Download presentation
Presentation is loading. Please wait.
Published byDario Paddy Modified over 9 years ago
1
1 1 Rules and Regulations Business Drivers for SOA-based Agile IT Presented by Adrian Bowles, Ph.D. Program Director, Regulatory Compliance Object Management Group adrian@omg.org www.omg.org
2
2 2 Agenda Business Drivers for IT Agility –The Role for Rules Rules and Regulatory Compliance Rules and SOA –Technical Foundations –Business Drivers/Inhibitors Recommendations
3
PRODUCTS Business Runs on Rules PROCESSES PEOPLE POLICIES Suppliers Customers Regulators RULES 3
4
IT Enables Innovation & Agility Integration, Execution, Refinement Identify & Model Current Processes Identify & Model Alternatives Evaluate Alternatives Context Analysis Intelligence Application Development Opportunity Identification Opportunity Exploitation Design Identify Requirements Identify & Acquire Packages, Frameworks/ Components Construct Components and Aggregates Integration & Operation Opportunity Evaluation/Selection 4
5
Migration Value Infrastructure Management Applications Operating Systems Horizontal Services Domain Components Hardware Renewal Cycle 1-18 months Web 36-60 months 12-24 months Flexibility by Design 5
6
Characteristics of Change Rate of Change Cost of Change Low High Data Business Logic Infrastructure RULES Pricing New Market Entry Fashion Culture 6
7
The Fundamental Rule Choice P1P2P3P4 Embedded Rules Rule Management P1 P2 P3 P4 r1,r2,r3 r1,r2,r3 r1 r2 r3 r4 r5 r6 r7 Changing a rule should start a ripple effect throughout a system or systems 7 r1,r6r5 r1,r5,r7 r1,r5,r7
8
Regulatory Compliance Costs IT $billions The US passes over 4,000 new final rules annually Sarbanes-Oxley (SOX) impacts all US public firms at a typical cost to IT of $.5-1M annually. The UK Companies Act has similar intent, and more jurisdictions will enact governance regulations nationally and collectively. Basel II will cost over $15B globally A typical international bank may be governed by over 1000 regulations Different jurisdictions have conflicting rules –Ex. US vs EU fundamental differences in privacy assumptions And, the Rules keep changing! 8
9
Overlapping Intent & Requirements Governance Privacy Security Sarbanes-Oxley Basel II SEC Rules 17a-3/4 PIPEDANORPDA SB 1386 USA PATRIOT HIPAA GLBA 21 CFR Part 11 Protecting Critical Data/Infrastructure Protecting Private Information Ensuring Transparency & Validity 9
10
Regulatory Impact by System 10
11
Automated IT Compliance C-GRID Global Regulatory Information Database Query: SIC/NAICS, Geography… Relevant Regulations Relevant Regulations IT Compliance Policies/Procedures Gap Analysis Updates Goal: Automated Detection of New Regulatory Requirements and Rule-Based Generation of Policies Other Stake-holders Vendors Auditors Regulators Users IT Strategy & Operations Rules 11 Requirements Rules
12
An SOA is a business-oriented framework for application development that: –is based on open standards –maps business processes to coarse-grained software “services” ex. “credit check” vs “print” –Facilitates integration of these loosely-coupled services into platform-independent applications Loose coupling promotes agility by facilitating: –reuse, –asynchronous communications, and –distributed development/deployment 12 Service Oriented Architecture Basics
13
Leading Drivers for SOA Adoption Complexity of alternatives Focus on demonstrable ROI Maintenance costs of status quo Desire to –Build on top of legacy systems and data –Achieve widespread reuse –Achieve better IT/business alignment (IT following business rules and goals) –Rationalize/standardize meta-objectives, like enterprise security initiatives 13
14
Inhibitors to SOA Adoption Business –Inter-firm collaboration still has cultural hurdles, but that’s where the biggest SOA benefits will be found –SMB market tougher than large enterprise, which can benefit more from internal SOA projects (where complexity is a bigger factor) –Un-integrated departmental/divisional web services projects may erroneously give SOA a bad reputation –Up-front costs tied to business risk, currently an inhibitor to new initiatives Technical –Trade off between specificity and reusability makes it hard to justify initial efforts –Wariness of immature standards and products 14
15
Architecture –SOA as the de facto development approach, supported by increased use of modeling and simulation –Rules engines as the default approach to capturing, managing and disclosing policies for business agility and compliance Regulations –More global concern for security and privacy –More stringent enforcement as the state of the practice matures –New geo-specific regulations, will gradually converge –Focus on data and storage - retention/recovery/provably accurate –Improved & integrated dashboard and scorecard products What to Expect for the Rest of the Decade 15
16
16 Summary of Recommendations Applications and Architecture –Isolate policy/rule processing to improve visibility and agility –Adopt SOA as the underlying approach to component development and communications Compliance –Factor requirements to leverage commonalities Find common rules and manage them together Eliminate redundancies in data, processes, and systems –Automate Security & Auditing efforts Data, Procedures & Testing
17
17 Rules and Regulations Business Drivers for SOA-based Agile IT Presented by Adrian Bowles, Ph.D. Program Director, Regulatory Compliance Object Management Group adrian@omg.org www.omg.org
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.