Sunday, November 16, 2008

BriefingsDirect Analysts Review New SOA Governance Book, Propose Scope for U.S. Tech Czar

Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 33, on the role of governance in SOA adoption and the outlook for IT initiatives in the Obama administration, recorded November 7, 2008.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Charter Sponsor: Active Endpoints.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Dana Gardner: Hello, and welcome to the latest BriefingsDirect Analyst Insights Edition Podcast, Volume 33. This periodic discussion and dissection of IT infrastructure related news and events, with a panel of IT analysts and guests, comes to you with the help of our charter sponsor, Active Endpoints, maker of the ActiveVOS visual orchestration system. I'm your host and moderator, Dana Gardner, principal analyst at Interarbor Solutions.

Our topics this week, the week of November 3, 2008 are services-oriented-architecture (SOA) governance, how to do it right, its scope, its future, and impact. We'll be talking with Todd Biske, author of the new Packet Publishing book SOA Governance. Todd is also an enterprise architect at Monsanto. We'll also be looking at this historic election week. The presidential election results are now in, and we're going to view the impact through an IT lens.

Our panel will focus on the IT policies that an Obama administration should pursue, as well as ruminate about what a cabinet-level IT director appointee might do and might accomplish. To help us dig into SOA governance and think about what a new national IT policy might be, we're joined by this weeks panel. Please welcome Jim Kobielus, senior analyst at Forrester Research. Howdy, Jim?

Jim Kobielus: Hi Dana, hi everybody. Good morning and afternoon, wherever you are.

Gardner: And also Tony Baer, senior analyst at Ovum.

Tony Baer: Hey, Dana, good to be with you here again.

Gardner: Let's also welcome our guest. This is not his first appearance. He's been on several times before -- Todd Biske. Welcome back, Todd.

Todd Biske: Hi Dana. Thanks for having me back.

Gardner: Let's just dig right into your book, Todd. Tell us why you decided to write a book on SOA governance. This is not something that people bring up around the dinner table at night.

Biske: It certainly isn't. It's funny that I actually got to speak at the young authors' program at my kid's school, and thought that they probably don't care when they're in kindergarten or fourth grade about SOA governance, but it was a good time.

The reason that I decided to write a book on this is actually two-fold. First, in my work, both as a consultant, and now as a corporate practitioner, I'm trying to see SOA adoption be successful. The one key thing I always kept coming back to, which would influence the success of the effort the most, was governance. So, I definitely felt that this was a key part of adopting SOA, and if you don't do it right, your chances of success were greatly diminished.

The second part of it was when the publisher actually contacted me about it. I went out and looked and I was shocked to find that there weren't any books on SOA governance. For as long as the SOA trend has been going on now, you would have thought someone would have already written a book on it. I said, "Well, here's an opportunity, and given that it's not really a technology book, it's more of a technology process book, it actually might have some shelf life behind it." So I decided why not, give a try.

Gardner: I've heard this several times in many different places that SOA governance should not be linear in relationship to SOA, but at the beginning, the middle, really simultaneous to any SOA infrastructure activities. Is that a basic content of your book?

Key governance message

Biske: Yes it is. The way I wrote the book was to actually use a management-fable style. There's a fictional story that goes throughout the book. It starts from step one, when there is some grassroots effort of someone interested in applying Web services technology, or REST, or whatever it is, and trying to broaden to scope of that, and how it expands into an enterprise initiative.

The key message in this is that the reason companies should be adopting SOA is that something has to change. There is something about the way IT is working with the rest of the business that isn't operating as efficiently and as productively as it could. And, if there is a change that has to go on, how do you manage that change and how do you make sure it happens? It's not just buying a tool, or applying some new technology. There has to be a more systematic process for how we manage that change, and to me that's all about governance.

Gardner: Now, risk avoidance is a top of mind for a lot of IT folks, as they embark on SOA activities. I suppose the risk on one side is that if you don't do it enough, it doesn't take off, doesn't get traction, there is not an adoption, and so your efforts and your investments are not well paid back.

