Linking in to Linkedin

It was with great reluctance that I eventually succumbed to become a member of Linkedin.  I thought that given I am a member of Facebook, Yahoo, MSN and MySpace as well as running my own wiki and blog sites and having at least a dozen corporate and private communication systems that would be enough to keep me connected in this wonderfully collaborative world.  How wrong I was, it would seem that Linkedin has become the de facto business card.  Actually I stopped using business cards years ago when I found it was relatively easy to swap contact details through Bluetooth on our mobile devices.  A small digression here, those of you that read this blog will know I am a big Apple fan, there is an fantastic app on the iPhone called ‘Bump’ that allows you to swap contact information with other iPhone users simply by bumping the phones together, how cool is that?   Back to Linkedin, it would seem that the commercial world is waking up to the collaborative nature of consumer based social networking.  Linkedin is clearly a commercial social networking site and can hardly be considered a ‘fun’ place to go and interact with friends, however, it is an incredibly powerful tool for those of us looking for experts in specific fields.  It does link well into other social networking activities.  Such as blogging.  The observant among you will notice that my blog rate over the past few months has been very poor.  I will hasten to say that this in not because I have nothing to say, but I have been evaluating the relevance of blogging to my industry.  Interestingly, although the hit rates to my blog have declined significantly, it seems my back catalogue is still generating interest, the most viewed topics being SOA and SaaS.  So why am I writing this blog I hear you say?  I made the mistake of linking my Linkedin profile to my blog and it very cleverly displays the last two blogs on the Linkedin site.  I have been named and shamed into keeping my ramblings current.

Security in the cloud – revisited

It is astonishing to think that over 100 IT leaders at the Computer World conference in Orlando believe “Cloud computing vendors such as Amazon and Google aren’t prepared to meet the needs of corporate IT particularly when it comes to security” as indicated in the article “Cloud computing fails to meet security concerns” in Computer World UK . It is a sign that cloud computing is being taken seriously by the IT community if the conversations are now around security, it implies that there is real functionality available. However, as with all security issues, the buck cannot be passed to the vendors or the service providers, at the end of the day the responsibility and accountability sits with the owners of the information who are looking after the concerns of their customers, in other words the very corporate IT guys who are making the complaint in the first place. See also my previous blog on this subject that may give some pointers on how to resolve the problem – Security in the cloud

Twitter – viral advertising at its best

If you want to demonstrate that your company is social network savvy, then you could do no better than follow the lead of Skittles…yes Skittles, those little multi-coloured munchies from the Mars brand. I’ve never been a real fan of Twitter. I find it a bit conceited  to think that everyone I know wants to know where I am or what I am doing all of the time, but my view has not stopped Twitter becoming one of the fastest growing phenomena of recent times.  One of the more power attributes of Twitter is the ability to do really fast searches on the content of the messages posted.  So those very clever marketers at Mars have used the search function to find out how many people are tweeting about Skittles and have handed over the Skittles home page to Twitter to display the results.  Amazing – on several counts.  Skittles get to show how street-cred they are (is it still okay to say street-cred, or have I just lost my street-cred?) and hit the right audience for the product, they get a whole load of free advertising on Twitter itself because all of the twits want to see their names on the Skittles site and they act as a free advertising site for anyone who adds the word Skittles to their Twitter post.  While writing this blog I saw multiple posts from an enterprising small company selling notebooks and one post from kevin7kal: who wrote “saying Skittles puts you on the front page of http://skittles.com I hope they’ve got some spam control figured out”  clearly they have not.

                   

Business Process Management – by evidence

Many of my customers have been asking with rather more urgency in recent times if I can help them streamline their business processes and take out cost.  This is of course what IT is all about, however over the years we have been guilty in the industry of complicating things rather than simplifying them.  In the past when I have suggested the first thing to be done is to map the as-is situation to better understand where improvements can be made, my suggestion has been met with groans and comments like “so you want me to pay you for a bunch of people to come in to be trained in my business processes… and then you will give me some advice” and in truth my answer, albeit dressed up with lots of business benefits statements, has been yes.   seemingly, there is no way around this, too many ‘improvement’ projects have failed due to a lack of understanding of the current situation.  True there are a number of tools available to map business processes Singularity have a mapping tool associated to their BPM suite, as do Metastorm with their business process analysis tool and of course the big players like Oracle have very comprehensive tool kits that include what-if scenario tools.  However, all of these tools require a consultancy exercise to discover the information, process flows and business intent and then they simply reflect what was at best already documented or at worst what was in peoples heads.  True, most of these BPM tools can then go on to automate or at least partially automate the creation of a new system, but the base they start from, the as-is position, may not be correct.   I was therefore delighted to find a tool that presents evidence of the as-is situation through an automated process that uses data generated from applications and systems.  Now I have to declare an interest here, the tool comes from my parent company, Fujitsu, in Japan, but I have not seen anything else like it in the market so thought it was worth a mention.  The tool is called BPM-e (Business Process Management – evidence), it does not work for everything but is suited to back office functions where a history is kept of activities required to fulfil a task, things like debt management, product queries (helpdesk) or even established activities like HR and payroll, where ever there is an electronic log.  Information from the history log is simply fed into the tool and the process map (with all of its flaws, repetition, dead ends) is automatically generated.  Brilliant.   I now have a new answer to those as-is skeptics and one that is based on evidence not hearsay.

