Interviews

ABI: Mobile Access Revenues Approaching or Passing Messaging Revenues

cweinsch@optonline.net — Fri, 19 Mar 2010 15:46:12 GMT

Carl Weinschenk spoke to ABI Research Practice Director Dan Shey. Shey and ABI this week released a report highlighting global carrier and service provider revenue trends. There are two pieces to the mobile pie: The amount service providers charge for access, and the services that they layer on top of that access. Shey says the crossover point at which revenues from access surpass those from messaging is coming at different times in different regions. Messaging revenues still exceed access revenues in two regions: North America and Asia-Pacific.

Weinschenk: What did you research, and what were the top-line findings?
Shey: In this market data package, we provided forecasts for six different services covering seven different regions. Those six services are real-time communications — primarily voice and a little video calling — messaging, information access for handsets, which is primarily data plans, application downloads, line-of-business applications, mobile broadband mobile device management services and the little bit of revenue from mobile cloud computing services, which is hosted line-of-business systems access. The last essentially is hosted line of business system access, when you have CRM or ERP systems in the cloud and you access them through your mobile.

“Operators are concerned that they are becoming just pipes. But those pipes are very important for mobile business customers because they need to connect to a lot of applications.”

Dan Shey: ABI Research

Weinschenk: You suggest changes in the dynamic between pure data access and messaging?
Shey: The interesting discovery was that access revenues for both handsets and computing devices -- primarily laptops and netbooks -- will exceed messaging revenues, which has been a carrier staple for years beyond 2009. The crossover points are in different regions in different years. The differences can be significant. What we learned is that each region has a particular set of drivers, which influences why the crossover point changes. As we know, mobile messaging always exceeded data access revenues, pretty much. That is true over the last five years, at least.

Weinschenk: So access trumps apps.
Shey: The real key learning is that access, such as Web access and application connections, is critical. It’s important to highlight that. Operators are concerned that they are becoming just pipes. But those pipes are very important for mobile business customers because they need to connect to a lot of applications. I don’t think we should minimize the value of mobile pipes and we should understand that they are important to business customers, which is a higher margin customer. Operators need to ask how they can enhance the value of those pipes.

Weinschenk: Why is the access versus messaging dynamic changing?
Shey: Mobile broadband is the component changing the dynamic between messaging revenue and carrier access revenue. Until probably the beginning of this year, [North American] carriers were happy to price mobile broadband access services high because they were trying to skim the market for business customers.

Next page: Who's Best at Pushing Solutions to Specific Verticals?

Previous Page Next Page

Putting SOA to Work with MDM and BPM

loraine.lawson@gmail.com — Thu, 18 Mar 2010 20:27:54 GMT

Jason Bloomberg, a managing partner at ZapThink, says you'll still hear about SOA this year, but the focus increasingly will be on incorporating the tenets of SOA with other initiatives. In part one of this interview, he explains to IT Business Edge's Loraine Lawson how SOA intersects with master data management (MDM) and business process management (BPM).

Lawson: You participated in a Briefings Direct Analyst podcast earlier this year on what to expect in 2010, and one of the things you discussed was “SOA plus other things?” What did you mean by that?
Bloomberg: It’s important to realize that SOA is really a rather loose collection of best practices. It’s not necessarily a well-defined list where you have some checklist of things to do SOA and if you miss one, you're not doing SOA.

“It’s important to realize that SOA is really a rather loose collection of best practices.”

Jason Bloomberg: ZapThink

What’s happening is architecture teams are incorporating SOA best practices into various other initiatives. It may not be identified as an SOA initiative. So we’re seeing a lot of SOA best practices in cloud computing and master data management and other areas, BPM, where the projects may not be identified as SOA projects, but they're leveraging SOA best practices as, essentially, established architecture best practices.

Lawson: How does SOA work with MDM?
Bloomberg: One of the challenges with MDM is providing flexibility. Simply moving toward a master data model at a large organization doesn’t necessarily give you any more inherent flexibility than you had before.

MDM targets other issues in terms of data cleansing, data consistency and data governance issues. But in order to introduce flexibility where you provide the ability to respond to change in requirements, a key element is to build service abstraction - essentially data services that abstract the underlying data stores.

That’s essentially where SOA and MDM efforts overlap, at the data services abstraction. SOA gives MDM more flexibility and MDM gives SOA better data consistency and data governance.

Lawson: You also said that CIOs still aren’t getting BPM and SOA. What aren’t they getting?
Bloomberg: In many cases, BPM efforts are still entirely business-centric efforts where they're managing business processes within the lines of business and the CIO is focused on the technology part of the story, where they're thinking about process automation in the context of the existing technology environment.

But really these should be two sides of the same coin, right? The reason that you wanted to automate processes is to help the business better manage them and the way that the business can better manage the processes is to leverage IT capabilities to support flexible automation. So these two efforts really should be very closely coordinated. But in many cases, they're still separate.

Lawson: Is it possible that’s because both BPM and SOA are really hard and companies want to tackle them separately?
Bloomberg: Well, they are hard in many organizations, but I think it’s really more a question of who’s in charge of the various parts of the story. If you have an organization where you have different groups or silos, well, the CIO is going to be focusing on the IT part of the story and the business process people -- typically the product managers -- are going to be focusing on the process issues. And the product managers, they know the technology plays an important role, but don’t necessarily understand how well the technology can support process optimization in the context of complex processes that organizations are looking to optimize in the typical enterprise environment.

Mitigate Risk of Insider Threat by Monitoring Inside User Activity

Lora.Bentley@narrowcastgroup.com — Wed, 17 Mar 2010 21:47:21 GMT

The Transportation Safety Administration made the news not long ago when a former employee was indicted for attempting to corrupt TSA databases. Lora Bentley spoke with PacketMotion marketing VP Jonathan Gohstand about the risk insiders can pose to company networks, especially those administrators who "hold the keys to the digital kingdom," so to speak.

Bentley: We've all heard that insider threats to a network are often more dangerous than external ones. Why is it that in so many instances where an insider "goes bad," management appears to have been oblivious?