The other risk is that you go too far too quickly and you have too much success with SOA. Perhaps it spins out of control, and complexity, lack of monitoring and enforcement become issues. The important thing here with risk is to find that balance. Governance, I suppose, is sort of a knob, if you will, on how to get and maintain that balance.

Biske: I would agree with that approach to it. The very first step that helps to manage that risk is defining the target state you want to get to. What's the desired behavior for your organization? I think the two scenarios you described both come about by not having an end state in mind.

If I just blindly say, "We're going to adopt SOA," and I tell all the masses, "Go adopt SOA," and everybody starts building services, I still haven't answered the question, "Why I am doing this, and what do I hope to achieve out of it."

If I don't make that clear, I could easily wind up with a whole bunch of services and building a whole bunch of solutions. I'll have far more moving parts, which are far more difficult to maintain. As a result, I actually go in the opposite direction from where I needed to go. If you don't clearly articulate, "This is the desired behavior. This is why we're adopting SOA," and then let all of the policy decisions start to push that forward, you really are taking a big risk. It's an unknown risk. You're not managing it appropriately if you don't have an end state in mind.

Gardner: Before we go to our other panelists, maybe you could tell us about your fictional insurance company, which you call Advasco, I believe. Tell us the story inside this book.

Biske: Sure. It's a large financial conglomerate, starting out in the insurance industry, but they also expand through acquisition into other financial product areas.

Gardner: It's probably not as large as it was when you started writing the book, right?

Biske: Probably not, although I don't think I made any mention of mortgage-backed securities anywhere in the book. So, it's probably one of the institutions that have survived.

Biske: It starts out with an emphasis from the business leaders that they need to improve their position with their customers. They're continually getting dinged. They've got different sales staff coming at them with no idea about the different financial products that they hold. Sales people are competing with each other.

So, there's this initiative to say, "We need to improve our customer image," and that begins the path toward SOA by saying, "Let's focus on the customer, customer-related services, and build that up." But, it's only within their insurance line, not quite enterprise wide.

I use that example that when it tries to broaden beyond that, other people in the story come along and say, "Well, that's not my initiative. I am not going to participate in that," and it covers some of the political battle that you can get into in an organization, when everybody has a different set of priorities.

Over the course of the book, they begin to see the benefits of adopting this -- how it impacts their development efforts, and how that actually winds up delivering business value as a result. Along the way, they make a series of missteps that cover the aspects of traditional project governance, such as building services the right way. Then, branching out into, "How do we expand this beyond the initial set of customer services. We can't just build on services blindly."

So, there's a discussion around how to determine the right services to build. It gets into that pre-project governance area, which goes beyond IT and to the business side of the company.

The last piece of it talks about the runtime aspects. They go from internal services that are just used within the company, to exposing services outside the company. They have a situation where their systems start to fail and, because they didn't have effective runtime governance, they go through al large exercise to try to figure out the source of the problem and correct it. They uncover as result of that the need to have policies and governance around how the external parties that use their services are able to access them and how to manage that piece of it.

We cover the whole project lifecycle, as well as aspects outside of the project lifecycle, more of the portfolio planning, project decisioning, and getting into the more traditional areas of IT governance.

Different types of governance

Gardner: You've mentioned a couple of different types of governance. There's IT governance, runtime governance, and SOA governance. Is it right to look at it this way, that there are different types of governance that need to be federated? Or, should we think about it more like we need to get one umbrella governance, perhaps call it SOA governance, but have it take on more and more aspects of these other flavors?

Biske: There's kind of a federated or hierarchical approach to it, and there are two different ways of looking at federated governance. I want to come back to that. If you look at traditional IT governance, it is more about what projects we execute, how do we fund them, and structuring them appropriately, and that has a relationship to SOA governance. It doesn't go into the deep levels of decisions that are made within those projects.

If you were to try to set up a relationship, I would put IT governance, and even corporate governance, over the SOA governance aspects, at least, the technical side of it. The other piece of that is, when we talk about runtime governance, IT governance probably is focused on the runtime aspects of it. That's really a key part of this, making sure that our systems stay operational and that the operational behavior of the organization is the way we want it to be. So there is a relationship between them.

