You’ve Got To Address the Full Application Lifecycle!
The topics of governance, compliance and security get a lot of focus as enterprises adopt cloud computing, but a related issue that is often omitted from the discussion is the concept of application lifecycle. It’s probably clear that a policy-driven approach to cloud management is critical for enterprises, but it’s important that the concept of application lifecycle is addressed. Look at the diagram below:
In the example shown in the diagram, we are looking at the policies that should apply to an application in different lifecycle stages. For the purposes of this discussion, let’s assume that the application uses cardholder data so that it is subject to PCI compliance standards. Let’s further assume that in the Dev and Test environments, dummy data is used for testing, but that in QA, Staging and Prod environments, real cardholder data is used for testing. In this case, PCI compliance policy applies to the QA, Staging and Prod environments, but not to the Dev and Test environments. Without the concept of application lifecycle, you can’t write a policy that enforces a PCI compliant cloud only deployment (probably an internal private cloud) for the QA, Staging and Prod environments, while allowing public cloud deployments for Dev and Test environments. If a cloud management solution can’t address policy across the full application lifecycle, the cost benefits of employing a federation of public, private and hybrid clouds is lost.
Note that more than just application deployment policy is different based on lifecycle state. You can also see that security zone, quota, monitoring, backup/failover, auditing, chargeback and autoscaling policies will be different as well.
The ServiceMesh Agility Platform is the only enterprise grade cloud management platform that provides the capability to define application lifecycle on a project or organizational basis and write policy with reference to the lifecycle state.