Friday, March 23, 2007

BriefingsDirect SOA Insights Analysts Explore SOA's Role Through Failure, Governance, Policy and Politics

Edited transcript of weekly BriefingsDirect[TM] SOA Insights Edition, recorded Feb. 2, 2007.

Listen to the podcast here. If you'd like to learn more about BriefingsDirect B2B informational podcasts, or to become a sponsor of this or other B2B podcasts, contact Interarbor Solutions at 603-528-2435.

Dana Gardner: Hello, and welcome to the latest BriefingsDirect SOA Insights Edition, Volume 11, a weekly dissection and discussion of Services Oriented Architecture (SOA) related news and events with a panel of industry analysts and guests. I’m your host and moderator, Dana Gardner, principal analyst at Interarbor Solutions, ZDNet blogger, and Redmond Developer News magazine columnist.

Our panel this week, and it is the week of Jan. 26, 2007, consists of Steve Garone, he is a former IDC Group vice president, founder of the AlignIT Group, and an independent IT industry analyst. Welcome, Steve.

Steve Garone: Thanks, Dana, great to be here again.

Gardner: Also joining us, Joe McKendrick, a research consultant, columnist at Database Trends, and a blogger at ZDNet and ebizQ. Welcome back, Joe.

Joe McKendrick: Hi, Dana, greetings.

Gardner: Also joining us is Jim Kobielus, a principal analyst at Current Analysis. Welcome back, Jim.

Jim Kobielus: Thanks, Dana. Hi, everybody.

Gardner: This week we’re joined by our guest Miko Matsumura, the vice president of SOA products at webMethods. Thanks for joining us, Miko.

Miko Matsumura: I appreciate being here. It's a great group.

Gardner: Now, Miko, you joined webMethods recently through the acquisition of Infravio. How is that going? Is that officially closed now, and what's the outlook for the two companies working together?

Matsumura: Well, it’s officially closed, and it’s very exciting. I tend to take an Infravio startup perspective, and from that perspective it’s almost like there are 10 times the number of sales people to talk to. It’s a little bit like The Darwin Awards guy that put a rocket engine onto his Chevy and raced it on the salt flats. Things are going a lot faster, and it’s kind of fun.

Gardner: Cool. Is this going to be a case where it’s the Infravio tail that wags the webMethod’s dog?

Matsumura: I listened to the [webMethods President and CEO] David Mitchell earnings call last night and we had a game, a virtual drinking game, we were playing by instant messenger. Every time someone said the word Infravio, we would say,"Drink." Were we actually consuming alcoholic beverages, I’m sure we would have been pretty soused by the end of the call.

Gardner: Cool. Well, it seems like so far it's a happy match up. It’s good to hear.

Matsumura: So far, so good.

Gardner: One of the topics I wanted to get into this week, and we’ll throw this out to the entire group, is looking at failure in SOA. What is the problem with those projects that are not going well these days? We talk a lot about SOA, the business value, when the maturity is coming, and where the technology and standards are going.

But I thought it might be worthwhile to take a step back and say, "Where are the warts, and why are they there? What can we learn from that?" You’ve had some experience in the field, Miko. Many of our panel speakers are working in these areas consistently. So I wanted to ask the panel, anyone at all. Have you come across SOA projects that have not been stellar successes? And, if so, are there any immediate lessons to be learned?

Matsumura: I'll answer, since you called my name out, and since it’s also a glorious introduction to have someone say, “Yes, I’d love to talk about the topic of failures and for this they have a guest expert.”

From our perspective, the thing that is really vital about this topic is that in 2007 we’re as likely to see catastrophic failures as we are limited success. There are a huge number of moving parts within SOA, and I'm going to use that almost as a handout point to this very well-considered group of folks. We need to categorize for the listener which moving parts are more dangerous than other moving parts, because those are the things that eventually cause the thing to kind of wiggle the wrong way, and send it to a tailspin. Any thoughts about that?

Garone: I’ve gotten involved in some research in the past, and it doesn’t really relate to SOA, but the results that I see from this research have tended to point out two major areas that cause or are the main factors behind these kinds of failures. One is a difficulty in nailing down and keeping a continuous eye on requirements for an application. The other has to do with corporate backing for that particular effort within the company. It's more focused on the people-oriented things and the collaborative issues associated with deciding what to build and how to build it.