                   

Security in the cloud

There is hardly a day that goes by without another IT security problem being reported, security is high on everyone’s agenda and is of course big business.  Security in the cloud (or more accurately, lack of security) has often been cited as the reason why large corporations will not entertain cloud based solutions.  The thought of sharing an infrastructure, let alone an application with others in a virtualised environment is enough to give an already nervous CIO the shakes for days or weeks.  The reality however is that security problems are more often caused by individuals, in the PGP Corporation annual survey 2008 Annual Study: UK Cost of a Data Breach one of the key findings was “70% of all cases in this year’s study involved insider negligence, emphasising that more needs to be done to educate staff on the importance of safeguarding information”.  This view was strengthened by another more humorous finding (reported in Computer Weekly) by the  NCC Group who anonymously distributed a link for the “Bish Bash Bush” game to 14,000 senior executives of blue chip companies including the FTSE250. The result was that more that one third were willing to open the game and play it without knowing where it had come from.

It is clear that even within the corporate environment it is possible to not just play Bish Bash Bush, but to also use many ‘cloud’ based applications without reference to the IT structure or security policies within the company.  I can produce most of my documents through Google Docs, do my e-mail through Hotmail, collaborate through wikidot and of course blog through WordPress.  These are the free applications.  If my IT organisation is more forward thinking, I can use many of the new external subscription services  like, LotusLive for collaboration, CloudMeeting for video conferencing, expense payment services through Global Expense, HR and payroll from Workday, customer relationship management from Right Now Technologies or the poster child itself Salesforce.com (as a side note and maybe for another blog, there is in interesting view from the Lawson CEO Harry Debes who has been recently reported by the Computer Business Review to say “Salesforce.com is heading for a fall, taking the Software as a Service market with it”… brave man) and of course we must not forget Amazon Web Services which can provide much of the above from a single source.  But… are they secure.

Well of course they are.  As IT services and infrastructures they are probably more secure than the majority of the UK’s companies IT.  It never ceases to amaze me when I visit a customer how many of their business critical assets are sitting in cupboards with key press locks.  One of the things you can say about the established cloud providers is that their assets are in secure data centres.  In addition they will almost certainly have more than one data centre, distribute data effectively and have rock solid policies in place for backup and restore.  The nature of the cloud means that it is a centralised service, this means that there will be a more efficient security patching (as well as centralised bug fix and feature patching and upgrade).  With data stored centrally in the cloud there is less need for laptop or removable media storage.  Finally there will naturally be a central security expertise right the way through from network, service, OS and applications.

This is all well and good, but at the end of the day the choice of cloud provider comes down to trust.  The responsibility (and liability) for the security of data is with the company that owns it not with the service provider.  Simple questions have to be asked; is the service provider reliant on third parties, are they security vetted to the appropriate level? If the data is distributed, does any of it go off-shore?  What are the management policies in assigning and closing accounts? (in the PGP study Identity and Access Management was cited as one of the top two technology responses following a data breach), In a shared environment who has access rights across services?  what happens if the service provider goes out of business?  None of these questions are new, they are the same ones asked of any service provider or outsourcer.  Large corporations have to ensure that they do not abdicate responsibility to the service provider but instead use the most important asset they have, the information security officer, to ensure risks have been assessed against the potential benefits to be derived.

                   

What is the GDrive really about?

The Guardian reported this week that Google will be launching the much watched GDrive service later this year and decided the best angle for the article was to concentrate on the privacy issues associated with one company (Google) holding all of our personal data centrally.  They suggested “it would give the online behemoth unprecedented control over individuals’ personal data”.  Well okay in theory this may well be true, in practice however, much of our personal data is already held online in our hotmail accounts, on flickr, by Google apps, staroffice and indeed personal details and preferences are held by just about anyone you have bought anything from in recent years.  So what is the big deal?  It seems that because the GDrive will synchronise all of the files held on your PC there may be an issue if Google is subpoenaed at any time to hand over all your data to the American government… hmmm, do I care… no.  I think there is a much more interesting angle to this story and one that the big software providers are sweating about.  Google are not just playing into the consumer space, they are preparing to take on big business.  Google apps was the starting point, but the GDrive really is a major change, it is not simply about data it is about holding everything including the OS, Applications and data in the cloud.  It is about slimming down the PC to be nothing but a window into the network, a dumb terminal that gets provisioned when it starts up and uses only the resources it needs.  If Google can get this right in the consumer space and resolve all of those industrialisation problems to harden a service for Joe Public, then switching to a much more controlled business network will be a piece of cake.  What IT director does not want to get back to a centrally controlled, centrally run IT service?

