SOA Policy Management: The Current State of SOA Governance

The eBizQ SOA survey results show that SOA policy management or governance is an important issue. It includes both defining SOA policies and enforcing them in the SOA runtime environment. Policies dictate service design and deployment, technical protocol implementation, service access, information protection, and service-level agreements. But as SOAs evolve in scope and scale and are opened to external parties, companies need to broaden their view of SOA governance to include runtime concerns. The ebizQ survey looked at organizations' levels and shortcomings in both of design-time and runtime governance.

SOA Policy Management: Policy Definition

SOA policy management includes IT, business, and security policies. These are critical to SOA success. So it's not surprising that a large majority — more than 86% of eBizQ's 313 survey respondents have or will soon have corporate mandates for SOA governance.

Yet organizations have not formalized their behavior in this area. Few organizations have formal special SOA roles for policy setting and enforcement. Architects are the most frequent policy setters — indicated by almost 64% of survey participants. But only 18% of the 313 companies surveyed have an SOA governance officer.

This figure correlates with the number of services in production: 33% of organizations with more than 50 services in production have an SOA governance officer. In general, companies at a higher level of SOA maturity (as measured by the number of runtime services) are more likely to have SOA governance officers—according to survey findings.

SOA Policy Management: Policy Enforcement

SOA runtime policy management or governance includes mechanisms for:

  • Protecting the business: This area includes many types of security as well as compliance auditing.
  • Minimizing disruption to business operations: This involves establishing and enforcing service-level agreements (SLAs), quickly diagnosing and resolving problems, understanding dependencies prior to making service changes and maintenance, and enabling policy changes without affecting the services implementations.
  • Monitoring and measuring runtime operations: This requires real-time visibility into the information required by both the business and IT to manage the runtime environment—including service interactions and dependencies and metrics on service usage, performance, service levels, and key business indicators.

However, the eBizQ survey disclosed that a majority of companies rely on manual processes — such as manual reviews, audits, and after-the-fact reporting--to manage SOA runtime policies. Less than 6% have automated runtime SOA monitoring of policies, and less than 5% automatically assess services for policy enforcement before the services are checked into a SOA repository.

SOA policy change management is also primarily manual. To ensure services are in compliance when policies change, only 14% use tools that automate runtime enforcement. Almost half of survey respondents change their processes, and 27% create new versions of existing services.

For More Information about SOA policy management

Learn more about SOA policy management — download the free whitepaper: The Current State of SOA Governance.

Read more about the eBizQ Survey Results on SOA Policy Management

Find out what other companies are—and aren't yet—doing to manage their SOA policies. Download the free white paper, "The Current State of SOA Governance", now.

Note: The items in BOLD are required fields. You must supply a valid email address to complete the registration.


First Name
Last Name
Company
Title
Job Category
Industry
Email
Telephone
Address 1
Address 2
City
Country
State/Prov
Postal Code