The term “SOA governance” has taken on the connotation of a select group of people coming together periodically to talk about SOA topics, establishing a policy which is dutifully documented, and then disappearing back to their ivory towers without making much impact on the business. But the notion of governance is becoming ever more important as businesses adopt SaaS technologies and initiate mobile, big data, and IoT initiatives. Suddenly those responsible for SOA policy can’t exist in their ivory towers anymore; every aspect of the business needs access to those policies, and those policies now touch everyone in the business. SOA governance therefore is evolving from a largely internal function for IT teams to one that extends to external audiences.
SOA itself has become a bit of a bête noire for IT professionals, yet it’s almost universally acknowledged that the principles are solid; the notion of abstracting enterprise software capabilities as reusable services in order to support more flexible business processes and ideally, more agile organizations is a laudable aim. But the reality of SOA implementation was that SOA organization tended to be centralized amongst internal teams, and any aim of improving IT and organizational governance was lost among the numerous enterprise integration projects IT teams had to undertake. SOA governance became an exercise in connecting endpoints to endpoints. Worst of all, the consumers of the services were lost in the shuffle – both the software endpoints that interacted with the services as well as those people in the business who wanted to consume service capabilities and use them to achieve business goals. Hence the reputation of the IT team as the department of “No” – often the technological implementation was where ideas that would help the business achieve greater innovation or agility would go to die.
As businesses evolve into more loosely-coupled organizations, exposing their services through APIs and increasing external service adoption by consumers inside the enterprise, SOA governance, API management, and application management are beginning to converge into a new kind of governance for the modern business. This type of governance not only has greater architectural coherence for a composable enterprise, but it’s now relevant to a wider audience outside of IT – mobile and app developers, data analysts, line of business owners – anyone who wants to consume external or internal services. And thanks to democratization of technology, all of those consumers expect that the applications and services they use at work to be flexible and convenient to access.
Governance from the IT organization is now more important than ever but is evolving as quickly as the IT function itself is. If we take governance to mean establishing and enforcing standards around how people and technology work together to achieve business goals, IT does need to take the lead in establishing those standards of access control, SLAs, and policies. But IT must not only be a cop, but also an enabler and and an empowerer of an entire ecosystem of digital capabilities for both internal and external users.
Mike Hamilton, head of IT for MuleSoft, says, “it’s my job to be a partner to the business. I can’t stand in the way of what the business wants to do – otherwise, we wouldn’t achieve our goals – but what I need to do is show my partners in the business how to do things in the most efficient way so that they get the results they want.” As the role of IT evolves from the Department of No to a true business partner, SOA governance evolves alongside it from an irrelevant set of policies and documentation to an amalgamation of governance coupled with API and application management designed to enable the business to get where it needs to go.