Hot off the Press - Avoiding the Storms: Why We Need Cloud Governance

Yes, today's forecast is scattered clouds. Scattered clouds imply a nice day with mostly sunny skies and a few scattered showers. But don't let today's sunny skies lull you to a complacent afternoon siesta. An unfettered increase in "scattered clouds" could mean that today's sunny skies are just the calm before the raging storms arrive.

Without proper planning and oversight (i.e. governance), cloud computing will inevitably have the same story as SOA. My latest feature, Avoiding the Storms: Why We Need Cloud Governance, explores this train of thought.

Is SOA Everywhere?

The title of this post reflects a very interesting question that I came across today on the ebizQ SOA forum where I am a contributing analyst.

Joe McKendrick explains his question as "while some viewed SOA as failed or dead, a different reality may have taken root. That is, everything about IT - developing, integrating, embedding, and modeling - is now done in a service-oriented way, or with service orientation as the goal. Have SOA principles become so ubiquitous they have simply melded into the background?"

As I pondered over the answer, I was reminded of the story of a very talented painter named Zeuxis, who could paint amazingly life-like pictures. Once he painted a painting of a boy carrying a basket of ripe red cherries. When he hung this painting outside his door, some birds flew down and tried to carry the cherries away. "Ah! this picture is a failure," he said. "For if the boy had been as well painted as the cherries, the birds would have been afraid to come near him."

The moral of the story is that if an SOA is done correctly, it should meld into the background rather than sticking out like a sore thumb. Conversely, good SOAs are hard to find not because they don't exist but because they have become part of the fabric of the enterprise.

* Originally posted on the ebizQ SOA Forum on 11/19/2009

Does cloud computing need malpractice safeguards?

An interesting question raised by James Urquhart's blog on CNET. Urquhart argues there must either be some kind of government regulation of minimum standards for cloud provision, or that customers should be able to bring forward "cloud malpractice" suits.

I respond with a simple question of my own:

"Can we start by enforcing the myriad of regulations we already have before we start thinking of new ones?"
The fact is that many of the existing regulations already apply to clouds. For example, information security on government clouds is still subject to the Federal Information Security Management Act (FISMA), although a few enhancements are being discussed to make the act more amenable (i.e. less bureaucratic) for clouds. Similarly, all of the data privacy (national and transborder) laws still apply to a cloud environment. Thus, IMHO, most of the legal issues surrounding clouds may already be addressed within the context of the existing legal framework reinforced by contractually enforceable SLAs. An evolving body of "case law" may also help address some of the "grey" issues that arise as cloud use becomes more pervasive.

At the same time, I don't think we can completely rule out the possibility of a few new and very cloud-specific regulations, especially if they help alleviate public concern and increase speed of adoption.