Posted by Jeff Papows on Wed, Aug 18, 2010 @ 02:51 PM
A quick scan around our homes and offices reminds us of the great strides the IT industry has made in recent years. From clothes dryers that automatically know when to power down to protect the energy grid to the ability to connect remote countries to the Internet, there's a seemingly unlimited potential to what we can achieve individually and collectively through technology. From the outside looking in, we don't lack for technology innovation; yet from the inside looking out, there are several stumbling blocks that are disrupting progress.
And they're not the obvious issues such as the recession hangover or less venture capital funding. The irony is that technology itself is holding back the technology industry. This is because the more technology we create, the more issues that arise in developing and managing it.
Further, the more connected we are to each other through the Internet, the more those issues will grow because they are no longer isolated to an individual computer or mobile device.
These issues will only become more widespread when you consider that IBM estimates that by year end 2010, there will be one trillion devices including cars, appliances, cameras, roadways and pipelines connected to the Internet and an estimated two billion people on the Web by 2011.
If not properly managed, the result of these massive amounts of technology will be the proliferation of glitches that halt business. Many of these are everyday annoyances such as the inability to access funds at an ATM, flight delays and cash register errors. Others are detrimental to the health of people and businesses such as cyber attacks that infiltrate our energy and water supplies, government data theft and radiation treatments for cancer patients gone awry.
Overall, these obstacles to productivity are indicators that there are holes in the IT infrastructure that leave businesses and consumers vulnerable. The cause of them varies yet a fair amount of them boil down to simple errors that are made in the software development process that aren't caught before the product is shipped and shared across a company or the Internet.
None of these issues are new to the IT industry though managing the complexity behind them is becoming increasingly more challenging. This is especially true when you consider that the undergraduate population of computer science majors plummeted after the dotcom collapse and that demographic is only now starting to be replenished. Adding to this are a retiring population of experts who are responsible for managing the mainframes that run nearly 70 percent of the world's financial transactions. Those experts are not easily replaced because few college curriculums offer the required courses and students aren't as likely to enroll in them because the jobs available after graduation aren't considered as interesting or lucrative as other IT positions.
Yet there are steps that businesses can take now to help reduce the amount and extent of these glitches. Three of these include:
- Create a Center of Excellence (COE): that includes a representative from each department including senior management. The COE is responsible for establishing best practices and processes that are followed by the software development team so that there is less vulnerability in the infrastructure.
- Policy Enforcement: establish metrics and barriers that don't allow software to progress through its traditional development cycle unless it meets the established criteria for quality.
- Cross Train: break down job silos and cross-train software developers so that there isn't an uneven balance of critical skills.
Of course, we can't eliminate all of the issues that will inevitably arise from the ubiquity of technology. Yet with a more focused approach on the way that software is developed from the very first keystroke, we can avoid a lot of the expenses associated with fixing these issues after the fact and trying to win back the trust of customers.
Posted by Carlos Bernal on Wed, Jul 28, 2010 @ 10:33 AM
With the release of more than 90,000 government documents related to military operations in Afghanistan making headlines around the globe, from a technology perspective, it's certainly putting the idea of crowdsourcing into the mainstream.
For those who have heard the term but aren't fully versed on it, crowdsourcing is essentially a way to gather the collective knowledge of the public to complete a business related task. It's based on the premise that the experience and intelligence of an interested community will contribute to the greater good of a project. (The folks over at BNet have a really good summary available here.)
The immediate pluses and minuses of crowdsourcing are somewhat obvious in terms of free labor versus you get what you pay for. However, it's not always that black and white as variables such as size and scope of project as well as the pool of experts in the particular field will impact the outcome.
For example, just look at what the open source movement has done for the tech sector in the past 15 years or so and certainly crowdsourcing aims to take a page from that playbook.
One open source project in particular that I find of high interest is the work around the Jazz platform from the folks over at IBM Rational. They're making software development more collaborative through open source.
The crowdsourcing movement has picked up steam of late in the age of Web 2.0 and the sheer volume of people and tools that are connected throughout the world whether it's through Flickr, LinkedIn, dedicated crowdsourcing websites, etc.
