SOA needs to be grounded in reality of making money, reducing costs and managing change. These are business imperatives. Left unchecked, SOA can become an exercise in doing very clever technical stuff for no business gain. SOA governance helps to guide IT resources to where they can be best applied. It can also help to identify areas of utility where costs can be minimised.
Ideally, it should be planned for and baked into SOA from the start. This requires an unambiguous and lasting commitment from the C-level of the organisation and an investment in people and roles, preferably including the creation of an internal SOA centre of excellence to establish and promote best practice.
The area of SOA has, for vendors and users alike, become a hype nucleus around which themes and ideas spin. A lot of time and energy has been expended to promote SOA concepts and education around emerging best practices. For many businesses, this theory and hype is slowly turning into reality as they roll out SOA initiatives. However, for a large proportion of the market, SOA remains rather like feeling an elephant in the dark – a bit daunting and very confusing.
Ovum’s definition of SOA governance is deliberately succinct:
‘SOA governance implements the required policies, processes and accountability framework to ensure the successful deployment and management of an SOA in support of core business needs and objectives.’
This definition has been constructed in recognition of what we see as being the core business requirements for SOA governance, namely policies, processes and accountability. Note that the definition makes no assumption about the technologies used. This definition is the ideal stepping stone to a wider discussion on SOA governance.
The need for SOA governance
There are many parts, levels and aspects to SOA, making it conceptually very ‘deep’. The services and components that make up SOA will ultimately support a host of business processes, many of which will be long-running, complex, and extend beyond the organisation. This characteristic makes SOA also conceptually ‘broad’. Managing and optimising something broad and deep is always going to be complex. SOA’s complexity is exacerbated because it needs to engage with heterogeneous systems and aspects of IT and people from different parts of the business.
The basic premise of SOA governance is that the organisation has to make an investment in people, processes, and technology in order to establish specific capabilities for managing and controlling their SOA initiative over time.
Inevitably, as SOA projects grow they become more complex. Without the right governance structure in place, the organisation will inevitably lose control and the clean architectural elegance that was so important at the start of the initiative will get lost in the familiar ‘make do and mend’ reality of IT. Therefore, we are already seeing services being created to fill a specific gap or need with little or no thought of their reuse or their lifecycle.
While not wishing to stifle innovation, SOA governance needs to engender a ‘joined up thinking’ approach, whereby policies, processes, methods and expertise become deeply embedded in the tools and software that support SOA. Therefore, SOA governance cannot be considered as an afterthought; these capabilities need to be crafted into software products and processes from design time, through deployment and runtime, to management and control – that is, through the entire SOA lifecycle.
The SOA governance business imperative
SOA governance is a business imperative first and foremost. Without it, most strategic SOA projects will fail to deliver lasting returns. SOA governance dramatically increases the likelihood of long-term success with SOA.
Optimally, SOA governance will be driven from the top of an organisation, with staunch and determined backing, not least from the CIO and CTO. In a significant proportion of cases, the initial drive for SOA governance will come from the IT team, through arguments and issues such as those outlined previously. A typical reaction from the business will be that this is simply another IT project, which, although important, may not seem to impact the business in a pressing and direct way.
SOA governance needs start small and grow, in parallel with the SOA infrastructure and services that it is helping to control. You wouldn’t change your entire wardrobe overnight – you’d start where it made most sense with those dodgy ties and embarrassing sweaters. Similarly, SOA governance has to be broken down into a logical process and series of decisions, along the lines of a formal governance process. Such a process needs to be engineered to reflect the needs of the organisation, its plans for SOA and – critically – the decision-making and ownership policies.
Putting people first
A common mistake with SOA governance is to jump in headfirst with the technology – as if merely investing in a service registry product is going to bring order to the chaos. In fact, the most important part of SOA governance pertains to the people involved – the roles they adopt, the processes that help define their activities and responsibilities, and the ownership model required to mitigate risk and overlap.
Speaking to organisations that have made a success of SOA (by which we mean a large strategic success, not isolated technology benefits), they all have a people-first attitude central to their strategy, even if they are yet to formalise it around SOA governance principles. It sounds basic and tedious, but IT is only there to support people in their individual and collective pursuit of business success, however that is defined.
