Most large organizations have various security audit and certification processes that applications have to go through before they can go into production. These can usually take several weeks to complete. The holy grail of SOA of course is to be able to quickly compose new applications by orchestrating a set of existing services. However, you kind of defeat the purpose if your new SOA allows you to compose new applications in a few days or a couple weeks but then you have to wait several more weeks for the security certification before you can put it into production and start using it. Thus these security processes need to become more agile as well in order to support this new approach to building applications. This just re-emphasizes the point that SOA is not just about the technologies...the organizational processes have to support it as well.
The second thought has to do with the concept of portfolio management. This is the practice of treating your IT systems and applications as a portfolio, similar to how you treat your portfolio of investments. You regularly review your IT portfolio to see how it's aligned with your business objectives and other criteria you've established and decide how to fund (or invest in) them accordingly. Those systems that don't meet your criteria get reduced funding or get cut altogether. I contend that this practice needs to be applied to the services in your SOA as well. Those services need to be treated as a portfolio that get reviewed regularly to see whether they're being used, how much they're being used, how much is it costing to maintain them, how much cost savings are you getting as a result of reusing them, etc., etc.--you define the criteria that's important to your organization. With all the rush by everybody to stand up Web services and build their SOAs, I'm sure that there'll be plenty of services that actually don't ever get used. You gotta weed those suckers out. Your registry needs to be kept up to date and relevant, otherwise if there's too much junk in there, your developers will avoid it like the plague. Bottom line--include a portfolio management process for the services in your SOA. Perhaps start by conducting your reviews annually and then adjust the frequency of such reviews based on the volatility of your organization.
soa, governance, portfolio management
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment