Why SOA Change Management Is Important

SOA change management—the ability to adapt your SOA network to changing business requirements—is a key component of SOA management for maximizing business agility and minimizing IT costs. The reason is simple. The one constant in business is change. This is one of the main reasons that businesses today are implementing a service-oriented architecture (SOA). The goal of an SOA implementation is to increase business agility, or the ability to respond to change, in a way that reuses functionality and data in existing systems, but reduces IT costs.

However, an SOA must be built to change to achieve these benefits. Here's an example of a worst practice that shows why businesses need an SOA change management process or capability.

Worst Practice: No SOA Change Management Process

Amalgamated Electronics is a multinational consumer-electronics manufacturer. Its IT team knew that the success of their SOA would depend on the governance of its Web services. But they didn't foresee a need for making changes to SOA governance policies and, therefore, for SOA change management capabilities. The team assumed they could design in SOA governance in the SOA design environment and everything in future phases––development, test, deployment, and runtime––would remain the same. The plan was that SOA governance would be static and work as built.

In addition to writing SOA code, the developers were tasked with making sure the SOA services complied with defined company and regulatory policies. During the SOA development phase, they created the dependencies between Web services and corresponding policy enforcement on a service-by-service basis.

However, by trying to design-in SOA governance during development, the developers had no visibility into how the SOA governance measures affecting applications were implemented, tested, deployed–or how they fared in the SOA runtime environment. They didn't know the difference between what was designed and what was running on the network over time. So they didn't have a SOA change management capability or process.

As policies inevitably changed and services that weren't initially designed were deployed, IT found that its design-phase, service-by-service approach to SOA governance didn't work. As regulations changed, for example, out-of-date policies and associated enforcement placed the company at risk of fines, loss of revenue––even jail time.

Best Practice for SOA Change Management

SOA governance is not just a check-once concern. To avoid the mistakes of the Amalgamated team and create a foundation for SOA change management:

• Approach SOA policy enforcement from the perspective of the entire SOA service lifecycle. Success can only be achieved when there is a consistent application of SOA governance rules and policies across all services, from the initial design to the actual SOA runtime environment. Without this focus, companies are at risk of not enforcing measures that they intended to, and of not having SOA visibility to ensure that only services that are in compliance are deployed. Web services governance is about minimizing risk. Non-compliance with corporate policies as well as various government regulations––including Sarbanes-Oxley, HIPAA and others––represents some of the greatest of these risks.
• Centralize SOA governance to enable SOA change management. Complement SOA design-time governance with SOA runtime governance. This creates a "layer of abstraction" between the services and the governance mechanism, centralizing management of policies and processes so they can be controlled automatically. This centralization permits the automation of policy enforcement and prohibits the violation of compliance “behind the backs” of business and IT.
• Decouple policy enforcement from application development and deployment.
• Make policies independent of applications. They can and should change independently.
• Separate roles and responsibilities for policy creation and enforcement. Developers are not policy experts, and can’t efficiently develop application logic when burdened with this task.

Progress Actional SOA management products support these best practices. They provide visibility and control of the activities of services and end-to-end business processes in the runtime environment—including capabilities that automatically reveal and correct violations of policy and easily manage changes to governance policies and business processes.

For More Information on SOA Change Management

To learn about key requirements for optimally managing and governing new SOA services such as SOA change management – as viewed from the perspective of SOA mistakes—download "SOA Worst Practices Volume II: A Look at Governance."