Informatica’s CIO Tony Young recently noted that when it comes to adopting cloud-based (SaaS) applications, “you must have a governance and architecture model to ensure appropriate decisions are made.” Given my prediction that in 2011, “IT organizations will be reorganizing and realigning to adapt to the new realities of cloud computing,” I thought it would be a good idea to dig a little deeper into the topic of cloud governance (or as industry analyst Jeff Kaplan calls it, “cloud control”). I sat down with Kristin Kokie, Senior Director of Enterprise Architecture at Informatica to discuss this important topic.

What’s unique about Informatica’s internal approach to Enterprise Architecture?

Informatica’s Enterprise Architecture team has truly embraced the cloud.  From a data management, application infrastructure and security perspective, we are adapting our processes and expanding our scope to include cloud solutions into our landscape.  We are pushing the limits of technology solutions to provide secure, simple and seamless access to Informatica assets, regardless of their location.  It’s a challenging but fun adventure.  We feel we are definitely on the leading edge of this type of proactive embrace of the cloud.

Does Informatica have a cloud-first strategy?

Yes. When we’re looking at implementing a new application, platform or infrastructure solution, we absolutely evaluate why cloud won’t work first. It’s not just about business value but for IT it’s also identifying your core competencies. For example, is managing an on-premise Learning Management System a core competency offering a high degree of business value or is there a better way to do it? We’ve learned to embrace the cloud, but we’ve also learned to establish clear guidelines and standards when it comes to selecting the right cloud solution.

How has this strategy affected the relationship between IT and the business?

Like many IT organizations, we’re in the midst of trying to change our relationship with and perceived value to the business. We know that the perception exists that IT can be a business hindrannce and slow things down, so we need to be able to show business value. One of the key areas where we’re getting involved is in negotiating contracts with vendors. When it comes to cloud applications in particular, business groups will often negotiate contracts, but it’s not necessarily their expertise to understand what should be included from a technology perspective. We’ve run into situations where we’ll get asked to integrate data with an application we didn’t even know about and it turns out that the contract says nothing about how and when data can be integrated.  We want to get involved early and provide the business the technology guidance they need. This is a common issue. How are you addressing it? We’ve come up with a brief questionnaire for cloud providers. Based on the responses we make an assessment of that vendor together.  Data access privileges and data retention terminology is often vague, so we’ve worked with our legal team to provide some standard contract language that can be requested to be added to a contract.  The business group negotiating can now simply copy and paste the language and add it easily to an agreement, which helps legal and helps us protect our corporate assets. If managed properly, this approach can accelerate deals and avoid downstream problems. Our business partners are happy because they may have been unaware of certain things that should be considered in this type of contract.

Have you seen a change from the cloud vendor perspective?

It’s still a bit of the Wild West from a vendor perspective, but what’s changed is that when IT is involved it’s not usually the first time the vendor’s heard the questions we ask. Some vendors are more mature in their processes and are well equipped to handle these processes. Others are less proactive at volunteering the information IT typically needs. Some vendors wait until a contract is signed and then topics like cloud integration rear their ugly head.  At this point, the responsibility still lies with the customer/business to be proactive in ensuring they are getting everything they need.

What advice would you give to other IT organizations embracing the cloud?

Don’t fight the cloud – embrace it and use it to redefine your value proposition. We want IT to operate as a value-added service. We have the expertise in negotiating. We have expertise in connectivity. We have the expertise in data management and retention.  We know what must be there for an application to be enterprise-ready. Don’t start from scratch – talk to your peers, find checkpoint lists. When it comes to cloud applications, look at your existing application management best practices:

• What do you expect in terms of uptime/ availability
• When do you need to get to your data?
• Does your data need to be backed up, encrypted, etc.?
• What are your account management roles/permissions

And of course, there are additional questions about infrastructure and security:

• Who can access your data?
• Can developers and employees, sys admins access your data?
• Where can it be accessed from and what are the options around this?

Once you’re comfortable with security, connectivity to on-premise resources is the next key area of focus. We’re implementing more infrastructure and platform as a service. This can’t become silos, but instead must be an extension of your internal IT infrastructure. It really depends on what are you’re using that platform for – for example, are you moving code or environments? Are there VPN tunneling requirements? Do you need bigger pipes for performance?

Thanks Kristin! Lots of great advice.