Sunday, June 21, 2009

EDS's David Gee on Spectrum of Cloud and Outsourcing Options Unfolding Before IT Architects

Transcript of a BriefingsDirect podcast recorded at the Hewlett-Packard Software Universe 2009 Conference in Las Vegas the week of June 15, 2009.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Sponsor: Hewlett-Packard.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you on location from the Hewlett-Packard Software Universe 2009 Conference in Las Vegas. We’re here in the week of June 15, 2009 to explore the major enterprise software and solutions trends and innovations that are making news across the global HP ecology of customers, partners and developers.

I'm Dana Gardner, principal analyst at Interarbor Solutions, and I'll be your host throughout this special series of HP Sponsored Software Universe live discussions.

Please welcome now David Gee, vice president of marketing at EDS, an HP company. Welcome back to BriefingsDirect, David.

David Gee: It’s great to be here. Thanks for having us.

Gardner: I'd like to hear what you’re gathering from the many, I suppose you could call them, hardcore IT folks here at Software Universe. With a recession, this isn’t necessarily a fringe IT crowd. This is a core crowd. From EDS’s perspective, sourcing decisions and visions about cloud computing are dancing in folks’ heads. What are you hearing from the crowd?

Gee: In general, we’re different things. One is absolute recognition of the challenging economic headwind and the impact that’s having on overall IT spend. With that as the backdrop, the decision points come down to a couple of things.

One is how you free up more of your IT spend and spend less on maintenance to drive a transformation or innovation. One of the fastest ways to do that is to flip the knob between capital expenditure and operating expenditure and to look at a third party or an outsourcer for some help and guidance. Maybe they can take off your hands some of the less core activities or, in some cases, core activities, so that they can free up cash flow and drive an innovation agenda. We're still in a harsh economic climate, and that’s proved to be a pretty compelling message, particularly this flip between capital expenditure and operating expenditure.

Gardner: Do you think that, at this point in this cycle, we're looking at IT through a strictly financial lens? Are people not necessarily seeing the forest or are they more involved with the trees at this point?

Gee: There are a couple of interesting sound bytes that you hear. "Flat" is the new "up," in terms of what the opportunities are. We're also seeing a recognition that 6 months is the new 12. How do you get to a faster return on investment (ROI)? Don’t show up with a project that has a 12-, 24-, or 36-month timeframe. What is non-core that maybe an outsourcer can help you do?

For example, one of the things we hear people at Software Universe talking about is performance and quality testing, and do you need all the resources in-house to be able to do that?

Or, if you have peak load, why don’t you use a third party to help you do performance, quality, and security testing and, from a software standpoint, maybe even do that in the cloud. You can either use a third party or have it delivered as a service to you inside of your infrastructure.

Gardner: Maybe we should do a little descriptive analysis in terms of terms. We hear, of course, about outsourcing. It’s been around for many years. Now, we’re hearing a lot more about cloud. Maybe the means to accommodating a cloud in terms of provisioning and the underlying infrastructure and what you might get from a outsourcer might be different, but aren’t they essentially the same thing?

Understanding cloud

Gee: Cloud means a lot of things to different people. Right now, the objective, particularly for large enterprises, is to experiment to understand what the implications are.

Architecturally, it’s very different, particularly as enterprises want to offer services to their end customers. Equally, how does an enterprise deal with or adopt private cloud infrastructure to be able to offer Web services in an architecturally sound, distributed, and scalable way?

First, we can help in a number of different ways from a consulting standpoint, in terms of how to architect around those things. Second, we can build them for our clients and we do that already today in terms of private cloud infrastructure. And, third is to provide maybe just core infrastructure to third parties, and they then build their clouds to offer to the marketplace overall.

There is a spectrum of different things. The inhibitors to cloud are still pretty significant, as they get more and more core to a business process. Email is a pretty good example. There's a lot of new talk in the industry around using third parties as cloud providers for email.

If it’s a mission-critical application and there are regulatory requirements, intellectual property requirements and it’s a core mission critical app,

My experience thus far has been that clients are looking for leadership, some direction, and flexibility.


do you want -- and does it make sense -- to have a third party host that for you as a cloud application? Or, do you go to somebody like EDS, which manages hundreds of thousands of instances of Exchange, for example, on behalf of their clients?

There’s pretty good delineation in my mind that the more core an application is to the functioning of a business today, particularly where the data lives, is a hinge factor on the decision to adopt a cloud service.

Gardner: That probably means that a lot of thinking about cloud makes your job in marketing EDS little easier. Folks are now thinking about the options in that spectrum in front of them, but they might then fall back to wanting to be mission critical and enterprise caliber.

Gee: Yes, and this comes through a sourcing discussion. We have the flexibility and the domain expertise, where we deliver multiple services to multiple clients and multiple business processes to multiple clients in the public sector and financial services and the telecommunication space across the board.

My experience thus far has been that clients are looking for leadership, some direction, and flexibility. Certain things I absolutely want to control and retain within my own firewall. Certain things I'm going to want EDS to help me manage, host, drive down operational cost, and provide some level of innovation -- and to deliver those services as effectively private cloud services to my client base and ultimately to their customers as well.

Gardner: That sort of raises the question in my mind: is EDS a cloud provider?

Creating the model

Gee: No question. In my mind we’re a cloud provider. EDS created the outsourcing industry over 40 years ago. Think about everything that we do today in delivering services to our client base. If you then extend that, those services are effectively cloud-based services, depending on what your definition is. In my mind, we’re absolutely a cloud company.

We’re at the forefront of delivering that in multiple countries, across multiple industries and in some cases, highly mission-critical services for airlines and financial institutions. Do they have a consumer orientation to them? Probably not. In fact, you may not even realize that we're doing that behind the scenes for some of the most well-known brands on the planet.

Gardner: Given that we’re looking at this spectrum of possibilities, there are boundaries that are being crossed in ways that we probably wouldn’t have thought of too long ago. For some of the more conservative thinkers in IT departments, managing those boundaries, which is, I suppose, what you call governance, becomes paramount. EDS has, as you point out, cloud resources, values, and services and HP has governance. Tell me a little bit about how they come together to form something interesting.

Gee: We can actually do a number of different things collectively, now that EDS is part of HP. First and foremost, from an IT leadership standpoint, how do you prioritize what you’re going to do in a harsh economic climate? This would include project and portfolio management (PPM) and matching demand and supply, where demand is always going to be greater than supply of IT resources in this marketplace.

That can be a services led discussion. It could be a software led discussion. And, that capability can also be delivered as software as a service (SaaS) effectively in the cloud. The engagement model is around what you would want sourced in-house. Now, we have this enormous expanded capability to be able to deliver multiple different services in the workspace from a networking and an end-user management standpoint. As I said, service offerings are either number one or number two in every market. So, it’s a pretty interesting place to be right now.

Gardner: Of course, for the foreseeable future, many IT decisions will be viewed through the lens or in the context of the economic conditions and climate. When it comes to factoring a cost-benefit analysis between what you may traditionally have been doing on premises involved low utilization, quite a bit of labor, and manual processes to support those instances of applications and data.

If you wanted to compare that to this new spectrum of options -- outsourcing, cloud, SaaS -- you need to have a pretty good handle on what your true costs are internally. How does that bear on bringing about a rational and therefore lower risk decision process?

Gee: The first data point is about making rational decisions, actually understanding your IT costs. It’s not about the spreadsheet where

We can help you assess what those are upfront to help make an informed decision as to what services makes sense to be outsourced and what other services makes sense to remain inside of your own organization.

you’re putting out the IT budget. It’s "What is the cost of service delivery?" In fact, one of things I’m sure, your listeners have been hearing about this week from an announcement standpoint has been around this concept of IT financial management -- the matching of asset management inside of your organization to service delivery, so you understand the true cost and the profit and loss (P&L) of service delivery.

Once you get underneath that, how much can you automate? You want to do a labor-to-technology arbitrage in some cases. What processes can you automate? Do you want to do those yourself or would you want to go to the world leader in automation of certain IT processes and have them handled by EDS in this instance?

That's kind of a two-step process. We also have a lot of process and domain expertise about understanding the costs of IT delivery. We can help you assess what those are upfront to help make an informed decision as to what services makes sense to be outsourced and what other services makes sense to remain inside of your own organization.

Gardner: This decision process, I believe, will go over several years, perhaps 5 to 10 years, across various industries and requires a professional service approach. There are a lot of partners that you work with traditionally. You have your own internal professional services. How would you characterize the role of a professional services and methodological approach to this decision around the granular services decision?

Ecosystem of partners

Gee: There is a pretty rich ecosystem of partners. If you look at the overall outsourcing marketplace, once you take out the five or six largest players, 70 percent of the market is serviced by "other."