The one area that shouldn't be overlooked in crowdsourcing and open source contributions is the role of distributed management and oversight of the projects. It just seems logical that there needs to be some sort of system of checks and balances to assure that contributed content is valuable, constructive and moves the project forward. This doesn't mean that contributors will be evaluated as that's an obvious turn-off to inspiring group brainstorms.
However, if you're making certain aspects of your business and/or software code available to the public, there should be some sort of oversight of the contributions. And it doesn't have to be obvious. In fact, it may be more valuable if it's run in the background and only presents itself when there's a potential contribution of something that doesn't align with the project's mission.
Of course, there are systems in place at most crowdsourcing sites and code reviews conducted with open source initiatives. These systems often track back contributions, confirm registrations, etc. Though as the aperture opens even wider for group collaboration, it calls for a distributed approach to governing the activities.
Before a crowdsourcing project kicks off or contributions are accepted, consider the role of distributed IT governance as a safety net. The IT community is embracing distributed IT governance when it comes to open source so it stands to reason that crowdsourcing also takes a closer look at the mechanisms in place that foster collaboration while cutting through the clutter and accelerating a project's success.
Posted by Jeff Papows on Thu, Apr 15, 2010 @ 10:38 AM
There's nothing like a tax filing deadline to make us all aware of our dependence on technology. After all, the IRS reports that online tax filing is on the rise with 95 million people having used their e-file system in 2009. According to an article in USA Today, the total number of electronically filed, self-prepared returns was up 6.7 percent from the same period a year ago.
So what does the rush to the tax filing finish line have to do with a blog about technology?
Well, along with reminding us about the onslaught of network traffic, there are several software glitches to be aware of. The folks at Intuit's TurboTax were hit with a software glitch that recently double counted a tax payer's medical insurance premiums as deductions resulting in a claim for a refund that was $600 too large. I have to think this glitch is part of the software code that resulted from a lack of IT governance and that this individual tax payer -- who, by the way, returned the money -- is not the only one who will be affected.
TurboTax is not the only one dealing with a glitch. H&R Block's system has not been modified to address the filing extension deadline of May 10 for those New Englanders affected by the torrential rain storms and subsequent flooding last month. Seems like a harmless glitch at first but as BostInnovation reported, for taxpayers that owe money and are seeking payment plans, the difference between an April 15 filing and one on May 10 can be significant in terms of interest and fees required to take advantage of those payment plans.
Of course these glitches add up in terms of financial losses from taxpayers as well as the time and money that's required to fix them. Just look at the major glitch occurred in March 2007 at the Canada Revenue Agency when a software patch that was supposed to prevent computer failures had the opposite effect and prevented thousands of taxpayers from filing electronic returns. After some heavy pressure from the Canadian press to get at the truth of the matter, it was discovered just this past February that the more than 16,515 tax returns that were filed during a 43 hour 'corruption window' weren't filed properly. The cost to repair the glitch was $2.4 million.
As we become more and more dependent on technology, let's not lose sight of the fundamentals that make it easy and convenient to file taxes electronically. One of the most effective ways to avoid many of these glitches is through a sound IT strategy that prioritizes IT governance so that IT departments aren't spending the rest of the year cleaning up the errors that could have been caught long before taxpayers alert vendors and government agencies to glitches in their systems.
Posted by Jeff Papows on Fri, Mar 26, 2010 @ 11:16 AM
Whether you’re for or against healthcare reform, you have to admit it’s going to cause major shifts that will directly impact IT. Of course, this doesn’t come as a surprise to anybody who’s even remotely involved in managing the infrastructure of a healthcare or health-related organization.
For years, the healthcare industry has been dealing with a somewhat late arrival to IT adoption with regard to building and sustaining infrastructures. And this certainly isn't a knock on the healthcare industry as a whole. It's just that in order to get a full view of all activities in a healthcare organization requires a complex IT infrastructure that needs to support and connect all of the various departments and people in the patient life cycle.
