Service oriented architecture (SOA) governance is very much a product of its
time. At the same time SOA began gaining momentum in the enterprise, the corporate
world was rocked by accounting scandals that demanded a more formal approach
to enterprise visibility. SOA governance provided a timely answer that conveniently
solved a number of lingering problems for enterprise IT.
The latest trend gaining traction in the IT world is cloud computing. This
has led some people to question the continued relevance of SOA governance, given
the inevitable migration of enterprise IT into the cloud. While the basic ideas
of SOA governance map quite naturally to cloud governance, some important shifts
in priority and technology need to take place before SOA governance can be effective
in the cloud and legitimately claim a new name.
It's all about the services
Governance is not about technology, though this certainly has its place in
a governance program. Nevertheless, a common mistake is to allow products to
guide an organization's approach to policy and process. It is important to recognize
that infrastructure is simply a tool, and the capabilities of these tools should
never define what governance means to you.
This is a risk today in the cloud, where the focus of the infrastructure works
against good governance. It is particularly evident in cloud management, which
often places supreme import on monitoring and controlling virtual machines.
These tools and services, while important and useful, imply that managing a
virtual instance automatically includes managing the applications that reside
in it-which can be a fatal mistake.
Although these tools do provide an important component of governance, they
are not a complete solution. They miss a basic lesson from SOA: that is, to
focus our attention on the services. SOA governance asserts that you must apply
security and monitoring at the highly granular level of individual services.
This fundamental premise of SOA-focusing on application services-is as relevant
in the cloud as it is in the enterprise. Corporate IT builds applications using
SOA; the cloud, as nothing more than a new deployment model, is therefore a
logical space in which to employ SOA. The first shift in priorities must be
a departure from coarse, cloud-centric granularity and a return to finely grained
service control. Such a shift has big implications for the infrastructure that
implements policy and process in the cloud.