If you think about what the opportunities are for third parties who are working with their client base and their customer base to develop options, the main driver today is around cost reduction, or freeing up dollars for innovation. We have a strong relationship with a number of those partners. It can be global, but also region-by-region and, in many cases, country-by-country, where these make the most sense to go do.

There’s a world of opportunity out there. What we're seeing now, as a part of HP, is a pipeline or a funnel, an access to HP’s installed base. There was a limited overlap between EDS’s customer base and HP’s large customer base. We see that as opportunity for growth and we’ll expand our footprint. We’ll also expand our footprint built on the best intellectual property that’s out there in the market.

My hope would be that this would be built on many things that HP does today, but we’re also helping HP build better products as we scale certain things

Are you going to build an innovative set of capabilities that’s actually going to help your business grow and be aligned with a business objective? At the end of the day, that’s really the value add.

out and have mission critical examples of what’s going on. We'll help improve features and functionality, not just in the software part of our business, but in the hardware and the support services that align with us as well. So, it’s a very healthy connection point.

Gardner: Going back to the decision process for enterprises, where do you start? Do you have a sense of an application, a data set, a particular use case, or a business case? What would be the right low-hanging fruit for stepping into this cloud process?

Gee: There are a couple of different angles to that. One is, how do you deal with the peak load, when you simply don’t have the infrastructure in place or you don’t want to put the infrastructure in place?

QA testing is a pretty good low-hanging fruit, to use your terminology. New applications are coming online, and you’re doing a migration from one version of a large application to the next version of a large application, and the skills and resources aren’t in-house. You can go to a service provider like EDS, for example, to do that or you can have some of that capability delivered to you as SaaS. The two very interlinked.

Another one is to pick key business processes. Service management is another good example. Do I want to have that helpdesk capability and fault resolution in-house or do I go to a third party in the cloud that is dedicated in providing a high quality service at potentially a significantly lower cost with more value to the business?

Again, those dollars get freed up, and what are you going to do with them? Are you going to build an innovative set of capabilities that’s actually going to help your business grow and be aligned with a business objective? At the end of the day, that’s really the value add.

The bottom line

Gardner: Let’s go to a bottom-line question. With the renewed interest, or the building interest, in cloud and what I think would be renewed interest in outsourcing, can we safely say that in two, three, or five years the total cost of IT in large organizations will decrease significantly as a percent of revenue?

Gee: You’re already seeing that. I don’t think there’s any mystery that IT, as a percentage of revenue, will stagnate, as businesses grow. Actually, in dollar terms it might rise a little bit, but as a percentage of revenue, it’ll probably remain flat. If you look at the most recent quarter across the IT industry generically, what you’re seeing is that the PC and server markets have shrunk.

There's no question about it. They've shrunk in dollar terms, year-over-year. The services marketplace is flat or growing at a low single digit, and you’re seeing a shift of dollars or contraction of dollars on the hardware side.

What that will do is create a pent-up demand for a refresh cycle. Historically, that might have been three years, but it’ll go to four or five. It’s going to come, and then the question is do I refresh that infrastructure in-house or do I go with a cloud provider or a outsourcer, for want of a better word, to take that infrastructure on, do the refresh for me, and produce a set of services and a service level that I wouldn’t have been able to do internally.

There's going to be this transformation over the next two to three years and it’s being driven by a contraction in overall spend, but that’s going to have to be made up from a refresh standpoint. Your crystal ball is probably as good as mine, whether that’s a year out or two years out, but it will have to have happen that, at some point, your PC and your service are going to have be refreshed.

Gardner: Well, it certainly seems that there’s a significant amount of important decisions that will be coming to the IT decision makers, and I look forward to tracking that along with you. I want to thank our guest. We’ve been joined by David Gee, vice president of marketing at EDS, an HP company. Thanks so much.

Gee: Dana it was a pleasure to talk to you. Thanks so much.

Gardner: Thanks for joining us for this special BriefingsDirect podcast, coming to you on location from the Hewlett-Packard Software Universe 2009 Conference in Las Vegas.

I'm Dana Gardner, principal analyst at Interarbor Solutions, your host for this series of HP sponsored Software Universe Live Discussions. Thanks for listening, and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Sponsor: Hewlett-Packard.

Transcript of a BriefingsDirect podcast recorded at the Hewlett-Packard Software Universe 2009 Conference in Las Vegas the week of June 15, 2009. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

HP Software Marketing Head Anton Knolmar Delves into Creating New IT Economies of Performance

Transcript of a BriefingsDirect podcast recorded at the Hewlett-Packard Software Universe 2009 Conference in Las Vegas the week of June 15, 2009.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Sponsor: HP.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you on location from the Hewlett-Packard Software Universe 2009 Conference in Las Vegas. We’re here in the week of June 15, 2009 to explore the major enterprise software and solutions trends and innovations that are making news across the global HP ecology of customers, partners and developers.

I'm Dana Gardner, principal analyst at Interarbor Solutions, and I'll be your host throughout this special series of HP Sponsored Software Universe live discussions.

Now, please join me for our latest discussion. We’re now joined by Anton Knolmar, vice president of marketing for HP Software and Solutions. Welcome to the show, Anton.

Anton Knolmar: Hi, Dana. Welcome.

Gardner: We’ve heard a lot here at Software Universe about IT departments and their overall businesses having to do more with less and doing additional productivity, but spending less money to do so. It sounds simple, but it's very complex. How do companies, particularly IT departments within companies approach that problem?

Knolmar: It’s the right question at the moment because, as you said, IT budgets are not going up at the moment. They have to invest their money in what they have at the moment. They have to prioritize the projects that they have.

We have the right solution, the portfolio around this, at the moment. They can get a good insight into what’s happening in their current environment and what they’re doing in terms of development, application modernization, and claims around the operational environment.

We provide them with all the data that they would need to make these decisions and to make the decisions about what’s right to take forward and what has the best business impact and business outcome for the projects they want to try to bring forward within their company.

Gardner: And what specifically are we hearing from attendees? What’s top of mind for these folks at this point in time?

Knolmar: We've just come out of an executive track. We had about 70 people gathered for the discussion. What is at the top of their minds is all about linking IT with the business. This is a story that we've been telling now for more than 10 or 15 years, and the storyline is not over.

They’re still trying to bridge the gap and talk business language, instead of IT language. One the other hand, they're trying as well to look at the emerging trends.

. . . a lot of these activities that were going on in the past -- utility computing, adaptive enterprise, eServices -- failed because they couldn’t be managed . . .

What the heck does this cloud means for them? How can you do cloud computing here? Does this bring added value to them? What’s the business outcome they can drive out of those activities?

That’s definitely on their radar screen, as we’re moving then a little bit away from the maintenance mode and investing into more innovative approach for the CFO to perceive the future and the next fiscal year, 2010.

Gardner: Another element of complexity is entering for folks as they plan for the future. You mentioned cloud computing. I suppose we could even simplify that in terms of multiple source options or more options for sourcing.

We’re dealing with software decisions, services decisions, "everything-as-a-service." We’re seeing solutions approaches and now we’ve got sourcing. So, basically, we have four S's. It’s a third dimension or a fourth dimension. Do you have any suggestions for folks as to how to begin to approach that sourcing issue in particular?

An important piece

Knolmar: For us, an important piece around sourcing and the offering that we have around the cloud is two-fold. As you mentioned, there are different acronyms out there, everything as a service, platform as a service (PaaS). We're offering software as a service (SaaS) and we’ve been offering this for quite a long time.

What companies are facing at the moment is that a lot of these activities that were going on in the past -- utility computing, Adaptive Enterprise, eServices -- failed because they couldn’t be managed, but it was out there on the Web, on the Internet.

Our offerings around the cloud at the moment are governance tools along with the cloud. You can really manage the cloud. You can really secure the cloud. And, you can get the right performance out of the cloud. That’s our offering at the moment to our customers. They can take the first step, getting this one right, and move into the cloud environment, instead of [just] looking at a different sourcing options.

These are very customized ways for a lot of customers if they want to move into private cloud, if they want to extend the private cloud, or they want to go to the public cloud. Whatever offering they take, we want to be equipped, on behalf of HP, to provide the flexibility in terms of sourcing to our customers, so that they have the choice. They have to believe that we are the right path to work with.

Gardner: Of course, as folks move into new decisions or outsourcing, to move into anything of that magnitude too soon involves risks. What is HP bringing to the table in order to reduce the risks, allow people to exploit these new efficiencies, but remain true to their mission-critical nature at the same time?

Knolmar: That’s exactly the point. You have to make the steps. Are those steps business-critical to where the customers are moving at the moment?

Our approach at this time is that we enable them to have the appropriate developing and testing tools in terms of quality, performance, and security.