Gohstand: We see a few issues consistently that create this vulnerable environment. First, executive management is frequently not IT savvy, and is therefore in a weak position to ask the tough questions of the IT staff. The IT folks, on the other hand, may not see a problem if they conclude that the rules “don’t apply to them.” Finally, although organizations generally claim they are aware of the potential for insider threat, their actual spend on IT security reveals almost all of it goes to either protecting the edge of the network, or to fighting malware. Very little goes to monitoring and controlling internal user activity.

Bentley: Is it possible to avoid having a so-called "super-user" by segregating duties or some other method?

Gohstand: While it’s unrealistic to eliminate “super-users,” there are several things that can be done to mitigate risk. By far the most important is to implement audit controls specific to privileged accounts, with an element of segregation of duties to make the control viable. A surprisingly common problem is the use of super-user accounts where they are not required, creating additional risk. For example, an application uses a database admin-level account to interface with its back-end database. There’s no need for that, but no one wants to touch it because they are afraid the application will break. When we talk to companies with this situation, they always admit it’s a terrible practice, but it’s one they typically don’t address until an audit finding has been created, at which point it may be too late.

Organizations with deeper pockets can implement more advanced solutions that create temporary super-user accounts for specific activities, tied to specific administrators.

Bentley: What is the most common mistake you've seen companies make in this regard?

Gohstand: One of the biggest problems is that companies fail to insist on super-user accounts tied to specific administrators. Instead, they stick with the default admin account (e.g., “administrator”) and share it among the IT staff.

Bentley: If even the Transportation Safety Administration can't prevent insider hacks, how is a small to medium-sized business supposed to combat this type of threat?

Gohstand: The key is to focus on operational efficiency when creating the security architecture. It doesn’t matter how good the tools are if the limited staff available can’t realistically use them. The advantage for smaller to medium-sized businesses is that it’s typically easier to identify the assets (servers, applications, etc.) that are really mission critical. Then implement a simple, consistent control model across this asset base.

CIO Conversations: The University of Kentucky's Vince Kellen on Challenges and Opportunities

ann.all@narrowcastgroup.com — Mon, 15 Mar 2010 18:01:24 GMT

In part one of a two-part interview of a two-part interview with Ann All, Vince Kellen, the CIO of the University of Kentucky and a senior consultant at Cutter Consortium, discussed the importance of business experience for CIOs and addressed the challenges of the CIO role in higher education. Here he goes into more detail about his work at UK and explains why he thinks most CIOs complain too much. As his Cutter bio says, Kellen's 25-year experience "involves a rare combination of IT operations management, strategic consulting, and entrepreneurialism." Before UK, Kellen served as VP for Information Services at DePaul University, where he was named a member of CIO magazine's Top 100 in 2007.

IT Business Edge hopes this will be the first in a regular series of conversations with CIOs. If you'd like to suggest a CIO, please e-mail Ann at ann.all@itbe.com.

All: Can you tell me a little more about your organization? What's your staff size and budget? Is it a centralized structure?

Kellen: We’re about 250 full-time and full-time equivalencies in central IT. Our budget size is in the $40 to $50 million range. We’ve got a hospital IT unit of a similar size, and then some much smaller IT units at some of the colleges.

“I think the greatest challenge is how to develop the skills to incorporate executive-level business acumen with strong technical acumen. It’s a failure to do this that gets the CIO fired.”

Vince Kellen: CIO, University of Kentucky

Universities tend to be federated, with anywhere from 30 percent to 60 percent of it centralized. The larger the institution, the more likely it is to be decentralized. There is a strong center of IT at all universities. Typically we provide network infrastructure for all, ERP application infrastructure for all, learning management infrastructure for most. The colleges generally have their own support staffs within local units to support faculty and students. Especially when you get to faculty and teaching, support tends to get even more decentralized because teaching differs from college to college. So the role of technology in that will vary significantly. You need IT people that understand the college really well working closely with the faculty.

All: So is coordination and communication with dispersed staff a challenge, much like it is at private companies?
Kellen: It’s a bigger challenge. We’re herding cats in higher education. We’ve got lots of units, moving fast. You have to try to coordinate that and make sure people are aware of what everybody else is doing. You have to develop a plan with standards everybody understands. You need to make sure when people improvise with micro-decisions, that they are doing it appropriately. It’s a lot of coordination of IT across the enterprise and making sure the planning processes are pretty well organized.

All: Do you use any tehnologies that are helpful in that regard?
Kellen: Certainly there are all sorts of technologies -- e-mail, wikis, blogs, Facebook, knowledge management systems, Twitter. That’s not so much the issue. The issue is getting people to know each other better and to want to work together. It’s more of a human challenge. We’ve got tons of ways to share information. But you’ve got to create a culture that really values that type of collaboration. Fortunately the budget pressures we’re under now are helping to facilitate that.

All: Really? How?
Kellen: People are looking for somebody else to provide a service without them having to pay for it. Trying to leverage somebody else’s investment is top of mind right now at all of our units. And that’s a good thing.

All: The idea of centralization seems to be enjoying renewed popularity, with the down economy.
Kellen: The real concept is efficiency gained. Centralization is a tool to get there, but it’s not the only tool. You can also use well-orchestrated federation. When you say “centralized,” that denotes a hierarchical model in which everybody obeys the boss. I like to point out that all organizations are hierarchical and centralized. They all report to the CEO or president. So the more you centralize, the more you create management layers to handle the centralization. And then you have a new problem, a big central unit and the parts of the unit aren’t talking to each other. Sooner or later, you replicate the CEO challenge.

So I call it the myth of centralization. What you want is efficiency gained, and there are management tools to try to get that. Centralization is one, decentralization is one, collaboration is one, standards are one, governance approval processes are another. There’s a whole set of tools you can use.

All: What are some of the top projects you are working on now?
Kellen: One of the things we’re into is helping redo how we teach our core undergraduate curriculum, our general education curriculum. We’re trying to get better outcomes for our students. We’re focused on student retention and getting them to graduate. So we’ve got two pushes: improving how we teach and then doing everything we can to help make students successful.

