Six steps to 'bite-sized' SOA governance

Governance need not be overbearing and resource-hogging: here are the key elements you need to understand, in six easy steps.
Written by Joe McKendrick, Contributing Writer

Over the years, one of the greatest showstoppers to service oriented architecture efforts has been the perception that it's a megaproject, requiring lots of time, money, and people. That doesn't have to be the case, says Oracle’s Jyothi Swaroop in a new article in Service Technology. Swaroop urges an incremental approach to SOA governance initiatives, and breaks the process down into 6 easy steps:

Step 1: Understand the business: "One of the most common reasons organizations struggle to kick-start their SOA governance at a more enterprise-wide scale is their failure to align with business objectives. SOA is an architectural discipline or approach to solving a business problem. Piloting an SOA governance program on something deemed an IT benefit does little to show the business value it will bring to the table."

Step 2: Define key metrics for success: Take overarching business success factors such as "50% revenue growth" and break them down into measurable milestones. "Begin by breaking down how the overall business benefit will be achieved, then establish milestones for measuring progress. As these are established, the process around how your SOA will need to be governed will begin to take shape." Also, once key metrics are identified, it's also critically important to understand how they'll be measured, Swaroop adds.

Step 3: Introduce SOA governance non-intrusively with BAT (built-in, automated and transparent): "Nobody wants to be governed....  SOA governance is not about rigid architectural paradigms. It is about BAT – being built-in, automated and transparent. BAT eases the adoption problem by providing the described SOA Governance benefits in a non-intrusive fashion." Be sure to build SOA governance solutions right into the SOA infrastructure from the very beginning, Swaroop adds.

Step 4 - Create a "rewards program" -- just as airlines do: User resistance is to be expected, and most organizations adopt some element of the carrot-and-stick approach to incentivize their organization to adopt governance activities. Swaroop says a mix of carrot-and-stick approaches is the best option, but the best carrot may be a rewards-style program for complying with various aspects of its governance program, as seen in one leading company. "Much like an airline or credit card program, development teams and individuals earn points that can be turned in for gifts, such as an iPod or iPhone," he says. "This fosters a competitive environment between teams to see who can earn the most points."

Step 5: Enforce security on all SOA and cloud initiatives: "Many business functions today are powered by SOA services, ranging from forecasting, quoting, ordering and fulfillment, to payment. Attacks on these business critical services can result in loss of revenue and sensitive data.... SOA architectures should include a security framework that is designed to secure SOA deployments on-premise, across domain boundaries, and in the cloud. It should do this by providing an easier way to secure, accelerate and integrate XML and other types of data. An XML firewall is a great way to detect and prevent all common attacks against web services."

Step 6 - Identify technologies behind SOA governance: "SOA governance is not a shrink-wrapped capability that can be implemented off the shelf without addressing organizational and procedural issues," Swaroop says. But there are four essential technologies that support governance: repository and registry, monitoring and management, centralized policy management and security gateway.

Editorial standards