Is this meeting the business needs and demands of their lines of business in their companies? It comes back to what we talked about briefly before, as well about prioritization. Does this have a business impact? What’s the revenue impact of driving a new approach forward?

Mitigation of risk will never go away. At the moment, everyone is talking about reduction of costs, but there is always a risk factor attached to it. Hopefully, the outcome will be that a lot of companies can talk about their revenue growth again, moving from 2009 into 2010.

We are ready to drive those three angles. How we can help customers drive revenue growth? How we can help them mitigate the risk? And, on the other side, how can we help them get their costs under control? These are the three angles will be on the table for quite some time, as well for next year. We are ready to have these conversations with our customers.

Gardner: Infrastructure as a service (IaaS) is really in its infancy. Companies are, in many cases, just becoming acquainted with some of these concepts. But, developers, in particular, have become quite enamored of cloud, using tools and PaaS, but that’s only one part of a lifecycle approach to applications, moving through test and quality assurance, and into full production. Do you have any insights as to where HP would fit into this notion and appeal for developers?

Finding appropriate tools

Knolmar: The developer community, as you said, has different concerns in terms of developing the applications and developing things for the cloud as well. Our approach at this time is that we enable them to have the appropriate developing and testing tools in terms of quality, performance, and security. These are essentially for those people who have to develop applications well for the cloud. Those are blocked in immediately, are ready to go out there, and can be managed across the lifecycle.

Gardner: In many cases, the expectation, at least among many fellow analysts and me, is that an initial major application for clouds will be for business intelligence (BI) and data mining. This is because of the size of the data sources and the need for availing massive performance capabilities, but perhaps not all at the same time. There is a need for elasticity, when you address data mining and business intelligence issues. This perhaps explains the need for a private cloud. What is your perspective from HP and what it can bring to the table for BI as a killer app for cloud computing?

Knolmar: BI, as you said, deals with the information explosion, what is going on at the moment. There was a little video during the opening at the main stage. BI, information overflow, and how to manage information are essential pieces. Getting the right information at the right place and making the appropriate decisions are still on top of the agenda for lot of our customers at the moment. It’s been the number one issue for quite some time, and I think it will be the number one issue for quite some time.

We have an offering in these four lines of business in HP Software & Solutions. One is, you gather around the BI piece.

Talking with customers, there's huge interest about how can we accelerate, how can we move faster, what are the different options, and how can be very cost effective at the end of the day.

What we are investigating at the moment is really about how can we bring those offerings as more of a direct offering to our customers in terms of purchasing and licensing? How can you bring those offering into kind of a cloud offering?

But, that still needs some further negotiations inside the company, as well, about development products. But that’s definitely an interesting angle. Talking with customers, there's huge interest about how can we accelerate, how can we move faster, what are the different options, and how can be very cost effective at the end of the day.

Gardner: Another big area of interest for clouds is the need to mitigate risk, as we pointed out earlier, but also to gain some sense of neutrality and openness, so that if one were to move assets from their IT department into a third party cloud, would they have portability? Would they be able to move it around or would they be in some new abstraction of lock in? They’re looking, I think, for certification and trust and some guarantee of flexibility. What role can HP play? Is there a need for a Swiss neutral approach in the cloud ecology?

Knolmar: That's interesting. I was driving through Switzerland, and they still keep the neutrality, so it’s very difficult to get across the border. That’s not the approach we want to take on behalf of HP. HP was always a very open company in terms of approaching new standards, getting new standards in house, and giving the customers the flexibility to give them the best choice about how they want to move forward here with a way.

So, I assume that we’ll be very open in terms of not being a closed environment. What we’re going to offer to all customers is keeping them alive and giving them the choices they want, as we are moving forward in the cloud environment.

Gardner: We’ve also seen trend-wise in the industry an interest in appliances and of optimizing hardware and software together. Not all companies have both hardware and software. For those that do, like HP, do you have any insight into whether an appliance model makes sense for a private cloud delivery mechanism?

Struggling with the cloud

Knolmar: I think it is going a little too detailed. People are still struggling to understand what the cloud can offer to them. Is it hardware? Is it software? Is it a combination appliance? What we are offering and what we want to offer more the moment is a kind of awareness workshop around the cloud, which means getting customers understanding what the cloud is, what it can provide to them, and what it's offering. Then, it will be a very customized approach from a customer-to-customer perspective.

Potentially, it’s a combination, getting into the appliance pieces, but also potentially only a SaaS model for customers for the foreseeable future. It comes back to a customer perspective, but we haven't drilled down into the appliances piece at the moment.

Gardner: All right. And the issue of governance is also important for cloud not spinning out of control, as some folks have experienced with virtualization, and not wanting to lose control vis-à-vis cloud deployments.

For the governance piece, many of us analysts have also recognized that having a background in services-oriented architecture (SOA) and moving towards service enablement on premises,

That’s where we're investing at the moment with our portfolio, helping and providing the customers in terms of cloud governance.

even well before a cloud engagement of any kind, makes good sense as a preparatory step. Is cloud another good reason to embark on SOA methodologies?

Knolmar: You mentioned a couple of different buzzwords. IT governance or governance is an important piece for companies at the moment. It will be even more important moving forward here, because you touch on cloud governance, it's an essential piece. Otherwise, these things will not survive in the market here. That’s where we're investing at the moment with our portfolio, helping and providing the customers in terms of cloud governance. Cloud Assure is one piece of it, helping them to get this going.

Underlying architectures, like moving SOA forward, has moved a little bit away from the top 10 priorities, as Gartner is saying. SOA has moved a little bit down the list at the moment here. It's not essential. It’s not important any longer on the list of the CIOs in terms of deploying a SOA.

It’s more about coming back to what we said before about what is the outcome and what I can get with my investments in these different architectures? Does it help me and enable me to try future investments? What are the new technologies or emerging business needs popping up here? Can I deploy them and can I implement them? Can I roll them out as well for the future?

Gardner: Well great. Thanks for taking time from a very busy conference. We’ve been talking with Anton Knolmar, vice president of marketing for HP Software & Solutions, thanks so much!

Knolmar: Thank you, Dana.

Thanks for joining us for this special BriefingsDirect podcast, coming to you on location from the Hewlett-Packard Software Universe 2009 Conference in Las Vegas.

I'm Dana Gardner, principal analyst at Interarbor Solutions, your host for this series of HP sponsored Software Universe Live Discussions. Thanks for listening, and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Sponsor: HP.

Transcript of a BriefingsDirect podcast recorded at the Hewlett-Packard Software Universe 2009 Conference in Las Vegas the week of June 15, 2009. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

Friday, June 19, 2009

Winning the Quality War: HP Customers Offer Case Studies on Managing Application Performance

Transcript of a BriefingsDirect podcast recorded at the Hewlett-Packard Software Universe 2009 Conference in Las Vegas the week of June 15, 2009.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Sponsor: Hewlett-Packard.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you on location from the Hewlett-Packard Software Universe 2009 Conference in Las Vegas. We’re here in the week of June 15, 2009 to explore the major enterprise software and solutions trends and innovations that are making news across the global HP ecology of customers, partners and developers.

I'm Dana Gardner, principal analyst at Interarbor Solutions, and I'll be your host throughout this special series of HP Sponsored Software Universe live discussions.

Now, please join me for our latest discussion, a series of user discussions on quality assurance issues. Our first HP customer case study comes from FICO. We are joined by Matt Dixon, senior manager of tools and processes, whose department undertook a service management improvement award for operational efficiency and integrity. Welcome to the show Matt.

Matt Dixon: Thanks, Dana. I’m glad to be here.

FICO's service-management approach

Gardner: Tell me a little bit about how you use the development of a service management portfolio approach to your remediation and changes that take place vis-à-vis your helpdesk. It sounds like an awful lot of changes for a large company?

Dixon: Yes. We did go through a lot of changes, but they were changes that we definitely needed to go through to be able to do more with less, which is important in this environment.

The IT service management (ITSM) project that we undertook allows us to centralize all of our incidents, changes, and configuration items (CIs) into a one centralized tool. Before, we had all these disparate tools that were out there and had to go to different tools and spreadsheets to find information about servers, network gear, or those types of things.

Now, we’ve consolidated it into one tool which helps our users and operations folks to be able to go to one spot, one source of truth, to be able to easily reassign incidents, migrate from an incident to a change, and see what’s going to be impacted through the configuration management database (CMDB).

Gardner: Perhaps you can help our listeners better understand what FICO does and then what sort of helpdesk and operational staff structure they have?

Dixon: FICO, formerly known as Fair Isaac, is a software analytics company. We help financial institutions make decisions and we’re primarily known for FICO scores. If you apply for a loan, half of the times you get a FICO score. We’re about 2,300 employees. Our IT staff is about 230. We’re a global company, and our helpdesk is located in India. It’s 24x7 and they are FICO employees -- so that’s important to know.