With the notion of federated governance, in addition to the hierarchical nature, we also have to look at the structure of the organization. If it's a very large organization with multiple lines of business -- and this is something that Jeanne Ross covered in her IT governance book -- you may have one line of business that is interested in growing very rapidly and another line of business that is in a cost-containment mode. We have to factor those two governance models into the decisions you make in how you leverage IT.

If you try to choose some standard technologies that you are going to use across the entire enterprise, you are going to run into problems, where you have competing priorities of the one line of business, which is trying to move as quickly as possible and really energize that growth, being forced to use some standard technologies to where the processes may not have been matured yet. That could slow them down. At the same time, the group that needs to have cost containment is probably all for those. So we have to balance that federation as well.

Gardner: It's a fascinating subject, and I do think it is part and parcel with SOA. It even goes beyond that, and we can get into that a little. I'd like to remind our listeners, that your book is now currently available on amazon.com, is that right?

Biske: That's right, Amazon.

Gardner: So, if I were to go to Amazon, I just do a search on SOA Governance, or "Todd Biske," or both and I might just easily find it. Is that right?

Biske: Yes, that is correct.

Gardner: Well, let's go to my panel. Tony Baer, do you agree that SOA governance is really so important from soup to nuts, start to finish, lifecycle for SOA to be successful?

Baer: In the grand scheme of things, the answer would be yes, but you also have to look at what the scope of your SOA effort is going to be. Just this morning, I was reading a piece from one of our panelists, Dave Linthicum. He was saying, based on Gartner figures, that, from an enterprise-wide standpoint, interest in beginning or continuing SOA projects was going to drop pretty markedly this year. So, you need to look at it in terms of, "Are we are looking at enterprise-wide transformation, something more tactical?"

My sense is that, given the current economic environment, you're going to see a lot more in the way of tactical projects. From that standpoint, this hooks into an issue that we were discussing in an internal meeting yesterday as to what level you take governance. I want to take a closer look at this. I don't have any fully formed conclusions on this yet, but I think that most organizations are still looking at SOA in the coming year, but looking at it in a much more restricted scope, as opposed to a an enterprise-wide transformation.

We need to look at some jump-starts in a sensible, sort of "lite," like, L-I-T-E governance. That's governance that basically federates, or is compatible with, the software-delivery lifecycle. And, when we get to runtime, it's compatible with whatever governance we have at runtime. That's an area that's very complicated, because you start dealing with different organizations that own different pieces of it.

The software-developing organization owns the architectural implementation of SOA. You have the business that owns the service, and you have the IT operations group that owns the data center runtime.

So, it's not a simple answer. Also, given the level of likely interest in SOA in the coming years, I think we're going to have to be a lot more tactical, and we are going to have to be a lot more light-footed to start off with.

Differing views of SOA's future


Gardner: I'd like to point out that the interpretation that SOA is going to ratcheted at back is not the only one out there. I was just on a webinar a few days back with Sandy Rogers from IDC. Some of her research shows that, in fact, SOA is ramping up and moving into that enterprise-wide phase. There might be economic impacts on certain vertical industries, but there is more than one way to look at SOA in terms of its adoption.

With that said, Jim Kobielus, what's your position on SOA governance, and do you think there is a need for an SOA Governance Lite at this time?

Kobielus: "SOA Governance Lite." I was rolling that phrase around in my head, as it came out of Tony's mouth. Yeah, what exactly would SOA Governance Lite constitute? Tony, I want to hear from you first. Do you have a definition?

Baer: Well, you're looking at potential for reuse, but you are not using it as a major criterion, because, at this point, you're not at any level of certainty, as to whether you will be achieving reuse. This touches on an area that we have also discussed in this venue many, many times. The objective of SOA is to achieve reuse, but it's really to achieve business agility. Therefore, whether we shoot for reuse, initially or not, it will not necessarily be the ultimate measure of success for a SOA initiative. SOA Governance Lite would not emphasize very heavily the reuse angle to start off with. You may get to that at Stage 2 in your maturity cycle.

