"If you don't have a reference architecture in place, the project team will take the path of least resistance," says MomentumSI's Biske. "Reference architectures can be too general, giving the application architect too little guidance, or too specific, giving them no leeway."

Biske also makes a strong argument for reference architectures as part of the review process. "Architectural reviews tie the project back to the reference architecture, but if there's no documentation that projects can be judged against, the architectural review won't have much impact.

Investing in the right tools

Some organizations put off buying registry and WSM tools in the interest of cost, hoping they can show value first and ask for the tools budget later. The problem with that strategy is that you give up some of the most effective incentives you have to establish governance early in the game.

Registries are used for managing and communicating governance artifacts as well as automating key governance activities. Registries are also important for enforcing policies. By setting up a registry for production-level services and writing policies to achieve that status, you can control the properties of services that are used inside your organization. For example, you might require that production-level services meet certain security, identity, and even financial standards. Reviews of the service before it's promoted to production can enforce those policies effectively.