Download PPT - PowerPoint Presen by fjhuangjun

VIEWS: 10 PAGES: 17

									                                              1



      Rules and Regulations
Business Drivers for SOA-based Agile IT

             Presented by

        Adrian Bowles, Ph.D.
      Program Director, Regulatory
              Compliance
       Object Management Group

           adrian@omg.org


             www.omg.org

                                          1
                                          2




Agenda
   Business Drivers for IT Agility
    – The Role for Rules
   Rules and Regulatory Compliance
   Rules and SOA
    – Technical Foundations
    – Business Drivers/Inhibitors
   Recommendations



                                      2
                                              3
Business Runs on Rules


 Suppliers       PRODUCTS        Customers


                PROCESSES

                         RULES
                                 Regulators

              PEOPLE POLICIES
                                                                                 4
IT Enables Innovation & Agility
       Opportunity Exploitation                          Context Analysis
                                                             Intelligence
     Integration        Identify
     & Operation      Requirements



   Construct         Identify & Acquire
  Components       Packages, Frameworks/
 and Aggregates         Components
                                     Integration,
                                                             Identify & Model
                                     Execution,
                                                             Current Processes
                                     Refinement
    Application Development
                                                               Identify
                                 Evaluate
                                                               & Model
                                 Alternatives
                                                               Alternatives

      Opportunity                                              Opportunity
      Evaluation/Selection                                    Identification
                                                    Design
                                                             5
Flexibility by Design

                          Web
Migration
                    Applications               1-18 months

               Domain           Horizontal     12-24 months
             Components          Services
              Infrastructure Management

                  Operating Systems
                                               36-60 months
     Value            Hardware
                                             Renewal Cycle
                                                                    6
Characteristics of Change
      High   Fashion
                                       Pricing

                       Data
                                                      New Market
Rate of                   Business Logic              Entry
Change
                                     Infrastructure
                                                        Culture
      Low
                                                             High
                          Cost of Change
                                                           7
The Fundamental Rule Choice
Embedded
Rules         P1        P2           P3           P4
             r1,r2,r3   r1,r6         r5        r1,r5,r7



               P1               r1
                                     Changing a rule should
                                r2
                                     start a ripple effect
  Rule         P2               r3
Management
                                     throughout a system or
                                r4
                                     systems
               P3               r5
                                r6

               P4               r7
                                                             8
Regulatory Compliance Costs IT $billions
    The US passes over 4,000 new final rules annually
    Sarbanes-Oxley (SOX) impacts all US public firms at a
     typical cost to IT of $.5-1M annually. The UK Companies
     Act has similar intent, and more jurisdictions will enact
     governance regulations nationally and collectively.
    Basel II will cost over $15B globally
    A typical international bank may be governed by over 1000
     regulations
    Different jurisdictions have conflicting rules
      – Ex. US vs EU fundamental differences in privacy
        assumptions
             And, the Rules keep changing!
                                                                              9
Overlapping Intent & Requirements
  Privacy                                                     Security

                PIPEDA
                NORPDA                  USA PATRIOT
                SB 1386
                                GLBA
                                HIPAA

    Protecting                      21 CFR Part 11            Protecting
Private Information                                  Critical Data/Infrastructure
                           Sarbanes-Oxley
                               Basel II
                          SEC Rules 17a-3/4
                                                   Ensuring
                                             Transparency & Validity

                            Governance
                                                                                        10
Regulatory Impact by System
         IT Impact                               Typ e of Regulation
                               Privacy Security Governance Environmental Trade/Tariff
 Storage and   Email/IM                                                  
 access        Customer                                                   
 control       data (CRM)
               Partner Data                                                 
               Planning                             
               Data/ERP
               Financial                           
               Data
               Operational                                     
               Data (ERP)
               Analyti cs/BI                       
 Process       Workflow                                        
 management
 Infrastructure DBMS                              
                Networking                        
                                                                                   11
Automated IT Compliance

                                           Query: SIC/NAICS,
                                           Geography…
       IT Strategy & Operations                                    C-GRID
                                                              Global Regulatory
                                                            Information Database
   IT Compliance        Relevant               Relevant
 Policies/Procedures   Regulations            Regulations                   Rules
                            Requirements
Updates
                                                 Vendors       Users    Auditors
             Gap Analysis         Rules
                                                       Other
                                                                       Regulators
                                                   Stake-holders


             Goal: Automated Detection of New Regulatory
          Requirements and Rule-Based Generation of Policies
                                                              12
Service Oriented Architecture Basics
     An SOA is a business-oriented framework for
      application development that:
       – is based on open standards
       – maps business processes to coarse-grained software
         “services”
                  ex. “credit check” vs “print”
       – Facilitates integration of these loosely-coupled
         services into platform-independent applications
     Loose coupling promotes agility by facilitating:
       – reuse,
       – asynchronous communications, and
       – distributed development/deployment
                                                        13
Leading Drivers for SOA Adoption

     Complexity of alternatives
     Focus on demonstrable ROI
     Maintenance costs of status quo
     Desire to
      – Build on top of legacy systems and data
      – Achieve widespread reuse
      – Achieve better IT/business alignment
        (IT following business rules and goals)
      – Rationalize/standardize meta-objectives, like
        enterprise security initiatives
                                                                  14
Inhibitors to SOA Adoption
    Business
     – Inter-firm collaboration still has cultural hurdles, but
       that’s where the biggest SOA benefits will be found
     – SMB market tougher than large enterprise, which can
       benefit more from internal SOA projects (where
       complexity is a bigger factor)
     – Un-integrated departmental/divisional web services
       projects may erroneously give SOA a bad reputation
     – Up-front costs tied to business risk, currently an
       inhibitor to new initiatives
    Technical
     – Trade off between specificity and reusability makes it
       hard to justify initial efforts
     – Wariness of immature standards and products
                                                                    15
What to Expect for the Rest of the Decade

 Architecture
   – SOA as the de facto development approach, supported by
     increased use of modeling and simulation
   – Rules engines as the default approach to capturing, managing
     and disclosing policies for business agility and compliance
 Regulations
   – More global concern for security and privacy
   – More stringent enforcement as the state of the practice matures
   – New geo-specific regulations, will gradually converge
   – Focus on data and storage - retention/recovery/provably
     accurate
   – Improved & integrated dashboard and scorecard products
                                                             16



Summary of Recommendations
 Applications and Architecture
  – Isolate policy/rule processing to improve
    visibility and agility
  – Adopt SOA as the underlying approach to
    component development and communications
 Compliance
  – Factor requirements to leverage commonalities
     • Find common rules and manage them together
     • Eliminate redundancies in data, processes, and
       systems
  – Automate Security & Auditing efforts
     • Data, Procedures & Testing

                                                        16
                                               17



      Rules and Regulations
Business Drivers for SOA-based Agile IT

             Presented by

        Adrian Bowles, Ph.D.
      Program Director, Regulatory
              Compliance
       Object Management Group

           adrian@omg.org


             www.omg.org

                                          17

								
To top