All: What are some of the tools you're using for these projects?
Kellen: On the teaching side, there are ways of teaching that are better, getting students actively engaged instead of sitting and listening to a lecture. So if you have a large lecture room, can you reduce the lecture time and increase the collaborative time? That involves some technology, especially for virtual communication and collaboration.

It’s also use of technology. Today when you produce information for a class, you’re not just writing papers, you’re producing all sorts of things. So information literacy, with both visual and textual information, is important. When students start to engage in multiple ways of expressing their knowledge, they’re deepening their knowledge. So if we can get them using all these different elements as they prepare their material, it enriches their understanding. When you get students engaging in different modalities of presentation, it almost always involves technology.

We’re always looking at operational efficiency, how we can do more with less. So there's virtualization within the data center; document image management, replacing paper with images; using workflow tools to help automate workflow. Because we are a conglomerate with different units, there tends to be replication of processes and inefficiency. It’s an ongoing issue in any large organization, whether it’s a university or a business. You just have to keep going through everything methodically and looking for opportunities for improvement.

Next page: How CIOs Get Themselves Fired

Previous Page Next Page

Number of Layers in the Cloud Depends on Your Perspective

acole602@msn.com — Mon, 15 Mar 2010 14:11:41 GMT

Arthur Cole spoke with Jon Toor, vice president of marketing, Xsigo Systems Inc. The cloud may be upon us, but there is still a wide variety of opinions as to what it is and what it can do for the enterprise. Xsigo Systems naturally views it from an I/O perspective, but as VP of Marketing Jon Toor points out, there are many ways to view the cloud depending on your perspective. To gain an meaningful benefit from the technology, you'll need to engineer a close working relationship between server capability and I/O.

Cole: This is an old question, but I think it's still up for debate: What is the cloud?

Toor: I believe the definition is still up for debate partly because it depends on your vantage point. At a high level, the cloud is a model for delivering IT as a service, as opposed to simply delivering infrastructure and applications. This definition works because it separates the service from the physical limitations of a server. With the cloud, the service is not tied to a specific inflexible resource and we get the key cloud attributes of scalability and flexibility.

“At a high level, the cloud is a model for delivering IT as a service, as opposed to simply delivering infrastructure and applications. This definition works because it separates the service from the physical limitations of a server.”

Jon Toor: Xsigo Systems Inc.

But we can also look at the cloud from a lower level. Here we can define it as the set of attributes that enable this server/service separation. Virtualization software is certainly one key element. We would maintain that virtual I/O is another.

Virtual I/O is essential because a service does not exist in isolation. In addition to the server, a service also requires storage and network resources that must be delivered to the right server at the right time. It also requires failover services to ensure high availability, and it needs monitoring services to initiate alerts when issues arise. To deliver an enterprise service, you need all of these elements, and they are most cost-effectively delivered with a combination of server and I/O virtualization.

Cole: The adjunct to that, of course, is what is not the cloud? Or more specifically, where does IaaS (Infrastructure as a Service) end the cloud begin?

Toor: You could argue that all IaaS is the cloud. Some consider it a subset of the cloud, as are SaaS (Software as a Service) and PaaS (Platform as a Service). You can go to IaaS providers today and “rent” processors and bandwidth on-demand, but is that an enterprise cloud? Enterprise users still have questions about data isolation, service level guarantees and disaster recovery capabilities. We will have an enterprise-ready IaaS – and therefore an enterprise cloud -- when a customer can specify all of these parameters when he orders services.

From the cloud provider’s standpoint, getting there will require integration between the server and the I/O. He needs to provision the resources on-demand and quickly free them up when they’re no longer needed. The idea is to have all the assurances of an in-house data center, but at a remote, shared facility. That will require a true real-time infrastructure with virtualized servers and virtual I/O.

Cole: Now, suppose everyone's cloud visions are realized and we have a fully functional cloud in, say, 10 years. What's next?

Toor: Well, in addition to jet packs and flying cars -- I’m still waiting for those -- we’ll see the convergence of mobile resources and the cloud. The desktop is headed to the cloud, so mobile devices become the new personal computing portal. Wireless bandwidths are increasing -- 4G technology will give us 1Gb -- so mobile computing becomes both highly portable and immensely powerful. That combination is sure to unleash a host of new service opportunities.

CIO Conversations: The University of Kentucky's Vince Kellen on Learning the Business

ann.all@narrowcastgroup.com — Fri, 12 Mar 2010 19:58:40 GMT

In the first of what IT Business Edge hopes will be a regular series of conversations with CIOs, Ann All spoke with Vince Kellen, the CIO of the University of Kentucky and a senior consultant at Cutter Consortium. As his Cutter bio says, his 25-year experience "involves a rare combination of IT operations management, strategic consulting, and entrepreneurialism." Kellen previously served as VP for Information Services at DePaul University, where he was named a member of CIO magazine's Top 100 in 2007.

In part one of the two-part interview, Kellen discusses the importance of business experience for CIOs and offers advice on how to get it and also addresses the challenges of the CIO role in higher education. In part two, to be published next week, he goes into more detail about his work at UK and explains why he thinks most CIOs complain too much.

All: As your bio notes, you have a background that involves IT operations management, strategic consulting and entrepreneurship. Do you think this IT/business blend of experience has helped you in your CIO role? Was it easier for you coming to the role from a business rather than a technical background than it would be for a technologist with less business experience?
Kellen: Because of my business background, I came with the expectation that the CIO role was about business and was surprised to find in many cases it isn’t. Many people who have been in the role have been up to their ears in technical issues and hadn’t been able to get on the business agenda. When I started hearing all the debate about business versus tech, it made me scratch my head and say, “Why are they going on about this? It’s pretty clear it’s about business.” I think it has been easier for me in that regard, with the expectation of being a business strategist and business person first. But that doesn’t mean someone coming up through the technical ranks can’t make that transition. It’s a question of personal orientation. How much do you feel like you are the principal shareholder or principal investor, and based on that perspective, how would you run IT?

“How much do you feel like you are the principal shareholder or principal investor, and based on that perspective, how would you run IT?”

