SOA Compliance in a High-pressure Regulatory Environment

Active SOA compliance management is mandatory to avoid business loss, litigation, fines, and even jail terms. With financial, privacy, and other regulations increasing, IT must respond with ever-greater speed to update processes and policies.

In fact, a "hear no evil, see no evil" or a reactive approach to updating compliance policies can get companies in hot water—as one company found out.

Worst Practice: Updating SOA Compliance "When You Get the Chance"

Trafalgar Retail Stores is a profitable regional chain of department stores. As part of its aggressive e-commerce initiatives, the company had been allowing customers to apply for store credit cards online. This process required gathering sensitive customer information—including Social Security numbers.

When evolving privacy regulations required that all Social Security numbers captured online must be encrypted, however, Trafalgar took a reactive approach to managing its compliance issues. The IT team was aware of this regulation, but elected to put off the implementation of the Social Security encryption algorithm until the scheduled versioning of their services at the end of the quarter.

In the interim, hackers managed to gain illicit access into a production database, where they were able to download some of the unencrypted Social Security numbers, along with customers' associated personal data. The resulting cases of identity theft not only hurt the affected Trafalgar customers, but ultimately impacted Trafalgar as well, which ended up suffering substantial financial losses and bad press resulting from a series of expensive law suits.

Best Practice: Active SOA Compliance throughout the Service Lifecycle

In the current regulatory environment, lack of awareness or a lackadaisical approach to enforcing up-to-date compliance will not shield an organization from the financial and other consequences of late or non-compliance. Rather, companies should adopt a serious stance on SOA governance, including the inherent compliance management process and technologies supporting it, through the entire Web services lifecycle.

To do so, companies should deploy a comprehensive, automated SOA management solution that:

• Allows policies to be changed independently of the services they apply to in order to avoid time-consuming updates to services each time a compliance policy changes.
• Provides an organization with visibility into the SOA runtime environment. By this means, the organization can ensure that current compliance policies are both in place and being enforced appropriately.

Progess Actional SOA Management products facilitate an active compliance management approach. With Actional, companies have visibility into, and security and control of, the activities of services and end-to-end business processes. In addition, Actional's comprehensive, automated SOA management solution enables them to abstract their compliance policies from the application service logic itself––allowing these policies to be updated in a seamless fashion, independently of the services they apply to.

For More Information on SOA Compliance

To learn more about SOA compliance and other best practices for planning and implementing SOA governance download "SOA Worst Practices Volume II: A Look at Governance."