Gardner: Tell me about the problem set you’re trying to address directly with your IT service management approach?

Dixon: We had two primary objectives we were trying to meet with our ITSM project. The first was to replace our antiquated tool sets. As I said before, we had disparate tools that were

They're very important definitely in today’s economy, and through the completion of our project we've been able to consolidate tools to increase those efficiencies and to be able to do more with less.

all over the place and were not integrated. Some were developed internally, and the development team had left. So, we’re no longer able to keep up with the process maturity that we wanted to do, because the tools could not support the process improvements that we wanted.

In addition to that, we have a lot of sensitive data -- from all the different credit data that we have to medical data to insurance data. So, we go through a vast number of audits per year, both internal and external, and we identified some gaps with our ITSM's previous solution. We undertook this project to close those gaps, so we could meet those audit requirements.

Gardner: I suppose in today’s economy, making sure your operations are efficient, making sure that these changes don’t disrupt, and maintaining the applications in terms of performance are pretty important?

Dixon: They're very important definitely in today’s economy, and through the completion of our project we've been able to consolidate tools to increase those efficiencies and to be able to do more with less.

Gardner: As you transition from identifying your problems and knowing what you wanted, how did you come about a solution?

Request for proposal

Dixon: We sent a request for proposal (RFP) to four different companies to ask them how they would help us address the gaps that our previous tool sets had identified. Throughout that process, we kept a scorecard, and HP was chosen, primarily for three reasons.

Number one, we felt that the integration capabilities within HP, both currently and the future roadmaps, were better than the other solution sets. Number two, we thought that universal configuration management database (UCMDB), through its federation, offered a more complete solution than other CMDB solutions that were identified. The third one was our partnerships and existing relationships with HP, which we relied upon during the implementation of our ITSM solution.

Gardner: And so, were there several products that you actually put in place to accomplish your goals?

Dixon: We chose two primary products from HP. One was Service Manager where we log all of our changes and incidents, and then the second one was the UCMDB, and we integrated those two products, so that the CIs flow into Service Manager and that information flows out of Service Manager back into UCMDB.

Gardner: How long have you had this in place, and what sort of metrics or success and/or payback have you had?

Dixon: We started our implementation last summer, in July of 2008. We went live with Incident in August. We went live with Change Management in October. And, we went live in January with Configuration Management. It was kind of a phased rollout. We started last July, and the project wrapped up in January of 2009.

From the payback perspective, we’ve seen a variety of different paybacks. Number one, now we’ve been able to meet and surpass audit requirements.

Now, we can report on first-call resolution. We can report on a meantime to recover. We can report on all the important information the business is asking for.

That was our number one objective -- make sure that those audits go much faster, that we can gather the information quicker, and that we can meet and surpass audit requirements. We’ve been able to do that.

Number two, we’ve improved efficiencies and we’ve done that through templates, not having to double-enter data because of disparate tools. Now, we have one tool, and that information tracks within all the tools. You don’t have to double-enter data.

The third one is that we've improved visibility through notifications and reporting. Our previous toolset didn’t have a lot of reporting abilities and no notification options. Now, we can report on first-call resolution. We can report on a meantime to recover. We can report on all the important information the business is asking for.

The last one is that we have more enforcement or buy-in of our processes. Our number of changes logged, has gone up by 21 percent. It’s easier to log a change. We have different change processes and workflows that we’ve been able to develop. So, people buy into the process. We’ve seen a 21 percent increase in the number of changes logged from our previous toolset.

Gardner: You’ve got this information in one place, where you can analyze it and feel comfortable that all the changes are being managed, and nothing is falling off the side or in between the cracks. Is there something you can now do additionally with this data in this common, managed repository that you couldn’t do before? Or, were there adds or improvement in terms of moving to a variety of different systems or approaches?

Dixon: We have a lot of plans for the future, things that we’ve identified that we can do. Some of the immediate impacts we’ve seen are our major problem channels -- which CIs have the most incidents logged against them. We identify CIs in incidents. We identify CIs in changes. Now, we can run reports and say, "Which CIs are changing the most? Which CIs are breaking the most?" And, we can work on resolving those issues.

Then, we’ve continually improved the process. We have a mature tool with lot of integrations. We’ve been able to pull all this information together. So, we’re setting up roadmaps, both internally and in partnership with HP, to continually improve our process and tools.

Gardner: Well, great. We've been talking about a case study with a user FICO, and how they’ve implemented ITSM projects. Thanks, Matt.

Dixon: Thanks, Dana. I appreciate it.

Gevity opts for PPM solutions

Gardner: Our second customer use case discussion today comes from Gevity, part of TriNet. We’re here to discuss how portfolio and project management (PPM) solutions have helped them. We’re here with Vito Melfi. He is the vice president of IT operations. Welcome.

Vito Melfi: Thank you.

Gardner: Tell us a little bit about how PPM solutions became important for you?

Melfi: Well, in Gevity, we had, as most other companies do, a whole portfolio of applications and a lot of resources. The desire on Gevity’s part to become a very transparent IT organization was difficult to do, not knowing where your resources are, how you are using them, and how to re-prioritize applications within our company priorities.

The application of portfolio management became very critical, as well as strategic. Today, we have the ability to see across our resource base. We use the time-tracking system, and we can produce portfolio documents monthly. Our client base can see what’s out there as a priority, what’s in queue, and, if we have to change things, we can do so with great flexibility.

Gardner: Now, Gevity does a lot of application support for a number of companies in their HR function. So, applications are very important. Tell us more about how your company operates?

Melfi: We’re a professional employment organization (PEO). We deliver payroll services, benefits and workers’ comp services, and a host of other HR services. We’re essentially an HR service company for hire. We believe that we can provide these capabilities better as a service provider than most companies can provide trying to build this type of technology capability on their own.

Gardner: When you began looking into PPM, complexity of control probably was a number one concern for you?

Melfi: Absolutely. Complexity in an organization can be paramount if you don’t have good control over your resources and over your applications. At Gevity, we had a lot of people trying very hard to get control and get their arms around those things.

The technology that HP provides to PPM really is the enabler for us to figure out our whole portfolio requirement. The communication that comes back to our functional areas

Better internal customer service is always paramount to us. By being able to do more with less, obviously we can take our funding and look into different areas of investment.

and to our client base has been very well received. It's something that we’ve found to be very valuable to us. Then, with taking that through to the quality center and service center, the integration of the three has been just a big benefit to us.

Gardner: What would you say is the solution that this combination of products actually provides for you?

Melfi: The solution that we get out of our service center application is to be able to turn around the incidents that we have. We’ve been able to resolve first call incidents in a 70-80% first call close. This was our ratio with 10 people a couple of years ago, and it’s still our ratio with 7 people doing it. Our service level has maintained okay, and actually improved a bit, and our employee base has gone down. This is particularly important to us as we go forward with our parent company, TriNet, because now we’re going to be merging east- and west-coast operations.

Gardner: So, it’s greater visibility and greater control. How does that translate into returns on either investment in dollars and cents or in the way you can provide service and reliability to your users?

Melfi: It translates in a couple of ways. Better internal customer service is always paramount to us. By being able to do more with less, obviously we can take our funding and look into different areas of investment. Not having to invest in adding people to scale our services creates opportunity for us elsewhere in the organization.

Gardner: Okay. I wonder if there are any lessons that you might have for other folks who are looking at PPM? And, expanding on that, what would you do differently?

Melfi: We knew this, but it really comes to bear when you’re actually doing an implementation of your toolset, the key to success is having good processes. If you have those processes in place, the implementation of the toolset is a natural transition for you.

If you don’t have good processes in place, the tool itself will help, but you're going to have to take a step backwards and understand how these three things interact -- two, or three, or how many you’re implementing. So it’s not a silver bullet. It’s not going to come and automate everything for you. The key is to have a really a good grasp on what you do and how you do it and what your end game is, and then use the tools to your advantage.

Gardner: We’ve been talking about the use of PPM solutions with Vito Melfi. He is the vice president of IT operations at Gevity. Thanks.

Melfi: Thank you.

JetBlue revs up test cycle

Gardner: Our third customer today comes from an HP Software & Solutions Awards of Excellence winner, JetBlue Airways. We’re here with Sagi Varghese, manager of quality assurance at JetBlue. Welcome.

Sagi Varghese: Hi. How are you?

Gardner: Good. Tell us about the problems that you faced, as you tried to make your applications the best they could be?

Varghese: About two years ago, our team picked up the testing for our online booking site, which is hosted in-house. At that time, we had various issues with the stability of the site as well as the capability of the site. Being a value-add customer, we wanted to be able to offer our customer features beyond what came in a canned product offered by our business partner. We wanted to be able to offer additional services.