What you just indicated was that, in the case of SOA, the focus in terms of failure might be more on the technology-based pieces associated with building an application. Do you see SOA being different in terms of what actually is responsible for failures?

Matsumura: I'm delighted to have you take that approach, because I’ve actually cast this net out into this group as a very neutral test to see what kind of like fish will come out of it. I used a very generic term, "moving parts," but I didn’t specify. Your inclination was to think that I was talking about technology.

Garone: Well, people do so …

Matsumura: That’s exactly what I was hoping to elicit -- the idea that, in fact, a lot of the moving parts -- and the most dangerous moving parts -- are people. From our perspective, the system is sort of cybernetic, half-human, half-machine. The human pieces of SOA are the parts that we’ve seen in failure mode.

It’s not necessarily just the human beings themselves, but, as you described, the interfaces between the human world and the machine world, whether those interfaces are the specifications used to design applications, or the mechanisms used to manifest constraints and policies. They make sure that people, when they do fight each other, fight each other in a way that's productive, as opposed to destructive.

So, thank you very much for heading in that direction. Any one else have anything about "moving parts"?

Kobielus: I think that SOA failures are a subset of IT project failures, which are of course legendary. The most common reason IT projects fail is lack of the appropriate business justification for them. Quite often, their aims are so broad and nebulous that there are over-heightened expectations built up about how it will change the business and contribute to revenues, profitability, and so forth.

There’s a "boil the ocean" element of SOA justifications, because SOA as a set of best practices, is often pitched as, "We’re going to totally clean up; we’re going to totally clean up our development practices and our integration practices. We’re going to orient them around this new grand unifying scheme called SOA."

When projects are pitched in that way, and justified in that way, you’re just setting up the SOA project for failure.

Matsumura: I want to plead guilty as charged. I don’t want to monopolize, but I do want to say that I just recorded an SOA governance podcast on my own, the theme of which was, “Reorganizing the Billion Dollar Software Project.”

Kobielus: I didn’t mean to imply that you were the kingpin of failure, and, in fact, I figured that people who are having trouble in the field look more toward the governance value in order to help solve their problems. I thought I was giving you a soft ball not a hard ball.

Matsumura: No, I appreciate that. Anyhow, I’ll cool my heels and let the others speak.

Gardner: No, you’re the guest. That’s fine. But some of our other discussions on this weekly podcast in the SOA domain come back to the notion of systems integrators (SIs) and even management consultancies getting the lion's share of business in the near term with these things, because it is about culture, people, and process. And the user companies need to shift a lot of what they are doing in order to exploit the benefits of some of the technology and standardization.

I wonder if you agree with that. Do you think that for the next two to five years vendors like yourselves are being dragged along, or do you have another relationship with the SIs that have to get in there and monkey around a little bit with the culture to get companies to transform?

Matsumura: Being dragged along might be a tall order. The reason I say that is that we’ve learned that the people who control the SOA are the people who essentially control the policies. The policies include metadata, repository, and registry -- the kind of policies that are machine-enforceable, but also involve human factors. In a way, the model is more of an equal partnership now.

On the other hand, real system integrators like to control policy as a way to permanently set up a base camp inside an account, pour people through the door, and take over. It's something that we know they're salivating about.

Gardner: Joe McKendrick, what do you think? Is this a control issue right now? Or is there some jockeying going on among the internal constituencies in an enterprise, some of the vendor’s constituencies, and also the SIs? And who’s going to win?

McKendrick: There is a lot of jockeying going on, and Steve has pointed this out in a previous podcast as well. There’s a tension between various groups in the enterprise. I guess there’s a lack of a clear definition as to who is going to be doing what, and who is going to be controlling what.

SOA, of course, is inherently cross-enterprise -- or in theory it’s cross enterprise. An SOA that’s confined to a single silo or single piece of the enterprise, by definition isn’t necessarily an SOA. It’s another proprietary system.

I was curious as well as to what the definition of failure would be in an SOA situation. Personally, I'm not familiar with situations where an SOA, or components of an SOA, had to be rolled back, such as you’ve heard about with spectacular ERP failures. It seems that there may be heightened expectations of ROI or increased business agility, which don’t happen immediately, but components of the SOA still may stay in place and just be sent off in a different direction.

