As SOA has moved into the mainstream of IT strategy, the potential benefits have been hyped beyond what’s realistically possible. Forcing the IT leadership team to prioritize the benefits the enterprise and the divisions will achieve by adopting an SOA approach is a foundational exercise that many find beneficial. As SOA projects move from pilot implementations to larger division and enterprisewide IT initiatives, the need for an effective approach to SOA organization and governance (O&G) also increases. In fact, SOA O&G can be the biggest determinant of SOA success. Because of this, forward-looking IT leaders are increasing their direct involvement in order to address fundamental challenges facing their organizations as they move ahead with SOA. These leaders have dispensed with the aura of mystery around SOA O&G, taking a pragmatic approach that establishes boundaries for their organizations to operate within, and providing patterns for success that others can follow.
A recent SOA survey by International Data Group revealed that more than half of all enterprises say organization and governance is the top barrier they face in adopting SOA. This is understandable, as the issues to be addressed are substantial, and touch almost every aspect of the software development lifecycle (SDLC). In addition, over time, divisional IT organizations have been optimized to align with divisional initiatives, yet often SOA yields greater benefits for the enterprise. The nature of some of the best IT initiatives for SOA—such as crossdivisional up-selling and consolidated customer service—makes getting ahead of the O&G issues a top priority for many enterprises today, not an optional activity to be assigned to subcommittees.
“Without strong governance, nearly any SOA project will ultimately fail,” says Mike McCoy, director of enterprise architecture for Accredited Home Lenders (AHL), a residential mortgage lender based in San Diego, Calif., with more than $500 million in annual revenue. AHL currently uses an SOA as the foundation for numerous applications, such as processing “special handling” loans and integrating core underwriting and funding systems.
What worries CIOs about SOA organization and governance?
Most organizations already have some form of IT governance in place. Even so, SOA creates new challenges in terms of the service lifecycle, technology standards and team roles. The bottom line: Enterprisewide SOA can easily fail unless governance issues are addressed early in the adoption process. This means organizations need to adopt governance that supports, within the criteria unique to each business, the agility that an SOA promises. Experts say that CIOs who are not embracing strong SOA governance are holding back for the following reasons:
> Timing. The most common misconception is about when to deal with SOA organization and governance. Many feel they don’t need to address it up front, but believe it can wait until later. This can plant the seeds of problems that will grow as SOA rolls out across the enterprise.
> Lack of understanding and best practices. Companies don’t always understand what SOA organization and governance is, and why it’s different from a traditional organizational structure and IT governance plan. Many enterprises struggle to implement best practices that ensure the realization of SOA benefits.
> Fear of change. Adopting SOA requires a cultural shift in the way people work together, new skill sets and role definitions. As such, CIOs have to consider the cultural effects of change on people, process and methodology. The larger the company, the more siloed its business units tend to become, making change that much more challenging. Strong governance, however, can help ease the pain of change.
> Lack of SOA expertise. Many CIOs worry that their company lacks the skill sets and experience it takes to implement an SOA, and transforming an entire IT staff into SOA experts overnight is not a realistic option.
> Not the CIO’s responsibility. It’s not uncommon for SOA teams to be in place at the divisional level—siloed—without active engagement in business strategy. Typically, the lack of service-level agreements between central IT and other IT groups diminishes information and process sharing. This communication blackout can lead to an improperly specified SOA, or worse, even more siloed, small-scope SOA initiatives that yield greatly reduced benefits for the enterprise. CIOs need to ensure that SOA is an enterprisewide initiative and drive that message home with all constituents.
Taking the lead on organization and governance
Amid these perceived challenges, there are actions CIOs can take to improve their odds of success. It comes down to adopting the following best practices:
> Get personally involved, early. The “benevolent dictator” approach can be employed judiciously to catalyze change and bring decisions on new rules, roles and responsibilities to a clear conclusion. The reality in most organizations is that IT teams won’t work out those critical success factors among themselves, as the “turf” issues to be addressed are beyond the responsibility of the individuals developing the new processes. CIOs who directly insert themselves in these decisions early in the process can compress the time required to make some key decisions, accelerating their organization’s SOA adoption.
> Prioritize the SOA benefits. As SOA has moved into the mainstream of IT strategy, the potential benefits have been hyped beyond what’s realistically possible. Forcing the IT leadership team to prioritize the benefits the enterprise and the divisions will achieve by adopting an SOA approach is a foundational exercise that many find beneficial.
> Establish the boundaries. Foundational organization and architecture guidelines need to be debated and agreed upon at the top. The implications of simple guidelines such as “data is owned by the enterprise” are far-reaching, and set the boundaries that smaller sub-teams can address in detail.
> Develop a conceptual SOA organization. The organizational models surrounding shared development approaches are finite, and while the titles may be updated for SOA, many CIOs will recognize the prescribed roles. Developing and privately syndicating “straw” organizational models has proven to be an effective way to surface the issues among the leadership team with minimal territorial behavior, which can then be modified if real-world trade-offs need to be considered.
> Address four core processes first. Not all software development processes need to be addressed immediately, and in fact, addressing too much too early can be detrimental to success. Successful organizations have begun to address the following four core processes, leaving the rest of the software development lifecycle processes for later in their SOA maturity:
1. SOA architectural management. A structured process for any proposed changes to be reviewed and implemented in the enterprise SOA reference architecture.
2. SOA project management. As part of the existing project investment decision process, organizations are adding an SOA process determining a project’s alignment with the SOA road map in order to emphasize IT projects best leveraging existing services or with the best potential of creating new services with a high degree of reuse.
3. SOA alignment. As an adjunct to existing SDLC processes, companies are adding formal design and architectural reviews at key control points in order to ensure alignment with key SOA architectural guidelines and business objectives.
4. SOA infrastructure management. Version control for existing published services and new services that will be introduced.
> Ease culture shock. Many companies have adopted a project-by-project approach to implementing SOA, realizing benefits as they go. These companies have found that implementing effective SOA O&G is a similar process. While the full implementation of the new SOA processes may require significant changes, implementing these changes all at once can overwhelm any benefits that may be realized from initial SOA projects. An effective approach to rollout is to let the number of services actually deployed in production set the pace, allowing the O&G changes to be implemented in phases. Early in the process, “virtual” roles and committees can be an effective way to get started, all of which can be introduced without major organizational change.
> Put some bite in the process. “Because SOA governance is key, you’ll want to establish an oversight/review committee with real teeth,” AHL’s McCoy says. “Make this a priority, not an afterthought.” Early in the process, the committee may be used primarily for facilitating communication, but over time the “teeth” of the committee need to be felt, as the core processes begin to be implemented, and adherence needs to be enforced.
> Use the right kind of external help. Broad organizational change efforts can equal a “license to consult” for many vendors, and cause any budget-conscious CIO to avoid using outside assistance. But external resources, unburdened by organizational politics, can be uniquely useful for building consensus on priorities, leveraging examples from the industry, defining new roles and responsibilities, and building an O&G implementation plan. You can achieve these critical steps using as few as two to three external advisers, provided the right internal executive team gets directly engaged from the beginning. SOA organization and governance doesn’t require the army of consultants that some would prescribe.
Addressing SOA governance is an effort that requires time and tenacity to pay off. “Change threatens some people, and it won’t happen overnight so you’ll have to keep plugging away,” says McCoy. But by getting personally involved early in the key decisions, and by taking a pragmatic approach to implementing the O&G changes, you can set your organization up for success as service-oriented architecture becomes more widely adopted throughout the enterprise. Bruce Graham is the senior vice president for the worldwide consulting and SOA practice at BEA Systems.