Kobielus: That's a good working definition of SOA Governance Lite, and I agree with that. Well, I agree with that from the point of view of just looking at the times that were in right now, some pretty nasty times. The economy looks like it's going to go deeper down the tubes, before it gets any better.

At Forrester, we like to pitch most of our research in terms of tying it to what we call our customers' success imperatives. That's a very optimistic way of looking at things, like, "You should invest in business intelligence (BI), data warehousing, and so forth, because it will help you succeed, be innovative and agile, and transform the organization." You can look at SOA as a success-oriented architecture.

The flip side right now is that you can look at it as a survivor-oriented architecture. You have a survival imperative in tough times. Do you know if your company is going to be around in a year's time? The issue right now in terms of SOA is, "You want to hold on and you want to batten down the hatches. You want to be as efficient as possible. You want to consolidate what you can consolidate in terms of hardware, software, licenses, competency centers, and so forth. And, you're probably going to hold the line on investment, further applications, and so forth."

For SOA, in this survival oriented climate that we're in right now, the issue is not so much reusing what you already have, but holding on to it, so that you are well positioned for the next growth spurt for your business and for the economy, assuming that you will survive long enough. Essentially, SOA Governance Lite uses governance as a throttle, throttling down investments right now to only those that are critical to survive, so that you can throttle up those investments in the future.

Gardner: What do you think Todd Biske? Do we need a "lite" version of SOA governance? Is it also a way to scale up as well as scale down, so it's insurance, regardless of the business environment?

Biske: I'm not a believer in the term "lite" governance. I'm of the opinion that you have governance, whether you admit it or not. An alternative view of governance is that it is a decision-rights structure. Someone is always making decision on projects.

The notion of Governance Lite is that we're saying, "Okay, keep those decisions local to the project as much as possible. Don't bubble them up to the big government up there and have all the decisions made in a more centralized fashion." But, no matter what, you always have governance on projects. Whether it's done more at the grassroots level on projects, or by some centralized organization through a more rigid process, it still comes back to having an understanding of what's the desired behavior that we are trying to achieve.

Where you run into problems is when you don't have agreement on what that desired behavior is. If you have that clearly stated, you can have an approach where the project teams are fully enabled to make those decisions on their own, because they put the emphasis on educating them on, "This is what we are trying to achieve, both from a project perspective, as well as from an enterprise perspective, and we expect you to meet both of those goals. And if you run into a problem where you are unsure on priorities, bubble that decision up, but we have given you all the power, all the information you need. So, you're empowered to make those decisions locally, and keep things executing quickly."

Gardner: Todd, I want to just pick up quickly on one thing you mentioned, which is that you are doing governance, whether you recognize it or not. Are there certain telltale signs that an organization is at the point where its governance is happening in stealth mode, that they need to start getting more methodological and concrete about how they address it? Are there any telltale signs from either your fictional company or ones you have dealt with that are harbingers of governance that needs to happen, and in a better way?

Biske: Telltale signs are when you are having meeting after meeting with people disagreeing and saying, "Well, my management told me this is my priority," and somebody else is saying, "My management is telling me this priority."

That can be at the project level, where you have the project manager telling the developers, "I don't care what the enterprise architects have told you, we've got to get this solution delivered by this date. Whatever you have to do to make that happen, go do it." Versus two more-senior managers in the organization debating who is going to fund this service or have their team manage the service once it's written.

I have both of those scenarios in the book, where there are meetings and we have people debating this. And, we have to have mediation that says, "Hey, this is our priority. This is the direction that's been given from the CIO or center of excellence. This is the priority behind it." And there are cases where you will have competing priorities, and you have to have a structure on how to resolve those situations, and who are the right people to get involved to say, "This priority takes precedence in this case."

Kobielus: What Todd said is exactly correct. If you're going to define SOA Governance Lite, it really has to be in more of a federated, decentralized, negotiated environment, where CTOs, CIOs, and lower-level IT people get together and collectively build coalitions around best practices.