Over the last two years, we added a lot of features on top of our generic products -- integration with ancillary services like cars, hotels, and things that -- and we did those at a very fast pace. A lot of these enhancements had to be rolled out in a very short time frame.

Almost two years ago, all of the testing was manual and one of the first steps was to adopt a methodology, so that we could bring some structure and process around the testing techniques that we’re using. The next step was to partner with HP. We worked very closely with HP, not only on the functional aspects of the application, but also on the performance aspects of the application.

A typical end-to-end test cycle would take five to six people over several weeks to completely test a new solution or a new release of the application. We made a business case to automate the testing effort or the regression testing, as we call it, or the repeated testing, if you’d like, for want of the simple term. We made a business case to automate that using HP’s Quick Test Pro product and we were able to complete the automation in less than four weeks. That became the starting point.

It involved using a test automation framework that worked with the Quick Test Pro product, and our testing cycles reduced about 70 percent. As time progressed, and we added more features into our online Website, we also became more mature in the utilization of the tool and added more test scripts into our automated bucket, rather than manual. We went from 250 test cases to about 750 test cases that we run today, a lot of them overnight, in less than two days.

Gardner: At JetBlue, of course you’re in a very competitive field, the airline business. Therefore, all of your applications need to perform well. If your customers don’t get what they want in one or two clicks, you’re going to lose them. Tell me a little bit about the solution approach to making your applications better. Is it something that your testing did alone? What did you look for from a more holistic solutions perspective?

Varghese: One of the things that we were looking at was that customer experience. We were working with a product that was offered by a business partner or a vendor

Today, we are turning them around in less than two days, which means we can deliver more features to the market more often and realize the value.

and we were allowed customizations on top of that. We were largely dependent on the business partners, because they host our reservations site. So, we're kind of dependent on them for the performance of the application. We were able to work with them using HP’s LoadRunner product to optimize the performance of the site.

Gardner: You mentioned a few paybacks in putting together better quality assurance. What sort of utilization did you get in some of the tools that you had in place, even though you were going from manual to a more automated approach?

Varghese: About two years ago, even though we had the tools, we had very limited use. We ran a few ad-hoc, automated scripts every now and then. Since we adopted this framework a little over a year ago, we have 100 percent utilization of the tool. We don’t have enough licenses today. We definitely are in dire need of getting more licenses.

Last year, every person on my team went to advanced training. Everybody on the team can execute the 700 scripts pretty much overnight, if they had to. We could run them all parallel. We have 100 percent utilization of the tool and we’re in need for more licenses. I wish we had that capability, and we will in the future.

Gardner: So you’ve been able to cut your testing costs. You have seen better utilization of the tools you have in place and higher demand for more. How does it translate into what you've been able to accomplish in terms of your post-production quality of applications?

Varghese: Historically, when we had manual test cases, delivering a new release or a functionality on our Website involved perhaps three to four months of effort, simply because it took us several weeks to go through one cycle of testing. Today, we are turning them around in less than two days, which means we can deliver more features to the market more often and realize the value.

If you have heard, at JetBlue we have been offering even more leg-room features. This year, we have launched three or four products in the first quarter alone. We’ve been able to do that because of the quick turnaround time offered by the test automation capability.

Gardner: And not only do you reduce the time, what about the rate of failure?

Varghese: The rate of failure has reduced greatly. We brought post-production failures down by about 80 percent or so. Previously, in the interest of time, we would compromise on quality and you wouldn't necessarily do an end-to-end test. Today we have that, I wouldn’t say a luxury, but the ability to run an end-to-end test in less than two days. So, we’re able to pretty much test all of the facets of an application, even if that particular module is not affected.

Gardner: Congratulations on winning the award. This is a great testament that you took this particular solution set and did very good things with it.

Varghese: Absolutely. Thank you very much. Thank you for having us.

Gardner: We've been talking with Sagi Varghese, manager of quality assurance at JetBlue, a winner today of HP Software & Solutions Awards of Excellence.

Thanks for joining us for this special BriefingsDirect podcast, coming to you on location from the Hewlett-Packard Software Universe 2009 Conference in Las Vegas.

Also look for full transcripts of all of our Software Universe live podcasts on the BriefingsDirect.com blog network. Just search the web for BriefingsDirect. The conference content is also available at www.hp.com, just search on the HP site under Software Universe Live 2009.

I'm Dana Gardner, principal analyst at Interarbor Solutions, your host for this series of HP sponsored Software Universe Live Discussions. Thanks for listening and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Sponsor: Hewlett-Packard.

Transcript of a BriefingsDirect podcast recorded at the Hewlett-Packard Software Universe 2009 Conference in Las Vegas during the week of June 15, 2009. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

Tuesday, June 09, 2009

Analysts Define Growing Requirements List for Governance in Any Move to Cloud Computing

Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 42 on need for governance as more enterprises look to cloud computing services from inside and outside the firewall.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Charter Sponsor: Active Endpoints. Also sponsored by TIBCO Software.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Dana Gardner: Hello, and welcome to the latest BriefingsDirect Analyst Insights Edition, Volume 42. I'm your host and moderator, Dana Gardner, principal analyst at Interarbor Solutions.

This periodic discussion and dissection of IT infrastructure related news and events, with a panel of industry analysts and guests, comes to you with the help of our charter sponsor, Active Endpoints, maker of the ActiveVOS visual orchestration system, and through the support of TIBCO Software.

Gardner: Our topic this week on BriefingsDirect Analyst Insights Edition, and it is the week of May 18, 2009, centers on governance as a requirement and an enabler for cloud computing. We're going to talk not just about IT governance, or service-oriented architecture (SOA) governance. It's really more about extended enterprise processes, resource consumption, and resource-allocation governance.

It amounts to "total services governance," and it seems to me that any meaningful move to cloud-computing adoption, certainly that which aligns and coexists with existing enterprise IT, will need to have such total governance in place.

So, today we'll go round robin with our IT analyst panelists on their top five reasons why service governance is critical and mandatory for enterprises to properly and safely modernize and prosper vis-à-vis cloud computing.

We see a lot of evidence that the IT vendor community and the cloud providers themselves recognize the need for this pending market need and requirement for additional governance.

For example, IBM recently announced a virtualization configuration management appliance called CloudBurst. It not only helps companies set up and manage virtualized infrastructure, but it can just as well provision and manage instances of stacks of applications, as well as data services support across any number of cloud scenarios.

Easier provisioning

We also recently saw Amazon Web Services move with a burgeoning offering to ease provisioning, a reliability control, via automated load balancing and scaling features and services.

Akamai Technologies this spring announced advanced network-based cloud performance support, in addition to content and application's optimization services. [Disclosure: Akamai is a sponsor of BriefingsDirect podcasts.]

HP, also this spring, released Cloud Assure to help drive security, performance, and availability services for software-as-a-service (SaaS) applications, as well as cloud-based services. So, the road to cloud computing is increasingly paved with, or perhaps is going to be held up by, a lack of governance. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here to help us understand the need for governance as an enabler or a roadblock to wider cloud adoption are our analyst guests this week. We're here with David A. Kelly, president of Upside Research. Hey, Dave.

David A. Kelly: Hey, Dana. Happy to be here. This should be a fun topic.

Gardner: Ron Schmelzer, senior analyst from ZapThink. Hey, Ron.

Ron Schmelzer1: Hey, great to be here.

Gardner: And, Joe McKendrick, independent analyst and ZDNet blogger. Hey, Joe.

Joe McKendrick: Hey, Dana, nice to be here as well.

Gardner: Let's start with you Ron. You've been involved with SOA best practices and methodologies for several years. Before that, you were a thought leader in the Web services space, and governance has been part and parcel of these advances. Now, we're taking it to an extended environment, a larger, more complex environment. Tell me, if you would, your top five reasons why you think services governance is critical or not for this move to a larger services environment.

Schmelzer: You're making me count on a Friday before a long weekend. Let me see if I can do that. I'm glad you brought up this topic. It's really interesting. We just did a survey of the various topics that people are interested in for education, training, and stuff like that. The number one thing that people came back with was governance. That's indicative and telling at a few levels.

The first thing people realize is that simply building and putting out services -- whether they're on the local network or in the cloud or consuming services from the cloud -- don't provide the benefit, unless there's some control. As people always say, nobody really wants to be ungoverned, but nobody wants to have a government. The thing that prevents freedom from going into chaos is governance.

I can list the top five reasons why that is. You want the benefit of loose coupling. That is, you want the benefit of being able to take any service and compose it with any other service without necessarily having to get the service provider involved. That's the whole theory of loose coupling. The consumer and the provider don't have to directly communicate.

