Management and governance seem to be emerging topics in the cloud-computing world, as companies who’ve now committed themselves to the cloud focus on traditional enterprise IT headaches, er, issues.
Enterprise cloud computing has its roots in web services (the hot topic of 2004) and services-oriented architecture (SOA, the hot topic of 2007), and nothing was more prominent or less understood than issues involving governance back in those “early days.”
enStratus, which provides cloud infrastructure management services, has redoubled its efforts in explaining some of these issues, as many enterprise IT managers prepare themselves for Cloud Expo in New York.
The company has specifically focused on logging in a new study. “Logs contain important information on performance, security, and user activities, and provide critical information about what the system is doing,” according to the enStratus study. “Anyone who has ever had to deploy an operating system or application knows just how important logs are. With migration to the cloud, logging and monitoring become even more important since you are giving up some control to the cloud services provider.”
Yes, giving up that precious control, the main sticking point in getting enterprises to migrate to third-party cloud vendors. Given what will always be the messy nature of most multi-component, enterprise cloud structures, no one should expect this issue to dissipate somehow.
“Logging needs cover an incredibly broad range of possibilities,” according to enStratus. “Many groups within enterprise organizations have Key Performance Indicators (KPIs) that they need to track in order to get their jobs done effectively, and in some cases legally – and these vary drastically from group to group.”
The company cites compliance regimes such as Sarbanes-Oxley (SOX, which regulates public-company financial reports) and PCI (the Payment Card Industry security standards), and general audits as cases that rely heavily on logging and change control within it.
Automated performance management is also a big cloud topic – as the enStratus study states, “Just having logs isn’t very useful unless they are being reviewed, and responses provided. By having a system monitoring the logs, automated alerts can be generated on conditions that are important to the organization. This can be very useful for the security, operations and applications teams.” Additionaly, the study says that “it can be just as important to receive an alert when expected actions don’t happen as when unexpected events do happen.”
I’m just scratching the surface here, but in a nutshell, as the enStratus study says, “It is important to have a strategy to get the logs from the cloud provider to their centralized log servers and cover the API logging gap. By managing these two concerns, organizations can ensure that they have the necessary logs to safely conduct business while taking advantage of the operations and economic benefits of the cloud.”