Vince Kellen: CIO, University of Kentucky

I grew up in the family business, counting cash in the register and making deposits and not paying yourself so you can pay the employees. So to me, that was a natural state of affairs. Then I went into journalism as a newspaper reporter, then I went into retail management. Then I went into IT analysis work and from there into ownership of a small IT consulting firm. I sold it to a publicly traded company and stayed on as a partner for three years. Someone once told me my resume read like “War and Peace.”

Tech had been a love of my life since my early ‘20s. I looked at my computer as a business tool. I learned how to program so I could use it for what I needed to do in business. I was the person trying to fund the technology, the person producing the functional requirements, and the person designing the system. You tend to perform all these roles in a small business with no money. But it gives you a perspective that’s kind of unique.

Next page: Say Yes to Opportunities to Gain Experience Outside IT

Previous Page Next Page

Planning, Specific Goals Keys to Successful VoIP Deployments

cweinsch@optonline.net — Fri, 12 Mar 2010 16:40:11 GMT

Carl Weinschenk spoke with Amit Kapoor, director of strategic technology advancement for Tone Software. Kapoor says companies must know what they want their VoIP systems to achieve and take a proactive approach to deployment and management.

Weinschenk: What does the landscape for corporate VoIP adoption look like now?
Kapoor: What we are seeing is that there are organizations who really understand the overall concept of VoIP. But as far as how to manage implementation, deployment and maintenance, a lot more questions are being raised in the industry. VoIP has been around for some time, but the vendors supplying those technologies are ever-changing. The real question now is how to achieve the end business objective, whether productivity gains or lowering costs. How do I achieve those with so many options out there? What is best for my business?

“The real question now is how to achieve the end business objective, whether productivity gains or lowering costs. How do I achieve those with so many options out there? What is best for my business?”

Amit Kapoor: Tone Software

Weinschenk: So as more vendors enter and applications get more complex, things become more difficult?
Kapoor: I am not sure “difficult” is the right word. There are more choices. You’ve got VoIP unifying your voice over your data and, now, unified messaging integrating your messaging applications. The combination means a lot more choices. Those choices in turn mean that you must ask the question: What is right for my business? Let’s say right now, for example, a business does a good amount of traditional networking and its costs are high for domestic or international traffic. In that scenario, the company needs to look at the question of how to bring in the VoIP technology needed to address that particular problem. What you frequently find is that as you grow the size of organization, the business objectives start to migrate as well. It is not just the cost savings. It’s also productivity increases. And certainly the organization that is focused purely on just cutting down their toll costs may not need all of the ancillary applications focused on productivity gains.

Weinschenk: Whatever the reasons, you need to have the underlying network in place.
Kapoor: That’s correct. You have different reasons for deploying VoIP, [but] you need to have that underlying infrastructure, whether it is technology, resources or organization in place to manage this transition.

Weinschenk: So what are some of the hurdles?
Kapoor: The interesting thing is that when you talk about hurdles, it varies depending on size. One of them is the complexity. When you are talking about the transition from traditional architecture to a VoIP-hybrid architecture, the complexity of the infrastructure grows There is not one standalone PBX that handles everything. Now it’s distributed. With this comes the diversity. You are probably using best-of-breed technologies to mix and match what you need. As you are now in an environment that is made up of multiple vendor technologies, the issue of fault tolerance -- be it at the IP PBX, the gateways, the application servers or the underlying data infrastructure -- come into play. So that’s one of the hurdles that an organization must overcome. You certainly are creating one more point or juncture that the call must traverse to reach from end to end, while in traditional network, the PBX handles everything.

Previous Page Next Page

Massachusetts Data Privacy Regs: Enforcement Still in Question

Lora.Bentley@narrowcastgroup.com — Wed, 10 Mar 2010 22:40:46 GMT

Lora Bentley spoke with Cynthia Larose, a Boston-based member of the law firm of Mintz Levin, regarding the new data privacy regulations that became effective in Massachusetts as of March 1, 2010. How the state will approach enforcement is still an open question, according to Larose.

Bentley: Massachusetts’ new data privacy regulations became effective not long ago. How are they going to be enforced?
Larose: The enforcement issue is not clear. They’ve been a little reluctant to talk about how they are going to enforce these regulations, so I think that’s a bit of an open question.

Bentley: Why?
Larose: The regulations were drafted by the Office of Consumer Affairs and Business Regulations (OCABR), and enforcement is the responsibility of the attorney general’s office. Completely different offices, completely different people, and every time there’s been a public forum where representatives from OCABR are talking about the regulations and compliance, the inevitable question always is, “Will there be audits? What’s going to happen to people who don’t comply?”

Bentley: Sure. And the response?
Larose: The finger points to the other side of the room and they say, “We’re not the enforcing agency. The attorney general’s office does that.”

Bentley: So how do you advise clients who are asking you the same question?
Larose: If you experience a breach involving the information of a Massachusetts resident, you have to provide notice to the resident, like you do in any state. But in Massachusetts, you also have to provide notice to the attorney general’s office.

Bentley: OK.
Larose: So we expect that’s going to be the trigger for enforcement. As soon as the AG’s office receives a breach notice, those folks will get a call regarding their written information security plan and why it didn’t work. [The attorney general’s office will probably ask] “Do you have a plan in place? May I see it? Can you send us a copy?” and things of that nature before they start a formal investigation or before they send out a letter. They’ll ask questions regarding the plan. And if there isn’t one, if the answer is “I don’t know what you’re talking about” or sort of the glazed-over look, I think that’s when the wheels will start turning.

Bentley: So as long as companies that experience a breach at this point have some sort of a plan in place…
Larose: Even if they haven’t started, even if they don’t have the plan in place now – if it’s not completely implemented, they should start getting something moving and make a good faith effort to comply.

New Data Management Platform Puts Business in the Data Driver's Seat

loraine.lawson@gmail.com — Wed, 10 Mar 2010 18:57:06 GMT

Loraine Lawson spoke with DataFlux's president and CEO, Tony Fisher, about the company's new data management platform just before its recent release. He explained why the new platform includes tools for business users and the difference between DataFlux's platform and Informatica 9.

Lawson: Tell me about your new release – the DataFlux Data Management Platform.
Fisher: It’s something we’ve been warming up to and moving toward for I guess almost two years now, so it’s a big release for us. It’s probably the biggest single release that we’ve ever had in the history of the company, so we're really excited about it.

