The latest IT phenomenon, cloud computing, continues to grow in importance. Public cloud infrastructure services provide a convenient and cost-effective way
for companies to obtain new capacity cheaply and to cover peaks in their processing needs. The private cloud paradigm is becoming recognized as the best way for big IT departments to
serve their users, and there is a growing range of Software-as-a-Service offerings for business generally and in different industry sectors. For example, on the day that this was written,
a new IT management platform was announced that will enable farmers and landowners to produce and trade energy crops and arable biomass. For these, and other reasons, cloud computing is
becoming a part of everyone's IT experience, leading to a new way of doing business. The recently published book Cloud Computing for Business by The Open Group describes how cloud computing
is transforming business today and, more particularly, how to take advantage of its potential. This article contains two excerpts from that book. The first, from Chapter 1(Section 1.8)
explains the new business paradigm based on ecosystems. The second, from Chapter 4, looks at how to take advantage of the cloud and determine how well the services that you are considering
fit with your solution concept. The evolution of business and IT assets and operations is a continuous process. Today, many factors are involved beyond the disruptions caused by technology
developments. Economic, environmental and global activities shape regional markets, products and services in many industry sectors. Government legislation and investment priorities drive
standards and commercial behaviors. The Internet, mass media and collaboration create new access channels that...
Cloud computing has been an evolution of the internet and network, virtualization, utility computing, and yes, Service-oriented architecture (SOA). This article
will make that case that both SOA and cloud computing contribute to the ability of an organization to be flexible. This article will show that there is a positive correlation between an
organization's adoption of SOA and its ability to maximize its usage of cloud computing. Given this relationship between SOA and cloud computing, it's natural to suspect that SOA Governance
might be useful with respect to cloud computing. Indeed, this is the case, and the additional governance roles of Cloud Resource Administrator, Cloud Technology Professional, Cloud Architect,
Cloud Security Specialist, and Cloud Governance Specialist will be described and discussed. Service-oriented architecture (SOA) presents a compelling value proposition by addressing a
distinct set of business challenges that enterprises are faced with today. The fundamental tenet of SOA is that it demands as much commitment from the business imperative to help make
the business more flexible and able to meet business goals better, faster, and cheaper, as it expects from the IT department using service design principles. SOA states that in order
for a business to be agile and adaptive, the business needs to represent its core business processes through flexible business models, and then expose its IT infrastructure and application
capabilities through a set of shared and reusable services so that each such service can participate in the implementation of the flexible business models. By building flexibility into
the business models, through their representation as a set of participating services...
Nowadays agility processes and agile architectures are critical success factors for many companies whose business is driven and determined by continuous changes. Business uses IT as a tool to automate processes and store data in order to streamline processes. However, IT often represents a rigid machine that evolves and reacts to changes independently and differently from the business. Similarly, an IT framework that is reactive to change is not enough for it to be considered fully agile in support of the business, if changes are not driven by agile processes. Although not much has been written so far on this topic, this article describes the benefits and the variables SOA brings to agile processes; in particular it describes the features in support of the "Business-IT alignment" paradigm in an agile environment. Service-oriented architecture (SOA) and agile methodologies are individually affirmed within the IT world. However they are also becoming more interesting when synergically adopted. Even though they are fundamentally different, and covers different areas, (one being a set of architectural principles, while the other a set of methods and practices), one of the key goals and benefits they share is to enable changes to keep up with business evolution and needs. Changes are inevitable and continuous in the software lifecycle. They can also be of different types For example, new business requirements, changes to improving software performance, to re-engineering systems, to adapting the software to a new environment or just fixes and...
Most skepticism about adopting clouds relates to quality of service concerns, especially security, performance, and availability. Securing sensitive data and
protecting systems from intrusions is the chief concern for companies that are considering clouds. These concerns include unauthorized data access, malicious insiders, self-service
compromise, insecure APIs, account or service hijacking, and uncertainty over data location and continuity planning, disaster recovery, and system resiliency. Insider threat is a
significant concern. In an earlier article, I suggested the paradox that the only theory of SOA security is that there is no theory of security, and the same must be true with clouds. But there is much we can do to mitigate security-related failures in clouds so that the risk of failure is no less than if we didn't have clouds. We should minimally expect
that data centers of public clouds are physically hardened. They should be open to client audits, with keystroke tracking, closed circuit television of operational areas, cooling
systems, biometric cages, and uninterruptible power supply backup generators. Software should consist of firewalls with intrusion prevention and virus, spam, and root kit detection.
Providers, whether public or private, should conduct regular smoke tests, ethical hacking, and legal, geopolitical, and technical reviews. The provider should align cloud construction
with common reference architectures and SAS 70 and ISO/IEC 27002 security standards. Providers must segregate client resources and providers cannot touch those resources. All backup
data and client communications should be encrypted, not merely personally identifiable data. Dashboards should provide event correlation and traffic analysis as well as white and black
lists of privileges...