eBizQ on their SOA forum just posted a threaded discussion topic which got a few of us on "team SOA" talking: 

How Will SOA Vendors Adapt to the Emerging Cloud Paradigm?

This eBizQ thread is thought provoking all the way around about what changes and challenges Cloud can impose on IT organizations planning to source Cloud-based services in their solutions and whether the products and capabilities delivered by what have been traditionally called SOA platform and/or SOA governance vendors will continue to be useful for IT as they move to leverage Cloud.  I think it's key to think hard about these questions, with a perspective of what IT is going to need and what today's solutions actually do...perhaps with more of a focus on the people and processes rather than the underlying technologies enabling these kinds of solutions.

I firmly believe that governance is a must-have for adoption of Cloud services or applications.  In Dave Linthicum's blog, he states that design-time SOA governance solutions may be at risk.  There are, at least, three different aspects to the adoption of Cloud-based services which should be familiar to those who have been effectively employing SOA Governance solutions thus far:

1. Establishing the relationship between enterprise IT and a cloud-based service provider (regardless of the kind of service being consumed) demands some measure of process.  Enterprise IT should broker the selection, procurement (incl. negotiating payment terms), and publishing/exposure of approved cloud-based services to their internal constituents.

2. Next, applications built to leverage cloud-based services (either Infrastructure-as-a-Service or Platform-as-a-Service) are going to have to be built to comply with the constructing organization's design-time goals (to ensure quality, interoperability, performance, backward and forward compatibility as examples).  As a sidebar, I have seen poorly performing applications written in a wide variety of technologies.  But, in the context of cloud, you will absolutely PAY for more CPU, etc. based on usage.  It seems prudent that performance validation is essential when consuming IaaS.

3. Finally, comprehensive lifecycle governance that drives consistency through shared best practices and policy management becomes even more critical as organizations continue towards a mixed mode of service delivery (i.e. a combination of in-house, on-premise applications either built or bought along with an outsourced or off-premise XaaS offerings). Enterprise IT is still responsible for ensuring a stable and reliable compute platform for their business stakeholders regardless of the means upon which that is delivered.  In addition, the monitoring and enforcement of a variety of corporate (or other regulated) policies is also still up to traditional IT departments to enforce; regardless of the ways in which these composite systems are assembled.

What we've learned from SOA governance should actually provide IT with the blueprint and tools they need to support these processes and activities.  And,

Products providing technical governance (SOA and otherwise) that don't take a comprehensive lifecycle approach will be less attractive to IT anyway regardless of the adoption of cloud-based services and we are seeing this play out in the market through increasing customer requirements and product evolutions.  What I'm hearing is that organizations want solutions that integrate across the lifecycle from portfolio planning to design and testing to delivery and on-going operations with transparency and sharing of key metadata to drive decisions in real-time.  For example with Cloud-based services, if the teams responsible for operations and ensuring critical SLAs have visibility into the criteria by which the service was designed and tested, they can then know the services' underlying architectural characteristics and how such services will respond to levels of consumption (service elasticity, performance profiles and so forth).  There is much less margin for error in a Cloud model as SLA delivery is assumed and issues can put Cloud vendors out of business.

Governance is about driving best practices, changing organizational behavior and making more intelligent decisions throughout a lifecycle of delivering solutions -- across application development teams and their operations counterparts...whether these solutions involve in-sourced development and integration or sourcing apps and services via SaaS or Cloud-based models.

So my final point?  Yes, "SOA" governance vendors may be at risk; they are at risk of having to change the name of the game.  Governance will be needed even more, but not just for SOA... it's time to get SOA off the island and consider it part of a larger modern IT approach that embraces legacy apps, service-orientation, SaaS and cloud sourced services, events, business processes, Rich internet apps and more.  All of this needs governance, now