Bad Technical Implementations and Lack of Governance Increase Risks of Failure in SOA Projects, says Gartner

Egham, UK, June 26, 2007 � Organisations that embark on service-oriented architecture (SOA) initiatives aimed at enterprise wide deployment must pay equal attention to technical and governance issues. Gartner today said that although the risks of SOA project failure are initially associated with bad technical implementations, risks of failure due to insufficient governance are becoming increasingly significant, as SOA scope expands.

�Actual implementations are showing that SOA requires more investment in service design governance and application integration best practice than current levels in most organisations,� said Paolo Malinverno, research vice-president at Gartner. �At the beginning, risks of project failures are small but as the SOA project develops the risk curve increases. For this reason, organisations should never think of SOA without establishing a set of governance processes around service definition, implementation and maintenance.� However, enthusiasm for SOA and its anticipated benefits results in some companies taking risky shortcuts in establishing robust governance, service development disciplines and staffing. Gartner predicts that by 2010, less than 25 percent of large companies will have the sufficient technical and organisational skills necessary to deliver enterprise wide SOA.

�Technical risks should not be under estimated either,� said Massimo Pezzini, vice-president and distinguished analyst at Gartner. �The ease of use of modern SOA enabling tools hides the technical complexity of implementing a reliable SOA technology platform, but developing an enterprise-wide reliable, scalable, high performance, secure and manageable SOA infrastructure requires a level of technical command that few organisations have been able to develop.�

According to Gartner these are the areas where mistakes are being made by IT operations and application managers when planning SOA implementations.

Gartner�s �hit list� of the most common technological errors includes:

  1. Underestimating the technical complexity of a large-scale SOA
  2. Bad selection of application infrastructure components (ESB, orchestration and adapters)
  3. Insufficient validation of the SOA enabling technical infrastructure implementation (for example, no proof of concept and no stress tests)
  4. SOA infrastructure, services and consumer applications are insufficiently instrumented for security/management/troubleshooting
  5. Too-coarse/too-fine service granularity
  6. Insufficient/not up-to-date documentation

Gartner�s �hit list� of the most common organisational errors includes:

  1. Overlooking governance
  2. Thinking an SOA project should be organised just like any other application development (AD) project
  3. Not anticipating service number explosions in a maturing SOA
  4. Giving up on an integration competency center or SOA center of excellence
  5. Outsourcing architects (or not having them at all)

�In order to avoid the most common technical implementation mistakes, we recommend that organisations design their SOA technical infrastructure on the basis of their real functional and nonfunctional (e.g., performance, availability and security) requirements and not on the basis of theoretic models. Selecting proven and referenced SOA infrastructure products is also vital,� said Mr Pezzini. Organisations must also architect their SOA infrastructure so that it can be easily monitored and provide all the information required to debug SOA applications. �Finally testing is critical and at least 25 percent of the effort in a SOA project should be dedicated to this activity,� he added.

From an organisational point of view, there is no �one size fits all� approach governance. �Too little or too much governance will kill an SOA project, companies need just enough governance,� Mr Malinverno said. When looking at their governance arrangements, organisations need to ensure that their governance arrangements are not too sophisticated and disproportional to their company size, organisation and culture. They also need to realise that they can not do without an integration competency centre (ICC) or SOA centre of excellence (CoE).

About Gartner

Gartner, Inc. (NYSE: IT) is the world’s leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for our clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, we are the indispensable partner to 60,000 clients in 10,000 distinct organizations. Through the resources of Gartner Research, Gartner Consulting and Gartner Events, we work with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 3,800 associates, including 1,200 research analysts and consultants in 75 countries. For more information, visit