Focusing on Data and Fact with less Hype

Jon Shende

Subscribe to Jon Shende: eMailAlertsEmail Alerts
Get Jon Shende: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing

Cloud Computing: Article

Service-Oriented Architecture and the Cloud

Managing SOA governance in the Cloud

What is SOA?  One can say that the synthesis of Enterprise Application Integration (EAI) platforms with middleware tools and concepts evolved into what we know today as Service Oriented Architecture.

SOA then represents a standards based architectural blueprint with an emphasis on business centric services and transactions rather than that of technology oriented objectives: In other words an architectural style which businesses can use to execute and align services with their business model to achieve their business strategy, goals and objectives.

For instance, an end-user request a particular IT service per specified requirements defining capacity and quality levels, in response to this, the requirements will then be delivered when specified in a service based delivery methodology which is process aware and which allows auditing.

According to Thomas Erl, we can define Service Oriented Architecture (SOA) as" a standards based architectural approach for building applications by using a set of loosely coupled reusable, standards-based, and well-defined service."

Traditionally most IT personnel dealing with SOA has at some point in time encountered roadblocks affecting decision structures as well as building a SOA roadmap. This was especially evident if there was a persistent gap between IT and business.

We have also seen that an increasing demand on speed and flexibility with regard to SOA implementations, more so with business applications which are augmenting the requirements to get value out of applications as they are implemented.  This dynamic drive and necessity makes SOA an ideal model to implement a cloud computing service.

However, while I believe that following guidelines set out by a SOA is essential to the success of this service oriented environment, an important aspect of any SOA implementation is its governance. Nevertheless there are shortcomings within the traditional SOA model in terms of its governance that can impact the full maximization of a cloud service.

Luo, Zang & Lei (2010) stated that, "management or governance is not always implemented that well with SOA." The opinion presented was that if Cloud Computing services and delivery is appropriately designed and implemented, the integrity of data be it at rest or in transition can be exposed to risk by the manner in which "transactions are initiated, executed and recorded potentially through infrastructures and application systems distributed in many locations in the cloud."

In addition to affecting operational costs and the possibility of revenue loss, such a scenario can lead to unwanted legal concerns.

With the cloud being an area of diversity, in order to take full advantage of an SOA execution, there must be protocols in place to ensure that :

1. Governance procedures are adequately mapped

2. The SOA roadmap is clearly defined and

3. SOA processes involved are effectively documented

In light of this an architect needs to ensure a clear understanding of business process requirements that are collected and interpreted to ensure an accurate implementation that aligns to business goals, objectives and long term strategies.

Bear in mind that in this dynamic ecosystem of cloud computing, one has to account for all possible variations of process activity by understanding how a process could and will respond to an unexpected or abnormal condition, rather than simply focusing on what could go wrong.

In order to implement and manage an effective cloud computing deployment governance framework, additional policies and processes need to be implemented to overcome the shortcoming in current SOA management and governance practise.

Some of these shortcomings were addressed in a study "A Comprehensive SOA Governance Framework Based on COBIT", presented at the 2010 6th World Congress on Services in Miami.

Investigators presented data demonstrating the merit of a governance framework addressing shortcomings that can be encountered within a traditional implementation of a SOA. Their proposal suggested a model which would lead to a proliferation in management's ability to improve decision making, manage complexity and develop control and enforcement mechanisms; ideally improving governance.

In addition to other areas, the study also identified Service Portfolio Management and Monitoring and Evaluation processes as two areas that needed more attention.

The researchers solution to these shortcomings was to integrate governance aspects and main characteristics of the Control Objectives for Information and related Technology (COBIT).

Accordingly they used these characteristics of COBIT to develop "a manageable, measurable and more expressive SOA governance framework in which all processes descriptions, activity goals, control objectives, activities and metrics have been entirely documented as processes management aspects".

With the uncertainty and hesitancy by some to adopt a cloud service despite the pitched or perceived advantages, I believe that the implementation of a SOA model as proposed by these researchers can alleviate some of the major concerns associated with adoption of a cloud computing service.

By ensuring that processes and protocols are in place which are manageable, measurable, clearly defined and controlled - concerns such as security, identity and access control together with compliance and audit can be suitably mediated.

More Stories By Jon Shende

Jon RG Shende is an executive with over 18 years of industry experience. He commenced his career, in the medical arena, then moved into the Oil and Gas environment where he was introduced to SCADA and network technologies,also becoming certified in Industrial Pump and Valve repairs. Jon gained global experience over his career working within several verticals to include pharma, medical sales and marketing services as well as within the technology services environment, eventually becoming the youngest VP of an international enterprise. He is a graduate of the University of Oxford, holds a Masters certificate in Business Administration, as well as an MSc in IT Security, specializing in Computer Crime and Forensics with a thesis on security in the Cloud. Jon, well versed with the technology startup and mid sized venture ecosystems, has contributed at the C and Senior Director level for former clients. As an IT Security Executive, Jon has experience with Virtualization,Strategy, Governance,Risk Management, Continuity and Compliance. He was an early adopter of web-services, web-based tools and successfully beta tested a remote assistance and support software for a major telecom. Within the realm of sales, marketing and business development, Jon earned commendations for turnaround strategies within the services and pharma industry. For one pharma contract he was responsibe for bringing low performing districts up to number 1 rankings for consecutive quarters; as well as outperforming quotas from 125% up to 314%. Part of this was achieved by working closely with sales and marketing teams to ensure message and product placement were on point. Professionally he is a Fellow of the BCS Chartered Institute for IT, an HITRUST Certified CSF Practitioner and holds the CITP and CRISC certifications.Jon Shende currently works as a Senior Director for a CSP. A recognised thought Leader, Jon has been invited to speak for the SANs Institute, has spoken at Cloud Expo in New York as well as sat on a panel at Cloud Expo Santa Clara, and has been an Ernst and Young CPE conference speaker. His personal blog is located at http://jonshende.blogspot.com/view/magazine "We are what we repeatedly do. Excellence, therefore, is not an act, but a habit."