SOA Survey Finds Lack of Automation When It Comes to Compliance Reviews

According to a recently released survey from the SOA Forum (an organization of enterprise architects founded by automated SOA governance vendor WebLayers), organizations are more often than not implementing Web services without performing any type of compliance review. And when they are conducted, those compliance reviews are inconsistent or undocumented manual processes rather than rigorous, automated reviews.

Among other findings, the survey reported that:

• 88 percent of respondents feel their current SOA governance is not sufficient.
• 85 percent of companies depend on manual reviews in design and development stages to try to achieve architectural governance.
• 80 percent of companies feel that their organization is at measurable or large negative risk due to putting services in production that are not effectively governed.
• Significant dissatisfaction was reported when a registry/repository is deployed without policy management and automated enforcement.
• 56 percent report that half of their services are not reviewed for compliance at all before moving into production.

The issue of manual versus automated review was central to the survey. Those respondents who had automated the governance process said they are able to check at least 75 percent of their artifacts for compliance, and one third check 100 percent of their code and artifacts for compliance prior to implementation. Moreover, 100 percent of the respondents using automation state that their governance process is not an obstacle to their developement teams.

Additionally, of the responding companies that have more than 50 services in production, 83 percent rely on manula design and code/artifact review, while 54 percent use manual pre-registration checks. Of these companies, 42 percent have less than 10 people responsible for manul review processes.

Responding companies that are using automated policy enforcement are claiming higher success rates:

• 89 percent of companies using automated processes share governance policies across different operating groups or divisions within the organization.
• 86 percent of all companies using design-time automation claim that their governance processes are not an obstacle to their development process.
• 75 percent of these companies have over 50 services in production.
• 63 percent of these companies also leverage automated runtime monitoring.
• 88 percent of companies review over 50 percent of their services before moving them to production, with 50 percent of companies achieving 100 percent coverage of their service compliance reviews before moving them to production.

Organizations with 50 or more services and using automation claim to be seeing higher success rates in their SOA implementation.

The survey was conducted in May of 2007. Responses were solicited via email from the 1,300 SOA Forum members, with more than 500 respondents.

Posted by Jon Erickson at 10:59 AM  Permalink