For example, a patient who enters the emergency room for a short visit can easily interact with admissions, the HMO, x-rays, doctors, nurses, and the pharmacist before the information is aggregated and linked to billing and insurance. Now multiply this complexity by the fact that the average emergency room in the United States sees 82 patients per day.
Now when you add in new government regulations -- like we saw with HIPAA a few years ago -- the massive IT undertaking required to adhere to the new healthcare reform can't be understated.
Even for those organizations like Kaiser Permanente and Independence Blue Cross that have built sound IT infrastructures that are based on a proactive approach to IT governance, the new regulations are going to require significant investments of time from both the business and IT groups.
On the upside, however, is the opportunity for the healthcare industry to leapfrog other industries and show how to simplify these complex back-end systems so that the end user -- in this case, the patients -- do not have their care interrupted due to shoddy IT practices.
Healthcare is certainly one area where preventative measures, including IT governance, can go a long way, especially as new government mandates kick in.
Posted by Jeff Papows on Thu, Feb 18, 2010 @ 10:39 AM
Now I know that headline may sound a bit dramatic at first but when you hear about the on-going issues at Toyota and you read a rather frightening New York Times article, "When Radiation Treatment Turns Deadly," about software glitches leading to accidental radiation poisoning, it's not a far fetched hypothesis after all.
Every day we keep learning about these software glitches that are not only affecting businesses but are also disrupting our personal lives and putting our health and safety at risk. Just this week, Alan Paller, director of research at SANS Institute was one of many pushing for dramatic change. He wrote in an email to the team at nextgov.com, "The only way programming errors can be eradicated is by making software development organizations legally liable for the errors. And that can only be done if there is a safe harbor."
There is an industry wide movement currently underway to protect software buyers from being held responsible for faulty code. This news coincides with the annual "Top 25 Most Dangerous Programming Errors" list of the most widespread and critical programming errors that can lead to serious software vulnerability. The list is the result of collaboration among SANS Institute, MITRE and top software security experts in the US and Europe. In addition to the latest rankings, acquisition experts announced new standards for contract language aimed at protecting software buyers from being held responsible for faulty code.
According to Common Weakness Enumeration (CWE), a community-developed dictionary of software weakness types, these vulnerabilities are often easy to find and easy to exploit. Much like a most wanted list, the vulnerabilities on this year's Top 25 are cited as dangerous because they will frequently allow attackers to completely take over the software, steal data or prevent software from working at all.
If ever there was a time to play closer attention to the role of IT governance, it is now. With this in mind, I'm currently working on a webinar presentation with my good friend Joe McKendrick to specifically address how glitches can take down a company. The registrations are starting to pile up and we'd love for you to join us on Tuesday, February 23 at 2:00 eastern to discuss and debate software vulnerabilities in the real world. Here's the link.
Posted by Jeff Papows on Thu, Feb 04, 2010 @ 09:53 AM
I can't imagine being in Toyota's shoes right now as journalists, customers and consumer advocates are demanding more information as to how exactly they built and shipped so many cars with faulty brakes.
This PR nightmare will continue for quite a while and Toyota's ability to recapture what was once a very strong brand is questionable. There have already been some discussions as to whether they should change their name.
While the details continue to be rolled out, I have to wonder how that software glitch got into the system in the first place.
According to Toyota, the company changed its braking system software in January as part of what it called "constant quality improvements." Company officials are describing the problem as a 'disconnect' in the vehicle's complex anti-lock brake system (ABS) that causes less than a one-second lag. Now one second may not seem like a lot of time to you. However, if you're driving 60 miles per hour, it will be about 90 feet or so before the brakes take hold.
Now you know where I stand on the importance of IT governance. I'm also not going to pretend to know the specifics of the Toyota situation beyond what you've likely read. However, the issue does call into question the broader issue of IT governance and the level that is applied in the software development process at Toyota.
This is not the first time that Toyota has been hung up by a software glitch. In 2005, CNet reported that a software glitch was affecting the performance of the Prius. At that time, Toyota asked 75,000 owners of Prius hybrids to have the vehicle's software checked. Apparently, a software glitch causes the warning light to come on for no reason and in some cases shut down the gas engine.
