Realizing the Strategic Promise of SOA Requires SOA Governance

Registration is free. Login or register to view/download this content.


Editorial Director and current Faculty Member,
Tom Dwyer is the Editorial Director and current Faculty Member of He writes, presents and consults on topics that include Business Process Management, Business-to-Business, Enterprise Application Integration, and Service-Oriented Architecture. Mr. Dwyer has conducted primary research and published extensive reports on the Application Software Infrastructure markets. Before becoming an industry analyst in 1998, Mr. Dwyer spent 28 years in the computer industry in various engineering, marketing, professional services, and sales functions. He was a co-founder and general manager of a new software venture at Xerox, which became a wholly owned subsidiary. Mr. Dwyer has held senior management positions in marketing and engineering at Wang Laboratories and Prime Computer and has developed and launched more than 15 software products.

Recent tactical success in the utilization of Web services has brought renewed attention to the timing for a strategic commitment to Service Oriented Architectures (SOA). Early adopters have been investing in SOA for the past five years but now the development of more rigorous methodologies and technologies, and the maturing of standards, are making SOA accessible to everyone.

Service-Oriented Architecture (SOA) is an approach to distributed computing that considers software functionality as services on a network. SOA represents the next major step in the evolution of IT strategies. Businesses can look to SOA as the best way to leverage information technology assets and to provide the business the agility required to compete in today’s economy. In addition, SOA holds promise to companies looking to bring order to an increasingly complex and chaotic IT environment and equip themselves to manage change.

However, are most Fortune 1000 companies actually taking the steps necessary to make a strategic investment in SOA? Are they planning to transform their business infrastructure and – in parallel – enhance their IT infrastructure to support such a transformation? has been surveying its growing community to understand how much of an organized investment the Fortune 1000 is making in strategic SOA versus a tactical funding of SOA-style integration projects. Two indicators of this strategic focus on SOA are the procurement and use of an SOA Registry and the formation of an SOA Governance program. Results from 2007 surveys reveal that the Fortune 1000 is still at an early, immature stage of SOA adoption. They are sending their senior people to training classes and implementing important projects but are not developing an SOA roadmap.  For those people, 2008 represents an important year of investigation and commitment to SOA Governance.

SOA is an example of a software architecture. It can be defined as a software design and implementation methodology for creating loosely coupled, coarse-grained business services. These business services can be independently developed and combined into higher value business processes. At runtime SOA is a discoverable collection of available services on a network that communicate with one another. The services (e.g. applications and/or data) are loosely coupled so they can be flexibly and easily used and combined in various ways. They have well-defined platform-independent interfaces that promote interoperability. This service orientation provides business users with understandable services that they can compose into business processes as needed.

As more loosely coupled services are defined and made available on networks for expanded use and as visual composition and orchestration tools are enhanced, the brittleness of applications-driven business operations gives way to process-driven business operations. In other words, end-to-end process-oriented services can be used to support business requirements – such as an order-to-cash efficiency imperative – to allow for rapid customization and increased flexibility. That is markedly different from businesses needing to change large, brittle monolithic applications at great cost and time to make a minor change to a business process. SOA therefore allows the process change to take precedence and the applications to fall in line, not the other way around. Defining this rich repository of reusable service requires SOA Governance supported by an SOA Registry.

A main goal of SOA is the support of business agility – keeping pace with the velocity of change and uncertainty in the business climate facing an organization. In order to promote reuse, you need a place to store the IT assets that you want to repurpose. The service registry is the system of record for information about services. New services are published here, and business analysts and software developers can use this registry to easily find and reuse existing services. An SOA registry defines standards-based descriptions as well as access and interactions between SOA components. It also provides standard human and automated interfaces to these components.

The registry allows organizations to standardize publishing, discovery, approval and interoperability of SOA business services. The registry acts as a design-time service registry, a run-time service intermediary and a governance metadata repository. Some products separate the functionality into a registry and a repository. Repositories are where you put service artifacts and metadata at design time, while registries are where you list service descriptions and policies that are accessed at run time.

SOA introduces many independent and self-contained moving parts – components which are reused widely across the enterprise and are a vital part of mission-critical business processes. The goal of SOA Governance is to manage the quality, consistency, predictability, change and interdependencies of services. SOA Governance strives to blend the flexibility of service orientation with the control of traditional IT architectures.

SOA Governance is a subset of IT Governance which is a subset of Corporate Governance. The two aspects of a Corporate Governance Framework are 1) Establishing processes that define who is empowered to make certain decisions, and 2) Establishing mechanisms and policies to measure and control the way decisions are implemented. IT Governance defines the decision-making rights associated with IT investments and includes the mechanisms and policies used to measure and control the way IT decisions are prioritized and executed. SOA Governance defines the decision-making rights associated with the definition and deployment of business services and composite applications, and includes the mechanisms and policies used to measure and control the way services are defined, deployed, maintained and monitored.

The main areas of IT governance include the following:

  • Strategic alignment focuses on the imperative to align the business vision, goals and needs with the IT efforts.
  • Value delivery focuses on how the value of IT can be proved through results like profitability, expense reduction, error reduction, improved company image, branding, and so on.
  • Risk management focuses on business continuity and measures to be taken to protect the IT assets.
  • Resource management focuses on optimizing infrastructure services that are a part of the environment supporting the application services.
  • Performance management focuses mainly on monitoring the services that run in a enterprise’s environment.

Any implementation of governance should be centered on the four pillars of an enterprise architecture: people, processes, technology, and services. One mechanism to implement an enterprise IT and SOA governance is by establishing a center of excellence (CoE) for IT and SOA governance that would enable a shared resource and capability center to function as a resource pool as new business application needs arise. A governance implementation needs to be supported by a hierarchical organizational reporting structure.