Maybe one competency center takes the lead in a particular area of SOA, and another competency center from another business unit takes a lead in another area. And, collectively among themselves, laterally, they put together best practices that drive everybody, as opposed to the hierarchical, top-down, command-and-control SOA governance that we should regard as SOA governance "heavy," as the alternative.

Gardner: Todd, when you mentioned these meetings as harbingers of potential problems, it reminded me of Agile Development, Scrum, and the role of a ScrumMaster. Are there any parallels between, on the development level, what people hope to accomplish through Agile and the use of Scrum, and what SOA governance can offer at a higher abstraction at the services level, and in helping businesses to accomplish their business goals.

Biske: Yeah, there are some parallels. The ScrumMaster is the ideal methodology, where they emphasize the need for the team to come together often, but in a small group, to keep everybody on the same page with what the targeted goals are. They empower them then to go off and do the work and not spend all their time in meetings. The same holds true here. If you don't have that common vision and common understanding across all parties involved, people start to drift away and have their own opinions on the right thing to do. That's where you run into problems.

Gardner: Is there anyone else who want to offer any comment, before we move on to the next subject?

Baer: I'd definitely agree with that. This is coming from someone who initially was very much a skeptic about Agile and all those very localized methodologies. Ultimately if you take a look at our what SOA is architecturally, it is loosely coupled, and it's supposed to foster business agility. That's very compatible with the ideals of Agile software development, which essentially looks at software development as very loosely coupled, but compatible, activities. So, I would agree there 1,000 percent with Todd.

Biske: Another parallel we can draw to this is the current economic crisis. The risk you have in becoming too federated, and getting too many decisions made locally, is that you lose sight of the bigger picture. You can look at all of these financial institutions that got into the mortgage-backed securities and argue that their main focus was not the stability of the banking system, it was their bottom line and their stock price.

They lost sight of, "We have to keep the financial system stable." There was a risk in pushing too much down to the individual groups without keeping that higher vision and that balance between them. You can get yourself in a lot of trouble. The same thing holds true in Agile development. There are people who may be more critical of it saying, "What if we go too far and let everybody do their own thing? We may struggle as an enterprise in bringing that all back together. "

You have to have the right balance of some centralized viewpoint -- this is the direction we need to go - but still empower the local teams that can execute efficiently.

Baer: Todd, I have a question for you there. There's a great example there with the current crisis. We need to have acceptable risk management and risk mitigation standards on an enterprise-wide level, while still providing empowerment to local teams to accomplish that goal in whichever way they see as compatible with the larger objective. How detailed and comprehensive should the vision, goal, or mission be defined from above, versus what's defined from below?

Biske: The key aspect is that you have to have something that's measurable at both levels. In one chapters in the book, I have an example, where the CIO talks, but keeps it at this vague "we want to adopt SOA" type vision. That's is a rallying cry that people can jump behind, but it lacked the ability to specify where we want it to go. I do think it needs to trickle down to a high level measurement, saying, "We want to reduce the average time it takes to get a solution out by 10 percent," or, "We want to reduce the time it takes us to identify the cause of a production problem by 25 percent."

That's a measurable goal that at a high level that we can continue to monitor. If we're not achieving it, we can start asking, "Why are we not getting there?" But, that needs to drill further down into much more fine-grained policy that applies at those local levels. We can then come back and say, "You know what, this is our goal. We don't have a goal to improve the accuracy of our initial budget or initial schedule estimate on these projects."

You can use that when you're in the situation of project manager saying, "I've got to meet this date," versus the technical team saying, "But, if we don't do it this way, we may be inhibiting our agility down the road." So, having those measurable stated goals, if we're not achieving them, we can go back and adjust things. That's the key to it.

Gardner: Todd, we've talked a little bit about scaling governance down to a more tactical level. Recently, there has been a lot of discussion about cloud computing and sourcing services from different providers, through on-premises or private grid or utility or cloud-type of provisioning and infrastructure. It seems that there's not only a need for Governance Lite types of adjustment and flexibility, but perhaps governance maximum, where you might be starting to get services through hybrid environments. We've also heard recently people who are saying that SOA capabilities and competencies are a precursor to be able to do cloud properly.

