News Stay informed about the latest enterprise technology news and product updates.

SOA governance primer

Before implementing SOA governance, enterprises must first have a firm grasp of governance at different levels of IT, data and processes.

This article originally appeared on the BeyeNETWORK.

Welcome to conclusion of the three-part series on governance. In this article, I will discuss service-oriented architecture (SOA) governance. The first two articles in this series covered IT governance and data governance. I would encourage you read the definitions in Part I andPart II, as I build on those definitions in this article. In this article, I will attempt to define SOA governance, explain how to begin building a governance practice and suggest some best practices.  

To begin, it is helpful to review some existing definitions of SOA governance: 

There is a common misconception that SOA governance is governance of an SOA, as though SOA were one more IT asset in need of governance in the organization. That belief, however, indicates a fundamental misunderstanding of the role of SOA. Fundamentally, SOA is enterprise architecture – when an enterprise adopts SOA, it should approach the organization of all of its IT assets from an SO perspective. As such, Service orientation provides a broad organizing principle for all aspects of IT in the company – including IT governance. That's why we say SOA governance is IT governance in the context of SOA, rather than governance of SOA. (Source:ZapThink defines SOA Governance)

SOA governance is the ability to ensure that all of the independent efforts (whether in the design, development, deployment, or operations of a service) come together to meet the enterprise SOA requirements…including SOA policies, auditing and conformance, management (track, review, improve) and integration. (Source: WebLayers, SOA Governance)

SOA is architecture – a service-oriented architecture for the enterprise. It is not a tool, a utility or a service provided by consulting firms. It is a design, a way of connecting people, processes and data so that it makes sense to the business in a flexible and dynamic manner. It means information is available on demand, as a service, to the individuals requesting it.

SOA governance is a bit more challenging to understand because SOA is an architecture plan. SOA governance should mean that an SOA has been set up and endorsed by the board of directors. In order to implement SOA governance, enterprises must first have a firm grasp of governance at different levels of IT, data and processes (both business and mechanical).

My research has shown that governing the SOA implementations is what is necessary. Governance of the architecture is not feasible in and of itself. IBM summarizes enterprise governance initiatives and includes thoughts about the implementation of SOA and its respective governance:

SOA is like old wine in a new bottle. SOA concepts have been around for quite a long time in the IT industry. But it is only recently that it has gained attention as a way of aligning the business strategy and imperatives of an enterprise with its IT initiatives. What makes an enterprise that embraces SOA need to take governance more seriously is the distributed nature of services across various LOBs. (Source: A Case for SOA Governance)

Ensuring Successful SOA Governance
There are several items necessary in order to ensure proper SOA governance. The following list provides a baseline from which to start:

  1. Establish a firm understanding of governance principles. The elements of governance from IT governance and data governance will help forge a solid foundation for services and architecture governance. If SOA governance is implemented before IT and data governance, there is a high risk of not understanding “what” to protect and what security is required.

  2. Develop solid enterprise architecture (top-down design) with a bottom-up implementation plan. When constructing a high-rise building, the foundation must be set up properly to support the weight. As long as the underlying structure can support the weight, it can always be remodeled later.

  3. Involve SEI / CMM Level 5 principles. This ensures that the development and deployment aspects of the services can be governed in terms of quality, documentation and understanding. This leads to a repeatable, redundant and simplified architecture for all services. It is similar to the solid foundation needed for an enterprise governance initiative.

  4. Adopt common roles and responsibilities. Governance cannot commence without roles and responsibilities. Does this mean “SOA management?” It does to a degree, but understanding who does what within the governance framework will help identify how the deliverables in governance will be met. The SEI / CMM levels will play a role in identifying how to “measure” or quantify the results of the governance efforts.

  5. Monitor the SOA implementation. Not only is it important to set up accessibility and security rules, but with services it is also vitally important to monitor the execution. Without monitoring, there is no way to determine if the SOA governance policies are actually working. Understanding who accesses what and when is very important to executing successful governance.

  6. Establish a hierarchy of reporting on the SOA governance initiatives. When it comes to crossing lines of business (LOBs), it is important that individuals understand they report to the executive office on the initiative's successes and failures. Breaches must be taken seriously and addressed, or governance is unenforceable. When governance is unenforceable (particularly SOA governance), there is a serious breakdown across the enterprise.

  7. Design integrated governance dashboards. The metrics for daily monitoring should be included on dashboards for the individuals responsible for governance, showing the breaches, errors, downtime, uptime, hack attempts and other metrics for the SOA infrastructure. Having dashboards available to the enterprise will reinforce the governance initiatives.

  8. Arrange SOA governance meetings. Remember that both the SOA and the governance initiatives are active initiatives. They should not be stagnant. New components of the SOA come online regularly, and new governance initiatives must be established to meet the needs of those services.

  9. Endorse SOA governance from the executive level. Service-based efforts (such as data warehousing, data integration, metadata and SOA governance) all require executive backing in order to succeed. If the enterprise wants SOA, then the enterprise should also be willing to establish an SOA governance board that is supported at the executive level.

  10. Hire the right consulting services. In selecting a firm for assistance, ask about their dedication to SOA governance and SOA best practices. The consulting firm should have both, along with expertise and best practices for the industry.

Supporting the SOA Initiative
The systems on the back end need to support a full complement of activities, ranging from real-time (or active) data feeds and integration to Web services. This includes the need forbusiness intelligence portals, full data integration (batch and real-time), enterprise information integration (EII) querying technology, metadata management and SoR (system of record). Governance is the method to control and monitor access to these systems; but without the data or the services to properly back the SOA effort, there can be no SOA governance. Likewise, without SOA governance, SOA efforts can and will go astray.

The SOA Journey
Remember that SOA is a journey, not a destination. It is also architecture, not a technology or a piece of software. SOA governance must be implemented with the same rigor as enterprise SOA. It must be used to control and monitor the implementation efforts of the underlying SOA. SOA governance can and should be built from well-established IT and data governance initiatives. Without that foundation, SOA governance will quickly expand and become too broad a concept to grasp.

While SOA is an architecture, implementation of the SOA is best provided by vendors offering the complete package. Implementing SOA requires real-time investment. SOA governance also requires dedication and backing at the executive level. Following the 10 steps provided in this article and discussing the SOA initiative with a qualified consultant will help to ensure a successful SOA governance implementation.

  • Dan LinstedtDan Linstedt 

    Cofounder of Genesee Academy, RapidACE, and, Daniel Linstedt is an internationally known expert in data warehousing, business intelligence, analytics, very large data warehousing (VLDW), OLTP and performance and tuning. He has been the lead technical architect on enterprise-wide data warehouse projects and refinements for many Fortune 500 companies. Linstedt is an instructor of The Data Warehousing Institute and a featured speaker at industry events. He is a Certified DW2.0 Architect. He has worked with companies including: IBM, Informatica, Ipedo, X-Aware, Netezza, Microsoft, Oracle, Silver Creek Systems, and Teradata.  He is trained in SEI / CMMi Level 5, and is the inventor of The Matrix Methodology, and the Data Vault Data modeling architecture. He has built expert training courses, and trained hundreds of industry professionals, and is the voice of Bill Inmons' Blog on


Dig Deeper on SOA data services and architecture

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.