But the problem is how to prevent people from combining these services in ways that provide unpredictable or undesirable results. A lot of the efforts in governance from the runtime prevents that unpredictability. So one, preventing chaos.

Two. Then there is the design time thing. How do you make sure services are provided

How do you make sure that the various services comply with the various corporate policies, runtime policies, IT policies, whatever those policies are?

in a reliable predictable way? People want to create services. Just because you can build a service doesn't mean that your service looks like somebody else's service. How do you prevent issues of incompatibility? How do you prevent issues of different levels of compliance?

Of course, the third one is around policy. How do you make sure that the various services comply with the various corporate policies, runtime policies, IT policies, whatever those policies are?

Those are the top three. To add a fourth and a fifth, people are starting to think more and more about governance, because we see the penalty for what happens when IT fails. People don't want to be consuming stuff from the cloud or putting stuff into a cloud and risking the fact that the cloud may not be available or the service of the cloud may not be available. They need to have contingency plans, but IT contingency plans are a form of governance. Those are the top four, and it's a weekend, so I'll take the fifth off.

Gardner: Very good. Now, we go to David Kelly next. David, you've been following the cloud evolution through the lens of business process management (BPM) and business process modeling. I'm interested in your thoughts as to how governance can assist in how organizations can provide a better management and better modeling around processes.

Kelly: Yeah, absolutely. At one level, what we're going to see in cloud computing and governance is a pretty straightforward extension of what you've seen in terms of SOA governance and the bottom-up from the services governance area. As you said, it gets interesting when you start to up-level it from individual services into the business processes and start talking about how those are going to be deployed in the cloud. That brings me to my first point. One of the key areas where governance is critical for the cloud is ensuring that you're connecting the business goals with those cloud services.

It's like the connection between IT and business in conventional organizations. Now, as those services move out to the cloud, it's the same problem but in a larger perspective, and with the potential for greater disruption. Ron just mentioned that in terms of the IT contingency planning and the risk issues that you need to bring up. So, one issue is connecting the business goals with the cloud services.

Another aspect that's important here is ensuring compliance. We've seen that for years. That's going to be the initial driver that you're going to see in the cloud in terms of compliance for data security, privacy, and those types of things. It's real easy to get your head around, and when you're looking at cloud services that are provided to consumers, that's going to be a critical point.

Can the consumers trust the services that they're interacting with, and can the providers provide some kind of assurance in terms of governance for the data, the processes, and an overall compliance of the services they're delivering?

Then, when you step back and look, the next issue in terms of governance

It's like saying we have Web server governance. You need it. It's there and its important, but its such a small slice of the overall solution that we're going to have to see a much broader expansion over the next four or five years.


and cloud governance comes down to ensuring consistent change management. You've got a very different environment than most IT organizations are used to. You've got a completely different set of change-management issues, although they are consistent to some extent with what we've seen in SOA and the direction organizations are taking in that area. You need to both maintain the services and make sure they don't cause problems when you're doing change management.

The fourth point is making sure that the governance can increase or help monitor quality of services, both design quality, as Ron mentioned, and runtime quality. That could also include performance.

Dana, when you mentioned some of your examples, most of those are about the performance and availability of these services. So, they're very limited. What we've seen so far is a very limited approach to governance. It's like saying we have Web server governance. You need it. It's there and its important, but its such a small slice of the overall solution that we're going to have to see a much broader expansion over the next four or five years.

The last thing, looking at this from a macro perspective, is managing the cloud-computing life cycle. From the definitions of the services, through the deployment of the services, to the management of the services, to the performance of the services, to the retirement of the services, it's everything that's going on in the cloud. As those services get aggregated into larger business processes, that's going to require different set of governance characteristics. So, those are my top five.

Gardner: Joe McKendrick, we've heard from David and Ron. David made an interesting point that we're probably scratching the surface of what's going to be required for a full-blown cloud model to prosper and thrive. We're still looking at this as basically red light-green light, keeping it working, keeping the trains running. We don't necessarily have them on time, on schedule, or carrying a business payload or profit model. So, Joe, I'm interested in your position -- five reasons why governance is important, or what, perhaps, needs to come.

McKendrick: Thanks, Dana. Actually, Ron and David really covered a lot of the ground I was going to cover, and they said it probably a lot better than I would say.

There is an issue that's looming that hasn't really been discussed or addressed yet. That is the role of governance for companies that are consuming the services versus the role of governance for companies that are providing the services.

On some level, companies are going to be both consumers and providers of cloud services. There is the private cloud concept, and we've talked about that quite a bit in these podcasts. SOA is playing a key role here of course.

Companies, IT departments will be the cloud providers internally, and there is a level of governance, the design time governance issues that we've been wrestling with SOA all these years, that come into play as providers.

There are going to be some other companies that may be more in a consume mode. There are other governance issues, another side of governance, that they have to tackle, such as service-level agreements (SLAs), which is assuring the availability of the applications they're receiving from some outside third party. So, the whole topic of governance splits in two here, because there is going to be all this activity going on outside the firewall that needs to be discussed.

Another key element that's coming into play has been wrestled with, discussed, and thrown about during the development of SOA over the past few years.

A lot of companies are taking on the role of a broker or brokerage. They're picking up services from partners, distributors, and aggregators, and providing those services to specific markets.


It's the ability to know what services are available in order to be able to discover and identify the assets to build the application or complete a business process. How will we go about knowing what's out there and knowing what's been embedded and tested for the organization?

The issue of return on investment (ROI) is another hot button, and we need to be able to determine what services and processes are delivering the best ROI. How do we measure that? How do we capture those metrics?

But overall, the key thing of SOA and what we've been talking about with SOA is how do we get the business involved? How do we move it beyond something that IT is implementing and move it to the business domain? How do we ensure that business people are intimately involved with the process and are identifying their needs? Ultimately, it's all about services. We're seeing businesses evolve in this direction.

A lot of companies are taking on the role of a broker or brokerage. They're picking up services from partners, distributors, and aggregators, and providing those services to specific markets. I call it the "loosely coupled business" concept, and it's all about services -- SOA, Web services, cloud-based services. It's all rolled into one -- Enterprise 2.0. I'll bring that in there too.

So, we're just scratching the surface here.

Preparing to scale

Gardner: Thanks Joe. I'll be last and will take the position of disadvantage, because I'll be talking a lot about what you've all stated so far, but perhaps with a little different emphasis.

My first reason for governance is that we're going to need to scale beyond what we do with business to employee (B2E). In many cases we've seen SOA and Web services developed in large enterprises first for some B2E and some modest business to consumer (B2C).

For cloud computing, we're going to need to see a greater scale business to business (B2B) cloud ecology and then ultimately B2C with potentially very massive scale. New business models will demand a high scale and low margin, so the scale becomes important. In order to manage scale, you need to have governance in place. And by the way, that's not only for services, but application programming interfaces (APIs).

We're going to need to see governance on API usage, but also in what you're willing to let your APIs be used for -- not just on an on/off switch, but also at a qualitative level. Certain types of uses would be okay, but certain others might not for your APIs, and you might also want to be able to charge for them.

My second point is the need to make this work within the cloud ecology.

Standards and neutrality at some level are going to be essential for this to happen at that scale across a larger group of participants and consumers.

So, with dynamic partnering, with people coming and going in and out of an ecology of process, delivered cloud services, means federation. That means open and shared governance mechanisms of some type. Standards and neutrality at some level are going to be essential for this to happen at that scale across a larger group of participants and consumers.

One example of this we've seen at the social-network level is the open, social approach to sign-on and authentication. That's just scratching the surface of what's going to be required in terms of an automated approach to provisioning and access control at the services level, which falls back to much more robust and capable governance.

My third reason is that IT is going to need to buy into this. We've heard some talk recently about doing away with IT, going around IT, or doing all of these cloud mechanisms vis-à-vis the line of business folks. I think there is a role for that, and I think it's exploratory at that level.

Ultimately, for an enterprise to be successful with cloud models as a business, they're going to have to take advantage of what they already have in place in IT. They need to make it IT ready and acceptable, and that means compliance. As we've talked about, that's the ability to have regulatory satisfaction, where that's necessary, and to satisfy the requirements that IT has for how its going to let its resources, services, and data be used.

IT checklist

IT has, or should have, a checklist of what needs to take place in order for their resources and assets to be used vis-à-vis outside resources or even within the organization across a shared-services environment. IT needs to be satisfied, and governance is going to be super essential for that.

Number four is that the business models that we're just starting to see well up in the marketplace around cloud are also going to require governance in order to do billing, to satisfy whether the transaction has occurred, to provision people on and off based on whether they've paid properly or they're using it properly under the conditions of a license or a SLA of some kind. This needs to be done at a very granular level.