                   

Outsourcing – more than just reduced cost

Earlier this week Phil Muncaster from vnunet.com commented on an interesting report from Compass Management Consulting which suggested that the credit crunch was hitting outsourcing providers. The report suggested that “with up front savings now removed from many deals, customers will have to work more closely with providers to gain value from outsourcing deals throughout the duration of their contracts”. There is no doubt that the credit crunch will have an impact on outsourcing providers just as it is impacting everyone else.  However, those of us that have been in the business for some time have long since realised that the simple offer of an ‘up front discount’ will not swing a deal.  Outsourcing buyers are far more sophisticated today, many have already gone through a first generation outsource and are looking for much more.  Certainly customers are looking for a reduction in cost, but they want to see reducing costs throughout the term, they also want to see innovation and transformation built into the contract.  Performance to a service level agreement is not good enough and up front discounts are seen for what they are, sweeteners, and not very effective ones at that.

                   

Safe in IT, but not that safe

I don’t think I have ever seen a more depressing start to the year, or a more confusing one.  There are multiple reports of job losses, EMC have just announced 2,400 job cuts, Dell are to take out 1,900 jobs in Ireland alone, Barclays are shedding 100 IT jobs, Fudzilla reported that even Microsoft was about to shed a substantial percentage of its workforce, and according to computing.co.uk the demand for IT staff is falling at record rates. To top it all Satyam’s CEO has been cooking the books to the tune of a billion dollars.  Should we be climbing to the top of the building to throw ourselves off?  Well not yet according to Computer Weekly “The IT market will grow by 2% in 2009, defying the downturn”, according to Gartner “software spending will grow by 6.6% in 2009“, it would appear that CBR believe the “recession will strengthen SaaS appeal”.  It is true that for a change IT has been hit less than many other industries, the Recruitment and Employment Confederation stated “IT recruiters rated their confidence in current market conditions as 6 out of 10; this was slightly down on the 7 out of 10 recorded at the group’s last meeting in June but showed stability in the sector’s economic outlook”.  This is probably down to the realisation that so many cuts have been made in IT over the past 5 years, there is nowhere else to cut. This might be a good year for IT outsource companies.  And with interest rates hitting an all time low at 1.5% I am very tempted to increase the mortgage, money has never been so cheap.

                   

Intelligent enough for Business Intelligence?

It has been a bit of a slow news week in tech circles this week apart from the usual rehashing of; the recession strengthening SaaS; the down turn having a positive/neutral/negative (delete where applicable) impact on the IT industry and of course the obligatory top 5 predictions for next year.  I thought I would take a quick look at my top 5 predictions from last year, wondering how embarrassed I would be to find none had come true.  Much to my delight, I scored a respectable 4 out of 5.  This year I am not going to make any predictions, far too much is changing and it is too easy to simply say things will get worse.  However, I did come across a ” Top 5 IT Things That Won’t Happen In 2009 Despite Being On Predictions Lists” list published yesterday by CIO.co.uk that made me think.  Not least because the one prediction I made last year that didn’t materialise comes in as their top prediction of something that will not even happen next year. Martin Veitch suggests “… BI is advanced software for advanced people and giving full-scale analysis tools to the troops is a bit like providing a Howitzer to get rid of a mouse – silly and really quite dangerous too”.  I agree.  Much that the BI software vendors would like to believe that the tools they provide can be used by mere mortals, they cannot, there are a couple of reasons for this: 1. to use the tools effectively you need to access the data you are analysing.  No IT manager is going to give access to production systems for real-time interrogation unless the usage pattern of the user is fully understood.  Yes he may provide extracts of the data, but that will require “another IT project to be added to the list”  unlikely to happen next year.  2. the tools are still not user friendly enough, these are tools for techies, they need to be set up and people need to be trained.  Yes once they are set up, they are easy to use but the set up will require “another IT project to be added to the list” unlikely to happen next year.  Well that’s it from me for this year, I wish you all a very Merry Christmas and a Happy New year, back again in January.

                   

BBC, ITV and BT get their act together on web TV

Standardisation may be boring but it certainly makes life easier for both the consumer and provider.  I noted with with as high degree of pleasure that the BBC, ITV and BT are collaborating to develop a common set of open standards for the delivery of on-demand television over the Internet (as reported by Bryan Glick in computing.co.uk yesterday).  I for one, am fed up with having to install multiple players on my home PC to enable me to watch free TV.  I have often wondered why it takes so long for the media industry to get together and standardise the way they deliver content.  Clearly the value they bring to the consumer is the content itself not the delivery mechanism.  The BBC don’t produce TVs, why then produce a BBC specific media player?  I guess you could argue that in the early days it brings competitive advantage, but even this does not make sense, the window of opportunity is so small that any advantage is lost within weeks if not days.  Let’s hope that they standardise in the electronic programme guide (EPG) as well.