ISACA Journal
Volume 3, 2,015 


Evaluating Cloud Automation as a Service 

Andrew Evers 

Organizations have already discovered how the cloud can help them share applications and information regardless of the technology in use or their location. Cloud services deliver many kinds of automation to companies every day. The use of process automation as a cloud-based service is an important next step for IT innovation. Implementation is fast, easier to connect across a wide enterprise and immediately scalable. Nevertheless, many organizations face significant challenges when implementing this kind of automation. That is because they still have a major investment in onsite data centers, systems and applications that have not yet or even cannot be migrated to the cloud. These organizations need a solution that delivers as many cloud benefits as possible while retaining necessary onsite systems. Organizations must simultaneously address the monitoring, security and networking challenges introduced by a hybrid solution while they grow and continue to implement efficient, convenient cloud solutions.

Consistency and Quality

Mobile, informed, self-reliant customers and employees demand control and information at the click of a mouse or the touch of a screen. However, providing this ready access requires IT to manage and coordinate vast complexity. Onsite software solutions, legacy infrastructure, virtual machines, cloud-based applications, shared service centers, outsourced activities and other resources scattered within a wide enterprise landscape need to work together. Reliance on manual oversight alone simply is not enough to support the consistency and quality that complex organizations require.

Manual process steps completed in a complex, hybrid enterprise expose companies to significant auditing and governance risk. They are subject to human error, variable execution and the dangers inherent in the interpretation of potentially inconsistent documentation. Automated processes maintain standard process execution and can easily produce detailed audit trails as a natural by-product of process completion. But how can these processes be effectively automated across all of those technologies, locations and business silos?

In the past, the automation of processes in the enterprise depended on a patchwork of scheduling tools and vigilant manual effort to make sure that silos of technologies, business entities, departments and physical locations worked together to keep core business processes running. Large-scale enterprise resource planning (ERP) solutions promised large-scale automation, but considerable gaps remain in ERP implementations. Outside of ERP systems, multiple applications for activities such as billing, credit card processing, order taking, inventory and business intelligence reporting all work to complete specific tasks. These can be a great challenge to coordinate and execute with precision if that coordination is based solely on manual human oversight. And as a result, they are practically impossible to measure or optimize.

Automation provided as a service from the cloud ensures process consistency, accuracy and quality in a form that is quick to implement, because it does not require additional hardware or infrastructure. When automation is delivered through the cloud, it also makes connecting process steps across technologies and/or silos much easier, too. In the best cases, it helps to bring together onsite, virtual and cloud applications. But there can be big challenges to this approach, particularly in the networking and security efforts required to manage onsite applications from the cloud while retaining simplicity, usability and compliance with organizational security policies.

So, how can these challenges be overcome? A naive approach is to use a cloud service that follows a standard such as Simple Object Access Protocol (SOAP) web services through the customer’s firewall. This has the advantage of being standardized and being simple for the cloud provider to implement. However, this shifts the implementation burden to the customer, for example:

  • Many systems (e.g., IBM AS/400 applications, SAP®’s ERP system and most databases) require proprietary clients to connect. While such systems can be exposed via SOAP using middleware, this involves an additional software purchase and often significant development and testing efforts to implement. Even systems that provide a SOAP interface might require a higher-level protocol when users log in, perform an action and log out. Many pass a token during the process.
  • Most organizations are reticent to open their firewalls to inbound connections into the DMZ. Direct connections to the internal network are generally completely banned for security reasons. This means the customer needs to open firewall holes, which is time consuming and may be a problem with their security auditor and potentially proxy the protocol in the DMZ. While it is straightforward to proxy Hypertext Transfer Protocol (HTTP) traffic, proprietary protocols may require special software (e.g., SAProuter for RFC, OS/400 Proxy for iSeries) or not support the proxy concept at all.

These issues negate some of the cloud benefits, e.g., a quick project start-up, ease of use and transparent pricing. An ideal cloud automation solution needs to provide out-of-the-box solutions to these issues.

A good cloud automation solution should:

  • Support a broad range of managed applications, with minimal (ideally no) middleware requirement
  • Use standards-compliant protocols and formats wherever possible, e.g., Transport Layer Security (TLS) for transport security, HTTP and eXtensible Markup Language (XML). Standard protocols and formats are better scrutinized and implemented than proprietary vendor solutions.
  • Provide an out-of-the-box connectivity solution that works with organizations’ networks and with their security policies (e.g., firewalls, password policies, data integrity, access policies)
  • Be simple to install and configure, requiring minimal knowledge about the organizational set-up and/or the cloud provider’s application
  • Create an automatic long-term audit trail that features detailed proof and documentation of what process steps have been completed, what irregularities have happened and why they occurred

Two important measures of success are how quickly the customer can configure the automation solution to run the first task on a single application and how quickly customers can set up a simple workflow that runs a second task elsewhere based on the successful completion of the first task. Successful cloud services should be able to implement this within a day with minimal customer involvement.