What's your position? If you do SOA Governance Lite, does that actually put you in an advantageous position to take advantage of cloud across a variety of internal or external sources?

Biske: I think I fall into the later category. You have to have SOA in place to be able to make the right decisions around cloud computing. It's too bad that Joe McKendrick couldn't be on the line on this one, because he and I had a blog exchange, probably about three years ago. He made the statement that the adoption of SOA was going to increase the amount of outsourcing that went on, and this was before the cloud computing term really got hot.

My counter to that was, I don't know that it's going to actually create any more or less outsourcing. What it should do, if we do it right, is have more successful use of cloud computing, or outsourcing of particular services within there.

If I know that I've got a particular service and I've got measurable goals on what I hope to achieve through those services, I can make the right decision on whether the best way to handle this service is to source it internally or to go to an outside source, and what the cost implications of that are.

Where we get ourselves into trouble is in hoping that going to cloud computing or to software as a service (SaaS) is going to make things better. But, wbut we don't have any way of both measuring where we are today, and what the factors are that are causing us to think negatively about it, as well as, measure it when we switch to a different sourcing model with it, and make sure that we are seeing the improvement that we wanted to get out of that.

Having the right policies in place is what we have to achieve and is key, whether you host those services internally or externally.

Gardner: Now, this book is designed for practitioners. It's hands on. It's to help people actually get going and use governance properly. Is that right?

Biske: Yes.

Gardner: The name of the book is SOA Governance, it's by Todd Biske and the publisher is Packet Publishing. Thanks for sharing your insights. I look forward to reading it.

Biske: Thank you, Dana.

National IT director?

Gardner: Well, let's move along to another governance issue. It's the government, and how would governance help its own IT apparatus. Billions of dollars are spent, perhaps not all of them most productively, on IT across many, many different government agencies. There's lots of redundancy, lots of overlap, not much reuse, siloed individual budgets, individual hierarchies of authority, and responsibility across these government agencies.

Now, we have a new administration, very much with a message of hope, a transformation. It's also stated along the way that it plans to have a higher profile for IT, perhaps with a more holistic or horizontal take across the multiple dimensions of the government. We're faced with this situation of what would a cabinet-level IT director do -- and what should they be focused on in terms of priorities?

Let's go first to Tony Baer. Tony, let's say you get a call in two weeks, and it's Barack Obama on the phone. He says, I'm going to pay you your regular rates, but I want you to help me figure out what I am going to do with this IT director guy. What advice would you give him?

Baer: I would tell him to go out and speak to Todd Biske first. Obviously, you need somebody who is going to -- and for want of something good, I am going to give you a cliché here -- just think outside the box. Basically, the government has long been a series of lots of boxes or silos, where you have these various fiefdoms. Previous attempts to unify architectures at the agency levels have not always been terribly successful.

As far back as the '80s, the Defense Department's continuous acquisition and lifecycle support (CALS) initiative was just so vague. It was almost impossible to answer the question, "What is a CAL?" This gets back to what Todd points out in his book. You need to have a clearly stated, measurable objective. So, the chief priority for anybody who is a CIO, or who is going to step into some sort of CIO-type of role at the cabinet level, above the agency level, is someone who is going to look for getting more out of less.

That's essential, because there are going to be so many competing needs for so many limited resources. We have to look for someone who can formulate strategic goals -- and I'm going to have to use the term reuse -- to reuse what is there now, and federate what is there now, and federate with as light a touch as possible.

Gardner: It seems that the priorities that we're hearing out of the Democratic Party have to do with dealing with the economy, the financial crisis, energy, and also climate change. A lot of these really strike me as issues that have a great amount of technology as part of their solution. Jim Kobielus, when technology is better deloyed and used, and perhaps modernized around SOA principles, how much of an impact can it have on these government problems?

Kobielus: If you look back at Obama's positions from about a year ago, All Things Tech, it was a fairly comprehensive, and deep set of positions on a broad range of tech topics. SOA, of course, figures into any of this positioning. I doubt that Obama, Biden, or anybody high-level in this coming administration, knows or cares what SOA is, but really it comes down to the fact that they're driving at many of the same overall objectives that also drive SOA initiatives.

