Posted by Jeff Papows on Tue, Mar 09, 2010 @ 12:44 PM
Sure, we've been hearing for a while how citizen journalism has transformed the traditional role of the reporter. What I don't quite understand is why the IT analyst community has not been turned on its head in a similar way.
Don't get me wrong, IT analysts have historically provided great feedback, helped to avert potentially bad product introductions and have been known to provide valuable, third-party feedback, especially when it comes to big purchasing decisions. Please note that is an historical view.
I know I'm not the first to complain about the hired guns business model employed by the traditional analyst firms and I'm sure I won't be the last. What I have noticed lately is the non-committal tone of every interaction with the analysts that require retainers in order to dial their switchboard.
As part of an extensive research project that I worked on this winter, I contacted a few analyst firms to gather their opinions on a particular subject. It was a simple, ‘what do you think about XYZ' type of dialogue. Even when I couched the question with a disclaimer that I was merely seeking their professional opinion and understood that it didn't necessarily reflect the views of their employer, the analysts that I contacted wouldn't or couldn't respond.
And those that did provide a bit more than name, rank and serial number were so averse to taking a stand or expressing an opinion that I pondered whether or not they were victims of a recent invasion by body snatchers.
In an effort to continue my research, I decided to steer away from the Stepford analysts and happily discovered the world of the independent analysts. Folks who really know what they're talking about, aren't afraid to share an opinion, and let me know exactly where I was right and more importantly, where I was wrong in my hypothesis.
These are the analysts who have either worked in the big machines and/or have gained an in-depth knowledge of the industry by working side-by-side with clients -- not from pontificating from ivory towers.
Folks like Dana Gardner at Interarbor Solutions, Joe McKendrick from Evans Data Corp and ZDNet. I gotta say, ZDNet and eBizQ give these independent spirits a good amount of air time via their blogs, events and news reporting. There should be more venues for them beyond traditional blogs and you should consider them before you write another one of those big checks as part of your protection fees.
It's time for all of us to really re-think our approach to IT analyst relations.
Posted by Jeff Papows on Thu, Feb 18, 2010 @ 10:39 AM
Now I know that headline may sound a bit dramatic at first but when you hear about the on-going issues at Toyota and you read a rather frightening New York Times article, "When Radiation Treatment Turns Deadly," about software glitches leading to accidental radiation poisoning, it's not a far fetched hypothesis after all.
Every day we keep learning about these software glitches that are not only affecting businesses but are also disrupting our personal lives and putting our health and safety at risk. Just this week, Alan Paller, director of research at SANS Institute was one of many pushing for dramatic change. He wrote in an email to the team at nextgov.com, "The only way programming errors can be eradicated is by making software development organizations legally liable for the errors. And that can only be done if there is a safe harbor."
There is an industry wide movement currently underway to protect software buyers from being held responsible for faulty code. This news coincides with the annual "Top 25 Most Dangerous Programming Errors" list of the most widespread and critical programming errors that can lead to serious software vulnerability. The list is the result of collaboration among SANS Institute, MITRE and top software security experts in the US and Europe. In addition to the latest rankings, acquisition experts announced new standards for contract language aimed at protecting software buyers from being held responsible for faulty code.
According to Common Weakness Enumeration (CWE), a community-developed dictionary of software weakness types, these vulnerabilities are often easy to find and easy to exploit. Much like a most wanted list, the vulnerabilities on this year's Top 25 are cited as dangerous because they will frequently allow attackers to completely take over the software, steal data or prevent software from working at all.
If ever there was a time to play closer attention to the role of IT governance, it is now. With this in mind, I'm currently working on a webinar presentation with my good friend Joe McKendrick to specifically address how glitches can take down a company. The registrations are starting to pile up and we'd love for you to join us on Tuesday, February 23 at 2:00 eastern to discuss and debate software vulnerabilities in the real world. Here's the link.
Posted by Jeff Papows on Mon, Feb 08, 2010 @ 12:27 PM
Why is this making headlines now? Well, it turns out that the governor wasn’t notified of the situation until late last year because the
IRS had sent the mail to his house instead of his office. In case you’re wondering, the governor doesn’t receive mail at home due to security precautions.
Seems to me that a little
I.T. governance in the state of California’s computer systems may have gone a long way in terms of saving a lot of time and money. In the ideal situation, the software glitch would had been identified and addressed and the system would have accommodated the address redirect.
Instead, this software glitch incurred the administrative expenses of running the erroneous report, sending it through the postal system to an address that doesn’t receive mail and bringing in the IRS for an unnecessary investigation.
Makes you wonder about the entire I.T. infrastructure and how an existing software glitch may affect citizens, especially as we’re in the midst of tax season.
