Service Oriented Architecture (SOA) is being embraced by many organizations as way to both, become more efficient and increase responsiveness and speed. A study by McKinsey and Company reports that 60% of the CIOs surveyed planned to use SOA projects to achieve their objectives. Although some organizations are beginning to realize benefits from SOA implementations, many are struggling with the very thing that is at the core of SOA: sharing services across organizational silos.
This is demanding a more matured governance that was required before. According to Gartner a successful SOA program "necessitates new processes, ranging from governance, through development, to operations." The more organizations that share in the development and consumption of shared services, the greater the return in the initial and on-going investment. However, this complicates the speed and quality of decision making unless the appropriate IT governance is quickly designed and implemented.
Governance at its essence is effective decision making. As such, after ensuring we have a clear and compelling strategy we need to focus on selecting the governance decisions that matter most. There are many, many decisions that need to be considered; however, an organization needs to prioritize them based on their impact to strategic objectives, their impact to business failure if not properly done, and their financial impact. We shouldn't underestimate the work that is required to properly govern just one decision: defining the decision making criteria, the roles and authority, and the governance processes needed to make the decision. This is why we need to be careful to start with the most critical decisions and grow the number of decisions that are in governance control.
In order to select the most important decisions, we first need to be aware of most of the governance decisions that are involved in managing an enterprise SOA implementation. Following is a list of common governance decisions for SOA. Can you think of any more?
• Is the enterprise working on the right services? What business aspects and process needed addressing?
• What is the process for determining what services to create?
• How will consumers find and trust services? Who should validate the services?
• Is the development and implementation process consistent and repeatable? Does it assure that the original requirements will “live” through pilot and deployment?
• Are the service owners effectively controlling the services that are in production to ensure high availability and performance? What mechanisms, policies, and tools should be used?
• Have all stakeholders approved service levels and are they been met?
• Are the policies that control the services at runtime appropriate?
• How are shared services funded? Are services sufficiently budgeted to support modifications, version control, and production support?
• What processes and services should operate in a decentralized or shared fashion and who maintains these services?
• Are the services consistent by adhering to approved standards?
• How will the benefits be categorized and captured? Is the company really sponsoring this philosophy and architecture?
• How does one address data issues?
• What is the process for evolving, and changing services when there are many consumers of the service?
• Many services can be common across several lines of business in an enterprise. Who "owns" these common services?
• Who owns the actual data if more than one service is using it?
• What is the resolution mechanism if there are conflicting requirements or change requests for shared services?
• What happens if the same (or similar) service is being developed by more than one service provider?
• Who owns and maintains the shared repository of services in an organization?
It's a good idea to first brainstorm on many of these decisions, and then carefully select the governance decisions to focus on controlling first. The idea is to achieve the delicate balance between control and flexibility.