2. Not creating a governance framework. Governance is a large part of developing an SOA strategy, according to Jason Bloomberg, senior analyst at the ZapThink advisory firm in Baltimore. He says organizations must decide ahead of time what their reuse and publication policies will be for the services within their architecture. You have to think through how youre going to create, communicate and enforce these policies, he says.
One problem that often arises for companies that fail to think about governance is version management. You may start to roll out services and everything is fine until you need to change something, he says. There is a ripple effect from altering services that can extend all the way to customers that could disrupt business. You have to develop a plan beforehand for updating and changing services, Bloomberg says.
3. Treating security as an afterthought. Security can be one of the trickiest areas of SOA because organizations are reusing services that might have been created externally. Before you bring services into your SOA environment, you have to put standards-based interfaces on them. If you dont take care of security issues, youll put a hole in the SOA wall, Bloomberg says.
Jon Gossels, president and CEO of SystemExperts Corp. in Boston, says that most services, to be made as reusable as possible, have security stripped out of them. This isnt good, he says. To combat this problem, he urges IT groups to add service interfaces that address compliance mandates and cater to the highest level of security each application requires.
In addition, IT groups should carefully plot out their authorization and authentication strategies. You need to decide who controls the addition of new services and who can change services that are already in use, Gossel says.
Organizations should also monitor the services that come onto the network. Otherwise, you could have someone deploy a rogue service and youd have no way of knowing it, he says.
Gleason says companies should expect to have some glitches along the way with SOA deployments. To minimize the risk, they should modularize their architecture plans and roll out pieces little by little. If you start out too big, youll run into problems. The first time out can be tough, but it does get better and youll see that SOA does make your life easier, he says.