An SOA Governance Framework enables an organization to answer the following questions:

What happens when a service is changed? How can you be sure the service you are consuming is of high quality? How can you be sure a new service is compliant with IT, business and regulatory policies? How can you ensure predictable uptime of a service?

“Some typical governance issues that are likely to emerge in a SOA are:

  • Compliance to standards or laws: IT systems require auditing to prove their compliance to regulations like [Sarbanes-Oxley]. In a SOA, service behavior is often unknown
  • Change management: changing a service often has unforeseen consequences as the service consumers are unknown to the service providers. This makes an impact analysis for changing a service more difficult than usual.
  • Ensuring quality of services: The flexibility of SOA to add new services requires extra attention for the quality of these services. This concerns both the quality of design as the quality of service. As services often call upon other services, one malfunctioning service can cause damage in many applications.

Some key activities that are often mentioned as being part of SOA governance are:

  • Managing the portfolio of services: planning development of new services and updating current services
  • Managing the service lifecycle: meant to ensure that updates of services do not disturb current service consumers
  • Using policies to restrict behavior: rules can be created that all services need to apply to, to ensure consistency of services
  • Monitoring performance of services: because of service composition, the consequences of service downtime or underperformance can be severe. By monitoring service performance and availability, action can be taken instantly when a problem occurs.” [Source: Wikipedia]

While the specific focus of SOA governance is on the development and use of services, effective SOA governance must cover the people, processes, and technologies involved in the entire SOA life cycle. [Source: Wikipedia]When implemented strategically, a service-oriented architecture enables the evolution of a well connected “service-driven enterprise” where information and application silos can be bridged to deliver better visibility of fast-changing business events and critical information. A service-driven enterprise embraces the concept of increasing business velocity and achieves the following strategic goals:

  • A more succinct expression of purpose and strategic direction
  • A shared understanding at the top team level of what needs to be improved by how much by when
  • An integrated view of cross-group linkages and interdependencies
  • A greater focus on the timeliness and quality of key customer-touching business process outputs to balance the traditional financial metrics.
  • Tighter alignment of strategy, structure, business process and technology
  • Arguably, the best return on your IT investment and top team agreement on where SOA applications are best applied, at what cost and for what results.

The true sign of a company implementing SOA strategically is that company’s development of an SOA Governance program and its implementation of an SOA registry to capture these strategic SOA assets.

Similar Resources

Featured Certificate: BPM Specialist

Everyone starts here.

You're looking for a way to improve your process improvement skills, but you're not sure where to start.

Earning your Business Process Management Specialist (BPMS) Certificate will give you the competitive advantage you need in today's world. Our courses help you deliver faster and makes projects easier.

Your skills will include building hierarchical process models, using tools to analyze and assess process performance, defining critical process metrics, using best practice principles to redesign processes, developing process improvement project plans, building a center of excellence, and establishing process governance.

The BPMS Certificate is the perfect way to show employers that you are serious about business process management. With in-depth knowledge of process improvement and management, you'll be able to take your business career to the next level.

Learn more about the BPM Specialist Certificate





  • Business Process Management Specialist
  • Earning your Business Process Management Specialist (BPMS) Certificate will provide you with a distinct competitive advantage in today’s rapidly evolving business landscape. With in-depth knowledge of process improvement and management, you’ll be able to take your business career to the next level.
  • BPM Professional Certificate
    Business Process Management Professional
  • Earning your Business Process Management Professional (BPMP) Certificate will elevate your expertise and professional standing in the field of business process management. Our BPMP Certificate is a tangible symbol of your achievement, demonstrating your in-depth knowledge of process improvement and management.


BPM Certification

  • Make the most of your hard-earned skills. Earn the respect of your peers and superiors with Business Process Management Certification from the industry's top BPM educational organization.




  • Operational Excellence Specialist
  • Earning your Operational Excellence Specialist Certificate will provide you with a distinct advantage in driving organizational excellence and achieving sustainable improvements in performance.


OpEx Professional Certificate

  • Operational Excellence Professional
  • Earn your Operational Excellence Professional Certificate and gain a competitive edge in driving organizational excellence and achieving sustainable improvements in performance.



  • Agile BPM Specialist
  • Earn your Agile BPM Specialist Certificate and gain a competitive edge in driving business process management (BPM) with agile methodologies. You’ll gain a strong understanding of how to apply agile principles and concepts to business process management initiatives.  

Business Architecture



  • Business Architecture Specialist
  • The Business Architecture Specialist (BAIS) Certificate is proof that you’ve begun your business architecture journey by committing to the industry’s most meaningful and credible business architecture training program.

  • Business Architecture Professional
  • When you earn your Business Architecture Professional (BAIP) Certificate, you will be able to design and implement a governance structure for your organization, develop and optimize business processes, and manage business information effectively.

BA CertificationCertification

  • Make the most of your hard-earned skills. Earn the respect of your peers and superiors with Business Architecture Certification from the industry's top BPM educational organization.




  • Digital Transformation Specialist
  • Earning your Digital Transformation Specialist Certificate will provide you with a distinct advantage in today’s rapidly evolving business landscape. 


  • Digital Transformation Professional
  • The Digital Transformation Professional Certificate is the first program in the industry to cover all the key pillars of Digital Transformation holistically with practical recommendations and exercises.



  • Agile Business Analysis Specialist
  • Earning your Agile Business Analysis Specialist Certificate will provide you with a distinct advantage in the world of agile software development.


  • DAS Certificate
  • Decision Automation Specialist
  • Earning your Decision Automation Certificate will empower you to excel in the dynamic field of automated decision-making, where data-driven insights are pivotal to driving business innovation and efficiency.