Gardner: Maybe we should define failure. I was thinking of it as an instance where these new practices and methodologies were tried, but people didn’t think they were working. There weren't cohesive approaches. There wasn’t standardization in the organization.

And, so they went back to business as usual, which would have been some of the older application-development ownership and deployment practices, silo-types of affairs. So, in other words, a reversal from a movement toward holistic services, used broadly, to "I’ve got my set of apps. I'm going to maintain control over them. And, if you have any kind of changes or requirements that you wanted to address, you can get in line" mentality.

Matsumura: This strikes to me as a way of defining retreat as a "strategic advance to the rear." There are definitely potentials for failure. Since failure is an orphan, even though success has 10,000 fathers, I can’t allude to a project I know that experienced a failure condition.

For example, a project I was involved in for the insurance industry was widely touted as an early SOA poster child by the vendor. The CIO was on the speaking circuit, which was dragging him off the field, and he had essentially outsourced the entire project toward a single source. What eventually happened was that this particular individual ended up having to leave the company.

I think that the CIO had this mistaken impression that the service interface abstraction allowed him to outsource completely the operational concerns and the implementation concerns, and eventually to treat this service interface as something like a child’s car seat, where really mom is driving.

It’s important to treat the interface abstraction layer like a saddle on a horse, which means that the only people who can successfully get from Point A to Point B are the people who have the skill of riding and controlling the horse, which is the service implementation. It’s really an abstract or complicated metaphor. It’s not hard to lose control.

The whole thing we alluded to early about this integrator setting up a base camp inside a company ... we’ve had customers who deliberately, pre-webMethods, used Infravio as a wedge and basically said, “We don’t want a single vendor to come in with a product and a set of services, because we don’t want them to control everything. We want an independent to mix things up."

There is a very significant danger of the inmates running the asylum or the integrators taking over the whole account from the inside.

Kobielus: I think that the way to define SOA failure is the failure of SOA as a set of practices that a company adopts, the company’s failure to realize the grand claims made for SOA. These include such benefits as improving interoperability, simplifying your IT environment, reducing the cost of that environment, speeding up the development of applications, and enabling greater flexibility in terms of where you can source various components, portals, databases, and integration components from.

An SOA project or initiative is a failure if it increases the complexity of your environment, if it increases cost, if doesn’t make much of a dent in the incompatibilities among different platforms, or if it locks you into a given vendor.

That’s why last week I brought up the whole notion of SOA suites. This notion of an SOA suite from a single vendor who provides everything for you seems to fly in the face of, "Isn’t SOA supposed to allow me to mix and match the BEA, Oracle, webMethods, Microsoft, and everybody else’s components in my environment ?"

If, at the end of the day, you’re a CTO and you say, "Well, here’s my SOA strategy, and we standardize on Oracle or webMethods" -- are you really gaining anything over the monolithic days of yore?

Gardner: So, we can agree that something that would be opposed to failure would be less lock-in, and that could be lock-in from a vendor, lock-in from an integrator, or even internal lock-in, where there is a very strong division within IT or some other organization that’s holding the rest of the enterprise hostage.

Is SOA a democratization type of an effect, or is it really giving command-and-control through policies that you could think of as a governor or an accelerator -- a brake-pedal/dashboard type of an affair -- where suddenly those in the organization that may not have had power before gain it? Is the failure when the control doesn’t go to the right people?

Matsumura: Yes. That hits the nail on the head. I was giving the keynote of the governance track at The Open Group SOA Conference in San Diego [on Jan. 31], and one of the questions that came from the audience was about metadata. Who controls the metadata?

This question is basically The SOA Question, because the people who control the policy metadata are the people who are running the show. The thing that we’re trying to establish here is that the SOA success model is essentially a model where there are federated controls and delegated controls. The reason why this term "federation of control" is so significant is because we’re trying to achieve a balance between the central function, the IT function, and the distributed function, or the business function.

People talk about the agility and control. If you want to balance these things, you need a mechanism that enables some amount of control by the people who are on the periphery, in the business units, trying to create agility. Then, [there comes] some amounts of control by the people in the center, who are trying to create more orthodox standardization and security and orthogonal cross-cutting concerns.

Having the wrong people controlling the wrong things is exactly the pattern that causes things to go a little nuts. The old-school model -- having one single point of control for everything -- has actually proven to be undesirable. While it is not prone to failure, it’s not prone to success either.