“A lot of work that we’ve put into this is to drive the business users' understanding of the data -- the ability to allow the business user to view the data, to define business-oriented metadata, to search through the IT infrastructure in terms that are more familiar to the business user.”

Tony Fisher: President and CEO, DataFlux

The way this type of technology typically works, there’s a lot of little point solutions to do bits and pieces of data management. What we want to do is be able to provide this comprehensive platform that’s really based around the technologies of data quality, data integration and master data management, so anything that you need to do from a data management perspective, whether you're on the business side or whether you're on the IT side, is going to be managed and supported by this single platform. One place to go to understand your data infrastructure, to manipulate your data infrastructure, to create the appropriate business rules and quality rules and integration and merging workflows - one place to propagate it out throughout your entire organization, whether it happens to be propagated out via ETL or whether it’s an SOA-based implementation or whether it’s directly into your ERP systems or your CRM systems.

A lot of work that we’ve put into this is to drive the business users' understanding of the data -- the ability to allow the business user to view the data, to define business-oriented metadata, to search through the IT infrastructure in terms that are more familiar to the business user. A lot of dashboard-, reporting- and visualization-types of technology have gone into this release, which is really giving the foundation to the business user who knows the data, who understands the data. So it provides the foundation that allows them to develop the appropriate rules to ensure the data represents the needs of the business.

Then from the same platform, IT can pick those rules up and that information and develop the integration workflows that will populate the appropriate information across the entire enterprise.

Lawson: Please don’t jump through the phone and smack me, but it sounds a little like Informatica 9?
Fisher: You didn’t say that out loud, did you?

Lawson: I did.
Fisher: Informatica has certainly got a lot of the same ideas and some of the same technologies that we have at DataFlux. There’s a number of differences and we can talk about the similarities. But starting with the differences, if you look at Informatica, one of the things that they really pushed hard on with respect to Informatica 9 was this whole business and IT collaboration. But for the most part, I think it’s still very much a work in progress. I think they understand the necessity of it, but I don’t really think they have the relationship with the business community like DataFlux does to really pull that off and that seems to have been borne out in conversations that we’ve had with Informatica customers and with the analyst community. So, right off the bat I think that’s one thing.

I think there’s also a difference in the way that we have arrived at some similar technologies and similar strategies. Informatica has done this by a series of acquisitions. There’s at least a dozen acquisitions that they're trying to integrate into their platform.

We’ve taken a very different approach in that we’ve organically grown the technologies, and so everything fits together much more nicely in the data management platform. We were really fortunate to take a bunch of people from the SAS R&D community who had a lot of experience in data integration, especially in data warehouse and in the ETL technologies, and we were able to take those and couple them with the experience that DataFlux had in the areas of data quality and service-oriented implementations. So it was really a very good marriage of skill sets and we’ve been able to build organically what Informatica is still trying to kind of piece together.

Certainly we both know that Informatica just recently bought Siperian, but we have had MDM (master data management) as a cornerstone for a good while and we approach MDM a bit differently than Informatica does. Informatica is doing what Informatica knows how to do well, and they have a very strong technology play and MDM is going to be yet another technology extension to the platform.

The MDM technologies are wrapped up in the data management platform at DataFlux and MDM becomes much more of a business-oriented process, if you will. It’s the definition of the data models to represent the organization. It’s the definition of the data services that will drive that data model. It’s the definition of the appropriate hierarchy information and consolidation information about the data and the rationalization - and they're all business-oriented decisions that need to be made.

We’ve done what I think is a really good job of providing a robust infrastructure of technology and the ability to manage the business-oriented metadata and the business-oriented master data environment, utilizing the technologies within the platform. So that’s a bit of a difference.

Next page: DataFlux Knows the Business User

Previous Page Next Page

Put Your Ducks in One Row for Investigations, eDiscovery, Compliance

susan.hall@narrowcastgroup.com — Mon, 08 Mar 2010 21:40:56 GMT

Susan Hall spoke with Albert Barsocchini, director and assistant general counsel for Guidance Software. In an article in Real eDiscovery magazine, Barsocchini makes the case for a unified approach to e-discovery, internal investigations, audit and compliance.

Hall: It seems obvious that companies should have a central system for e-discovery, compliance and internal investigations. If companies haven’t had that, how have they managed their data in the past?
Barsocchini: There’s been a big gap with the fact that this stuff has been handled separately. There has been no uniform procedure and protocol for doing these things, knowing they have very similar risks and similar processes. A lot of companies have been very ad hoc in how they handle these things. But because of the judicial pressure and the other underlying compliance pressures, these companies are having to look at this stuff seriously and unify it and have a better, unified process for it.

“There’s not a lot of tolerance in the courts for companies that don’t have some sort of response capability and that’s what’s pressuring companies to start doing something about it.”

Albert Barsocchini: Guidance Software

Hall: With a multinational company, the headquarters might be in another country. Does unifying these systems mean that all information has to come out of one central office, such as that headquarters?
Barsocchini: Well, no. It just means you have a way to reach out and know where the various evidence resides. To attack this, a lot of companies are doing No. 1, what is called data mapping – trying to figure out where everything is, having a master map of the documents – and No. 2 having technology to go out there and grab the information, whether that’s some type of sophisticated document-management system or enterprise search technology to be able to go out there and grab the documents, locating those documents by doing searches across the enterprise.

Hall: If a company needs to anticipate investigations and audits, what would an offensive response strategy be?
Barsocchini: Whatever industry you’re in, whether it’s automotive or pharmaceutical or financial institutions, they all have different compliance requirements, they all have unique auditing requirements. If they go back 10 or 15 years, they can see what kinds of audit and compliance issues have hit them, and based on that, they can find a proactive approach to dealing with it in the future. Once you do have an audit, go back and look at lessons learned and improve upon what you’ve already accomplished using better technology and processes.