We've seen how long it took for telecommunications companies to be able to build and provision properly across a fairly limited amount of voice services. They recognized that their business model was built on the ability to provision a ring tone and charge appropriately for it. If it has a 30-day limit to use, that needs to be enforced. So, governance is going to be essential for making money at cloud types of activities.

Lastly, cloud-based data is going to be important. We talk about transactions, services, APIs, and applications, but data needs to be shared, not just at a batch level, but at a granular level across multiple partners. To govern the security, provisioning, and protection of data at a granular level falls back once again to governance. So, I come down on the side that governance is monumental and important to advancing cloud, and that we are still quite a ways away from doing that.

Where I'd like to go next with the conversation is to ask where would such

The cloud actually complicates things a little bit, because we're not really in control of the cloud infrastructure. So, we don't have full control of how a third-party cloud environment would choose to enforce a runtime policy.

governance happen? Is this something that will be internal? Will there be a third party, perhaps the equivalent of a Federal Reserve in the cloud, that would say, "This is currency, this is what the interest rates are, and this is what the standards are?" In a sense, we're talking about cloud computing as almost an abstraction, like we do when we think about an economy or a monetary system.

So, let's take up that question of where would you actually instantiate and enforce governance. Back to Ron Schmelzer at ZapThink.

Schmelzer: It's good that you mentioned all of these things. Governance just can't be a bunch of words on a piece of paper, and then you hope that people by themselves will just voluntarily make them happen. Clearly, we need some ways of enforcing them.

Some of them are automated and some of them are automatable, especially a lot of the runtime governance things you talk about -- enforcing security policies, composition policies, and privacy policies.

There are a lot of those policies that we can enforce. We can enforce them as part of the runtime environment, whether we do that as part of the infrastructure, we do it as part of the messaging, or we do that at the client side. There are a lot of different ways of distributing.

The cloud actually complicates things a little bit, because we're not really in control of the cloud infrastructure. So, we don't have full control of how a third-party cloud environment would choose to enforce a runtime policy.

But, there are other kinds of policy. We talked about design-time policy, which is how we govern the way that we create services. How do we govern the way that we consume them? How do we govern the way that we procure those services? There is a certain amount of enforceability, both at automated level with the tooling that we use to do that, the design time tooling, or even as part of the budgeting, approval, or architectural review process. There are a lot of places where we can enforce that.

Change management

Of course, we have the whole area of change management. It's a huge bugaboo in SOA, and it's going to rear its head in cloud. How do we deal with things versioning and changing, both the expected changes and the unplanned changes, things becoming available, and things not becoming available.

We may have policies to deal with that, but how do we force a policy that says, "All of a sudden the geocoding service that you're using for some core process is no longer available. You have to switch to another one." Can you truly automate that, or is there some sort of fall back? What do you do?

Fortunately, one of the great things about cloud is that it's forcing us to stop thinking about integration middleware as a solution to architectural problems, because it has absolutely nothing to do with integration middleware.

We don't even know what's running the cloud. So, when we're thinking about the cloud now, we have to be thinking in terms of the abstract service. What do I do when it's available? What do I do when it's not available? That forces us to think a lot more about governance, quality, and management.

Gardner: Let's go to you Dave Kelly. It seems to me that there is a political angle to this as well, as Ron was saying. There is a need for a trusted, neutral, but authoritative third party. Would I trust my own enterprise, my competitor, or even someone in my supply chain to be dictating the enforcement of governance?

Kelly: Well, I think there is. There is a role for a trusted,

We're going to see more of a bottom-up approach to governance. The organizations that are putting services or data out there are going to be ones demanding some type of governance or compliance capabilities.

neutral, as you said, an authoritative third party, but we're not going to see one soon. That's a longer-term evolution. That's just my take. We'll see some kind of alliance evolve over the next couple of years, as providers start to grapple with this and with how they can help ensure some sort of governance and/or compliance in the cloud services. As usual in the IT landscape, that will be politicized, at least in terms of the vendors providing services.

We're going to see more of a bottom-up approach to governance. The organizations that are putting services or data out there are going to be ones demanding some type of governance or compliance capabilities. You're going to see this push from the bottom, with some movement from the top, but I don't know that it's going to be all that effective.

Gardner: Joe McKendrick, let me run that by you, but with a hypothetical. We've seen in the past over the history of business, commerce, and the mercantile environment, starting perhaps 500-700 years ago, around shipping, sailing ships across port to port, that someone had to step up and become an arbiter. Perhaps it was a customs groups, perhaps a large influential company, like an East India Company, but eventually someone walked in to fill the vacuum of managing a marketplace.

The cloud is essentially a marketplace or many marketplaces. It's very complex compared to just moving tobacco from North America to Europe or back to the East Indies with some other cargo. Nonetheless, it seems to me that the government or governments could step into the middle here and perform this needed third-party authoritative role for governance.

Extracting revenue

Maybe it won't be necessarily providing the services, but providing the framework, the standards, and, at some level, enforcement. In doing so, it will have an ability to extract some sort of a revenue, maybe on a transaction basis, maybe on a monetary percentage basis. Lord knows, most governments that we're looking at these days need money, but we also need a cloud economy because it's so much more productive.

I know this is a big question, a big hypothetical, but don't you think that it's possible that this need for governance that we've uncovered will provide an opportunity for a government agency or some sort of a quasi-public entity to step in and derive quite a bit of revenue themselves from it?

McKendrick: Wow! I don't know about that. You mentioned earlier the possibility of a hypothetical Federal Reserve in the cloud, I'm just trying to picture Ben Bernanke or Alan Greenspan taking the reins of our cloud economy and making obtuse statements, and everybody trying to read the tea leaves on what they just said.

I don't know, Dana. I can't see a government agency stepping in to administer or pluck revenue out of the cloud beyond maybe state agencies looking for ways to leverage sales taxes. They already have that underway.

You mentioned marketplaces taking over. I think we're going to see the formation of marketplaces of services. Dave Linthicum isn't on the call with us. He was with StrikeIron for a while, and StrikeIron was a great example from the get-go of how this would be structured.

They formed this private marketplace. Web service providers would

I think it will be a private-sector initiative. We'll see these marketplaces gel around services.

provide these services and make them accessible to StrikeIron. They would certify to StrikeIron that the services were tested and viable. StrikeIron also would conduct its own testing and ensure the viability of the services.

Gardner: I believe there's another company in Europe called Zimory that's attempting a similar approach, right?

McKendrick: Exactly. In fact, a company called 3tera just announced this past week that they'll be providing a similar type of marketplace for cloud-based services.

Gardner: So, the need is clearly there, don't you agree?

McKendrick: Absolutely! I think it will be a private-sector initiative. We'll see these marketplaces gel around services. I'm not sure how StrikeIron is doing these days, but the business model was that the providers of the services were to receive these micro payments every time a service was used by a consumer tapping into the marketplace. It might be just a few pennies per instance, but these things add up. Sooner or later, you have some good money to be made for service providers.

Gardner: Ron, do you think that this is strictly a private-sector activity or can no one private-sector entity be put into the position of a hub within a spoke of cloud commerce? Would anyone be willing to trust one company with such power, or does this really open up an opportunity for more of a public entity of some kind?

Let it evolve

Schmelzer: For now, we need to let this evolve. We're still not quite sure what this means economically. We don't know how long lived this is going to be. We don't know what the implications are entirely. We do trust a lot of private companies.

To a certain extent, Google is one, big unregulated information hub, as it is. There's a lot of kvetching about that, and Google has made some noise about getting into electronic health records. Right now, there's really no regulation. It's like, "Well, let Google spend their money innovating in that area, and if something good comes out of it, maybe the government can learn."

But, the government is a little bit overwhelmed at the moment just trying to keep the basics of "Ye Old 1.0 Brick-and-Mortar Economy" running, and can't get their fingers into the 2.0 and 3.0 stuff that a lot of us in the market don't have entire visibility into. I'm going to plead SOA libertarianism on this one.

McKendrick: The government could play a role of a catalyst. Look at the Internet, the way the Internet evolved from ARPANET.

But, the government is a little bit overwhelmed at the moment just trying to keep the basics of "Ye Old 1.0 Brick-and-Mortar Economy" running.

The government funded the ARPANET and eventually the Internet, funding the universities and the military establishments involved in the network. Eventually, they niched them into the private sector. So, they could play a catalyst role.

Gardner: There is a catalyst, but there is also a long-term role of playing regulator. If you look at how other markets have evolved. Right now, we're looking at the derivatives market that has evolved over the past 10 or 15 years in financial market.

Some government agencies are coming and saying, "Listen, this thing blew up in our face. We need now to allow for a regulatory overview with some rules and policies that we can enforce. We're not going to run the market, we're not going to take over the market, but we're going to apply some governance to the market."

