Monday, May 29, 2006

poem Worn

WORN

The weight of weight worn
whole, heavily, drags
the soul, cruel as wool
that keeps within the
heart wrapped in sin as
wet as pent-up sweat.

Monday, May 22, 2006

imho Arch of Governance part 5 of 5

All:

Found content: “Google’s China Problem (And China’s Google Problem,” Clive Thompson, The New York Times Magazine, April 23, 2006, pp. 64-71, 86, 154-156.

My take:

Governance is self-regulation. Sometimes, it’s the defensive crouch of an industry or community warding off the nasty stick of Big G Government, the ultimate uber-authority, which may step in and assert its sway when it feels the inmates can no longer run the asylum.

Self-regulation often involves self-censorship. Learning the limits of the tolerated is what any speaker, publisher, common carrier, or (in the case of the referenced article) search engine must do to survive in an authoritarian system—in other words, in any system in which speech is only as free as Big G Government wishes it to be.

Here, for example, is the self-censorship (hence, omni-censorship) regime that Google has had to internalize in order to do business in China (I’ve bulletized the text to call out the core thesis of the piece):

  • “American Internet firms typically arrive in China expecting the government to hand them an official blacklist of sites and words they must censor. They quickly discover that no master list exists. Instead, the government simply insists the firms interpret the vague regulations themselves. The companies must do a sort of political mind reading and intuit in advance what the government won’t like….
  • “The penalty for noncompliance with censorship regulations can be serious….’You have to understand, these people are terrified, just terrified. They’re seriously worried about slipping up and going to jail. They think about it every day they go into the office.’ As a result, Internet executives in China most likely censor far more material than they need to.
  • “The Chinese system relies on a classic psychological truth: self-censorship is always far more comprehensive than formal censorship. By having each private company assume responsibility for its corner of the Internet, the government effectively outsources the otherwise unmanageable task of monitoring the billions of e-mail messages, news stories, and chat postings that circulate every day in China.
  • “The government’s preferred method seems to be to leave the companies guessing, then to call up occasionally with angry demands that a Web page be taken down in 24 hours….’There’s a randomness to their enforcement, and that creates a sense that they’re looking at everything.”

Notice the word “noncompliance” in the second bullet. Within that is the word “compliance,” which is a hot theme in the IT world now. Compliance is, of course, a measure of the efficacy of governance. And governance, of course, is driven by Big G Government mandates.

As I noted several months ago in this blog, every mandate is a new source of “thou shalt comply” commandments on enterprises and service providers. There are as many “thou shalt comply” religions as there are governments, agencies, laws, and bosses upon the face of the earth. To the extent that you operate worldwide—or even in a single region—how can you effectively comply with requirements that issue from so many rule-gods, who don’t always talk/agree with each other up in the clouds of Olympus, and who are changing their god-minds independently all the time? To the extent that all these rule-gods “federate” (i.e., agree to respect each others’ jurisdictions, honor each other’s decisions, and harmonize their respective approaches), your job (the haplessly hopelessly pliant and compliant clay/mud at their feet) is easier.

What this article makes clear is that the world’s oldest state, largest nation, and fastest growing economy has no single censorship regime. Instead, it has many government bureaucracies who don’t speak with a single voice or wield a single censor stick. An Olympus of squabbling demi-gods. All of them have access to the police apparatus to enforce their multifarious dictates. All sustain a Confucian culture and ideology that prides itself on the righteousness of authoritarian censorship. All insist on small g governance among their subjects, on self-censorship and self-regulation, as a way of keeping the nasty stick sheathed. So, in that sense, all the authorities in China are “federating” with each other.

Governance. Compliance. These are dominant themes in the post-9/11 world economy, interpreted, applied, and enforced in diverse ways in various nations. Here’s my favorite excerpt from this article: “In contrast to the confusion most Americans experience, Chinese businessmen would often just laugh when I asked whether the government’s censorship regime was hard to navigate. ‘I’ll tell you this, it’s not more hard than dealing with Sarbanes and Oxley,’ said Xin Ye, a founding executive of Sohu.com, one of China’s biggest Yahoo-like portals.”

We often joke that the purpose of SarbOx is to keep your CEO out of prison. That’s our Big G Government holding its nasty stick in abeyance.