This story will continue to unravel in the coming days and weeks though perhaps we shouldn't isolate Toyota as glitches are ubiquitous. It's the lack of IT governance that may make the difference in the way that the public views and consumes your product.
Posted by Jeff Papows on Tue, Feb 02, 2010 @ 08:39 AM
I'm pretty excited about our news today regarding the new WebLayers Center governors for IBM's WebSphere MQ.
While we've had a pretty big policy library specific to WebSphere MQ, these new governors will help customers more easily adhere to IT policies as well as security and regulatory compliance mandates. Using WebLayers Center and WebSphere MQ, customers will be able to decrease the amount of potential software development policy violations. This helps curb the incidents that result in those erroneous data transactions that make headlines on a regular basis in the form of software glitches.
You know -- the type of software glitches that deposit funds in the wrong accounts or report inaccurate balances. With a more comprehensive view of the way that messages are routed through WebSphere MQ using WebLayers IT governance software, customers will have greater transparency which leads to better productivity and improved compliance.
To better put this in perspective, let me give you a real world example. Let's say that you're a financial services company. As you know, there are millions of transactions that are routed to various points in the infrastructure before they reach their final destination. Now let's imagine that your company is using WebSphere MQ to ensure the secure delivery of those millions of messages per day including trades, holds and transfers. And now one of your brokers is executing a trade between the US and Europe. There are many 'hops' that the message the broker sends must take along the journey from the US to Europe to execute that trade. Those hops obviously go beyond the walls of the original financial services company and requires security and compliance on all the parties involved in executing the trade. From the financial services company's perspective, WebSphere MQ will make sure that message is delivered in tact to the recipient.
This is one example where WebLayers Center comes in to complement WebSphere MQ. While WebSphere MQ ensures once and only once delivery of those messages, the WebLayers governors make sure that the message queues, or 'passage ways' so to speak are able to securely and accurately move those messages along. Think of WebLayers as the personal tour guide for the messages that prevents them from going down dark alleys, one way streets or dead ends.
Of course, this isn't limited to just the financial services sector as you can easily imagine many other scenarios where there are thousands or millions of transactions that need to securely reach their destination without causing bottlenecks or putting a company at risk for not adhering to compliance regulations.
For the WebSphere MQ enthusiasts -- and there are a lot of you out there -- this adds another layer of assurance that policies are being followed and messages are being delivered. For the business folks out there, what this means is that you'll rest a bit easier through an increase in quality and security of the transactions coming to and from your company.
Posted by Jeff Papows on Thu, Jan 28, 2010 @ 08:41 AM
It was impossible to miss this week's news about Apple's earnings and its new tablet computer this week. While I can remember the less a darker time for them, these days when I think of Apple I think of the enormous success of its apps store that inspired an entire community of developers -- and vendors for that matter -- to foster innovation based on common interests and a market demand for a broader array of application choices.
So I got to thinking why should the apps store developers have all the fun? While open source has its communities and standards bodies are designed to advance the industry using the same lingua franca, why couldn't there be an apps store for enterprise software?
Hear me out on this one.
What if you could develop enterprise software, test it out and get it validated through an unbiased third party that would help you bring it to market. The industry wins through collaborative efforts, vendors win by picking up a sales channel and most importantly the customer wins because the software is certified and validated and will actually work as described on the vendor's website and would likely be improved upon since competition breeds innovation.
Now of course this enterprise apps store wouldn't work for everybody but you've got to think there are some niches that would benefit from this model. Off the top of my head, I could see a place for vendors in the financial services or healthcare industries that offer compliance software. After all, those rules and regulations are already established and the purchasing decisions/competitive differentiators are usually based on how easy they are to use, how secure they are and how well they work.
We're already seeing shades of this with the apps.gov website for federal agencies that's designed to streamline the software procurement process and ensure consistency across different departments (which I actually addressed in a recent post, ‘Why I.T. Governance Will Remain a Top Priority in 2010.')
It's certainly something to think about.
