Todd Biske, Senior IT Architect, working for an F500 company, and who is about to release a book on SOA Governance, provided his own views on how to get started with SOA Governance. He claims:
[nobody] has a clear plan on how to put it in place at their organization
For him Governance is:
the people, policies, and processes an organization uses to achieve a desired behavior.
And he explains that
All too often, the steps of articulating the desired behavior and the policies that will lead to that behavior are not done, or done insufficiently. Rather, the focus immediately jumps to enforcement.
The problem he sees is:
[Enforcement does] nothing to change the understanding of the project managers, architects, and developers on what they should be evaluating themselves against as the right thing to do.
if you’re looking for a place to start, my recommendation is not to focus on enforcement. My recommendation is to define the behavior you’d like to see out of your organization, the policies that will help guide that behavior, and then focus first on education of the organization on those items.
If your staff is better educated on the outcomes the organization wants to achieve, they’re more likely to comply with the policies that will lead to that behavior, lessening the need for strong enforcement.
Kyle Gabhart wrote an article on the topic last june. His advice:
Start Small and Build Incrementally...follow a simple, pragmatic approach
He explains:
Overriding goals during the governance adoption process should be risk mitigation and increasing operational predictability to reduce risk.
- Define a governance roadmap with objective, measurable milestones
- Identify technology and organization changes required for each stage
- Clearly identify and document business value that is applicable at each stage
In July, Eric Knorr, and Oliver Rist talked about SOA Governance in their "Steps to SOA" series:
The sooner you start thinking about how governance will work, the better.
The reason they explain is
The more SOA is successful, the more management becomes a problem
They see:
Registries are more than just containers in which services can be described by metadata and discovered by clients and other services. They are also centers of SOA governance, where IT can list human service owners, manage versioning, ensure compliance with enterprise requirements, and more.
As Todd pointed out, starting a SOA Governance organization is tricky. Too much of it and people will try to avoid it while not enough of it will make people question its value. Do you know any recipe that works? or doesn't work?