McKendrick: Does the government regulate software now? I don't see a lot of government regulation of software -- Oracle or Siebel.

Gardner: We're not talking about software. We're talking about services across a public network.

McKendrick: Right, but the cloud is essentially a delivery mechanism. Its not CDs. It's an over-the-wire delivery of a software.

Gardner: That's why I argue that it's a market, just like a NASDAQ is a market, the New York Stock Exchange, or a derivatives trading environment is a market. Why wouldn't the government's role apply to this just as it has to these marketplaces? Dave Kelly?

Not at the moment

Kelly: Eventually, it will, but, as you said, the derivatives market went unregulated for a long number of years, and the cloud market is certainly not well-defined. It's not a good place for regulation at the moment. Come back in three or four years, and you've got a point to make, but until we get to some point where there is some consistency, standards, and generally accepted business principles, I don't think we're there yet.

Gardner: Should we wait for it to be broken before we try to fix it?

Kelly: That's the typical strategy of government, so yeah. Or we can wait for someone like Microsoft to step in.

Gardner: Would that be amenable to somebody like Amazon and Google?

Kelly: I don't know.

McKendrick: I think we may see an association step in. Maybe we'll see an Open Group, or an OASIS-type

The only other alternative from a political standpoint is to have one big cloud provider that makes all the rules that everyone has to line up around.

industry association step in and take the lead.

Gardner: I see -- the neutral consortium approach.

Kelly: The neutral ineffective consortium.

Schmelzer: Ooh, this is getting rapidly political. We need this weekend, where is the weekend?

Gardner: But that is the point. This is ultimately going to be a political issue. Even if we come up with the technical means to conduct governance, that doesn't mean that we can have governance be effective in this large, complex marketplace that we envision around cloud.

The only other alternative from a political standpoint is to have one big cloud provider that makes all the rules that everyone has to line up around. I believe on the political side of things that's called fascism. Sometimes, it's worked out, but not very often.

Kelly: Or Colossus: The Forbin Project.

Schmelzer: Utilitarianism is the best form of government, as long as everybody cooperates. But, it's hard having the governments involved. To a certain extent, it's true that governance only works as long as there is trust. If you can't trust the providers, then you're just not going to go for it. The best case in point was when Microsoft introduced Passport [aka Hailstorm]. Remember that?

Microsoft said, "We'll serve as a central point. You don't like logging into all these websites and providing all your personal information. No problem. Store that with us, and we will be basically be your trusted intermediary. You log into the Passport system and enter your password into Passport."

Lack of trust

What happened to it? It failed. Why did it fail? Because nobody trusted Microsoft. I think that was really the biggest reason. Technologically it had some issues too, and there were a bunch of other problems with .NET. Also, they were just using Passport as a way of getting their tentacles into all the enterprise software and things. That's neither here nor there, but the biggest reason was, "Why would I want to store all this information with Passport?"

Look at the response to that, this whole Liberty Alliance shindig. I can't say that Liberty Alliance was really that much more successful. What ended up becoming more successful, the whole single sign-on on the Web, was stuff around OpenID and OpenSocial, and all that sort of stuff. That was the social network guys, Facebook and Google, saying, "We're really the people who are in control of this information, and they've already shared this information with us as it is."

Gardner: And what happened was we had a standardized approach to sharing authentication certificates across multiple vendors. That seems to be working fairly well.

Schmelzer: Yeah, without any real intervention. So, I would argue that there is probably a lot more private information in Facebook than people would ever want shared, and there is really no regulation there, but it's pretty well self-regulated at the current moment.

The question is, will all this service cloud stuff go in the direction of what Microsoft tried to do, the single-vendor imposed thing Liberty Alliance tried to do, sort of like the consortium thing, or the OpenID thing, which is a couple of people that already own a very large portion of the environment realizing that they just need to work together amongst themselves.

Gardner: In the meantime, because we all seem to agree that there is a great need for this,

I'd argue that 90 percent-plus of the people who are doing governance really don't know how to do governance at all, regardless of whether they have a great tool or not.

those individual organizations that create the picks and shovels to support governance, regardless of how it's ultimately enforced or what standards, policies, or rules of engagement are ultimately adopted, probably stand to inherit a very large market.

Does anybody want to take a guess as to what the potential market dimensions of a governance picks and shovels, that is the underlying technology and services to support such a governance play might be? Again, we'll start with you, Ron. How big is the market opportunity for those companies that can provide the technical means to conduct governance, even if we don't yet know how it might be overseen?

Schmelzer: I'm very satisfied to see that people are talking about governance as much as they are. This is not a sexy topic at all. I'd much rather be talking about mashups and stuff like that. Given all this interest, the interest in education and training, and what's going on in this market, the market opportunity is significantly growing. It's a little hard to quantify, whether you're quantifying the tools market or the runtime market, or you're quantifying services for setting up governance stuff. I don't think there is enough activity on the services side.

Companies are getting into governance and they think the way to get into governance is to buy a tool or registry or something and put a bunch of repositories together. How do they know what they're doing? I'd argue that 90 percent-plus of the people who are doing governance really don't know how to do governance at all, regardless of whether they have a great tool or not.

It's a big untapped opportunity for companies to get in with some real, world-class governance expertise and best practices and help companies implement those, independent of the tooling that they're using.

Gardner: Dave Kelly, do you agree that the market opportunity is for the methodologies, the professional services, the expertise, as much or more than perhaps say a pure technology sell?

Best practices are critical

Kelly: It's about equal. When you're talking governance, the processes, policies, and best practices are a critical part of it. It's not just about the technology, as it is in some other cases. It's really about how you're applying the policies and principles, both at the IT level and the business level, that are going to form your combined governance and compliance strategy. So, there is definitely a role for that.

At the same time, you're going to see an extension of the existing governance and technology solutions and perhaps some new ones to deal with -- as you said, the scalability, virtualization aspects, and perhaps even geopolitical aspects. As the services and clouds get dispersed around the world, you may have new aspects to deal with in terms of governance that we haven't really confronted yet.

There will be probably a combination of market sizes. I'm not going to put a number on it. It's going to be larger than the existing governance market, but probably I'd say by 10, 15, or 20 percent.

Gardner: Joe McKendrick, let's perhaps try a different way of quantifying the market opportunity. On a scale of 1-10, with 1 being lunch money and 10 being a trillion dollar market, what's your rough estimate of where this governance market might fall?

McKendrick: Let's put it this way. Without Excel or spreadsheets, probably 1 or 2. If you count Excel and spreadsheet sales, it's probably 7 or 8. Most governance efforts are very informal and involve plotting things on spreadsheets and passing them around, maybe in Word documents.

Gardner: That's not going to scale in the cloud. That can't even scale at a department level.

McKendrick: I know, but that's how companies do it.

Gardner: That's why they need a third-party entity to step in.

McKendrick: That's the prime governance tool that's out there these days.

Gardner: I'm going to say that it's probably closer to a 4 or 5. That's because the marketplace in the cloud can very swiftly become a real significant

Just as with the credit card companies, some sort of entity or process will emerge around that, and the government will probably find a way of getting a piece of it, as they usually have in the past.

portion of our general economy. I think that the cloud economy can actually start becoming an adjunct to the general economy that we know in terms of business, commerce, consumer, retail and so forth.

If that's the case, there's going to be an awful lot of money moving around, and governance will be essential. Just as with the credit card companies, some sort of entity or process will emerge around that, and the government will probably find a way of getting a piece of it, as they usually have in the past.

The opportunity here is almost commensurate with the need. There is a huge need for governance and therefore the market opportunity is great, but that's just my two cents.

Well, thanks, we've had a great discussion about governance -- some of the reasons for it being necessary, where the market is going to need to go in order for cloud computing to reach the vision that so many people are fond of these days. We're certainly going to be talking about governance a lot more.

I want to thank our panelists for today's input. We've been joined by David A. Kelly, president of Upside Research. Thanks, Dave.

Kelly: You're welcome. It was fun.

Gardner: Ron Schmelzer, senior analyst at ZapThink. Always a pleasure, Ron.

Schmelzer: Thank you, and one leg out the door to this vacation.

Gardner: And Joe McKendrick, independent analyst and ZDNet blogger. Thanks for your input as always, Joe.

McKendrick: Thanks for having me on, Dana. It was a lot of fun.

Gardner: I also want to thank the sponsors for this BriefingsDirect Analyst Insights Edition Podcast Series, and that would be Active Endpoints and TIBCO Software.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening, and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Charter Sponsor: Active Endpoints. Also sponsored by TIBCO Software.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 42 on need for governance as more enterprises look toward cloud computing and services from inside and outside the firewall. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.