Professional Documents
Culture Documents
Bridging SOA and IT Governance: Policy or Peril
Bridging SOA and IT Governance: Policy or Peril
Policy or Peril
Darren Jones
Director, CIO Solutions
Protiviti Canada
Agenda
§Welcome / Intro
ERP Network
Mainframe J2EE
Application Infrastructur
Application Application e AS/400
Service
Management Application
ERP
.NET SOA Application
Application Security &
TECHNOLOGY Availability
.NET
Mainframe Unix AS/400 Application
Application
ChgProblem Application Application Portfolio
Management Mgmt
Not So Fast – It’s NEVER That Easy
Application
Screen
Scrape
Download Application
Message File
Application Queue Screen
Application Scrape
Sockets Screen Transaction
Transaction Scrape File
File Application
Sockets
Download CICS Gateway RPC
File ORB
APPC
Application
Message
ORB Application
Application Message Transaction
Queue File
Application
Message
Queue
CICS Gateway
Transaction Screen
File Scrape
APPC
Application Message Download RPC
File
Source: Gartner
Anatomy of a Service
New Service
Service Consumer
Wrapped
Legacy
Interface Proxy
Composite
Service
Service Service
Interface Implementation
Source: Oracle
Service Communication
Service Service
Consumers Producers
Source: Oracle
Service Platform
Service Consumers
Service Service
Rules Reporting
Change
Control
& Config & Mgmt
Optimized
Business
Approach Focus: Alignment & IT
Efficiency Governance
Managed Leverage
Approach Focus: IT Process established,
Effectiveness Tuning & optimized processes
Efficiency with financial and
other business
intelligence to align
IT Process Tuning established business and IT and
Defined processes for support business
Integration greater strategy
performance,
efficiency and cost
Individual
savings. Eliminate
Processes Integrating multiple bottlenecks, better
processes within IT allocate resources
Repeatable operations to reduce
risk across the
Implementing organization as a
SOx whole
reliable processes
Compliance and controls
Focus
Initial
The Journey & its Benefits
Key Value Stages & Benefits:
§ Risk Mitigation
§Provide process effectiveness, increased control
§Foundation at lower levels of maturity
§Reliability of the systems management process, ensure system stability, integrity, and
availability
§Begin integration with IT operational processes
(e.g. Problem, Incident, Service Level, Asset, & Security Management, etc.)
§ CobiT
§ IT Audit / Gov. focused
§ Control-focused standard
§ Extensive use for ITA / SOx
§ CMMI
§ Originally for Software, now
integrated for other processes
§ Process maturity model concept
widely known & adapted
DS 8 –
AI 6 – Manage Changes ME 1 –
Manage
Service Desk Monitor &
CobiT DS 9 – Manage Configuration Evaluate IT
process AI 2 & 3 – Acquire & Maintain Technology Applications Performance
DS 10 –
view Manage and Infrastructure DS 5 – Ensure Systems Security
Problems PO 10 – Manage Projects / PO 8 – Manage Quality
1. SOA As a Means of Mitigating Risk
After you’ve been moving (for a little while), it’s time to see
where it’s getting you:
§ Report on short-term results
§ Analyze behaviors for changes and root causes
§ Identify mis-alignment and bottlenecks in process
§ Celebrate successes and reinforce “Tone at the Top”
§ Select priorities for investment of more time & resources
Darren Jones