Posted by Jeff Papows on Mon, Jan 18, 2010 @ 03:47 PM
By now, I assume that everybody in the industry is aware of Google potentially ceasing operations in China. Given the cyber attacks on gmail accounts that were supposedly initiated by the Chinese government, it's clear that this story will continue to play out over the next several months. We've already heard from Secretary of State Hilary Clinton stating that the issue has "raised very serious concerns" along with other daily reports on the topic.
While there are many different ways to view this evolving story, the piece that I find most troubling is today's news that indicates that Google insiders may have aided the Chinese government in hacking the gmail accounts of human rights activists.
The tech crowd is pointing to vulnerabilities in Internet Explorer and there is a solid argument about the ability to use IE to hack into the gmail accounts. However, blaming Microsoft technology for the security compromises is about as productive as blaming the gasoline after the arsonist has set the fire.The issue that this whole Google China incident raises in my mind is the role of the government in the Internet and where IT governance intersects the two.
Now I don't expect nor do I want any government to step in and start overseeing the usage of the Internet and search engine results. Yet with the latest news that the cyber attacks are being traced back to insiders, it calls into question the amount of IT governance that was in place.
Could governance have prevented the attacks? No, as that's a far-fetched and unrealistic claim. However, with the right amount of governance in place, rogue applications and activities may not have been allowed to infiltrate the infrastructure. In this instance, it may have been able to alert Google China's managers to potentially compromising behavior before it put the entire operation at risk including the 700 employees in the country.
If Google does cease operations in China, the implications will be pretty far reaching given the search engine giant's presence in the country and its recent expansion into music and the mobile device market. It would be a shame for the company to lose the momentum it's been building in China over since 2005 yet it would be an even bigger shame if it was forced to compromise it's "Do No Evil" mission statement.
I'm going to keep watching this story, as there's likely to be more that unfolds. Meanwhile, I can't help but wonder how much of a difference governance would have been able to make in minimizing the impact of the situation.
Posted by Jeff Papows on Tue, Dec 29, 2009 @ 01:19 PM
Like everybody else at this time of the year, we look backwith the hope that perhaps we've learned something in the past 12 months. And if you're like me, we're alsolooking forward in anticipation to a new decade.
The past year was certainly an interesting one and we havehopefully gotten through the worst of one of the worst recessions I canrecall. We were also witness tosome major industry shifts including Oracle's purchase of Sun,Microsoft's launch of Windows 7 and Twitter's ability to bea viable source for breaking news.
When I first started blogging last February, the talk around the water cooler was whether or not SOA was dead and when the economy would fullyrecover. The more things changethe more they stay the same.
As I thought about some New Year's resolutions, I started tothink about how we could all use a little more governance across theboard. Not just for ourinformation technology infrastructures but across all other aspects of ourindustry such as media, the blogosphere, the analyst community, and our overallapproach to mitigating all the potential risks in our business.
So here are three resolutions I've decided to adopt. All are relatively easy and are probablynot too far from what you're already thinking about as next year approaches. In 2010 I resolve to do the following:
1. In a recent conversation with industry analyst Dana Gardner from Interarbor Solutions, he aptlypointed out that you really can't successfully engage in cloud computing unlessyou have a sound SOA infrastructure so the notion that SOA is dead, is, well,dead.
2. Tocarefully evaluate every trend that seems to catch fire in the blogosphere andassess it on its own merits with regard to industry relevance and what actuallyconstitutes news. It's far tooeasy to read headlines without the actual story or take so-called news items atface value simply because they appear online. It seems to me that the blogosphere could use a set ofgovernance policies to better mitigate the risks of inconclusive reporting.
3. Along those lines, I resolve to also pay closer attention to critical issues andtrends that will have far reaching effects on our IT infrastructures. Infoworldactually did a great round up on "The Top Underreported Tech Stories of 2009" citing the issues around the wireless spectrum and broadband availability as well as the dark side of cloud computing and its legal ramifications along with eight other under reported stories that will most certainly be part of our conversations in 2010.
Ah, three simple resolutions and none of themrequire that I restrict calories. If you have some resolutions to share, drop me a line at:jeff@weblayers.com