| THE INDEPENDENT RESOURCE FOR IT EXECUTIVES Q1 2011 | $26
Eye on management
Also in this issue: Security and the Cloud Contributors Marlon Bowser CEO HTK
Mar tin Kuppinger
Fo u n d e r a n d S e n i o r Pa r t n e r Kuppinger Cole
Albert Lee
Senior Analyst Enterprise Management A ssociates (EM A)
Clive Longbottom
Service Director Business Process Facilitation Quocirca
contents page
4
Contents
etm
7
Editor and contributors page
9 Industry snapshot feature by 10 Special Stephen E. Arnold
90 Events and features 12
The best of both worlds
PETER HÄRDI (ASCOM WIRELESS SOLUTIONS) talks with ETM’S ALI KLAVER about the cost savings of IP-DECT solutions for onsite wireless communications.
16
The last automation frontier
ETM’S ALI KLAVER talks to KEVIN PARKER (SERENA SOFTWARE) about application development and delivery.
and 20 Commercially, socially, yours…
Savvy employers are looking at how to integrate social networking into their day-to-day corporate activities, but there are a few things to watch out for. CLIVE LONGBOTTOM (QUOCIRCA) takes you through the pros and cons.
24 Priceless
ETM’S ALI KLAVER talks to the CEO of
HANDYSOFT, HARRY CLARKE, about BPM and why this hot technology is making enterprises successful—even in today’s tough market.
around 30 Outsourcing the world
DIGVIJAY KUMAR (iGATE CORPORATION) and CAROL UNWIN (STERIA) join MIKE ATWOOD (HORSES FOR SOURCES) on a panel podcast to discuss finance and accounting outsourcing and in particular how to optimize transformation.
42 Capturing control
Controlling your endpoints and keeping them secure is becoming a harder task than ever with each new innovation in technology. MARC BRUNGARDT (PROMISEC) says that a unique solution will enable companies to operate the way they need to. He speaks to ETM’S ALI KLAVER.
46 Communication overload
MARLON BOWSER, CEO at HTK, looks at how companies can get the most out of the increasing number of customer communication channels.
mean and perfect 38 Lean, performance 48 Problem solved
Keeping up with the fast pace of today’s market isn’t as hard as you think. TONY BEESTON (ORSYP) talks to ETM’S ALI KLAVER about performance and capacity management and how success is possible with a little help.
Data storage shouldn’t be a hard task, particularly with the technology available today. RYAN DUFFY (QUANTUM CORPORATION) tells ETM’S ALI KLAVER that easy adoption and integration are possible.
52 Global networking
5 etm
ALBERT LEE (ENTERPRISE MANAGEMENT ASSOCIATES) says that consistency in designing cloud computing infrastructures, and diligence in applying service management best practices, are the keys to “The Responsible Cloud”.
56
Follow the flight path
MARK KENNY(ENTERPLICITY) talks to ETM’S ALI KLAVER about the five lessons that project management can learn from aviation.
60
The Capacity Quadrant
JERRY MANAS (PLANVIEW) is a best-selling author and Planview’s senior writer and editor of PRISMS best practices. ETM’S ALI KLAVER talks to him about his most recent foray into demystifying resource management.
74
Preservation and privacy
SIMON TAYLOR(COMMVAULT) says that, in order to make cloud migration work, it’s essential to involve an expert in the field and establish a methodology around how you’re going to do it.
a lot of work to 78 Still do…
A lot of CIOs and CISOs don’t do upfront research and put enough thought into looking at virtualization security for their organizations. MARTIN KUPPINGER (KUPPINGER COLE) says that this is a must if security targets are to be met, and to move forward with a successful cloud computing platform.
82 Layer by layer
64 Top of the food chain
Corporate performance management software is no longer just for the most sophisticated or progressive companies, it’s something that has been made available and attainable for just about any sized enterprise. SHAWN ROGERS
(ENTERPRISE MANAGEMENT ASSOCIATES) moderates a panel podcast with the expert opinion of JON KONDO (HOST ANALYTICS), GEOFFREY NG (PROPHIX SOFTWARE) and TONY LEVY (IBM).
contents page
Contents
Delving into the specifics of being and staying secure at endpoints is a favourite topic of LANDesk experts ANDY KING and BEN HALL. They talk to ETM’S ALI KLAVER about the fundamentals of endpoint security and how it all starts with knowing exactly what is on your network.
86 The source
Enterprise search is as much about the tools you use as the way users actually search.
