AWS Cloud Enterprise Strategy Blog

Is Your Walled Garden Nourishing or Stunting Your Digital Transformation?

by Jeanine Banks, General Manager, Industry & ISV Solutions at AWS

Introduction by Mark Schwartz

In another take on the question of risk and controls, Jeanine Banks, from our  Product Management organization, shows how companies moving into the digital age are often focused on the wrong risks and build walls and controls that stifle innovation.

– Mark

Is Your Walled Garden Nourishing or Stunting Your Digital Transformation?

by Jeanine Banks, General Manager, Industry & ISV Solutions at AWS

Recently, the term “walled garden” came up in a conversation and someone asked, “Why do we say that again?” According to Wikipedia, “A walled garden is a garden enclosed by high walls for horticultural rather than security purposes, although originally all gardens may have been enclosed for protection from animal or human intruders.” But in the digital world, the idea of a walled garden is when IT security and network administrators limit and control the information or web services that a person can access on the Internet from their network. There is a raging debate in the tech world about the supposed benefits and pitfalls of such walled gardens. But new trends in private networking can help IT security and digital executives to accelerate digital transformations.

Walled gardens have been promoted as enabling a higher quality user experience (ask Apple) and providing tighter security (ask your IT security team). I’d argue that any closed environment restricts innovation and collaboration with ecosystems of developers and partners. Both of which are prerequisites for successful digital transformation.

Walled gardens were likely first inspired by a hush, as in a Hush-A-Phone. Not too long ago, every aspect of using telephones was tightly controlled by telephone network operators. They built and delivered the  devices we used, and there was no flourishing ecosystem of third-party devices. Your telephone was a de facto walled garden. However, the walls began to come down with the case of Hush-A-Phone v. United States, which ruled that network operators could not restrict third parties from mechanically connecting other devices or, in other words, new applications and services to the network. The subsequent ruling in the Carterfone case also allowed for “electrically” connecting third-party devices to networks without the permission of network operators. This helped to bust the the Bell Telephone Company’s walled garden less than 20 years later and opened the market for fax machines, answering machines, modems, and cell phones.

Today, digital disruption is threatening the very existence of enterprises and entire industries. While nearly every organization is accelerating their shift to the cloud to enable their own digital transformation and to drive better agility, I find it ironic that many are building walled gardens in the cloud. These closed networks allow you to bring your own device and install any external services you need, but in reality, software is installed in the background to restrict and monitor your access. Perhaps this makes many IT and business executives feel that they have control and protection against cloud-borne threats. Or maybe the lessons of Bell have been forgotten. Either way, there are countless articles published about failed digital transformations, many of which result from an inability for IT security and digital leaders to strike a balance between a closed environment where control is maximized but innovation is stymied and an open environment where collaborative relationships with developers and partner ecosystems are thriving.

That’s what’s so fascinating to me about the new concept of “private networking.” The premise here is you can make external services look and feel like internal services within your virtual network in the cloud. Then, instead of the public Internet, you leverage the underlying cloud network backbone to privately route traffic between your virtual network and those external services. Delving deeper, you’ll find an important difference in access control from the traditional way things work that has meaningful implications for how enterprises build and engage external ecosystems from now on. Here it is: your enterprise no longer controls access to external services even though they appear and, for all intents and purposes, behave as internal services. You may be wondering, “Who controls access, then?” The answer:  you make the request for access to each service provider, but the external service providers must grant your access to their services and can revoke your access at any time.

Now I’m sure you’re thinking, “This is the moment when Robin hollers, ‘Holy IT&T, Batman! That sounds dangerous.’” Or more likely you’re pondering, “What does this have to do with walled gardens?” Imagine that you want to have your developers collaborate with external developers or integrate external services with your internal applications. And then imagine that those relationships are dynamic as your ecosystem grows and evolves over time. Just as before, you can build your walled garden where your developers dwell and have access to a pre-selected and controlled set of external services. Now you can create more openness in these relationships without adding tons of infrastructure complexity in managing them. You gain the best of both worlds—a walled garden that enables open innovation!

Three old challenges require even greater attention in this new private networking world:

  1. Trust: Earning and sharing trust with external entities, which arguably is tougher to do, comes into sharper focus. External service providers decide the function and availability of their services with the full discretion to change functions and service levels without getting your permission or requiring any effort from your organization.
  2. Governance: Someone needs to be responsible for managing the onboarding and removal of these services from your garden. You will need to decide if these services will be maintained within the same service catalog you use for internal services and what lifecycle management process makes the most sense for your organization. This includes what roles or teams have rights to request access to external services.
  3. Compliance: Likely your desired pace of innovation and the interest of lines of business to have fast access to external services will pressure you to onboard a range of services. First, always consider what security guardrails, audit mechanisms, and documentation you will implement for compliance with government and industry regulations. External services should be expected to produce audit trails and configuration data in the format and frequency required for compliance.

Those are just a few considerations. With a simple mechanism to request access to a breadth of services, you can tap into innovation happening outside your organization yet seamlessly and securely access the services you trust from within your walled garden. When done right, private networking can actually accelerate your digital transformation. Maybe it’s time to remove the walls and call it a fenced garden?

Jeanine Banks is General Manager of Industry & ISV Solutions at Amazon Web Services. Prior to AWS, Jeanine was EVP of Global Products & Solutions at Axway heading the product development and marketing for API Management, App Development, B2B Integration, Analytics, and Workflow products. Jeanine has also held leadership roles at GE, IBM, CA Technologies and Canon USA, and has founded two digital health start-ups. Jeanine has a BS in Computer Science from Dowling College and an MBA from Adelphi University.



Mark Schwartz

Mark Schwartz

Mark Schwartz is an Enterprise Strategist at Amazon Web Services and the author of The Art of Business Value and A Seat at the Table: IT Leadership in the Age of Agility. Before joining AWS he was the CIO of US Citizenship and Immigration Service (part of the Department of Homeland Security), CIO of Intrax, and CEO of Auctiva. He has an MBA from Wharton, a BS in Computer Science from Yale, and an MA in Philosophy from Yale.