Is Technology Important for SOA Governance?
By michael.stamback on Jul 18, 2008
A couple of colleagues of mine and I had a conversation not too long ago about whether you could do SOA Governance without technology. I took the stance that governance was more about the process and supporting culture then the technology. My colleagues had a somewhat differing opinion that you could not accomplish governance without supporting technology.
My argument was based on the fact that governance is about affecting behavior in order to establish a sense of control over the environment. At the macro level, governance is a process that enforces standards, guidelines, and controls with the purpose of ensuring your SOA stays aligned with the business goals and objectives. It's much like building a house. There is a specific process that must be followed: obtain permits, lay pipe, create foundation, build frame, add roof, etc. If you don't follow this process, you end up with a building like the one in the image.
However, in order to ensure success of your governance efforts, and hence your SOA, a supportive organizational culture must be present. Everyone involved in the process must be aware of the business goals and objectives. Building SOA without an understanding of the business is like jumping out of a plane and then trying to learn how to open the parachute. Both end up with disastrous results. Fostering the right culture in support of the governance process greatly increases your chance for success.
As my colleagues pointed out, however, SOA governance requires a bit more, which is where the technology comes in. One of the goals of SOA is to provide business agility for responding to change faster. While implementing organizational change and enforcing process can certainly keep SOA aligned with the business, it can sometimes defeat the goal of agility. This is one spot where technology like a repository and registry can help. Providing visibility into assets and their dependencies while automating their progression through the different stages of the lifecycle is critical for obtaining the goal of business agility. Without visibility, there is no reuse, and automation of the lifecycle can greatly reduce the need for time intensive, manual compliance reviews, as these can be auto validated in order to progress SOA projects faster.
There's also the notion of runtime. Application of the governance process is very intensive in the lifecycle stages leading up to deployment, but what about after the assets are deployed? This is where governance tends to breakdown, so a heavier emphasis on technology is needed. Governance doesn't stop after version 1 of an application or service is deployed. Your SOA needs to ensure everything operates within the policies defined by the business requirements, so technology that automates this enforcement at runtime is essential. Additionally, your SOA is going to evolve, so you need the ability monitor the behavior of the elements of your SOA to not only ensure everything operates as intended, but also identify areas of improvement. This can help the business understand where additional investment needs to be made.
So after my discussion with my colleagues, who did we think was right? It turns out that we're both right. Process and organizational culture are key to successful SOA governance, but so is technology in making it more efficient, automated, and ensuring SOA evolves in the right direction.