SOA Organization for Comprehensive Governance

A single enterprise-wide SOA organization is critical to creating a comprehensive SOA governance solution. Without coordination of different SOA initiatives, companies risk violating government regulations and business policies.

That's what happened at one diversified company with separate IT groups for each business unit who didn't communicate with each other.

Worst Practice: No Single SOA Organization, No Communication among Separate IT Groups

RayStar is a diversified company providing defense components to Department of Defense contractors and aerospace products to industry. The company has very separate operating units designing and manufacturing its various components – for radar, detonators, missile launchers, and civil aircraft avionics. In fact, each unit has its own IT department and CIO: there is no company-wide IT organization. So each unit's development leader and architect ruled the roost. In fact, they chose not to communicate or share common services such as ordering processes or governance standards.

When the time came to implement an SOA, the lack of a centralized SOA organization not only increased the potential for replicating work, but put the company at risk of violating regulations and policies crucial to its legal and financial well being by not coordinating SOA design and development efforts to produce a comprehensive governance solution.

Best Practice: Institutionalizing a Central SOA Organization

Perhaps the most important aspect of SOA governance is the human element. People must talk – whatever the political resistance associated with coming together. The good news is that the first parties who start talking, more often than not, get to set the standards. When people get together, here are some actions for setting up an effective SOA organization or SOA center:

• Include the IT heads from various units and, just as important, the business heads. To be successful over time, an SOA must align IT with the business.
• Start working on SOA with business partners with immediate needs who are vocal and can quantify the value that new services can bring them. When these SOA projects are complete, the SOA organization will have a strong case to make to the entire organization for moving forward.
• Identify all existing processes and insert governance checkpoints and notification points (i.e., reporting that such-and-such a service has been created).
• Create a standing group to make certain that all processes and policies are complied with.
• Simplify and automate these processes with an SOA management solution that can monitor and enforce policy compliance, especially because policies change over time.

Progress Actional SOA management solutions provide visibility, security, and control of the activities of services and end-to-end business processes in the runtime environment. Actional capabilities allow companies to enforce comprehensive, consistent enterprise-wide SOA in the runtime environment.

In particular, Actional:

• Finds and visually traces the root causes of policy violations, wherever they occur, eliminating the security and compliance risk of rogue services.
• Allows security and compliance policies to be configured and managed centrally, in an abstracted or decoupled fashion from the services they govern. This enables a single policy to be reused for multiple services.

For More Information on Creating a SOA Organization

To learn more about why you need a centralized SOA organization and other key SOA best practices, download "SOA Worst Practices Volume II: A Look at Governance."