Hall: Do companies tend to skip those post-mortems?
Barsocchini: A lot of companies don’t [do them.] It’s a very ad-hoc approach; they’re very reactive. There’s a need for an investigation, it’s a fire drill, they go out there and deal with it. Then they put it to bed until the next one comes up. The smarter companies are saying, “This obviously is going to happen again. What can we do differently and how can we do it better?” …

We see this especially in e-discovery where companies try to go into a court and say, “We’re just so big, we can’t just go out there and effectively find everything.” And the judge will say, “I don’t care. You’re a Fortune 500 company, deal with it.” There’s not a lot of tolerance either in the courts for companies that don’t have some sort of response capability and that’s what’s pressuring companies to start doing something about it.

Hall: What about during mergers and acquisitions?
Barsocchini: I know from attorneys out there dealing with this that it can be a real nightmare. You’ve got these companies with legacy information going back 30 years and trying to merge with them and trying to figure out where everything is … a lot of times they can only deal with maybe 20 percent of the information because they lack the resources to effectively go through it.

Hall: Is part of the problem even finding a common language?
Barsocchini: That’s why communication is so important. In e-discovery, one of the problems was that the internal counsel didn’t understand the complex network, so when they had a production request for a document, they’d hand it off to the IT department or the records-management department to go fetch it. It was that simple. In the paper days, you’d go into a file cabinet and pull out the folders with the applicable information. On networks, it’s much messier and much more spread out. Because of that, they’ve needed to become much more integrated with the IT department and on a regular basis meet with these department heads to figure out where the information is. In federal court, you have a short fuse to get your act together. … These days in litigation, we’re starting to see a lot of front-loading of the process with a lot of searching, a lot of planning … the judges are saying you need to be proactive, there’s just too much opportunity for evidence slipping through the cracks, getting lost, deleted or destroyed.

Hall: Are there steps companies can take during a merger to mitigate the risk while merging these data systems?
Barsocchini: The logical process is to put together a committee of all the department heads, have a document map to determine where all the information is residing – and both companies need to have a good record of what is transpiring as they try to go through all this, and No. 3, set a protocol and they’ll have to use some technology … because you need to be able to harvest information in a way that you don’t alter metadata, in a way that if it’s going into evidence or going to regulatory authorities that it hasn’t been tainted or destroyed.

Hall: So what are the key factors for this technology to have?
Barsocchini: Some of the problems you’re going to be addressing is that you have these sophisticated databases … you’re going to have to have a plan for harvesting information, then you have to look at individual assets, looking at where the information resides. … How are you going to harvest information off e-mail Exchange servers? How are you going to harvest information off individual laptops and desktops? How are you going to handle information off archives and file shares? You need to know where everything is and what you need to go grab that information. A lot of times it’s going to be a toolbox of technology that you’re going to have to use, but now because technology is catching up and becoming more sophisticated, a lot of times you can use a single technology for 80 percent of the evidence and use other methodologies for the other 20 percent. Unfortunately, there is no silver bullet right now.

Hall: Do merging companies typically use the technology of the larger company or do they go find something new?
Barsocchini: A smaller company may have really sophisticated technology and a larger company comes in and a lot of times will ignore it. They’ll go ahead and use their existing technology even though it’s inferior because the legal department is set in its ways and doesn’t want to try something new. I think there’s a technology phobia. … It’s kind of like the saying, “You don’t want to change horses in mid-stream.” But what if that horse can’t swim? …

There are legal risks [to poorly managing data] and there are sophisticated technologies out there. No. 1, companies need to have a proactive readiness plan. Look at the technologies out there and do a cost/benefit analysis and do not expect a lot of sympathy from the courts or regulatory administrators if they don’t have the right technology. From what I’ve seen, it’s pretty brutal out there.

Case Management Is Step Forward in BPM Evolution

ann.all@narrowcastgroup.com — Mon, 08 Mar 2010 16:10:14 GMT

Ann All spoke with Forrester research analysts Connie Moore and Craig Le Clair about an approach they call dynamic case management, which they feel is a next step in the evolution of business process management. Unlike previous iterations of BPM, which have focused on static processes, case management will incorporate a blend of human-driven and system-driven controls to better address tacit interactions.

All: I believe you'd said many business process professionals know what case management is, but many other folks don’t. Can you define it for me?
Moore: Case management is, I think, not a term even most business process professionals know. It’s known in certain industries. It’s known more among practitioners that tend to be focused more on document-intensive processes. A lot of business process professionals are pretty agnostic or unaware of the unstructured information around paper, so they tend not to use that term and they tend not to think that way. We think it’s a crummy, rotten term. It explains literally what we’re talking about. But I think people get it confused with legal or with social work.

“One of the distinctions with dynamic case management is a blended set of controls, human driven and system driven.”

Craig Le Clair: Forrester Research

All: Do you have a working term you use instead?
Moore: We came up with the term “dynamic case management,” because case management of the past was much more static. In the future, it’ll be more subject to change. That doesn’t mean the processes will change; it means the technology will change. You needed more flexibility and change in the old case management solutions, but [the vendors] didn’t have it. They did automation to help you. Now they are much more flexible because software is built on more flexible architecture, we have SOA, we have business rules as part of business process management, we’ve got social media. It allows much more flexibility for porting unstructured information of all forms, whether it’s a telephone message or a document.

The Workflow Management Coalition uses the term adaptive case management. Dynamic and adaptive are similar terms. We have some research that’s about three years old on dynamic business applications, and we predicted a lot of what is coming to fruition today. We’ve toyed with the idea of dynamic business platforms to describe these technologies.

All: So where most business process management solutions have focused on structured processes, we're beginning to see movement toward addressing tacit interactions?
Le Clair: If you think of the way process management and the technology to support it has been developed, it’s been around very production-oriented flows. The idea was to get the tacit and the human elements almost out of the process. Every exception was scripted, and you don’t really want people to think. But the number of jobs that are left today are requiring more diversity of skills. One of the distinctions with dynamic case management is a blended set of controls, human driven and system driven. The previous world of process management and automation was focused on controlling system-driven automation and really ignored the tacit and more human elements you talk about.