Gardner: I suppose when we’ve seen enterprises that are in a suffering mode, when IT and the business are not aligned or not syncing up, well, that can often be due to a cultural clash. For example, if it’s a distributed company and they try to have a distributed approach to IT, that can break down.

If they’re a centralized company, but IT is decentralized among departments that are doing their own applications -- then that could break down. But what’s probably more productive is, as you say, a hybrid approach where certain functions, let’s say procurement, should be centralized. If you can take advantage of a volume approach to your procurement, if you can go to your vendors and suppliers with a larger bid, you can get a better deal. So there are lots of reasons why procurement should be centralized.

But there are other examples, perhaps around knowledge management or around innovation and collaboration, that should be very ad-hoc, very decentralized. How can you manage both of those types of cultures across the company, and then instantiate that through how the IT department behaves and reacts? Anybody have a sense or reaction of that?

Kobielus: A SOA and a SOA initiative are a success if it gives you the ability to adapt the SOA governance structure to your actual business governance structure.

As you’re saying, your business governance structure will evolve over time. All business models change. So the extent to which your SOA initiative and your SOA governance are totally centralized and totally rigid -- but your business environment and the challenges and threats and so forth are constantly changing -- then your SOA failure will ultimately become a business failure, a failure to adapt.

Garone: I’ll concur with what you just said, but also add more in the way I look at it: I don’t necessarily see a contradiction between some levels of centralized control and being able to achieve business agility. The argument for business agility really is about making sure that you make changes quickly to dynamic market conditions and relationships, and so on.

While too much centralization may make that a little bit more difficult than it would be if everything were ad-hoc, I don’t think it makes it impossible. Of course, the world is about balance. The world is about finding that midpoint, where control and governance is centralized enough to keep things safe and secure, and to be able to take advantage of business opportunities -- where consolidation makes sense -- while at the same time staying agile. That’s really the challenge, the way I see it.

Gardner: I guess we need some standard methodologies or best practices around how to approach the whole organization culturally. That brings us into a discussion around ITIL or around what The Open Group has been doing [in terms of certifying SOA architects and the move to the "Town Planner" model of enterprise architrect roles].

Miko, let’s go back to you, do you have a sense of whether there is a legitimate standardization approach that is welling up in the marketplace?

Matsumura: I’ve just been speaking with the head of The Open Group, SOA Governance Working Group and absolutely there are efforts in this area, under the banner of TOGAF, ITIL, and other types of processes. It’s still reasonably early in the game, and what people need to understand and establish are the basic patterns and best practices. A lot of the efforts that create these extremely ornate methodologies are intended to be recipe-book and all-encompassing or one-size-fits-all approaches. I think it’s early in the game to take those approaches.

What I would do is take a look to see if there’s any precedent for a model for policy-managed systems that balance the need of a central entity and the needs of distributed entities, against the desires of the whole. If you look at it from a metaphorical perspective, for example, the federal government of the United States is a very interesting model. You have essentially a bunch of business units called states, that each have their own legislation, their own competency centers called state legislatures, and even their own executives called governors.

Those look a lot like business units to me. If you look at the notion of federation and the federal government model, what you see is this whole principle of jurisdiction. Ultimately, competency centers become the legislative bodies within these organizations. All of the efforts that I’ve seen to codify methodologies around SOA tend to focus on these competency centers or centers of excellence, primarily because there needs to be an inclusive organization for adjudication and jurisdiction, as opposed to having a model, where it’s just a single iron-clad dictator that controls all policy.

If you want to go that way, let’s just go and live in the mainframe and forget about SOA. Not that this would necessarily be a problem, we just have to do it deliberately and well.

Gardner: This is great. We’re getting at the point where world political history is perhaps a guide to how to approach SOA. Do you want a Third World dictatorship? Do you want empires extending their influence? Do we want a Pax Romana approach? Or do we want a pure democracy or a federated democracy? I’m thinking more about Star Trek, when the Romulans and the Klingons get together. If you could only get that to happen in IT, would be in a lot better shape.

Matsumura: Just to extend that metaphor to the initial theme about failed SOA ... . You can actually look at the failure modes of failed states. If you look, for example, at how you establish and foment democracy, there are some models, some really good, real-world cases about how not to establish democracy. Not to get too overly abstract, but there are a lot of practices and principles around establishing policy federation. The interest in doing so is the interest in establishing a controlled paradigm that actually serves the common good in a way that enables agility, but also enables this centralized capability of control.

