You are here

Understanding cloud application governance: A developer's guide

public://pictures/davidl.jpg
David Linthicum, Chief Cloud Strategy Officer, Deloitte Consulting

Governance means different things to different people. "Cloud application governance" means the placement of policies around the use of cloud resources, such as storage and compute, as well as cloud services (APIs).

Most developers have yet to grasp the concept of governance as it relates to cloud application development. Missing is the understanding of how to develop cloud applications that can be effectively governed and managed and how to link applications with service and resource governance tools.

Understanding these links and the mechanisms that make a good cloud governance program, however, is an outright necessity. Developers need to take steps to find the right solution for their project and build it into their development processes as well as operations. This article will be your how-to guide to get your cloud governance program under way and build systemic governance into your cloud applications.

[ Get up to speed fast on the state of app sec and risk with TechBeacon's new guide, based on the 2019 Application Security Risk Report. ]

Why does this matter?

According to a Gigaom survey from 2014, 63 percent of the roughly 1,000 IT leaders who responded said that leveraging cloud governance systems will likely be accepted in their organization. Only 7 percent think cloud governance systems will be ignored (see Figure below).

Use of cloud governance approaches, processes, and policies.

So what happened in the last few years? The complexity and size of cloud deployments exploded. The growth of cloud instances translates into companies becoming comfortable with cloud computing concepts. With comfort comes speed to deployment, and with speed to deployment comes complexity.

Enterprises are leveraging private, public, and hybrid cloud computing architectures but are moving to complex, multi-cloud architectures as well. "Multi-cloud" typically means more than a single public and a single private cloud provider, where you mix many different public and private cloud computing brands, as well as various cloud computing models.

[ Is it time to rethink your release management strategy? Learn why Adaptive Release Governance is essential to DevOps success (Gartner). ]

Cloud governance explained

The rise in the acceptance of cloud governance is related to a few key trends. Increasing complexity, combined with enterprises' inability to build cloud-based systems without using many different cloud technologies, is one of them. The capabilities of existing cloud governance and management systems improved significantly over the last few years. Enterprises learned from their mistakes. Many that built their cloud-based architectures quickly reached their tipping points, in terms of services and resources under management.

The bottom line is that developers and admins quickly hit the wall, in terms of the infrastructure and cloud services/APIs that they could manage. Excel spreadsheets can only do so much, and they don't actively enforce policies.

However, where governance was once the domain of the enterprise architect, it's now the responsibility of the developers. This is not really passing the buck; it's more a realization that cloud governance is systemic, including the application levels. Moreover, it's holistic: Cloud governance needs to exist at the infrastructure, services, and application levels. It's just logical that developers who create governance and policies for applications should do so as well for the services and infrastructure.

Styles of cloud governance: Several to consider

Cloud services, or API, governance approaches focus on automation and governance at the cloud services layer. "Cloud services governance" is a general term that refers to the process of applying specific policies or principles to the use of cloud computing services or APIs. The objective of cloud services governance and the tools that provide support for it is to place an abstraction layer between the services and those who manage them. Examples of technology used in this approach are Apigee and Mashery.

Resources need to be governed as well, and businesses can manage these intricate interfaces through the use of a resource governance tool, also known as a CMP (cloud management platform). CMPs are also governance technology and methodologies, but they take a different approach from services governance by focusing on the cloud resources themselves, such as storage, compute, and database services, and not just the interfaces into the resources, such as services or APIs. Examples of technology used in resource governance are Servicemesh (now owned by CSC) and Rightscale.

Of course, there are no standards to define cloud governance technology operations. Each technology takes its own approach to solving the governance problem, including how to approach the use of policies and automation to affect the operational aspects of cloud services or cloud resource governance. If you're looking to pick a cloud governance product within the emerging patterns, you'll find there are no patterns.

Application design, development, and cloud governance

So if cloud governance is systemic to cloud applications, how do developers support this process? There are a few core issues to address:

  • First, you need to pick a cloud application governance approach. This includes understanding your own application and DevOps requirements, and then picking the right logical approach. For instance,how are you going to encircle services and applications with configurable policies, and how will the policies be centrally controlled and versioned?
  • Second, you need to pick your tools, and this is where things get a bit complex. The process means that you're matching your logical approach to a physical set of tools, perhaps more tools than you thought you needed, considering that no cloud service or resource governance tool does everything. Indeed, this process is ultimately a set of trade-offs that need to be considered before coming up with your first instances of cloud governance tooling.
  • Third, you need to include the data. I'll talk about this more below, but the short answer is that data exists decoupled, and thus must be governed by itself. It may also be bound to applications and need to be governed as such.
  • Finally, there's DevOps. If you're automating the development processes and have tools to deal with development, testing, integration, and deployment, cloud governance needs to be part of that process. The basic path here is to build governance checks into the entire DevOps processes, as well as the automated tools. Much like security, this needs to touch each part of the processes and become systemic to everything.

Cloud data governance

Data governance represents yet another layer. It is governed with service governance tools in some cases, and with resource governance tools in other cases. Core to governing cloud-based data storage, including databases, is that you pay attention to the following:

  • The ability to track changes to schemas, including dealing with which applications and services leverage which parts of the data. This is very important, considering that a change to a structured or unstructured database can take down an application. There should be written policies to contend with changes to the database, as well as changes to the applications. All must be tracked and versioned, and configurations managed.
  • The data needs to be governed as well, beyond the schema. This means that you're tracking the data itself and placing policies that deal with content, including restrictions on what can be entered into a database, frequency of updates, and use of database resources. Tracking the data itself ensures that the services and applications that leverage the data, or database, are doing so within guidelines that are set by developers or admins. This keeps bad things from happening, such as databases becoming saturated.

CloudOps and cloud governance

Cloud Operations (CloudOps) and cloud governance are important as well, and are really the "ops" part of DevOps. Cloud governance systems run the entire time during operations and thus are part of operations. Therefore, in the startup scripts, the developers or operations people need to ensure that the governance systems are started and are part of the configuration.

Core to this process is dealing with policy management, including figuring out how to load polices dynamically during operations. Or not stopping. Or having to restart the cloud systems to load new policies.

The trend is continuous operations, and thus the goal is to load everything dynamically. However, you're limited by the capabilities of the cloud governance tools that you select. Moreover, you need to make sure that your management and monitoring systems are tracking your governance systems as well. Again, cloud governance is systemic to everything.

Putting cloud governance into perspective

Generally speaking, those who move to the cloud can live without a cloud governance strategy and technologies for the first few deployments, because they can manually perform most management and governance operations. However, with the second or third cloud deployment, teams typically hit a tipping point in the number of cloud services and resources under management. Enterprises can no longer manage the increasing number of cloud services at that point, and the numbers of cloud types and brands typically increase as well.

The trick is to prepare for the complexity. Before your cloud deployment becomes more complex and cumbersome, it's wise to get a sound governance program under way. Moreover, it's wise to include developers early on, since they will be ultimately responsible for cloud governance, not to mention security and some parts of operations.

So the value is really defined as the amount of money saved. If you can avoid a complete breakdown in cloud applications and thus avoid the failure of the cloud-based platforms to support the business solutions, you come out ahead. Instead of incrementally defining the value, as you would with any technology that provides new and needed capabilities, the use of cloud governance really becomes the table stakes for getting into cloud computing at all.

That means the value of cloud governance is tightly coupled with the value of cloud computing itself.

[ Get Report: Buyer’s Guide to Software Test Automation Tools ]