Taking Steps To Boost Automated Cloud Governance - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
Commentary
7/6/2020
08:00 AM
Connect Directly
Twitter
RSS
50%
50%

Taking Steps To Boost Automated Cloud Governance

ONUG's recent whitepaper outlines how establishing uniform event reporting could lead to improved transparency from cloud providers.

Adhering to compliance can be tricky for enterprises that move to the cloud, but the creation of standards to automate governance could ease some of the issues they face. The Open Networking User Group (ONUG) recently issued a whitepaper that lays out why standardizing different reporting methods might save organizations from some of their headaches.

Co-founder Nick Lippis says ONUG is advancing its efforts beyond the first phase of the collaboration, which focused on basic governance in the cloud era. “Governance is all about control, how you control information and data,” he says. “Those two pieces are usually the root causes of failure in most digital transformation projects.”

Organizations want to reassert control over their data and information in order to make good on their digital transformation and consume more cloud services, Lippis says. ONUG’s whitepaper includes a design model for cloud governance policy and other frameworks organizations might consider adopting.

Image: Gorodenkoff - stock.Adobe.com
Image: Gorodenkoff - stock.Adobe.com

Lippis says cloud providers often talk about a shared responsibility model where the users take active roles in the process. The trouble is that the feedback and communication organizations receive is not always clear. He compared cloud providers to landlords who maintain and upgrade apartment buildings with the users as the tenants. Updating the property is the landlord’s responsibility. However, some cloud providers do not always provide much information about what is being changed and upgraded, Lippis says. Such breakdowns in communication and control could throw the enterprises out of compliance, he says, which they might not be known until an audit is conducted.

There is a need for better transparency, Lippis says, so organizations know what is happening when changes are made, or events occur. This is can be of particular concern when organizations adopt multicloud approaches, matching workloads to different cloud providers. Security questions may arise because each cloud provider might communicate information to users in varied ways. “It could be the same kind of event, but they’re all coded differently,” Lippis says. “The syntax is different.”

Dealing with a confusing mix of alerts and notifications that lack uniformity often leads to security teams ballooning in number, he says, as more people are needed to monitor each cloud provider separately. This can drive up operational cost, he says, and creates technical barriers. “Since they’re all different, you can’t code to that,” Lippis says. Notifications from different providers issued with different labels and formats, he says, can prevent aggregation, understanding, and automation of governance. That is the key finding of ONUG’s first phase, Lippis says, and points toward the next phase to create a common definition around security events, alarms, and alerts cloud providers can provide uniformly.

Under the next phase, he says, ONUG’s working group will convene with project managers and engineers from major cloud providers to define the alerts and how they should be reported. Uniform reporting would allow for the establishment of policies based on common definitions for automation. In a conference planned for October, ONUG expects to see multivendor demonstrations on security notifications from multiple cloud providers that can be coded and responded without anyone touching a keyboard.

ONUG’s working groups began its latest effort in January, with team members going virtual under the pandemic. Part of their work looked at creating toolsets for users to share in cloud responsibility and taking more control over information and data. The COVID-19 pandemic increased the importance of this work, Lippis says, as many organizations leaned more heavily on the cloud. “They realize and know that what’s happened now in their enterprise cloud is not just a new way to do IT, it’s the new business platform,” he says.

ONUG plans to continue work on the definitions, Lippis says, which could lead to frameworks to better ingest information across different modes and devices. “We’re hoping this could create a huge market opportunity for a range of companies that could take this normalized data to customize governance and policy as code for the large enterprise,” he says.

Future phases for ONUG will include input from experts from the compliance community, Lippis says, for to reduce time for audits. He also foresees security getting more deeply integrated into the continuous integration/continuous deployment pipeline. “All of this work helps accelerate the velocity for corporations to deliver digital products and services,” Lippis says.

 

For more content on cloud and data governance, follow up with these stories:

Cloud Strategies Aren't Just About Digital Transformation Anymore

Adapting Cloud Security and Data Management Under Quarantine

Data Governance Is Improving, But…

Learning to Navigate Multi-Cloud at ESCAPE/19 and ONUG

Joao-Pierre S. Ruth has spent his career immersed in business and technology journalism first covering local industries in New Jersey, later as the New York editor for Xconomy delving into the city's tech startup community, and then as a freelancer for such outlets as ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Gartner Forecast Sees 7.3% Shrinkage in IT Spending for 2020
Joao-Pierre S. Ruth, Senior Writer,  7/15/2020
Slideshows
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
Commentary
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
White Papers
Register for InformationWeek Newsletters
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Video
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
Slideshows
Flash Poll