BRIAN PINKERTON (LUCID IMAGINATION) says that it’s search that has now become a vital part of a user’s everyday life. He talks to ETM’S PINAR GENCTURK.
100% control of every endpoint. Everywhere. And every minute. You can’t manage what you can’t see. And that’s why you need Promisec
8F NBLF JU GBTUFS BOE FBTJFS UP SFTPMWF LOPXO QSPCMFNT "OE XF mY QSPCMFNT ZPV OFWFS LOFX FYJTUFEoBDSPTT UIF FOUJSF SBOHF PG ZPVS CVTJOFTT DSJUJDBM GVODUJPOT TVDI BT t $PNQMJBODF
"OE CFTU PG BMM UIFSF T OP SJQ BOE SFQMBDF XJUI 1SPNJTFD 0VS TPMVUJPOT DPNQMFNFOU BOE PQUJNJ[F ZPVS FYJTUJOH TPMVUJPOT NBLJOH XIBU ZPV BMSFBEZ PXO XPSL CFUUFS "U NVDI MPXFS DPTU To learn more: Email: inquiry@promisec.com Visit: www.promisec.com Call: 1.646.616.5103
t )BSEXBSF BOE 4PGUXBSF *OWFOUPSZ t 3FNFEJBUJPO t $SJTJT .BOBHFNFOU t &OEQPJOU 0QUJNJ[BUJPO
We’re into control. *TSBFM t 6OJUFE 4UBUFT t 'SBODF t *OEJB
-design.co.il
0VS VOJRVF BHFOUMFTT UFDIOPMPHZ QSPWJEFT VOQSFDFEFOUFE WJTJCJMJUZ JOUP PG FOEQPJOUT XJUI BDDVSBDZ
Senior Editor Pinar Gencturk Creative Director Ariel Liu
Firstly, I’d like to wish all of our readers a happy and healthy 2011! As we begin this year with greater expectations of growth and stability, the IT industry is preparing for some of its toughest challenges yet. What surprised me over the past few months as I’ve been interviewing and preparing the Q1 issue is the fact that IT management, in all its forms, is becoming a focus area whether that be in capacity management, business process management, identity and access management or a myriad of others. There is a fantastic panel podcast online at globaletm.com led by Shawn Rogers at Enterprise Management Associates that deals with corporate performance management and features industry experts from such companies as Host Analytics and PROPHIX. Be sure to also check out the transcript on page 64. Also of concern is endpoint security and, while this is a given, it still pops up in the day-to-day conversations I’m having with the analyst community. Speakers from Promisec and LANDesk have some great tips and suggestions for you (pages 42 and 82 respectively). Don’t forget, we also have four analyst-driven pieces on topics as diverse as “The Responsible Cloud” (EMA, page 52) to integrating social networking in your organization (Quocirca, page 20). Finally, it’s with sadness that I pass the reigns of this respected magazine and sister website to a new managing editor. Pinar Gencturk joins IMI Publishing from a successful tenure at Fairfax in Australia and is keen to develop ETM so that it far exceeds your expectations and answers ALL of your most pressing questions. Thank you for reading, and if you would like to contribute to any future issues of ETM please feel free to contact Pinar via email at pgencturk@imipublishing.com
Ju n i o r D e s i g n e r Mana A ssoudeh We b D e v e l o p e r Vincenzo Gambino Po d c a s t / S o u n d E d i t o r Mark Kendrick A ssociate Editor He l e n a S t a w i c k i Account Executive Sandino Suresh Ali Behbehani Jo h a n n e s Va n Vu g t No r t h A m e r i c a n A c c o u n t E x e c u t i v e s Fa r r a h Tu t t l e Ye s s i t A r o c h o Jo e M i r a n d a Marketing Executive Alexandros Themistos
Contributors Marlon Bowser C EO HTK Mar tin Kuppinger S e n i o r Pa r t n e r a n d Fo u n d e r Kuppinger Cole Albert Lee Senior Analyst Enterprise Management A ssociates Clive Longbottom Ser v ice Director, Business Process Facilitation Quocirca
Ali Klaver Ali Klaver Managing Editor
Enterprise Technology Management is published by Informed Market Intelligence
informed mar ket intelligence How to contact the editor
We welcome your letters, questions, comments, complaints and compliments. Please send them to Informed Market Intelligence, marked to the editor, Farringdon House, 105-107 Farringdon Road, London, EC1R 3BU, United Kingdom or email pgencturk@imipublishing.com
PR submissions
All submissions for editorial consideration should be emailed to pgencturk@imipublishing.com
Reprints
For reprints of articles published in ETM magazine, contact athemistos@imipublishing.com
All material copyright Informed Market Intelligence This publication may not be reproduced or transmitted in any form in whole or part without the written express consent of the publisher.
