Governance in the age of APIs and social interactions

In the age of business APIs and social interactions, governance is no longer primarily about compliance. Today, governance has to address the far more important challenge of empowering the organization to drive business growth - making sure that the right people make the right decisions, at the right time, for the right reasons, and based on the right information. Meeting that challenge, strategically as well as operationally, will require a change in not only governance processes but also the roles and skills that define and enable those processes. In this column, I describe the necessary changes and outline how to create an easy to understand and easy to appreciate modern governance scheme. This content is part of the IBM Business Process Management Journal.


Claus Torp Jensen (, Senior Technical Staff Member, IBM

Claus JensenClaus Torp Jensen is a Senior Technical Staff Member and Chief Architect for SOA-BPM-EA Technical Strategy at IBM in Somers, NY. He leads IBM's SOA Foundation team, working on the convergence of different architectural disciplines. Claus is a member of the WebSphere Foundation Architecture Board.

Prior to joining IBM, Claus had ten years of experience as a Chief Architect and SOA Evangelist.

developerWorks Contributing author

21 November 2013

Also available in Chinese Russian

Governance: It's all about making good decisions

Governance is a word that many people in the IT industry love to hate, frequently stating that governance is too cumbersome, creates too much overhead, and generally provides little value. Strangely, business people seldom have similar issues; they simply take for granted that business governance is part of running the enterprise. Why this difference of opinion?

A big part of the problem in the IT industry is that governance is often misunderstood, or even "mis-practiced". Simply put, governance is about making good decisions – making sure that the right people make the right decisions, at the right time, for the right reasons, and based on the right information. Consequently, a good, easy to appreciate governance scheme should focus on answering the following questions:

  • Who needs to decide?
  • What do they need to decide?
  • When do they need to decide?
  • What are the right reasons?
  • What information do they need in order to make good decisions?

Interestingly, the answer to these five questions is fundamentally changing in the context of Systems of Interaction, the holistic approach to integrating Systems of Engagement with Systems of Record in the age of Mobile, Social, Cloud and Big Data analytics.

Who needs to decide?

Classically, enterprise governance has often been split into business governance and IT governance, with each type of governance owned and operated by the business and IT organizations respectively. Even SOA governance, by definition straddling the boundary between business and IT, has historically focused mainly on the engineering artifact, the service, and hence has mainly been done by IT people, albeit in the context of achieving business objectives.

Governance today is very different. No longer is the control point a user interface or an internal IT system, rather it is the edge of the enterprise, the point where the uncontrolled meets the somewhat controlled. Choosing which capabilities to project across that boundary, and how, must be a joint business and IT decision – sometimes even a pure business decision, executed by IT. Consequently IT must reach out to the business organization and establish the proper lines of ownership and responsibilities for business APIs and end-to-end business processes so that development will not be stifled by lack of decisiveness or internal conflict.

What do they need to decide?

A business API is a public persona for an enterprise. It exposes defined assets, data or services for public consumption, for instance product catalogs, phone listings, order status or even twitter feeds. A business API is simple for application developers to use, access and understand. It can be easily invoked via a browser, mobile device, and so on. In this fashion, web APIs extend an enterprise and open new markets by allowing external developers to easily leverage, publicize and aggregate a company's assets for broad-based consumption. Managing business APIs is fundamental to extending enterprise reach to the new channels represented by mobile and software-as-a-service.

In my opinion, perhaps the most important governance decision today is which business APIs to expose to which consumers and for what purposes. Part of that is not only the business API itself, but also the business model (free, licensed, pay per use, and so on) and the go-to-market approach. These business decisions are what, from a governance perspective, differentiates a productized business API from a service being used for internal integration.

The second most important governance decision today is how to drive end-to-end business process excellence. In this context excellence is not primarily about efficiency, rather it is about creating the personalized and relevant experience that modern consumers demand. What are the situations that are important to detect and react to? How can we enrich our understanding of the situation with differentiating enterprise "tribal" knowledge? How do we perceive the dynamics of the interaction in the here and now? And finally what is the best action we can take to promote a relationship of business proposition?

When do they need to decide?

Typically a governance process cannot meet the here and now dynamics of consumer interaction. But a governance process can and should decide in advance who takes action under what circumstances, whether that "who" is a person or an automated system. What is important is that the governance process creates an empowered environment where the point of contact has the right information and authority to drive the business forward. Without losing control of course, but still respecting that the point of contact is the only place where business decisions can be made in a timely enough fashion to meet the expectations of the modern consumer.

What are the right reasons?

This is a tricky one, simply because there is no eternally true definition of what constitutes "right". What is important is to make decisions based on both business strategy and contextual situation.

On the strategy side, the challenge is exemplified by the observation that many SOA initiatives failed simply because there was no SOA business strategy and no definition of the desired business outcome from the investment in SOA. We are already seeing similar occurrences for mobility and digitalization initiatives which, if not rooted in clear business objectives, are likely to fail as well. Good governance must call out explicitly what business change is being enabled and what business outcome is desired. If done properly this provides not only clarity to business and IT alike, but also an appropriate metric for deciding between two different courses of action.

Operationally, once empowered by overall governance decisions, IT and front office resources must combine the strategic imperatives with a solid understanding of the current operational situation. On the IT side this includes guiding the business organization on the art of the possible, whether positive or negative. On the business side, the system of engagement is the only place where the here and now mood and desires of the consumer can truly be understood. Providing a personal experience requires understanding that mood and those desires as part of the reasoning behind any action taken.

What information is needed?

Outcome-based thinking is crucial to maximizing the value of any investment, either business or IT. And by necessity, outcomes have to be understood in a market context, which in turn implies the need to understand not only your own business ecosystem, but the industry as a whole. For example, if your online transactions grow 5%, but there is an overall growth in the industry of 10%, then what at first glance looks like a positive outcome, in reality is not.

Taking control is not sufficient to stay competitive though. Modern enterprises need to be smart, aware, and ensure that the best action is always taken to promote the relationship with a customer, partner or supplier. How do you gain the necessary contextual insight? How do you tap into the operational data already flowing through both the business and the social ecosystem around it? The answer in many cases is simply to instrument the Edge Gateway and the ESB middleware that carries all interactions between systems of engagement and systems of record, siphoning off information from any interaction that includes an endpoint inside the enterprise. Combined with social analytics, this provides a robust foundation for perceiving the dynamics of a business interaction and deciding the appropriate operational actions to take.


Today governance remains relevant, perhaps more so than ever. With that said, governance must evolve to embrace new age business agendas. In practice this means that governance is no longer primarily about compliance, governance has to address the far more important challenge of empowering the organization to drive business growth. Letting go of detailed operational control, while at the same time steering everyone towards well-defined business outcomes, is the governance challenge that modern enterprises must address. Meeting the challenge will require a change in not only governance processes but also the roles and skills that define and enable those processes. And to do that, IT has to firmly step up as a strategic partner to the business rather than continue to be relegated to cost center status. The art of the possible will be the battlefield that determines the winners and losers of tomorrow's business ecosystem.



developerWorks: Sign in

Required fields are indicated with an asterisk (*).

Need an IBM ID?
Forgot your IBM ID?

Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.


All information submitted is secure.

Dig deeper into Business process management on developerWorks

Zone=Business process management
ArticleTitle=Governance in the age of APIs and social interactions