Posted by Jeff Papows on Thu, Feb 04, 2010 @ 09:53 AM
I can't imagine being in Toyota's shoes right now as journalists, customers and consumer advocates are demanding more information as to how exactly they built and shipped so many cars with faulty brakes.
This PR nightmare will continue for quite a while and Toyota's ability to recapture what was once a very strong brand is questionable. There have already been some discussions as to whether they should change their name.
While the details continue to be rolled out, I have to wonder how that software glitch got into the system in the first place.
According to Toyota, the company changed its braking system software in January as part of what it called "constant quality improvements." Company officials are describing the problem as a 'disconnect' in the vehicle's complex anti-lock brake system (ABS) that causes less than a one-second lag. Now one second may not seem like a lot of time to you. However, if you're driving 60 miles per hour, it will be about 90 feet or so before the brakes take hold.
Now you know where I stand on the importance of IT governance. I'm also not going to pretend to know the specifics of the Toyota situation beyond what you've likely read. However, the issue does call into question the broader issue of IT governance and the level that is applied in the software development process at Toyota.
This is not the first time that Toyota has been hung up by a software glitch. In 2005, CNet reported that a software glitch was affecting the performance of the Prius. At that time, Toyota asked 75,000 owners of Prius hybrids to have the vehicle's software checked. Apparently, a software glitch causes the warning light to come on for no reason and in some cases shut down the gas engine.
This story will continue to unravel in the coming days and weeks though perhaps we shouldn't isolate Toyota as glitches are ubiquitous. It's the lack of IT governance that may make the difference in the way that the public views and consumes your product.
Posted by Jeff Papows on Tue, Feb 02, 2010 @ 08:39 AM
I'm pretty excited about our news today regarding the new WebLayers Center governors for IBM's WebSphere MQ.
While we've had a pretty big policy library specific to WebSphere MQ, these new governors will help customers more easily adhere to IT policies as well as security and regulatory compliance mandates. Using WebLayers Center and WebSphere MQ, customers will be able to decrease the amount of potential software development policy violations. This helps curb the incidents that result in those erroneous data transactions that make headlines on a regular basis in the form of software glitches.
You know -- the type of software glitches that deposit funds in the wrong accounts or report inaccurate balances. With a more comprehensive view of the way that messages are routed through WebSphere MQ using WebLayers IT governance software, customers will have greater transparency which leads to better productivity and improved compliance.
To better put this in perspective, let me give you a real world example. Let's say that you're a financial services company. As you know, there are millions of transactions that are routed to various points in the infrastructure before they reach their final destination. Now let's imagine that your company is using WebSphere MQ to ensure the secure delivery of those millions of messages per day including trades, holds and transfers. And now one of your brokers is executing a trade between the US and Europe. There are many 'hops' that the message the broker sends must take along the journey from the US to Europe to execute that trade. Those hops obviously go beyond the walls of the original financial services company and requires security and compliance on all the parties involved in executing the trade. From the financial services company's perspective, WebSphere MQ will make sure that message is delivered in tact to the recipient.
This is one example where WebLayers Center comes in to complement WebSphere MQ. While WebSphere MQ ensures once and only once delivery of those messages, the WebLayers governors make sure that the message queues, or 'passage ways' so to speak are able to securely and accurately move those messages along. Think of WebLayers as the personal tour guide for the messages that prevents them from going down dark alleys, one way streets or dead ends.
Of course, this isn't limited to just the financial services sector as you can easily imagine many other scenarios where there are thousands or millions of transactions that need to securely reach their destination without causing bottlenecks or putting a company at risk for not adhering to compliance regulations.
For the WebSphere MQ enthusiasts -- and there are a lot of you out there -- this adds another layer of assurance that policies are being followed and messages are being delivered. For the business folks out there, what this means is that you'll rest a bit easier through an increase in quality and security of the transactions coming to and from your company.
Posted by Jeff Papows on Thu, Jan 28, 2010 @ 08:41 AM
It was impossible to miss this week's news about Apple's earnings and its new tablet computer this week. While I can remember the less a darker time for them, these days when I think of Apple I think of the enormous success of its apps store that inspired an entire community of developers -- and vendors for that matter -- to foster innovation based on common interests and a market demand for a broader array of application choices.
So I got to thinking why should the apps store developers have all the fun? While open source has its communities and standards bodies are designed to advance the industry using the same lingua franca, why couldn't there be an apps store for enterprise software?
Hear me out on this one.
What if you could develop enterprise software, test it out and get it validated through an unbiased third party that would help you bring it to market. The industry wins through collaborative efforts, vendors win by picking up a sales channel and most importantly the customer wins because the software is certified and validated and will actually work as described on the vendor's website and would likely be improved upon since competition breeds innovation.
