1 Rules and Regulations Business Drivers for SOA-based Agile IT Presented by Adrian Bowles, Ph. D. Program Director, Regulatory Compliance Object Management Group adrian@omg. org www. omg. org 1
2 Agenda § Business Drivers for IT Agility – The Role for Rules § Rules and Regulatory Compliance § Rules and SOA – Technical Foundations – Business Drivers/Inhibitors § Recommendations 2
33 Business Runs on Rules Suppliers PRODUCTS Customers PROCESSES RULES PEOPLE POLICIES Regulators
44 IT Enables Innovation & Agility Opportunity Exploitation Integration & Operation Construct Components and Aggregates Context Analysis Intelligence Identify Requirements Identify & Acquire Packages, Frameworks/ Components Application Development Integration, Execution, Refinement Identify & Model Current Processes Identify & Model Alternatives Evaluate Alternatives Opportunity Evaluation/Selection Opportunity Identification Design
55 Flexibility by Design Web Migration Applications Domain Components Horizontal Services 1 -18 months 12 -24 months Infrastructure Management Operating Systems 36 -60 months Value Hardware Renewal Cycle
66 Characteristics of Change High Fashion Pricing Data Rate of Change S ELogic Business UL R Infrastructure New Market Entry Culture Low Cost of Change High
77 The Fundamental Rule Choice Embedded Rules P 1 P 2 P 3 P 4 r 1, r 2, r 3 r 1, r 6 r 5 r 1, r 5, r 7 P 1 r 2 Rule Management P 2 r 3 r 4 P 3 r 5 r 6 P 4 r 7 Changing a rule should start a ripple effect throughout a system or systems
Regulatory Compliance Costs IT $billions 88 § The US passes over 4, 000 new final rules annually § Sarbanes-Oxley (SOX) impacts all US public firms at a typical cost to IT of $. 5 -1 M annually. The UK Companies Act has similar intent, and more jurisdictions will enact governance regulations nationally and collectively. § Basel II will cost over $15 B globally § A typical international bank may be governed by over 1000 regulations § Different jurisdictions have conflicting rules – Ex. US vs EU fundamental differences in privacy assumptions And, the Rules keep changing!
99 Overlapping Intent & Requirements Security Privacy PIPEDA NORPDA SB 1386 Protecting Private Information USA PATRIOT GLBA HIPAA 21 CFR Part 11 Sarbanes-Oxley Basel II SEC Rules 17 a-3/4 Protecting Critical Data/Infrastructure Ensuring Transparency & Validity Governance
Regulatory Impact by System 10 10
11 11 Automated IT Compliance Query: SIC/NAICS, Geography… C-GRID Global Regulatory Information Database IT Strategy & Operations IT Compliance Policies/Procedures Relevant Regulations Rules Requirements Updates Gap Analysis Rules Vendors Users Other Stake-holders Auditors Regulators Goal: Automated Detection of New Regulatory Requirements and Rule-Based Generation of Policies
Service Oriented Architecture Basics § An SOA is a business-oriented framework for application development that: – is based on open standards – maps business processes to coarse-grained software “services” ex. “credit check” vs “print” – Facilitates integration of these loosely-coupled services into platform-independent applications § Loose coupling promotes agility by facilitating: – reuse, – asynchronous communications, and – distributed development/deployment 12 12
13 13 Leading Drivers for SOA Adoption § § Complexity of alternatives Focus on demonstrable ROI Maintenance costs of status quo Desire to – Build on top of legacy systems and data – Achieve widespread reuse – Achieve better IT/business alignment (IT following business rules and goals) – Rationalize/standardize meta-objectives, like enterprise security initiatives
Inhibitors to SOA Adoption § Business – Inter-firm collaboration still has cultural hurdles, but that’s where the biggest SOA benefits will be found – SMB market tougher than large enterprise, which can benefit more from internal SOA projects (where complexity is a bigger factor) – Un-integrated departmental/divisional web services projects may erroneously give SOA a bad reputation – Up-front costs tied to business risk, currently an inhibitor to new initiatives § Technical – Trade off between specificity and reusability makes it hard to justify initial efforts – Wariness of immature standards and products 14 14
What to Expect for the Rest of the Decade 15 15 § Architecture – SOA as the de facto development approach, supported by increased use of modeling and simulation – Rules engines as the default approach to capturing, managing and disclosing policies for business agility and compliance § Regulations – – More global concern for security and privacy More stringent enforcement as the state of the practice matures New geo-specific regulations, will gradually converge Focus on data and storage - retention/recovery/provably accurate – Improved & integrated dashboard and scorecard products
16 Summary of Recommendations § Applications and Architecture – Isolate policy/rule processing to improve visibility and agility – Adopt SOA as the underlying approach to component development and communications § Compliance – Factor requirements to leverage commonalities • Find common rules and manage them together • Eliminate redundancies in data, processes, and systems – Automate Security & Auditing efforts • Data, Procedures & Testing 16
17 Rules and Regulations Business Drivers for SOA-based Agile IT Presented by Adrian Bowles, Ph. D. Program Director, Regulatory Compliance Object Management Group adrian@omg. org www. omg. org 17
Скачать презентацию 1 Rules and Regulations Business Drivers for SOA-based
4361fc048c2f283701dd7feff7eefb4c.ppt