Hundreds of new industry-specific mandates, such as the Sarbanes-Oxley Act and privacy requirements based on the Health Insurance Portability and Accountability Act, are either now in place or scheduled to take effect in the near future. While compliance with these mandates may seem a daunting task, businesses actually now have an opportunity to make improvements that go beyond mere compliance to increase the efficiency and predictability of operations.
Unfortunately, many organizations don't view compliance with optimism, and it's easy to see why. Compliance means managing and interpreting large amounts of information from disparate sources. This may require significant changes to technology infrastructures, financial reporting, records management and retention, and risk management practices. AMR Research estimates that in 2005, spending on Sarbanes-Oxley compliance could reach almost $6 billion.
But consider the upside of the result. Accurate, real-time records and content management systems do more than help companies address the requirements of complex regulation. They can spur productivity, enhance customer service and boost return on technology investment.
Compliance Help From SOA
New regulations mean that businesses may have to invest in improving their data management capabilities. The choice they face is between taking an ad hoc tactical approach that deals with individual regulations as they come along or seizing the strategic opportunity to improve overall business operations in the process. The tactical approach is tedious, expensive and time-consuming. Ad hoc techniques don't fully utilize -- or gain insight from -- company information on demand.
Web services, which is software that connects application and data regardless of underlying technologies, consist of a set of industry-standard technologies that can help ease the burden of regulatory compliance. An IT infrastructure composed of collections of reusable Web services to connect data from various sources -- both inside the enterprise and outside at customer, partner and supplier locations -- to solve specific business problems is often referred to as a service-oriented architecture.
So what is an SOA and why is it invaluable? At its simplest, an SOA involves having common business processes available in a central repository for use and reuse, all within a secure and well-managed environment. An SOA provides an enterprise with the flexibility to take elements of business processes within the underlying IT infrastructure and reuse them to address changing business priorities. Previously, when a company needed to change a business process, like complying with a new regulatory directive, the IT department would need months to adapt siloed, manually coded connections in order to move the data in a way that would assure compliance. The loosely coupled connections common in an SOA create a flexible IT infrastructure that can reduce the time to implement that same new business process to just days.
Gartner predicts that by 2008 more than 60% of enterprises will use SOA as the "guiding principle" for IT infrastructures that support critical applications and processes. Another found that 75% of companies planned to start investing in SOAs over the next year.
An SOA relies on industry standards, which provide a layer of instant integration capability that lets all types of software and hardware work together and share data. The approach of SOA itself is a significant change from the traditional IT model. Instead of structuring applications based on functions, components and objects, the SOA approach comes down to how a company can actually structure applications around services. How each SOA works depends on the requirements of the business deploying it, since it's the business functions within the applications that are being integrated. For example, if your company's IT infrastructure follows an SOA approach, it will include software applications that are exposed through the Internet and that can be made available to all the customers, partners and others that you do business with.
Adopting an SOA can remedy compliance issues as well as evolving IT infrastructure to embrace technology advancements as they happen. To do this, you will need the right technology in place.
SOA isn't a product, and it isn't a platform; it's an architectural approach. There is no one set of SOA blueprints to follow or SOA product suites required for a company to build an SOA. If your company wants to build an SOA, you first need to assess the technology products you are using and determine if the products are based on industry standards that support Web services. It is essential to have productivity tools that support Web services and SOA as well as support the compliance initiatives that your organization may be dealing with. While some standards exist as open-source as well, it's wise to lean toward the vendors that contribute to standards bodies and work on developing Web services specifications.
Every organization should have a server foundation that is scalable, secure and adaptable for changes in business and technology. While most organizations have already selected a J2EE foundation layer, those that haven't must think about what will be the foundation of their business needs today and business growth tomorrow. Some of the largest and most trusted vendors are IBM, BEA Systems and Oracle. According to both Gartner and IDC, IBM is the most popular choice for application servers, integration servers and portal servers. BEA typically does well in the application server market, but lately there is uncertainty about its long-term viability with the drop in its market share, a steady stream of executive staff departures and continued speculation that it's an acquisition target. Oracle is a solid database vendor, but it isn't best of breed for application/IT infrastructure, and the company will need to deploy many resources this year on the integration of the recently acquired PeopleSoft.
The next step your company should take toward establishing an SOA is to map out the blueprint for a customized architecture, one that is going to best serve not only your business needs but also the needs of the parties you conduct business with. Knowing and understanding business processes is just as important as pure technology in successfully deploying an SOA, so it's essential to your SOA investment to select systems integrators that you trust and that know your businesses. Industry standards that support Web services must be integrated with industry semantics, which vary by vertical industry. Systems integrators teaming with partners with vast vertical industry expertise, like IBM's vertical market strategy for products, could add greater value to customers deploying an SOA.
With an SOA, IT will be tightly integrated with both business objectives and compliance regulations, the government can be assured that mandates are being adhered to, customers will be more satisfied, projects can be delivered faster and cheaper, costs can be reduced, and applications can be extended out to partners and customers.
Brian Sennett is a senior consultant at Lighthouse Computer Services in Lincoln, R.I. He is a frequent speaker on how technology can ease the burden of complying with new regulatory issues.