Cloud Governance to Avoid the “Accidental Cloud”
By: William Hageman | Technical Architect
While reviewing Cloud Architecture documentation in recent months I have started to notice the phrase “Accidental Cloud” pop up more and more. What is this “Accidental Cloud”? Is it new? Is it something to be concerned with? What can we do to minimize the chance of the label being applied to our IT infrastructures?
First of all, the term may be new but the problem is far from it. In fact, it has been a core issue in the Enterprise environment since we left the simplicity of a central mainframe with a couple of applications on it. The simplicity here referenced is not of the system itself, as those of us old enough to remember what it took to keep a mainframe happy will attest, but in governance. To say that what did and didn’t get on the mainframe was tightly controlled (and by a very small group of individuals), is a near-comical understatement.
Fast-forward a decade. The explosive expansion of both the size and scope of Enterprise IT caught many, if not most, corporations by surprise. As most IT initiatives were aimed at solving individual business units’ needs, the well commented on (and highly lamented) spiderweb of interconnecting applications and silos of duplicate data became the nightmare reality of most Enterprise IT organizations. Governance was all but impossible. But from the CIOs down to the architects and line managers, most realized that the business user’s hunger for IT was only going to grow.
Enter architectures like SOA. Modular, reusable, adaptable, it was just what IT was looking for. But SOA was, and is, a two-edged sword. The first time I ever heard the term “Accidental Architecture” was with SOA. The reason? Unless you design your SOA infrastructure from the top down, and at an Enterprise level from day one, it will descend into a spiderweb of its own and never deliver at the ROI you invested in it to attain. The construction and maintenance of this designed infrastructure requires near draconian governance. More on that statement in a moment.
How does this tie into the theme of this blog? Because the Cloud is SOA that someone else supports some part (or all) of. I’ve also heard the Cloud referred to as SOA 2.0. These statements tend to turn salespeople weird colors, and granted they are a simplification, but are otherwise essentially sound. If we are having trouble with the architectural side of our SOA implementation, adding the Cloud into the mix is equivalent to adding a couple of extra feet of rope to a hangman’s noose. We are going to go a little further, but the inevitable end result is unchanged as the problem hasn’t changed. A lack of governance has just evolved into a lack of cloud governance, same problems and challenges but with a whole new layer we must adapt to as opposed to control. We just advanced our “Accidental Architecture” to an “Accidental Cloud”.
Back to SOA, and by extension the Cloud, being a two-edged sword. SOA initiatives required executive buy in and commitment, or they tended to implode. Departmental efforts rarely were successful. This was a painful, and generally expensive, lesson for many an early adopter of SOA. But all in all we did learn. Centers of Excellence (CoE) teams were put into place to ensure that even the smallest addition to the Enterprise infrastructure applied the company’s defined best practices, fit into the overall architectural goals, and complied with the organization’s security guidelines. To many, this harkens back to the glass tower days of early IT. But I have great difficulty branding this a bad thing when I read whitepapers describing how one company, (who is quite vocal about their fully implemented cloud governance), estimates that over the last several years no project has started without a minimum of 30% of the core code already existing and being available for reuse by the new effort.
This blog isn’t about why the Cloud is great. There are plenty of them already. Though not the silver bullet that so much of the sales hype would have us believe, the Cloud is about as close to such as current technology will let us acquire. Sure, it will evolve into the next big thing, as SOA has before it, but it’s not going away anytime soon. And neither will the need for governance, it has just picked up the added complexity of cloud governance. Problem is, as the Cloud does allow us to shift so much of the startup time and monotonous support away from our internal teams, it becomes all too easy to allow Department A to put up the Cloud-based sales tool they have their eye on (but we haven’t fully vetted against our Enterprise goals) since our IT staff’s involvement is minimal. We have already bled through this lesson once. Though the Cloud paradigm may have shifted varying amounts of the architecture to external specialists, the overall architecture itself hasn’t changed, and neither has our responsibility to be Enterprise-minded CIO’s, architects, and managers. In reality, the CoE team should be even more involved with decisions involving Cloud-based solutions, as we are now giving away key responsibilities with nothing but an SLA from the vendor. To forget the importance of governance when dealing with the Cloud flies in the face of our own hard-won experience and puts us on the path that could get our otherwise earnest efforts branded an “Accidental Cloud”.