In the cloud, governance must be treated as a first-class citizen. The threats are greater and the stakes are higher when information is not in direct corporate oversight. Commitment to the rigors of governance will bring freedom in leveraging the advantages of the cloud paradigm.

Here are some of the key aspects to consider around governance in the cloud.

Answering the 4 Ws: Enterprises need to have fine-grained control to answer the 4 Ws:

  • WHO can access the application, data and resources
  • WHAT permissions a specific user has
  • WHERE is the application and the data
  • WHEN was the application accessed

To exercise this level of application control, it is mandatory to have a well-defined mechanism to define these security, auditing, and compliance policies. In addition, defining and managing policies should be decoupled from the development of the service and the underlying distributed cloud infrastructure so they can change independently of each other. For example, a new regulatory requirement may need to be enforced through a policy on an application. However, changes in the policy should not require rewriting the application. Also decoupling a policy allows it to be applied to multiple applications or services. While design and development of the policy should be decoupled from the application, the actual enforcement should be part and parcel of the actual application so there is a reduced chance of breach of contract. These seemingly contradictory requirements need to be met for successful governance of the enterprise application in the cloud.

  • Managing Service Level Agreements (SLAs): It is one thing to have raw computing power at your call and another to leverage it to meet service level agreements through peak application performance. This is an aspect of governance that is intensified with the transition to the cloud. Users move enterprise applications to the cloud with the hope of leveraging the infinite computing power of the distributed world. However, visibility into how the cloud is being leveraged to meet SLAs, whether they are indeed being met, and how easily the cloud can be set up to deliver on this are all requirements to consider as part of the governance of SLAs on the cloud. In addition to the infrastructure-level SLAs (CPU usage, memory utilization, etc.), business-level SLAs also need to be defined. For instance, your business SLA could define a response time for an order processing application. The order processing application can in turn be comprised of various intertwined distributed service interactions. It is critical to be able to manage the performance of the entire application and be application aware to dynamically deploy additional instances of services to meet these business SLAs.
  • Application Lifecycle Management: Lifecycle governance focuses on the entire lifecycle of an application or service, from design to development, to test to deployment and maintenance. It also involves assessing and managing change impact on operations and services. When you factor in the cloud, this involves end-to-end lifecycle management across distributed computing boundaries. This implies the need for very selective transparency of the underlying infrastructure for management of the enterprise application. Where exactly the application resides should not be visible while considering the processes around design and development of services. On the other hand, during phases in the lifecycle such as deployment and management, it should be possible to seamlessly leverage the power of the cloud without needing to figure which exact node or machine in the cloud the application needs to be deployed to or what the underlying software is at the node of execution.
  • Governance Body: In addition to ensuring you have the right tools in place to effectively deliver a secure, governed application in the cloud, it is important for the organization to establish a regulatory body. This is imperative in any organization that wants success with their SOA, even without the cloud paradigm. Factoring in the cloud makes the need for a regulatory body that much more important, as the parameters that affect the success of SOA become more complex. The regulatory body should be responsible for the success of governance; establishing guidelines, principles and processes; and foreseeing the overall enforcement of governance.

Governance is the key for enterprises to successfully deliver applications in the cloud. All aspects of lifecycle and operational governance assume a level of complexity when considered for the cloud. As the industry recognizes the need for governance as an enabler to successful adoption of the cloud, and the unique set of challenges associated with the cloud deployments, we see new offerings emerge across the spectrum. Considering the nascency of the market, most offerings address only a few of the aspects discussed in the previous section. It is imperative to consider a holistic approach to governance that addresses all aspects of it rather than just one or two criteria. To get an enterprise application up and running on the cloud, there is a need for opaqueness on the underlying infrastructure so that the users can focus on the business use that the enterprise application is meant to address.

Cloud platforms have emerged as the solution to this problem where the personnel associated with the application such as developers, business, operational and administrative users can focus on their specific use while the cloud platform leverages the power of the underlying distributed system. A cloud platform that provides comprehensive coverage of lifecycle and operational governance and addresses all the obstacles discussed in the earlier part of this article can be a powerful ally in making enterprise applications successful in leveraging the infinite computing power of the cloud.

More Stories By Mala Ramakrishnan

Mala Ramakrishnan is a Product Marketing Manager at TIBCO who manages outbound marketing functions across the SOA and BPM product lines. Previous to this, Mala head the Developer Strategy at TIBCO to drive demand generation and user adoption of TIBCO’s products. Mala has over 10 years experience in product development, management and marketing roles across a variety of software offerings ranging from network optimization to software security to mobile computing. She holds a Masters in Computer Science from Stanford University.

More Stories By Sriram Chakravarthy

Sriram Chakravarthy is Sr. Product Marketing Manager, Cloud Services at TIBCO. He has more then 10 years of experience in the designing and implementing of high performance messaging servers, integration and on-demand platforms. He has helped design scalable, high-performance middleware architecture for several large customers. Sriram has several patents filed in the distributed computing and Web Services space.

More Stories By Srini Vinnakota

Srini Vinnakota is Product Marketing Manager, SOA Governance at TIBCO Software. He has more than 6 years of experience in product management & marketing, product development, customer service, and account management in Enterprise Software (TIBCO Software, Siebel Systems), Digital Media (Sun Microsystems’ Research Labs), and Web 2.0 eCommerce (eBay). Over the years, he worked with customers from various industries such as Financial Services, Telecommunications, High-Tech, and Transportation. He has an MBA from the Kellogg School of Management and an MS (Computer Science) from the University of Illinois at Urbana-Champaign.

More Stories By Chris Nguyen

Chris Nguyen is group product marketing manager at Adobe. As a group product marketing manager on the Adobe Experience Manager team, he is responsible for go-to-market strategy and field readiness for Adobe Experience Manager’s cloud deployment product offerings. Prior to joining Adobe, Nguyen served as manager of product marketing for TIBCO Software’s Service Oriented Architecture platform, focusing on application development, governance, and integration and product management at BEA Systems (Oracle).

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...