Gardner: Right. If your company is behaving like Zimbabwe, you need to do something different.

Matsumura: Exactly.

Kobielus: We talk about political governance in terms of the world community. There is no one right governance model within a state or among the various states of the world. But clearly, history has been marked by individual states or groups of states playing and towing with, if you can use the word, various governance models ranging from absolute dictatorships and empires down to sort of laissez-faire, no centralized government.

But governance is an abstract concept, and you don’t necessarily want to dictate one governance model that’s applicable or should be applicable to all organizations and industries. Everybody has their own pressures, market pressures and so forth. In terms of SOA governance, there are radically centralized models in a given organization. It could be a radically centralized governance model within a given industry sector in the sense that basically one monopoly company controls an entire sector of the economy and they then dictate all the SOA policies and practices for all of their tributaries, as it were.

In the world, you have 230-something countries that are sovereign states ostensibly, and they establish various bilateral treaty relationships and also participate in various multi-lateral treaty organizations like the United Nations and NATO and so forth. Any given country is probably, involved in various international governance schemes as it were -- but also internally, from generation to generation, from revolution to revolution it’s going from centralized to decentralized. One size doesn’t fit all generations of governance.

Gardner: So, maybe we should take a lesson from the United States in Iraq, where you need to look at what you’re getting into. You might not want to just take a company and inject a pure democracy or a federated approach. In fact, each company has its own history, its own culture.

You might want to do the equivalent of a Myers-Briggs test and figure our what kind of company it actually is. Then, figure out in what way to approach governance, so that we don’t try to overstep what’s possible on a linear basis. I suppose it’s also evolutionary. Some companies might need to start out as strict dictatorships, and then perhaps the government withers away and it becomes a democracy. We’ve seen the example of Eastern Europe over the last 20 years. Any thoughts on politics and geopolitics as a lesson for SOA?

Garone: I think it’s a great metaphor. I’m thinking about the model that I think makes sense in that regard, although it’s kind of obvious, which is basically, the U.S. Constitution and the federation of states. You’ve got certain things that are up to each state, and certain things that are up to the federated entity sitting on top of all of it.

Gardner: If I could just pause you. The first step, the Articles of Confederation, which gave too much power to the states, didn’t work.

Garone: Right. So, now you’ve got a dynamic situation where some of that can change and over time. Plus you can also “amend your constitution” to make changes as appropriate. But, there was not always a set of things that are controlled by the centralized entity, the federal government, in the metaphor. But there’s also a certain set of things that those individual states need to comply with in making their own rules.

Matsumura: I just want to jump in here and talk about the U.S. Constitution, which has some key design patterns in it. If you actually look at the separation of power declared in the preamble, it says that the purpose is, "... in order to form a more perfect union." So, there’s this notion of the intent of the formation of this governing entity, which is the goal of a more perfect union, which essentially means that there’s a distribution of power and that the consent of the governed essentially be the overriding principle.

The idea that comes out of that, though, is the clause "provide for the common defense." That’s really talking about the security domain, whether it’s physical security or technical policies associated with the current data. The idea is that it actually should be a federated concern. In other words, security is everybody’s business. You can’t just delegate it to one unit and say, "It’s your business."

The earlier comment about how there’s no one-size-fits-all is absolutely the case. For example, I just spoke with a bank that's highly decentralized. I also spoke with one of our customers, Johnson & Johnson, which has 200 operating companies, and is fairly decentralized. Their central IT exerts a pretty strong coordinating function. So, we’re talking about the big picture, which is, how do extremely large entities organize themselves and how do they achieve success in that organization?

Garone: It comes down to what an organization wants -- centralized or decentralized IT functions. Getting back to the whole notion of the Founding Fathers of the United States, they were not of a single mind among themselves on the proper governance structure. You have Alexander Hamilton, who wanted highly centralized. Then you have Thomas Jefferson, the fellow who wrote the Declaration Of Independence, who wanted it quite decentralized.

And they yanked back and forth until various things happened, and that got more centralized. Then, you had some of those, like in the southern states, who felt it needed to be highly decentralized, and fought a war to try to enforce that kind of order. It’s one of these things that just keeps rocking back and forth, from one generation to another, in terms of the right approach.

