RELATED CONTENT ARTICLES Service-oriented Architecture Service-oriented Architecture Software-as-a-Service: What's the Buzz all About? CMMI: Does Your Supplier Make the Grade? Web Services: When Mavens Meet Connectors Answering Services Call BLOGS Is it time for "Diet" Lean Six Sigma ? The changing landscape – opportunities and challenges Do You Still Call Them IT Services? Elections, Immigration and Emotions The Search Industry Set to Join the Sourcing Brigade Soon

SOA Best Practices Start with Governance
As addressed earlier, SOA is being adopted because it provides business value—agility and flexibility, plus classic time-to-market and lower cost benefits.  For a true commercial grade instance of SOA, ISVs need governance—specific, consistent guidelines for defining, measuring and monitoring their work.  Ultimately, these steps enable developers to analyze and take action on how those services are being delivered: Which work? Which don’t?  Which ones need to be added? Which ones need to be removed?
Today, the governance is challenging.  It’s not tangible, and it’s hard to measure. But, there are key questions every organization can ask itself: What is our SOA reference architecture?  Where are our services, who owns them, and how are they maintained? How are we managing rogue services (unknown services or services that are being used without someone’s knowledge)? That last question is particularly interesting when you consider that rogue services could be part of a financial system but don’t comply with regulatory rules such as Sarbanes-Oxley or accepted business practices.  Try explaining to your clients why an unknown service was capturing their credit card data that was accessible to other unauthorized systems.  These are truly the silent killers that lurk in the SOA world.
Because SOA opens up operations to disruption through Web services, establishing governance and ensuring compliance with business policy is extremely important.  Organizations must determine what services are being consumed internally, and exposed to insider threats, and which are exposed externally to malicious hackers.  Operationally, it must be clear how services are being used and whether or not they are being used in a way that is consistent with users’ roles and normal delivery models.  In terms of “baking in” security and governance into the SOA development process, organizations must assess threat models, engineer for it, assess the skill sets of engineers and identify emergent behaviors.  
In the end, SOA practitioners must focus not only on development, but also on developing strong governance practices that tie business value into the commercial delivery of services up the SOA maturity curve—from ad hoc and repeatable, to managed and beyond.  The goal is to reach the optimization level where you are changing the way your business is developing services as a function of the value business partners are paying for.  Above all, keep governance simple.  Don’t go overboard or make it too complicated, otherwise it becomes a burden, not an asset to the development team. 
As we recap the business drivers for SOA and keys to successful transitions and development environments, be careful not to manage SOA blindly (or use the Ostrich “head in the sand” approach) just because you are either unclear about how to maximize its usefulness, or are simply too intimidated to ask.  Keep it simple, and approach SOA from its most basic definition and purpose.  SOA’s greatest business benefits boil down to its ability to support more flexible, agile systems that enable companies to keep up with new business demands.  To set yourself up for SOA success, you must evaluate the “necessary vs. sufficient” conditions within your own organization, and remember that proper governance is most important.  While organizations need to consider other components such as new people, tools and software methodologies, these only create “sufficient” conditions for SOA success. 
Awareness and education around SOA is an ongoing process, and this is certainly an area that will continue to mature and develop.   So, if you’ve determined SOA is right for you, take your head out of the sand and make the commitment to establishing and sharing best practices to support SOA success to benefit your organization, and its customers and partners.

Participation in or using information posted in this article is subject to the following disclaimer.
 
Disclaimer: globalservicesmedia.com invites readers to contribute articles for publishing at the website. This is a “reader contributed” article, and reflects the individual opinion of the contributor. It may or may not have been be checked for authenticity. The sole responsibility of the facts herein and their authenticity lies with the author. Neither globalservicesmedia, nor its employees shall be liable for any loss suffered by you, by following the advice provided here.