COMMENTARY—Another View

Warren Suss | Streamlining IT governance

Next-generation technologies won’t pay off without next-generation governance

The Defense Department is adopting a range of new technologies that include service-oriented architecture (SOA), social networking, and agile development and testing. All are aimed at accelerating the delivery of next-generation solutions to the battlefield and improving the efficiency and effectiveness of support operations.

But these technologies won’t get the results the government needs without addressing a lingering barrier: the governance of information technology.

Governance rules for testing and certification offer a case in point. The traditional approach to DOD testing takes too much time. This was a problem even during the era of stand-alone system development. In the coming era of rapidly deployed, network-centric capabilities and services, new, streamlined governance strategies are essential to flattening, if not eliminating, IT testing and certification speed bumps. Otherwise, DOD and the government will miss the benefits from a new generation of Web 2.0 technologies.

One way to eliminate these barriers is to simplify the testing and certification process, and the governance that drives it, by bringing together developers, testers and users in an integrated development and testing environment. The Defense Information Systems Agency provides a good model for this with its Federated Development and Certification Environment.

Another approach is to build governance structures that increase trust, cooperation and standardization between different organizations that conduct testing and certification. Over the years, different organizations in DOD have developed their own sets of testing standards and processes, and many still don’t accept each other’s testing and certification results.

By standardizing test-acceptance criteria, DOD can realize one of the biggest potential payoffs of SOA and related strategies: re-use. Web services are designed as building blocks that meet immediate requirements, but they also can be reapplied, in plug-and-play fashion, to meet similar requirements in any other part of the enterprise. Without standardization across the enterprise, DOD units are required to go back to square one to retest and recertify each service before it can be reused.

Technologies such as SOA provide a new and better framework for sharing information and the means for speeding up IT solutions to the field. But changes in governance are still essential in order to make this framework come to life.

One big difference between today’s technologies and yesterday’s is that the old IT paradigm created hardwired, pairwise connections between systems. Today, we recognize that important information can reside anywhere in the enterprise. What’s needed is a way to allow users with the need to know to get their hands on trusted information from anywhere in the network.

Governance decisions, as much as technology decisions, determine the standards, rules, infrastructure and services that enable — or hinder -- the rapid discovery and sharing of information and capabilities. Consequently, governance is the key to supporting rapidly changing communities of interest, coalitions and doctrines.

It's no longer possible to predict who will be traveling across DOD’s Global Information Grid and where they will be going to get their next information update.

That makes it essential to develop new forms of governance that provide better information accessibility and enforce requirements for better metadata signage so information can be properly discovered. If we don’t, information users will be separated from information providers by virtual roadblocks and dead ends.

Lastly, in addition to service-level agreements, which set a targeted performance objective, we need organizational-level agreements. These OLAs would clarify which organization is responsible for each SLA component, how they should make handoffs, how they must negotiate SLA problems, and how they will allocate and share resources to maintain the targeted SLA.

Next-generation IT governance, like next-generation technology, is a work in progress. Aligning the two will require the help of the entire government IT community.

Reader Comments

Wed, Jan 28, 2009 Jason English Dallas, TX

Warren, this was a very interesting and relevant read. No matter how advanced the architecture is, SOA won't deliver Net Centricity, with its expected agility, reuse and functionality benefits for the warfighter - if there is not trust instilled between teams and authority domains that must share and support an alphabet soup of systems. SOA Governance requires testing and certification of services, to ensure that there are no unintended consequences of change that can impact mission threads. As my company iTKO is a testing/validation software provider in this space we have really seen the FDCE plan come a long way toward delivering that level of quality over the last 3-4 years. Thanks for covering this underappreciated topic - I think it makes a great blog topic I'll cover again soon as well.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above