Warren Suss | Streamlining IT governance

Next-generation technologies won’t pay off without next-generation governance

The Defense Department is adopting a range of new technologies that include service-oriented architecture (SOA), social networking, and agile development and testing. All are aimed at accelerating the delivery of next-generation solutions to the battlefield and improving the efficiency and effectiveness of support operations.

But these technologies won’t get the results the government needs without addressing a lingering barrier: the governance of information technology.

Governance rules for testing and certification offer a case in point. The traditional approach to DOD testing takes too much time. This was a problem even during the era of stand-alone system development. In the coming era of rapidly deployed, network-centric capabilities and services, new, streamlined governance strategies are essential to flattening, if not eliminating, IT testing and certification speed bumps. Otherwise, DOD and the government will miss the benefits from a new generation of Web 2.0 technologies.

One way to eliminate these barriers is to simplify the testing and certification process, and the governance that drives it, by bringing together developers, testers and users in an integrated development and testing environment. The Defense Information Systems Agency provides a good model for this with its Federated Development and Certification Environment.

Another approach is to build governance structures that increase trust, cooperation and standardization between different organizations that conduct testing and certification. Over the years, different organizations in DOD have developed their own sets of testing standards and processes, and many still don’t accept each other’s testing and certification results.

By standardizing test-acceptance criteria, DOD can realize one of the biggest potential payoffs of SOA and related strategies: re-use. Web services are designed as building blocks that meet immediate requirements, but they also can be reapplied, in plug-and-play fashion, to meet similar requirements in any other part of the enterprise. Without standardization across the enterprise, DOD units are required to go back to square one to retest and recertify each service before it can be reused.

Technologies such as SOA provide a new and better framework for sharing information and the means for speeding up IT solutions to the field. But changes in governance are still essential in order to make this framework come to life.

One big difference between today’s technologies and yesterday’s is that the old IT paradigm created hardwired, pairwise connections between systems. Today, we recognize that important information can reside anywhere in the enterprise. What’s needed is a way to allow users with the need to know to get their hands on trusted information from anywhere in the network.

Governance decisions, as much as technology decisions, determine the standards, rules, infrastructure and services that enable — or hinder -- the rapid discovery and sharing of information and capabilities. Consequently, governance is the key to supporting rapidly changing communities of interest, coalitions and doctrines.

It's no longer possible to predict who will be traveling across DOD’s Global Information Grid and where they will be going to get their next information update.

That makes it essential to develop new forms of governance that provide better information accessibility and enforce requirements for better metadata signage so information can be properly discovered. If we don’t, information users will be separated from information providers by virtual roadblocks and dead ends.

Lastly, in addition to service-level agreements, which set a targeted performance objective, we need organizational-level agreements. These OLAs would clarify which organization is responsible for each SLA component, how they should make handoffs, how they must negotiate SLA problems, and how they will allocate and share resources to maintain the targeted SLA.

Next-generation IT governance, like next-generation technology, is a work in progress. Aligning the two will require the help of the entire government IT community.

About the Author

Warren Suss is president of Suss Consulting, a federal IT consulting firm headquartered in Jenkintown, Pa.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.