Cloud Computing and SOA Convergence in Your Enterprise: A Step ...
Cloud Computing and SOA Convergence in Your Enterprise: A Step ...
Cloud Computing and SOA Convergence in Your Enterprise: A Step ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
154 Chapter 8 Br<strong>in</strong>g<strong>in</strong>g Governance to the <strong>Cloud</strong>s<br />
Macro Policies<br />
Macro policies are those policies that IT leaders, such as the enterprise architect,<br />
typically create to address sweep<strong>in</strong>g issues that cover many services, the<br />
data, the processes, <strong>and</strong> the applications. Follow<strong>in</strong>g are examples of macro<br />
policies:<br />
All metadata <strong>in</strong> both on-premise <strong>and</strong> cloud comput<strong>in</strong>g–based systems<br />
must adhere to an approved semantic model.<br />
All services must return a response <strong>in</strong> 0.05 seconds for on-premise <strong>and</strong><br />
0.10 for cloud comput<strong>in</strong>g–based services.<br />
Changes to processes have to be approved by a bus<strong>in</strong>ess leader.<br />
All services must be built us<strong>in</strong>g Java.<br />
The idea is that we have some general rules that control how the system is<br />
developed, redeveloped, <strong>and</strong> monitored. Macro policies exist as simple rules<br />
or set processes that must be followed. For example, there could be a process<br />
to address how the database is changed, <strong>in</strong>clud<strong>in</strong>g 20 steps that must be followed,<br />
from <strong>in</strong>itiation of the change to acceptance test<strong>in</strong>g. Another example is<br />
the process of register<strong>in</strong>g a new user on the cloud comput<strong>in</strong>g platform.<br />
Some IT folk may roll their eyes at the k<strong>in</strong>ds of controls placed around<br />
automation. I am sure many such controls exist with<strong>in</strong> your IT shop now. The<br />
same people may also push back on extend<strong>in</strong>g these governance concepts to<br />
cloud comput<strong>in</strong>g. However, the core value of implement<strong>in</strong>g macro policies is<br />
to reduce risk <strong>and</strong> save money.<br />
The trick is to strike a balance between too many macro policies, which<br />
can hurt productivity, <strong>and</strong> too few, which can raise the chance that someth<strong>in</strong>g<br />
bad will happen. Not an easy th<strong>in</strong>g, but a good rule of thumb is that<br />
your IT department should spend approximately 5% of its time deal<strong>in</strong>g with<br />
issues around macro policies. If you spend more time than that, perhaps you<br />
are overgovern<strong>in</strong>g. Less than that, or if disaster after disaster happens, perhaps<br />
you can put <strong>in</strong> more macro policies to place more processes around the<br />
management of IT resources, on-premise or cloud comput<strong>in</strong>g-based.<br />
Micro Policies<br />
Micro, or service-based, policies typically deal with a policy <strong>in</strong>stance around<br />
a particular service, process, or data element. They are related to macro policies<br />
<strong>in</strong> that macro policies def<strong>in</strong>e what needs to be done, whereas micro