I think the biggest trend pushing this is, we’ve chipped away at the mundane and repetitive work by either offshoring it or automating it. If you look at the unemployment numbers, after each recession the number of jobs that have returned have decreased. We’re in a jobless recovery stage. Case really deals with the training issue, by providing information that’s based on the context of where you are in the process at the time you need it, to the right role. It’s really allowing workers to become smart, reflecting the overall maturity of processes.

Previous Page Next Page

The Rise of the Machine-to-Machine Sector

cweinsch@optonline.net — Mon, 08 Mar 2010 13:05:20 GMT

Carl Weinschenk spoke with Steve Pazol, the president of nPhase. At the World Mobile Conference last month, nPhase, Verizon Wireless and Vodafone announced a strategic alliance aimed at simplifying remote management of devices on M2M networks in Europe and the United States. Machine-to-machine communications holds tremendous promise for wireless carriers who are nearing saturation in the voice market. Pazol says the areas with the most potential are utilities/smart grid, connected consumer devices and telematics. The bottom line, however, is that M2M is different from the world of voice, and and both carriers and enterprises have to prepare for its unique and exacting demands.

Weinschenk: Where is machine-to-machine right now?
Pazol: The machine-to-machine market segment has been around for eight or nine years. Companies started using cellular technology to connect to different assets. One of the best-known names is OnStar. They have been doing it perhaps closer to 12 years. Large-scale commercial deployments have been relatively limited and the market quite fragmented. The big players are starting to get involved in the last couple of years, such as Qualcomm and industrial companies like Honeywell and others. Very recently, the most activity has been with wireless operators.

“What fundamentally needs to happen is we need to give application developers the tools to write applications where they don’t have to be an expert in wireless networks. That’s what we do.”

Steve Pazol: President, nPhase

Weinschenk: What is driving the wireless companies?
Pazol: A challenge the operators have is that revenues are flattening. The cost-per-megabit [they can charge] is shrinking and the amount of usage is growing dramatically. They still have to spend real dollars to keep their infrastructure up and running. They have to put up more towers, buy more spectrum and deploy more antennas. There is real cost associated with that... The fundamental reason [for M2M growth] is that their growth is starting to flatten out. Voice revenues, if not declining, are at least flat. The cell phone market is saturated as far as people are concerned.

Weinschenk: So move from people to things.
Pazol: There are a lot more things out there than people. There are thinks like OnStar, pieces of construction equipment [to track], smart meters and medical or consumer devices such as Kindle, picture frames and gaming devices. The carriers have started to focus on this new market, “the Internet of things.”

Weinschenk: How promising is it?
Pazol: When you talk about penetration into customer base, you are talking about 300 percent penetration, 500 percent penetration. One person could have kind of a family plan for things. It’s because the market conditions are approaching saturation, so carriers are looking for adjacent markets and more greenfield opportunities so that they can grow.

Weinschenk: What is nPhase doing?
Pazol: We have a three-way deal with Verizon Wireless and Vodafone. The whole idea is to make it simple for companies who want global end-to-end solutions. One contract, one certification and one platform -- which is us. It’s local economics. You are not roaming all over the place. Vodafone is the largest carrier globally, Verizon Wireless is the largest in the U.S. It’s starting to hit the mainstream. With operators focusing from the sales and marketing perspectives, it’s going to grow the pie enormously. My job is to make it easier to plug in.

Weinschenk: Is it true that M2M generally uses less bandwidth?
Pazol: Not necessarily. When people talk on the phone, they are not consuming a huge amount of bandwidth. Systems are very efficient at moving voice. When they are doing data, which M2M is, depending on application and the vertical, you have widely differing use profiles. For example, smart meters may send a little bit of data once a week, which is no incremental load on the network at all. But a medical device or digital signage -- where streaming video is going on – is consuming more bandwidth. [The problem is] developers are … not necessarily writing well-behaved network applications.

Previous Page Next Page

Best Practices for Creating Disaster Recovery Plans for Your SMB

paulmah@gmail.com — Fri, 05 Mar 2010 16:41:53 GMT

Paul Mah wanted to explore best practices that will help SMBs to create their own disaster recovery (DR) plans. What better way than to have the difficult questions answered by an expert in high availability and disaster recovery? Mah posed these questions to Michael Bilancieri, who is the senior director of Products at Marathon Technologies Corporation.

Mah: What are the best criteria for determining an optimal disaster recovery plan?
Bilancieri: First, you have to identify what it is you need to accomplish. This includes defining the recovery time objectives (RTO), which is the amount of time applications can be unavailable and recovery point objectives (RPO), which is the amount of data that can be lost when a recovery is required.

Keep in mind that these values will likely vary for each of your different applications. Implementing incorrect or incomplete solutions will result in wasted time and resources. Check with your users and clients to determine their requirements and any service level agreements that must be met.

“Without support from the senior management team, any DR plan will be hard to get off the ground. The key takeaway here is to translate the technical language into business terms.”

Michael Bilancieri: Marathon Technologies Corporation

Mah: Once you determine exactly what your needs, how do you select a plan?
Bilancieri: DO YOUR HOMEWORK! Seriously, there are so many different products that claim to be “DR” solutions, all approaching the problem from different angles, it can be very confusing to determine what actually does the job you are looking for it to perform.

As you research different products to implement as part of your DR plan, be sure to ask specifically what their product does (copies just the data, takes data snapshots, captures complete images of the full system, etc.) and don’t be afraid to ask probing questions.

Many vendors make the same claims using the same terms but actually deliver very different results. If you are going to test these solutions in-house, which is recommended, try to do the test under similar conditions as your production environment, with similar system and application loads. Oftentimes, something works well in a test environment [where there is] no real processing happening, [but] fails to function adequately once deployed in the live production environment.

Mah: What would a DR plan look like for a company that may face natural disasters such as hurricanes and flooding?
Bilancieri: Since hurricanes and floods can cause severe damage that can result in long-term outages, it would be wise to implement a solution that protects your systems between locations that could not be affected by the same disaster. Ensure that the backup, or DR, site is planned for a location that can be readily accessible by your users and clients should the primary location be destroyed or otherwise inaccessible.

