Governance Tools -- Buyers Beware
While several vendors have a fairly common definition of a Governance, it’s entirely too inadequate to really suffice for a complete, robust, or end-all-be-all solution.
Enterprise software has a sometimes-sordid history of greatly over-promising and under-delivering. Some vendors I see in the governance space for SOA are repeating that bad history. That’s unfortunate given the tremendous promise in SOA and the tremendous capabilities that are possible for SOA governance.
No one vendor, even my own company iTKO, can provide 100% of what I would think is a robust governance solution today. It may never be that one vendor delivers 100% of a governance solution. Yet I’ve just been reading many vendors talk about their complete robust end-all-be-all governance solution for SOA.
While several vendors have a fairly common definition of a Governance, it’s entirely too inadequate to really suffice for a complete, robust, or end-all-be-all solution. In fact most Governance solutions right now in SOA are little more than bundling WSI tools and scanning XML with Xpath queries at run time for automation, and document repositories for non-automated Governance.
This is barely the beginning of what will create real governance. The outcome of a robust governance strategy is increased visibility, trust, and an infrastructure that has longevity compared to the many times we’ve attempted greater reuse and better IT alignment with the business.
One of the key areas that my company focuses on around governance is in the behavioral area and in making the definition of the word “policy” more rigorous than the meanings frequently used by the so-called governance tools also in our space.
At the end of the day, policy will need to be all of the kinds of things that you think of legislatures doing or any kind of rule-making body in our real world. Think about at the Federal level, very broad stroke kind of Policies. These are the things that some governance tools can do like “Thou shall use WS security for all of the access points from external sources coming on to our network. But there is also the State level, County level, City level and even Home Owners’ Association, if you think about it. You will never see a Federal Law about where I’m allowed or not allowed to place my US flag. But my Homeowners’ Association has all kinds of rules and restrictions about where I can and can’t place my flag.
So policy is really going to be where we, as an industry, focus Governance tools and within that focus, we’ve got to make sure that our definition of policy captures enough of the “what it takes” to get the value from Governance.
So the next time you are talking to a Governance tool vendor, let me suggest two things:
The first is to make them fully explain themselves about what their product does in terms of allowing the definition, modeling and enforcement of governance policy.
And, second, don’t just listen – make them show you.
We have a customer that spent 7 figures on a tool that was supposed to do a bunch of really interesting policy and governance work that’s barely doing much of that at all. You’ve got to see how the product works.
Governance buyers beware.
Trackback URL for this post: http://www.webservices.org/trackback/id/82918