Now of course this enterprise apps store wouldn't work for everybody but you've got to think there are some niches that would benefit from this model. Off the top of my head, I could see a place for vendors in the financial services or healthcare industries that offer compliance software. After all, those rules and regulations are already established and the purchasing decisions/competitive differentiators are usually based on how easy they are to use, how secure they are and how well they work.
We're already seeing shades of this with the apps.gov website for federal agencies that's designed to streamline the software procurement process and ensure consistency across different departments (which I actually addressed in a recent post, ‘Why I.T. Governance Will Remain a Top Priority in 2010.')
It's certainly something to think about.
Posted by Jeff Papows on Mon, Jan 18, 2010 @ 03:47 PM
By now, I assume that everybody in the industry is aware of Google potentially ceasing operations in China. Given the cyber attacks on gmail accounts that were supposedly initiated by the Chinese government, it's clear that this story will continue to play out over the next several months. We've already heard from Secretary of State Hilary Clinton stating that the issue has "raised very serious concerns" along with other daily reports on the topic.
While there are many different ways to view this evolving story, the piece that I find most troubling is today's news that indicates that Google insiders may have aided the Chinese government in hacking the gmail accounts of human rights activists.
The tech crowd is pointing to vulnerabilities in Internet Explorer and there is a solid argument about the ability to use IE to hack into the gmail accounts. However, blaming Microsoft technology for the security compromises is about as productive as blaming the gasoline after the arsonist has set the fire.The issue that this whole Google China incident raises in my mind is the role of the government in the Internet and where IT governance intersects the two.
Now I don't expect nor do I want any government to step in and start overseeing the usage of the Internet and search engine results. Yet with the latest news that the cyber attacks are being traced back to insiders, it calls into question the amount of IT governance that was in place.
Could governance have prevented the attacks? No, as that's a far-fetched and unrealistic claim. However, with the right amount of governance in place, rogue applications and activities may not have been allowed to infiltrate the infrastructure. In this instance, it may have been able to alert Google China's managers to potentially compromising behavior before it put the entire operation at risk including the 700 employees in the country.
If Google does cease operations in China, the implications will be pretty far reaching given the search engine giant's presence in the country and its recent expansion into music and the mobile device market. It would be a shame for the company to lose the momentum it's been building in China over since 2005 yet it would be an even bigger shame if it was forced to compromise it's "Do No Evil" mission statement.
I'm going to keep watching this story, as there's likely to be more that unfolds. Meanwhile, I can't help but wonder how much of a difference governance would have been able to make in minimizing the impact of the situation.
Posted by Jeff Papows on Thu, Jan 14, 2010 @ 11:44 AM
I'm noticing that a lot more eyes seem to be on governance these days. Joe McKendrick dedicated some airtime to it in his recent "SOA in Action" blog posts and Dion Hinchcliffe just did an interesting take in his post, "A New Vision for SOA Governance: A Focus on the Social Aspect."
Hinchcliffe brings up the very human aspects of SOA that can make or break an initiative. This can be said about many IT projects that are going to have a widespread effect on a company. I.T Governance is certainly no exception, especially when you consider the old adage, ‘everybody wants governance but nobody wants to be governed.'
Of course, there have other views that don't recognize the importance of governance to the sustainability of the organization as I noted in a previous post calling out David Linthicum's erroneous assessment that cloud computing will put an end to the need to design time governance.
However, the point is that governance is moving out from behind-the-scenes to front and center as we enter the economic recovery zone. And I don't think that it's too much of a stretch to say that the recession has heightened the awareness of and greater need for governance. Here are two main reasons why:
1. Mergers and acquisitions: the speed and size of the recent M&A deals, especially the market consolidation in the financial services sector, is requiring IT efficiently integrate various back-end systems in an effort to accelerate the creation of newly formed entities. With so much at risk, it makes sense that best practices and governance policies are adhered to during the extensive integration process.
2. Cloud computing: with all of the recent debates about the risks associated with cloud computing as outlined in the InformationWeek article, "Don't Rush to Cloud Computing," there are still many companies and government agencies that are adopting the cloud as part of their IT strategy. Governance can help reduce this risk, especially when it's introduced at design time, so that applications and services are based on more solid foundations before they are extended to a cloud environment.
As the IT industry prepares for recovery, most recently forecasted by industry analysts at Forrester citing that hardware and software will bounce back in 2010, governance will very likely continue to be a focal point.
While the road to recovery will continue to be a bumpy ride, I'm looking forward to it.