One initiative is to breakdown silos in terms of information sharing between the government and the citizenship, but also silos internally within the government, between the various agencies to help them better exchange information, share expertise, and so forth. In fact, if we look at their position statement called "Bring government into the 21st century," it really seems that it's part of the overall modernization push for IT and the government. They're talking really about a federated SOA governance infrastructure or a set of best practices.

Such things as the fact that the national CTO that Obama has been calling for at least a year or so, wasn't a huge issue on the campaign trial. This National CTO, it seems to me from the the sketchy description, would essentially broker discussions between agency-level CTOs to get them to share best practices, and provide each other with a forum, within which they can maximize reuse of key government IT infrastructure for multi-agency, or nationwide initiatives.

Getting to your question, tech modernization in the government is absolutely essential. Reuse and breaking down silos between agencies is critically important. Brokering best practices across the agencies, specific silo IT and CTO organizations, is critically important. It sounds to me as if Obama will be an SOA President, although he doesn't realize it yet, if he puts in place the approach that he laid out about a year ago, considering that the IT infrastructure in the government is probably right now the least of his concerns.

Gardner: Well, he certainly seems to get the Internet. He's really mastered that better than any politician at that level before. So, I expect we'll see a lot of emphasis on how the government reaches out to its constituents, and also interacts among between its various elements and building blocks using the Internet that's loosely coupled in a SOA sort of mentality.

Let's go again to Todd Biske. Todd, do you think that SOA is the right balm for this itch, the government's integration mess?

Biske: SOA definitely has a role in it. You could probably pick just about any technology and say that there is a potential for it to make it better. It's interesting that I definitely agree with the use of technology. I just brought up the Obama app on my iPhone, and I actually have all of his statements on the technology issues right here at my disposal, which is a great use of the technology.

But, he definitely has a challenge, and I am thinking from a governance perspective. He has taken step one, in that the paragraph that Jim just mentioned, of bringing government into the 21st Century. He has articulated that this is the way that he wants our systems to interact and share information with the constituents.

The next step is the policies that are going to get us there, and obviously he's time-boxed by the terms of his presidency. He's got a big challenge ahead of him, or at least the CTO that gets appointed has a huge challenge. Somehow, you have to break it down into what goals are going to be achievable in that timeframe.

As an example, I was at a recent SOA consortium meeting. I don't remember which branch of the government was actually presenting at the time, but they talked about the effort that they went through to get everybody on the same page for the goals of an SOA-related initiative, and they spent about 18 months in meetings trying to do that.

In terms of the fiefdoms that exist out there, there are some big challenges, and this may be a situation where we do need to have a bigger stick and a little bit heavier governance to get some of these things moving at a quicker pace. Certainly, the agencies all are trying to adopt SOA. It's just that the scope of their problem is something that's hard to fathom. So we'll just take it a step at a time.

Baer: I think his initial priorities will be not so much internal as external. I was just reading here that he just appointed a member to his transition team, someone who came from Interactive Corporation, which is of course very heavily invested in various online commerce sites and social sites.

But, I think his initial priorities are going to be more on areas such as net neutrality, and on extension of broadband. The internal transformation to promote more federated and more transparent information sharing is going to become more of a Phase 2. He can't do everything at once, when he takes the office.

Biske: You know I am going to jump in now, one way to look at a president's style is whether they they govern in the same way they campaigned? One of the flaps against George W. Bush is that, once he took office he continued to govern sort of like he campaigned. I heard similar criticism against Bill Clinton early on as well.

If the campaign that just concluded is any prelude, then Obama is going to rely heavily on the Internet, on the Web, on new media, on social networks, on spam, robocalls and so forth, to reach out to, franchise, inform, alert, and possibly irritate and annoy the citizen, as a way of breaking down the silo between the government and the citizens. I don't know if that's a good thing or a bad thing.

