Cloud Computing and SOA Convergence in Your Enterprise: A Step ...
Cloud Computing and SOA Convergence in Your Enterprise: A Step ...
Cloud Computing and SOA Convergence in Your Enterprise: A Step ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Creat<strong>in</strong>g the Governance Model 153<br />
A few th<strong>in</strong>gs must be considered here <strong>in</strong> terms of security on the context<br />
of governance: First, you need to leverage “good enough” security, mean<strong>in</strong>g<br />
that the security solution you implement must be appropriate for the application<br />
<strong>and</strong> <strong>in</strong>formation you are protect<strong>in</strong>g. Many who implement security<br />
tend to go overboard with the security approaches <strong>and</strong> technology they look<br />
to leverage, select<strong>in</strong>g a solution that is too expensive <strong>and</strong> places too many<br />
limitations on the users.<br />
Second, create your security approach us<strong>in</strong>g use cases, look<strong>in</strong>g at how security<br />
needs to exist at every level of the system. Sometimes, those who design<br />
security, as related to governance, focus more on that last security<br />
technology article they read <strong>and</strong> not enough on how the application needs to<br />
leverage security. There is a huge difference.<br />
Creat<strong>in</strong>g the Governance Model<br />
Now that we have a basic underst<strong>and</strong><strong>in</strong>g of service governance, let’s return to<br />
the creation of our governance model as outl<strong>in</strong>ed <strong>in</strong> Figure 8.1. We create this<br />
governance model for a few core purposes: first, to work from the general notion<br />
of governance as related to our problem doma<strong>in</strong> to the specifics of the<br />
implementation, such as design<strong>in</strong>g <strong>and</strong> implement<strong>in</strong>g policies. We start from<br />
the most general <strong>and</strong> move to the most specific. Second, to make sure we have<br />
a complete service-level, <strong>in</strong>formation-level, <strong>and</strong> process-level underst<strong>and</strong><strong>in</strong>g<br />
of the problem doma<strong>in</strong>, <strong>and</strong> how all of those assets should be governed, both<br />
on-premise <strong>and</strong> with<strong>in</strong> the cloud comput<strong>in</strong>g assets.<br />
Def<strong>in</strong>e Policies<br />
Policies, as related to governance, are declarative electronic rules that def<strong>in</strong>e the<br />
correct behaviors of the services. They can be rules that are not electronically<br />
enforced, such as policies created by IT leaders who create rules that everyone<br />
must follow but that are not automated. Or, they can be policies outl<strong>in</strong><strong>in</strong>g<br />
proper behavior dur<strong>in</strong>g service execution, typically enforced electronically us<strong>in</strong>g<br />
governance technology. Both are important, which is why we discuss policies<br />
as th<strong>in</strong>gs that may exist <strong>in</strong>side or outside of governance technology.<br />
For our purposes, we call general policies macro policies <strong>and</strong> service-specific<br />
policies micro policies.