Posted by Jeff Papows on Mon, Jan 04, 2010 @ 04:12 PM
After a few days away from the office, I came back with renewed enthusiasm for 2010.
As I made my way through my inbox and got caught up on the latest industry news, I was surprised by David Linthicum's Infoworld blog entry titled, "Cloud Computing Will Kill These 3 Technologies." In his post, Linthicum states that cloud computing will kill design time governance.
What makes the blogosphere so great is that we're all entitled to voice our opinions. So I will now share mine in response to Linthicum's post because his view is a bit askew from what I know is happening in the real world.
Now if you've been reading any of my previous blog posts, you'll know that I believe nothing could be further from the truth. In fact, right before Thanksgiving I blogged about the importance of design time governance for cloud computing in the entry titled, "Governance: A cloud computing strategy's silver lining."
The bottom line is this: if we cut corners at the beginning of the development process, we will almost always create gaps in the cloud resulting in the proliferation of bad code and applications. If in fact more services are accessed, sometimes anonymously, from God knows where, in fact the quality of those services now destined to be used and reused must in fact of an even higher quality. Sounds like design time governance to me.
Now you're probably thinking, ‘of course he's going to push design time governance.' And that's true to a certain extent from the perspective of creating and distributing better software throughout our infrastructures especially as services make their way into the cloud. From a practical point of view, I'd tell anybody purchasing technology to select the vendor that's best suited to addressing his or her particular business needs.
But when it comes to the statement that cloud computing is the death knell for design time governance, I simply have a hard time believing this. Especially coming from Linthicum, the pragmatist.
Sure, aspects of design do go away by using cloud-related resources but it's unimaginable that most serious organizations will believe that run time is enough. On the contrary, utilization of cloud resources brings forward new design governance challenges. For example, when and how should cloud resources be used, do they support the proper technologies, functionality and performance we expect?
I'm not sure which ‘runtime SOA players' David is referring to when he says ‘many of the existing runtime SOA governance players support enough design and implementation capabilities that separate design-time tools are not required.' I'm quite frankly shocked at this statement because to the best of my knowledge, most of those runtime SOA governance players support little to no automated design time governance.
I suspect the theory that cloud computing will kill design time governance is up there with other marketing campaigns that declared XYZ technology is dead. Sure, they make great headlines and get some of us all worked up but they're not very practical or realistic.
If anybody knows who those existing runtime SOA governance vendors are that can supposedly obliterate separate design tools, please drop me a line at jeff@weblayers.com or comment below on whether or not you think the cloud will kill design time governance.
Posted by Jeff Papows on Tue, Dec 29, 2009 @ 01:19 PM
Like everybody else at this time of the year, we look backwith the hope that perhaps we've learned something in the past 12 months. And if you're like me, we're alsolooking forward in anticipation to a new decade.
The past year was certainly an interesting one and we havehopefully gotten through the worst of one of the worst recessions I canrecall. We were also witness tosome major industry shifts including Oracle's purchase of Sun,Microsoft's launch of Windows 7 and Twitter's ability to bea viable source for breaking news.
When I first started blogging last February, the talk around the water cooler was whether or not SOA was dead and when the economy would fullyrecover. The more things changethe more they stay the same.
As I thought about some New Year's resolutions, I started tothink about how we could all use a little more governance across theboard. Not just for ourinformation technology infrastructures but across all other aspects of ourindustry such as media, the blogosphere, the analyst community, and our overallapproach to mitigating all the potential risks in our business.
So here are three resolutions I've decided to adopt. All are relatively easy and are probablynot too far from what you're already thinking about as next year approaches. In 2010 I resolve to do the following:
1. In a recent conversation with industry analyst Dana Gardner from Interarbor Solutions, he aptlypointed out that you really can't successfully engage in cloud computing unlessyou have a sound SOA infrastructure so the notion that SOA is dead, is, well,dead.
2. Tocarefully evaluate every trend that seems to catch fire in the blogosphere andassess it on its own merits with regard to industry relevance and what actuallyconstitutes news. It's far tooeasy to read headlines without the actual story or take so-called news items atface value simply because they appear online. It seems to me that the blogosphere could use a set ofgovernance policies to better mitigate the risks of inconclusive reporting.
3. Along those lines, I resolve to also pay closer attention to critical issues andtrends that will have far reaching effects on our IT infrastructures. Infoworldactually did a great round up on "The Top Underreported Tech Stories of 2009" citing the issues around the wireless spectrum and broadband availability as well as the dark side of cloud computing and its legal ramifications along with eight other under reported stories that will most certainly be part of our conversations in 2010.
Ah, three simple resolutions and none of themrequire that I restrict calories. If you have some resolutions to share, drop me a line at:jeff@weblayers.com