Like any structure, governance needs a solid foundation. In the case of SOA, the trick is to get the right people involved and engage in some good old-fashioned fact finding, so you know exactly what you’re dealing with.
Job No. 1 is finding the right sponsor. An executive sponsor is not only an evangelist for the process, but should be willing to serve as a court of last resort in adjudicating the disagreements that are sure to arise. A sponsor shouldn’t be a mere figurehead; he or she must understand and support the goals of the organization’s SOA efforts and be willing to back them up.
Kelly Flanagan, CIO at Brigham Young University, notes that you may need more than one sponsor at different levels in the organization. “I think it’s important to get the CIO engaged early to win the support of the other executives and help them understand the long-term importance of SOA,” says Flanagan. “It’s also beneficial to have divisional sponsors willing to champion details not of concern to the CIO and the executive team.”
Next, don’t assume that you’re alone in your endeavors. Many organizations already have SOA activities under way, so make an inventory of what’s been tried, what worked, and what didn’t. Pilot projects represent pockets of experience, maybe even excellence, inside your organization. You can call on them for advice and support as you create a governance process. If possible, it’s also worth trying to help expand the influence of project leaders who are sympathetic to your cause.
Last but not least, do your homework. The SOA lifecycle requires different governance at design time, deploy time, and runtime. Understand the governance requirements at each stage. Runtime policies are created and implemented very differently than development-time policies. A design time policy on security might specify authentication requirements, while a runtime policy would specify how to enforce those requirements.