Cloud Governance Principles Born on the Fourth of July

This isn’t an homage to the Tom Cruise movie or the classic song—this article gets its title because it was written on July 4, building on the theme of liberty and politics as they apply to IT and the cloud. Maybe system users can be thought of as citizens, and your budgeting and cloud governance problems could take a lesson from the Federalist Papers.

History buffs will tweet that my metaphors are inaccurate. UI experts will say I’m simply off base. Cloud zealots will scream that none of these issues exists, because, well, they’re just smarter than that. Fine. Be that way. Ready, aim…

Too Much Liberty Doesn’t Actually Work

The Declaration of Independence was written to overthrow the tyranny of the British Crown. It was all about freedom and self-determination in a new world where a thousand of realities were different than in England. But the Founding Fathers knew they couldn’t just start over. They had to adapt the best ideas from Europe to fashion a totally new form of government.

Today in the cloud, there are a thousand discoveries yet to be made. You can’t blindly apply the old rules of IT without risking revolt of users and developers alike. The cloud requires experimentation and works so well with agile precisely because, at the detail level, it’s an undiscovered country. That said, the laws of physics still apply. The rules of the road for large-team collaboration need only to be translated, not re-invented from scratch.

How-to: Keep Cloud Projects Agile, Simple

Further, different parts of the cloud are at different stages of development. In areas such as expense-claim applications or document management systems, it’s OK to experiment with several different cloud solutions across a large organization. Over time, the best one will win, and the migration off the losing system won’t be terribly difficult.

When it comes to cloud infrastructure, though, too much liberty yields nothing but chaos and inefficiency. Think back to the multiple gauges of early railroad systems. History shows too many examples where limiting freedom of choice and diversity is much more effective for developing and deploying infrastructure. Look at centralized, communist China vs. decentralized, democratic India today.

Of course, the trick with dictatorship is figuring out exactly where to apply it and when to stop applying it. When it comes to cloud governance, think about the strategic value and “gravity well” quality of an infrastructure element before you mandate it across the organization. Then think about the technical and market conditions that should trigger the end of the mandate.

Federation Works, but it Needs a Central Core of Power

The Constitutional Convention happened because the Continental Congress and the resulting Articles of Confederation were simply too weak to get important work done. In particular, there was a problem of debts, financing and money supply. If every state continued to do only what was optimal for itself, they would never get anything more accomplished as “united states” than they would as 13 independent ones. To seize the future, they knew they had to sacrifice some control and decision-making to the federal government.

One of the reasons good cloud-based applications are easier to use and less expensive to run than traditional apps is because they limit what you can do. For the developer and system administrator, there are only so many buttons to push.

Advice: Cloud Governance: 4 Tips for Regulatory Compliance

The cloud vendor essentially acts as a governor, throttling excessive change. In a similar way, the Mac is easier to use because it provides a strong hand about the proper UI behaviors and it limits the range of things you can customize. Compare MacOS to Windows or iOS to Android. In the multi-vendor systems, users are given the ability to customize hundreds or even thousands of details. Does your registry have 500,000 keys, or even more?

With all that freedom, users and application writers will make every permutation of those customizations. This leads to untestable chaos. Gartner suggests that an uncontrolled $500 PC can incur $20,000 a year in administrative cost and wasted time. The temptation to hack is unbelievably expensive. Limiting choices can liberate your organization from cost and downtime risk.

The Continuing Rule of Law, Complete with Laws That Evolve

Viewed from an engineering perspective, the federal government is a series of filters—that is, mechanisms for satisfying public opinion without inviting chaos. The Founding Fathers were practical men, and they weren’t at all interested in direct democracy or mob rule. The federal system they designed left only the House of Representatives elected by popular vote, and they had the shortest term. That’s a high-pass filter. The Senate, the President and above all the Judiciary were selected indirectly, with longer terms. Those are low-pass filters. The Supreme Court was the slowest filter, intended to represent trends that held true for a generation or more.

At the same time, the system—even the Constitution itself—was designed to evolve, and every person in the government had to comply with the rule of law.

In the cloud, you can have lots of unruly experimentation. As soon as one cloud application grows too fast and gains too much mass, though, you’ll need to bring it under standard IT governance processes. Even though your processes may be fine, you’ll surely need to evolve the rules and criteria to meet the realities of Cloud applications.

For example, the details of cloud security and business continuity reviews are quite different from traditional apps. Meanwhile, the methods of reviewing the TCO of a system are quite different for cloud apps versus on-premises systems. Finally, the politics of system control are night and day—in the cloud, you own essentially nothing except your data (and the metadata that goes with it).

In short, the governance processes and raisons d’etre you have now can stay, acting as your Constitution. But the individual regulations, criteria and enforcement need to evolve with the times to meet the technical realities of cloud governance.

David Taber is the author of the new Prentice Hall book, “Salesforce.com Secrets of Success” and is the CEO of SalesLogistix, a certified Salesforce.com consultancy focused on business process improvement through use of CRM systems. SalesLogistix clients are in North America, Europe, Israel and India. Taber has more than 25 years of experience in high tech, including 10 years at the VP level or above.

Follow everything from CIO.com on Twitter @CIOonline, on Facebook, and on Google +.