Kobielus: Look what’s happening in Venezuela now with this guy Hugo Chavez. He’s totally centralizing everything, establishing a new dictatorship there. Not all of his country people are happy with that. I saw in The New York Times that a lot of them are applying for asylum in places like Spain and elsewhere. This is highly political, but on the IT front, it’s the same thing. Quite often, SOA is justified on a project-by-project basis. "Oh, yeah. We’ll do this project according to the principles of SOA," without necessarily implying that they’re trying to impose SOA practices across all projects and across all systems.

Gardner: Now the corporation as an organizational definition has been around for couple of hundred years. You look back to early mercantile activities, to some of the Dutch companies that had started in 17th century, for example. The modern company is certainly at least a hundred years old.

If we look at some of the large conglomerates, there’s a history of progression around corporations as entities in a more modern sense. Perhaps what's different now, though, is that companies are of, for, and by -- if I could borrow another political statement -- technology. Technology so permeates how a company operates, particularly if you’re Internet-facing and if you’re using and exploiting the Internet for more and more of your supply chain, your distribution, your transportation, for the way in which you attract sales and customers, and so on and so forth.

So technology now is at an intersection with the corporation as an organization, and perhaps that’s what’s forcing this need for a different look at how to organize in general, and, therefore, on how to govern.

Matsumura: I wanted to respond a little bit, too. One of the themes that emerges from our conversation here is that we’re talking about SOA as more or less of a post-modern infrastructure. What I mean by that is that some of the themes that emerge in post-modernism, post-structuralism is the notion of the breakdown of the dominant narrative, which is that there isn’t a universal "thing." The resistance to the one-provider IT stack model, the suite model, is the notion that there isn’t a single system that can rule them all, over all others, and that heterogeneity, components-wise, is the law of the day. Think about that particular heterogeneity in terms of how it functions from a policy perspective.

We talk about federations and policy context, but there’s a degenerate case, where essentially what you’ve done is you’ve created a federation of two. This means that two business units come up with an agreement, or two companies come up with an agreement, which is referred to as a contract. The reason I’m alluding to this degenerate case is that a contract is treated as a completely different class of legal structure within our governmental system, and is protected by the civil law system. When disputed parties get into contention, it’s basically a civil issue.

When someone breaks a policy held by the government at-large then it is either a federal or state issue. From the perspective of creating an appropriate taxonomy, it’s important to consider that these two cases are actually pretty different. Perhaps an attempt to establish initially a sweeping universal regime of centralized federated policy may actually be subsumed by these kinds of groupings of pairs of twos or threes -- or United Nations or NATOS -- or just the kind of loosely coupled and smaller policy domains that are built on top of individual agreements between provider and consumer pairs.

Gardner: I guess we’re somewhat fortunate that there are only about 200 countries in the world, but there are thousands and thousands of companies. So, there’s a lot more opportunity for experimentation in the marketplace and for competitive forces to play out dominance. We can see some success stories, as well as failures, and we can learn from those successes on how to best organize a highly technologically advanced corporation.

McKendrick: We talk about the post-modern corporation. Where are these companies going to get their IT? Where are they going to get their technology? We’re seeing more and more instances of companies going outside, not wanting to get involved with the bits and bytes of managing a technology infrastructure.

We call it "software as a service," "managed hosting," and various types of acronyms and terminology. But I’ll bring Nick Carr into the argument here. Nick Carr said IT doesn’t matter. It’s going to be ubiquitous, available like a utility. Any company can tap into it, whether it’s internal or external, to the point where it’s not that big of a concern.

Matsumura: I can’t resist shooting at this. It’s going to require you to follow along with the metaphor that we’ve drawn. If you can’t suspend your disbelief in the metaphor, it will be hard for you. The metaphor of nations and the competition between nations has typically been along the lines of warfare in our history.

Look at the metaphor of business at war, which is essentially competition for the survival of the integrity of your company against all others. It’s not on the battlefield, but it’s for customer value, for creating services that people treasure. In the history of warfare between governments and nations, what we found is that the organizations that leverage technology to their advantage are the ones that come out ahead.

Abdicating the responsibilities of the management of technology to a commoditized provider creates an extreme vulnerability because your competitive differentiation should not be held or embodied by some generic provider. I think even Nick Carr has backpedaled from his hard-line IT commodity position.