Gardner: It's certainly shows that Obama seems to view technology as the solution, rather than technology as the problem. Lets get back to this CTO of the United States. Now whether they have an internal focus, which is on how to get the government to behave better in terms of its IT use and productivity, or an external focus, which is how could we make America more competitive in terms of our broadband, standards, use scenarios, freeing up airwaves, and ensuring there's net neutrality, those sort of things.

It seems to me that they are not incompatible. They should probably go hand in hand. But what kind of person should this be? If you were to look at the resume and try to come up with the right mix, is this someone a politician? Is this someone who is very good administrator, or who understands tech? All of the above? What would you look for in such a person? Should we go to private industry, the head of the larger vendors, for example, and try to recruit them? Any thoughts?

Baer: Two words: Al Gore, because first of all, obviously he knows tech. Secondly, he invented the Internet -- ha, ha! But, he knows tech and he's passionately concerned with it. Certainly, he's a politician. You have to be a politician in this world. He can't be the administrator. He's going to be a policy maker or broker.

Gardner: Al Gore, also on the board of directors of Apple Computer, is at the top of your list?

Baer: If we were to have a national CTO, which I am not entirely sure we should, under a Democratic president, I think that Gore would probably be on Obama's short list.

Gardner: How about you Todd Biske? Do you have any, if not names, at least job descriptions that you think they need?

Biske: Well, I don't have any names, but I do think Al Gore is an intriguing one, and I like the reasoning behind that. I got some exposure to this with the last SOA consortium meeting. In the world of IT in the federal government, and the world of IT in the typical corporation, which is more of my background, there are just huge differences between the two.

You need to have somebody who has some experience dealing with technology in the federal government. As far as bringing somebody in that's a complete outsider to that world, I don't know how effective they would be, unless somebody gave them a really big stick. The political background is critical. Knowing that a lot of these changes, and some other things that we want to see happen come back to governance, the better you are at politics, the more that you can bridge the gap between the competing priorities. That's an important aspect of it as well.

Gardner: It's another feather in Al Gore's cap that he was deeply involved with the reinventing of government initiatives under the Clinton administration.

Baer: I couldn't agree with Todd more, in terms of the fact you're going to need somebody with political savvy. In most ways, it's not like corporate environments, which have different forms of accountability. The fact is that at the end of the day, you're dealing with government employees who are civil servants and are there primarily for the benefits. They are not there for trying to earn huge amounts of money, and take the greater levels of risk in the private sector.

I'm thinking of a project that a colleague of mine is involved with right now with one of the big agencies in New York state government, a requirements management project. This is something that has been very heavily pushed by somebody, if not the CIO, somebody very close to his level. The business analysts are stonewalling it like crazy, and even though this has been directed from above, the permanent bureaucracy has just been very resistant to it. There's lots of inertia.

Not that he has voiced any interest in it, but you're not going to have somebody like Eric Smith from Goggle parachuting in. Someone like an Al Gore, or maybe someone a little less well known, but equally experienced in the public arena, is going to be a much more suitable choice.

Gardner: I guess we can be assured that it won't be Carly Fiorina. All right, I would like to thank our panelists. We are out of time. We really enjoyed the discussion about SOA governance, and I think we will be coming back to this issue of national policy around IT quite a bit over the next couple of years on BriefingsDirect Analyst Insights. I want to thank our panelists, Jim Kobielus, senior analyst at Forrester Research. I appreciate your input.

Kobielus: Oh, no problem. I enjoyed it.

Gardner: Tony Baer, senior analyst at Ovum. Thanks again, Tony.

Baer: A great post-election session.

Gardner: I also want to thank our guest Todd Biske, an enterprise architect at Monsanto and the author of the new book, "SOA Governance." Thanks, and I hope you come back again, Todd.

Todd Baer: Thanks, Dana. I really enjoyed the conversation.

Gardner: I also want to thank our charter sponsor for BriefingsDirect Analyst Insight Edition Podcast series, Active Endpoints, maker of the ActiveVOS, Visual Orchestration System.

This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Charter Sponsor: Active Endpoints.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Transcript of BriefingsDirect podcast on the role of governance in SOA adoption and the outlook for IT initiatives in the Obama administration, Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.