Yes, there are bad compliance/governance/regulation regimes and not-so-bad ones. I’d place corporate accountability and financial integrity regulations in the latter category. But truly global businesses can’t pick and choose nations in which to operate. And they can’t impose their home country’s political systems and cultural values on the countries in which they are guests.

Global compliance is founded on global compromise and flexibility, not on ideological crusades. Your internal governance regime(s) must conform to the Big G regimes at whose pleasure you remain within their borders.

Jim

Thursday, May 18, 2006

imho Arch of Governance part 4 of n

All:

Found content: http://www.computerworld.com/newsletter/0,4902,110766,00.html?nlid=APP

My take:

Governance of anything is a workflow, of course. But don’t take the word “workflow” in the limited sense of “sequential process.” I use it in the broader sense of “policy-driven flow of content, context, and control throughout a distributed process.” That definition allows the flow to be sequential, parallel, conditional, etc. Allows the flow to be the collaborative give-and-take of human beings hooking up through e-mail, phone, travel, etc.

But of course I have other definitions of workflow that I whip out when the need arises. Another definition indulges my delight in alliteration, characterizing (oversimplifying?) workflow as a set of roles, routes, and rules (i.e., all of which constitute the envelope of “policies” that govern the driving of the flow, per the above definition).

Notice that I place “role” first in that list. The notion of a “role” is the foundation of any business process. In many workflow models, roles are the (actual or virtual) dots that are connected by the routes, which are in turns qualified by the rules that govern the whole process.

Govern the process. Governance. A few months back in this blog, I characterized role as “identity defined in its full governance context,” qualified by the broad attributes of “place,” “process,” and “permission.”

Re SOA governance, it’s clear that roles—human roles—play a critical (gulp!) role in design-time and run-time. In my upcoming Network World feature article on SOA governance, I make the following point: “One of the most effective approaches for SOA governance is to restrict what sorts of new services may be published to the master registry, by whom, with whose approvals, and under what conditions. Increasingly, registries are integrated with workflow features that govern how services are approved, designed, developed, published, versioned, and retired.”

Most of the registry/repository vendors provide varying degrees of support for configurable design-time administrative/approval workflows, based on clear role definitions among developers, SOA architects, etc.

The referenced found-content provides a good discussion of how SOA governance design-time (and optimize-time) roles are changing. I quote it at length: “Business architect. Process analyst. SOA enterprise architect. These are the job titles various organizations are applying to an emerging role being filled by those well versed in business and technology to oversee service-oriented architecture projects. The holder of the new job will be charged with identifying services that can be reused across an enterprise, finding services in a repository, simulating scenarios for the processes to run and determining metrics to measure the effectiveness of an organization's processes. The position will be part of either central IT or a line of business, depending on the company.”

I had a discussion on this same topic yesterday with Aiaz Kazi of SAP, here at SAPPHIRE ’06 in Orlando. Many of their customers are grappling with the proper definition of the diverse roles in governance of SOA that leverages SAP’s Enterprise Services Architecture (ESA), which is implemented in its NetWeaver platform components, mySAP applications, and diverse composite, vertical, and horizontal apps and business processes.

What Aiaz was describing is a new SOA governance design-time role that sits halfway between the IT process architects and the business process analysts (i.e., the tech and business wonks who use their respective visual development and flowcharting tools to specify SOA-enabled business processes at various levels). This intermediate role essentially catalyzes consensus between the business process analysts and the IT process analysts concerning the eventual process, but doesn’t actually get involved in the fine-grained architecting of the processes.

Instead, this role is more of a “process steward” (my term) who makes sure, whatever new process emerges, that it reuses existing business processes to the maximum extent feasible. The process steward cracks the whip and just says no when IT process architects and business analysts attempt to create new, end-to-end, stovepipe workflows that overlap with existing processes, either in their entirety or in significant roles, routes, and/or rules.

In other words, the process steward role enforces reuse of existing business processes—SOA-style—when developing new processes. The process steward oversees the SOA governance process—the design-time workflow or collaborative process--under which business governance structures—as defined by IT process and business process architects—are crafted, revised, and optimized.

Jim

Saturday, May 13, 2006

poem Toast

TOAST

Through these remarks we
mark this moving moment and
bless the bubbly bliss.