Marathon has a customer based in Georgia, The Sullivan Group, which implemented a disaster recovery plan just for this reason. The team decided to virtualize its data center with Citrix XenServer and implement Marathon's everRun VM solution to provide redundant virtual machines and synchronized mirroring of the entire system including network, applications and data. The Sullivan Group has a small IT staff but needs to be continuously available for their clients, so they needed a solution that was fully automated and offered simply implementation.

Their first step was to identify what their customers’ needs were - and they decided that they needed continuous protection. Second, the team determined exactly what they could afford, and the ROI they would see from implementing DR software. They already knew that they would constantly face the threat of storms, and that they needed their data to be backed up in a remote location. Finally, they determined exactly what solution their IT staff could support and decided exactly which business applications needed to be fully available.

Mah: Any tips to help SMBs with constrained budgets get management’s approval to implement a DR program?
Bilancieri: This may be the most important part of the process. Without support from the senior management team, any DR plan will be hard to get off the ground. The key takeaway here is to translate the technical language into business terms.

Since DR is not primarily about the technology (it is about the business value), it is important to clearly express what downtime means in terms of revenue loss. By creating a chart, organized by each application, it is easy to clearly articulate how much revenue is lost across each application for a certain amount of time.

Mah: Is there anything else you would like to add pertaining to DR planning best practices?
Bilancieri: I want to reiterate how important DR planning is becoming for SMBs. While the primary DR focus in the past has been on the enterprise, it is becoming affordable and even mandatory in some cases for SMBs to have a plan in place. Revenue loss is just as real for small businesses, and in a world where people expect 24/7 connectivity, it is more important than ever to meet our customers’ needs and keep their applications up and running.

Michael Bilancieri is the Senior Director of Products at Marathon Technologies Corporation, the leading provider of automated, fault-tolerant, high availability solutions for virtual and physical environments. Michael has over 10 years’ experience in high availability and disaster recovery software engineering, presales engineering, professional services, product management and product marketing. You can visit Marathon’s Web site at www.marathontechnologies.com or contact Michael at mbilancieri@marathontechnologies.com.

InfiniBand for the Average Enterprise

acole602@msn.com — Fri, 05 Mar 2010 15:48:38 GMT

Arthur Cole spoke with Sujal Das, senior director of product management, Mellanox Technologies. The network fabric of choice for most enterprises heading into virtual and cloud environments is 10 GbE. But InfiniBand backers say they have a compelling performance and price advantage that allows for even greater consolidation ratios and overall application performance. Mellanox's Das lays out the protocol's strengths as the converged network backbone.

Cole: Mellanox recently added drivers for VMware platforms like vSphere to the ConnectX and InfiniHost systems. In what ways do InfiniBand and virtualization complement each other?

Das: Virtual-IQ technology available on Mellanox InfiniBand adapters allows emulation of multiple GigE NICs and FC HBAs in the VMware virtual infrastructure, making I/O convergence seamless and compatible with today’s deployments where multiple GigE NICs and FC HBAs are used to handle different VM traffic types. 10GigE NICs do not provide that capability today and require support for new technologies like SR-IOV and therefore significant infrastructure upgrades.

Cole: Is this a solution primarily for HPC and top-tier enterprise users? Or do you see more Ethernet-based organizations looking to add InfiniBand backbones as data loads increase?

Das: The solution is for enterprise users. Ethernet and FC user experience on VMware servers is maintained and connectivity to Ethernet LAN, iSCSI SAN and FC SAN is maintained seamlessly, with InfiniBand acting as an internal, invisible -- from the management perspective -- backbone, and yet providing the I/O convergence and high-bandwidth benefits.

Cole: Many organizations are finding that server consolidation through virtualization can only go so far, not because the server can't handle it, but because the network can't support the required bandwidth. What sort of consolidation ratios are you seeing with InfiniBand networks?

Das: VMware servers with up to 16 VMs can be sustained with six GigE NICs and four 4 Gbps FC HBAs. We are seeing such configurations being replaced by two InfiniBand adapters, saving on I/O ports and cabling complexity. With more VMs per server, this situation will exacerbate, requiring VM-to-adapter direct pass-through architectures enabled by technologies such as SR-IOV. SR-IOV with InfiniBand can allow native Linux and HPC-like bandwidth and latency benefits to VMs -- 40 Gbps bandwidth and less than 1 usec app-to-app latency. SR-IOV requires support by virtualization vendors like VMware and server vendors, and this ecosystem is just starting to develop with Xen and KVM vendors showing more aggressiveness than VMware.

Cloud Security Alliance: All About Addressing the Issues

Lora.Bentley@narrowcastgroup.com — Thu, 04 Mar 2010 18:36:24 GMT

Lora Bentley spoke with Matthew Gardiner, product marketing director for CA Security Management, about the company's decision to join the Cloud Security Alliance. (For more on cloud security, see Mike Vizard's post over at CTO Edge.)

Bentley: How long has the Cloud Security Alliance been around?
Gardiner: The Cloud Security Alliance is about six months old, and as the name implies, it's focused on the cloud, but specifically on the security issues and education and standards and best practices that are needed.

“... there are a lot of rational and irrational fears associated with the cloud ...”

Matthew Gardiner: CA Security Management

Bentley: Who are its target members then?
Gardiner: It's a consortium; it's not a standards group, so it's trying to draw in the organizations that have a part to play. So it's security vendors and those who use the cloud as well as those who are hosting the cloud service. It's a place where we can kind of get together and address the issues.

Bentley: And CA joined because it's a major security vendor?
Gardiner: We're very focused on the identity and access management portion of security, which is an area of the cloud that I would say is somewhat underserved and misunderstood. So we hope to both understand more by joining these kinds of groups and taking part, and to contribute our expertise as far as identity and access management to the group.

Bentley: We've read before that cloud computing creates serious compliance issues. How do you respond to that?
Gardiner: Well, there are a lot of rational and irrational fears associated with the cloud, and there's some uncertainty and unknowns that are real, so that drives some of the response that you're seeing.

Specifically to compliance, however, it is quite clear that enterprises are responsible for compliance when handling the data for the services that they own; whether they outsourced the work to someone else or not is not the regulators' concern. So there's the reality that you're responsible either way, and even if the regulator allows you to outsource the work, they're still going to hold you responsible.