Governance is critical in the IT spaces, but enterprises are, many times, too one dimensional in their approach. Practitioners are intently focused upon the technical mechanisms of implementation and interoperability, especially when it comes to the care and feeding of such multiple form factors as the cloud, mobile devices and Internet of Things.
Consequently, the enterprise SOA governance model often overlooks the most critical component of all: the people.
Links in a chain: Technology to process to people
SOA governance practices tend to focus on maximizing the efficiency of development and deployment, so all the pieces of your infrastructure work reliably and effectively together. As such, it's steeped in services catalogs, standard policies, testing processes and improvement mechanisms.
Without these things, developers run the risk of idiosyncratic code, duplicate functionalities or conflicts with other apps. And there's no question this would be absolute death in a present-day environment when there are so many computing platforms, each of which often must call the same sets of information and participate in the same business processes.
And therein lays the link to the omission I'm talking about:
- Functionally, SOA is tightly bound to business process management in that which services get called when depends upon what's happening in the business process.
- BPM is tightly bound to people in that how a process flows reflects how workers can best get stuff done.
- Therefore, SOA is tightly bound to people, and an SOA governance model must include a liberal dose of "people governance" in order to be maximally successful.
Teach Your Children
Let's say you have the greatest technology in the world. Every service is properly catalogued, every application is developed according to an enterprise-standard methodology, and every one of them is continually simulated and tested and improved upon. But if the people relying on your technology don't know how -- or aren't encouraged -- to properly handle the information on which they rely and on which the SOA system operates, then you have nothing.
This notion has moved to the direct center of the SOA radar screen due to the sheer volume of data, and management systems organizations now deal with. No longer can an IT executive issue orders about file naming or archiving or security practices and expect 100% submission in return.
Thanks to USB sticks and the cloud and social media and mobile devices, everything in your databases and repositories theoretically now can exist everywhere, and preventing occasional leaks from "breaking the dam" requires educating users and strict monitoring. In other words, they would be subjected to governance.
Why We Can't Have Nice Things
The latest wrinkle in this regard has to do with Internet of Things, which involves enabling objects like thermostats, refrigerators and cars to perform tasks without human intervention.
But how do you teach a smart appliance to, say, safeguard the information it has to capture and share in order to fulfill its destiny and protect its network connections? You can threaten to fire a nonconforming employee, but what do you do with an uncooperative machine? I don't have a good answer to this, I'm sorry to say, and that concerns me even in terms of my own privacy and security.
However, it also serves to make my point. The technology available to us today allows us to do some pretty amazing things, and thanks to the application of an SOA governance model, solutions can get built and deployed with remarkable consistency and efficiency. But unless we apply the same controls and best-practices to our people as well, we're likely to limit our own opportunities for advancement.
Cloud and SOA governance are the same but also different
Mapping can be key to facilitating SOA governance
A look at different SOA governance tools