Abstraction is generally thought of as a physical or process layer that enables disparate components or objects to interact in ways that they could not do directly.

While there are many forms of abstraction, they all generally offer a benefit of simplifying business solutions by removing obstacles that are significant, but generally irrelevant to the problem being addressed.

Types of Abstraction

• Data Abstraction: Data abstraction hides the implementation details of data representation. Objects and abstract data types are two forms of data abstraction.

• Virtualization: Virtualization is a form of abstraction that removes or minimizes dependencies on physical resources or implementation details.

• Hardware Abstraction: Hardware abstraction is generally implemented as a software layer that allows programs to be run on different types of hardware.

Governance and Risk Management Implications

Abstraction can simplify GRC solutions by simplifying the implementation and utilization of services, particularly data services because compliance is generally centered on the access and utilization of data. Data abstraction and data persistence services are often ignored in Service Oriented Architecture (SOA) initiatives, which creates GRC challenges. Data abstraction provides a unified solution for accessing and updating:

• Data using different access methods and Application Programming Interfaces (APIs)

• Different types of data

• Data structured in different ways

• Data with different semantics

• Data in different locations

• Data that spans different administrative regions

• Data that spans different technology infrastructures