Hybrid Complexity

Most organizations manage an extremely complex IT enterprise that includes a mixture of legacy and recent investments and multiple data centers. A typical landscape has some applications in the cloud and some not. Applications may run on platforms not typically available in the cloud. They may also be interfaced to specific hardware, or there may be a regulatory reason why some systems need to remain in-house. Many customer sites are in a transitional stage that is neither completely cloud-based nor completely onsite. Most organizations are somewhere in the process of adopting more cloud-based solutions using what can be described as an “onion model”—multilayer. These companies start by using cloud tools for activities that are outside the core business, while core processes, such as billing or customer service, remain in onsite resources.

For example, an organization might handle sales forecasting and customer relationship management (CRM) using a cloud service. However, it may keep the core accounting and billing processes in-house. The company needs automation to ensure that the CRM and billing systems are suitably synchronized so that sales can see paid orders via CRM and services can schedule appointments for consultants based on accurate customer information. Another organization might use a cloud-based Payment Card Industry Data Security Standard (PCI DSS)-compliant payment provider to handle payments and make sure that goods sold are, in fact, also paid for, as well as to retrieve and reconcile chargeback and fee information from its payment provider outside its core payment process. Both systems need to be coordinated through process automation.

Frequently, companies initially adopt more agile systems outside of core process activity because they perceive that agility means less control. Process automation as a cloud-based service offers both agility and control (figure 1).

This observation coincides with Gartner’s recent Pace Layering analysis that describes “systems of record” as the core transactional systems and “systems of innovation” as those that apply to “urgent business needs.”1 Organizations currently appear to be somewhere in the middle of a transformational process, and they need a way to deliver automated processes across both kinds of systems as they continue to evolve. When that automation is delivered as a cloud-based service, it can easily bring together the entire enterprise—both old and new.

Companies continue to face constantly changing security and networking challenges. For any organization, core business processes—no matter where they happen—must be consistently secure and connected. Maintaining both of these requirements is not easy, but there are ways to do so successfully.


Cloud-based services must consider customer concerns about security and privacy. That means using practices such as Defense in Depth, having appropriate security protocols for everything from building security to background checks, and conducting regular internal and external security audits to ensure that these practices are being followed.

The best cloud automation services go to great lengths to always keep customer data safely behind the customer’s own firewalls. Only process metadata are transferred to the cloud, keeping all of the automated processes available for use by the customer, but completely unavailable for use by anyone else.

Cloud Automation in Practice

An organization that was interested in cloud automation had several complex revenue-based processes that include applications that are based in different locations and across several different technologies. One common human resource process must regularly fetch data from an online human resource management (HRM) system and compare these data against reports from an onsite payroll application. Initially, these processes could not be connected. One person would gather the HRM information and pass it along to the payroll department for manual comparison. As the company grew and hired more employees, the manual workload expanded. The whole process then became very tedious, plagued by latency and human error. However, by changing to automation as a service from the cloud, administrators were able to connect these disparate steps and automate the entire process end-to-end, saving enormous amounts of time and eliminating the need for constant manual effort.

Another organization, a large media company that produces newspapers and magazines in several locations around the world, needed to coordinate local and global processes so that they could optimize printing production, ad revenue realization and delivery of their publications. With operations and data centers in North America and Europe, making sure that core processes were aligned where possible and locally compliant was a huge task. Errors were common, and the company regularly lost revenue opportunities. Using an automation service provided through the cloud, this company can now orchestrate its core processes on a global scale, monitoring its paper costs, production and distribution. Ad revenue that was previously only calculated and billed once a month is now billed daily, greatly increasing the organization’s operational capital.


Automated processes provide reliability and consistent results. Automating and truly engineering complex IT tasks across heterogeneous enterprises was once a nearly impossible task. Now, thanks to the cloud, automation can be implemented across the IT landscape safely and transparently as a service, providing coordination and control on a vast scale. This, in turn, has real benefits for monitoring, transparency and governance.

Enterprises that see the value in this approach should look for a service provider that understands the unique security and auditing challenges to get the most of out of the investment. They should evaluate the level of comprehensive service provided as much as the technology that it supports. The right cloud automation service can make the hybrid enterprise’s transition to the cloud smooth and successful every time—both onsite and in the cloud.


1 Gartner, “Gartner Says by 2016 the Impact of Cloud and Emergence of Postmodern ERP Will Relegate Highly Customized ERP Systems to ‘Legacy’ Status,” 29 January 2014,

Andrew Evers is responsible for the architecture and development of Cronacle™, SAP® Business Process Automation by Redwood, Report2Web, Redwood’s vertical solutions and RunMyJobs. Evers’ career in the software industry spans nearly 20 years and three continents (Australia, Europe and North America). Evers’ experience includes product development and management for technologies in the financial services, Internet service provider and music publishing industries. He has worked on JSR 236: Concurrency Utilities for Java™ EE, JSR 237: Work Manager for Application Servers, and has participated as a speaker at JavaOne.


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.