Gardner: I’ve noticed that Nick has backpedaled a little bit, but again we’re back to where it’s not necessarily all-or-nothing. There are going to be some aspects of technology that are commoditized, that should be accessed centrally, and there are many others -- perhaps this will change over time -- that are differentiators. Control over how your organization behaves and controls your assets and resources strikes me as something that you would never want to commoditize.

Kobielus: Think of this notion of where companies in the most post-modern age are going to get their governance structures from. I think a lot of the governance risk and compliance management vendors -- it’s a new market space; companies like SAP and OpenPages and MEGA International and BWise, and others, are building up platforms that have both verticalized and horizontalized governance templates, rules and workflows, and so forth. Increasingly companies or enterprises will standardize on a dominant governance risk and compliance management vendor for their organizations, and then use whatever templates they choose. And their SIs will modify them to suit their own needs going forward.

Bringing this back to the whole notion of where nations get their governance charters. I just read a book, a really good one, called "Declarations of Independence," and it shows that the first actual declaration of independence ever created to found a nation was our Declaration of Independence in 1776. You wouldn’t believe how many other countries have actually plagiarized or borrowed language and whole concepts from it, including Vietnam. The declaration of independence for Vietnam in 1945 directly quotes from our Declaration of Independence, which I found highly ironic.

Garone: I’m going to bring back outsourcing into this discussion as well. Post World War II, the nations that have relied on the Unites States for its defense have thrived economically, because they have not had to spend so many dollars on their own defense -- Germany being the prime example. They’re under our umbrella, and their defense budgets are much lower than ours, and these nations have thrived and moved forward.

Gardner: Well, without getting too deep into what is or isn’t the right approach in world affairs, clearly we’ve defined here that a successful SOA is a lot about politics, power, and moving beyond traditional norms of organization. How you do that probably is going to involve failures. If the Unites States is a good model, it had to fail a couple of times. It failed with the Articles of Confederation. It failed in dealing with slavery up until the Civil War, and perhaps for a hundred years afterward in terms of how it was dealt with in practice, if not in law.

So the idea that we started this discussion with -- where are the SOA failures -- perhaps we should look to failures as a necessary set of learning activities, in that SOA is not going to just happen and spring up like a fungus or a mushroom after a spring rain, but it’s going to have to be something that’s hard-earned.

Matsumura: Well, the way I want to respond to is that having maturity in the way that you deal with failure is essential. If you look at the way that our policy system functions within the United States, what you have is you have a set of policy assertions about what it is people can and can’t do. But then you actually have a policy enforcement mechanism that’s heterogeneous and distributed. You have the FBI, the CIA, the state and local law enforcement, the Army and the National Guard.

You have all these different policy enforcement points everywhere, manifesting these policies. What is extremely important to understand is that there’s an entire judicial system whose function it is to take those policy enforcement actions, monitor their efficacy, and enable the whole system to readjust and adapt.

So, I think that it’s not just an accident of, "Let’s just run out there randomly, screw up badly, and then sit there and try to recover and learn." I think that having a learning engine that monitors, adapts, and revises policies, and having a competency center, an adjudication point that’s deliberately there for the purpose of making those adaptations -- that is an essential function.

Gardner: Or checks and balances ... . If you’ve got failure, that could be a very good learning experience, where you need a check and balance in place, and so the progression toward the value and benefit of SOA can be accomplished. It will be a different path for each company, but they’re going to have to have checks and balances to keep the progression going forward, rather than reverting back to the past, and in a sense giving up.

Well, this has been a very stimulating and interesting discussion, I’m glad that you all could join us. It took on a little different characterization than I was expecting, but a necessary vantage point on SOA in order to make it successful.

We’ve been joined here with our usual panel, Steve Garone, Joe McKendrick, Jim Kobielus and our guest, Miko Matsumura, vice president of SOA products at webMethods. This is your host and moderator, Dana Gardner. You've been listening to BriefingsDirect SOA Insights Edition, Volume 11. Thanks for listening and come back next week. Thank you, gentlemen.

If any of our listeners are interested in learning more about BriefingsDirect B2B informational podcasts or to become a sponsor of this or other B2B podcasts, please fill free to contact Interarbor Solutions at 603-528-2435.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect SOA Insights Edition, Vol. 11. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.
Post a Comment