Adopting services oriented architecture (SOA) in your enterprise without thinking through IT governance can cause something like the Gold Rush in the 1800s; extreme rates of growth and minimal law and order which produce unexpected outcomes.

The promise of SOA is that developers can write software code once and have that code re-used by many disparate systems for a variety of functions, thus saving time and money. Governance is a set of processes, tools, and organizational structure that allows for oversight of the IT operation and is essential for delivering on the SOA promise.

Let's say your developers create a new service to open and track a "case" whenever a customer contacts your enterprise (let's call this service the 'Open Case Process'). By the nature of SOA other developers within the organization (or sometimes across an eco-system such as government organizations) may leverage that same service for their similar processes. So a sales department may use the Open Case Process to track contacts in their sales workflow software. The billing department may use the Open Case Process to track billing disputes in their contact center software.

Without an established governance plan and policy, the original author and support organization may not even know this "use" of their software is happening. This can lead to a lawless environment where: 1.) Increased volume may cause a jump in users from hundreds to thousands overnight. Servers or networks being used for this process may not be able to handle the load; 2) Contrarily a service is created but "no one comes" to re-use it because there is no established procedure about how to communicate service availability within the enterprise; 3) Finally, it is easy for a developer to read a service definition and create a sample request message in minutes. In a SOA world, the data travels on the wire in the clear and even has tags identifying each and every data element. Ease of access to SOA services raises an important issue of security policies and SOA governance.

So without a well-thought out governance plan SOA can seem like the lawless Wild, Wild West.

The SOA Sheriff: A Governance Framework

To capture the maximum benefits of SOA while not opening up the enterprise to additional challenges, companies are adopting SOA governance frameworks.

Enforce, Set up, Deploy and Regiment is the 'mantra' for implementing a successful SOA Governance framework. The following are recommended best practices:

1) Enforce Architecture Governance a. Define SOA reference architecture b. Identify the infrastructure capabilities it will have c. Evaluate and identify vendor technologies that the SOA architecture will be built with d. Specify management, security, reliability and availability characteristics for the SOA infrastructure