In the survey recently published on the relation of SOA and Identity Management and the status of the SOA Governance which we developed together with Ernst & Young, it has become clear that one of the larger problems of IT is the silo structuring. IAM and SOA are equally separated silos like the areas of BSM. There are exceptionally few suppliers who strive after a closer integration of BSM and IAM.
The problems emerging from such silo thinking are obvious. The survey shows clearly that a stringent, continuous and renewable safety concept is missing for most implementations of SOA-based applications. This makes the external management of safety, auditing or the software audits difficult up to impossible, in any case more expensive than is necessary.
There is a clear necessity to look beyond the edge of the silo also in the BSM and IAM fields of conflict. The basic approaches to deal with Services like it is defined by ITIL can be applied in every kind of Service. A part of Identity Management-Services is already to be found in ITILvS. One can apply the methodology just the same on Software-Services like Web Services as well as other Identity Management Services not considered as standard services by ITIL.
A second aspect is the Identity Service which is increasingly defined. Whether one considers Oracle's SOS, takes the SAP notices to NetWeaver Identity Services or realizes one's own concepts for application security infrastructures: There must always be reliable services after the service-interfaces used by programs. SLAs are needed here for example, as well as Service Management. And here again we are automatically with ITIL and BSM.
The third point is the reckoning. Services are a good starting point for an improved reckoning and traceability of IT in the future through their granularity. In order to do this, one must know in context of which user, which group or which role the service will be used. Only then can the costs be correctly allocated.
This connection is naturally the same for the security. One must be able to control the access to Services - and that is a condition of IAM.
Thus there are many places in which IAM, BSM and SOA must grow together. This will however only succeed if the existing silos in the IT-organizations open, at least so far that the advancement of the mentioned topics all pull along the same line. This unavoidable redefinition of IT-organizations is a CIO-task. Those who ignore it will not be in the position to solve many of the fundamental challenges of IT successfully.