Headquarters Informed Market Intelligence (IMI) Ltd
Farringdon House, 105-107 Farringdon Road London, EC1R 3BU, United Kingdom
+44 207 148 4444 New York 68 Jay Street, Suite #514, Brooklyn, NY 11201, USA +1 718 710 4876
7 ETM CONTRIBUTORS
Eye on management
Managing Editor A l i K l av e r
editor’s page
Fo u n d e r / P u b l i s h e r Amir Nikaein
McKinsey’s new survey finds that companies using the web intensively gain greater market share and higher margins. Results show that the web 2.0 use of companies is significantly improving performance. Fully networked enterprises are not only more likely to be market leaders or to be gaining market share, but also use management practices that lead to margins higher than those of companies using the web in more limited ways. The fourth annual survey garnered responses from 3249 executives across a range of regions, industries and functional areas. Two-thirds of the respondents reported using web 2.0 in their organizations. Source: Forbes
IT spending up
In January, Gartner released its latest forecast for worldwide IT spending in the coming year. Gartner says companies and governments will spend $3.6 trillion on IT this year which is more than the prior $3.4 trillion forecast, amounting to growth of 5.1 %. The report has found that spending is picking up fastest on telecom equipment with computing hardware and enterprise software following close behind. Source: The Wall Street Journal
Cyber-sabotage top fear
The biggest security concerns for the coming year will be cyber-sabotage and cyber-espionage, say industry experts. They cite the success of the Stuxnet worm in attacking industrial control systems as a prime example of what to expect in 2011. Other predictions include a rise in sophisticated malware, Wikileaks-style breaches and a focus on mobile. Sharing the headlines with Stuxnet were the hack attacks carried out by supporters of whistle-blowing website Wikileaks. In late 2010, Wikileaks began releasing some of a cache of 250,000 leaked US diplomatic cables. The attacks took the form of Distributed Denial of Service (DDoS) that involve bombarding a website with data to the point that it is overwhelmed. Net security expert Dan Kaminsky said DDoS attacks were likely to proliferate in 2011 because of their simplicity. Art Gilliland, a vice president at security giant Symantec, said the Wikileaks debacle underscored the need to shift the focus from securing infrastructure to securing content. Source: BBC
Oracle’s $1b acquisition
In November, Oracle announced its acquisition of Art Technology Group Inc., a provider of eCommerce software and related on-demand commerce optimization applications through a cash merger for $6 per share, about $1 billion. ATG’s solutions enable enterprises to provide a cohesive online customer experience with sophisticated merchandising, marketing, content personalization, automated recommendations and live-help services. Source: Oracle
Ipswitch 2011 predictions
Companies that continue to focus on quickfix security tools instead of strengthening and enforcing information security policies risk devastating consequences in 2011, warns Ipswitch, the secure managed file transfer company. An Ipswitch report predicts that enterprises will start monitoring and managing the information flowing to and from personal email, instant messages and cloud-based services. According to an Ipswitch survey of IT executives, 40% said they routinely send confidential information through personal email to eliminate the audit trail from management. Additionally, 25% admitted to sending proprietary files to their personal email accounts with the intent of using that information at their next place of employment. Source: Ipswitch
Testing, testing...
Ixia, provider of converged IP network test solutions, has teamed with Nick Lippis of the Lippis Report to sponsor a series of open industry data center network performance and power consumption tests. The goal is to provide comparative data across several 10 Gigabit Ethernet (GE) switch providers using Ixia’s breakthrough Xcellon-Flex™ load modules. This test will be the first of its kind and will provide network stakeholders with real-world data that compares and contrasts different 10 GE equipment manufacturer products for data center fabrics. Source: Axicom
9 Information in the cloud
2.0
Ask the Expert
Industry snapshot
SPECIAL FEATURE
10 STEPHEN E. ARNOLD
Google Google Enterprise Apps: Forcing Competitors to React
Three years ago—August 13, 2008—eWeek published “Google Gmail, Google Apps Are Not Enterprise Ready”. Shock headlines have come to signal a publication that wants to generate more traffic to their website, but the old shouting lead may be relevant in 2011. The article by Clint Boulton, however, made several valid points about Google’s enterprise products and services. There was a reference to Google’s problems in 2008 with keeping its Gmail service online and accessible. Mr Boulton referenced a number of industry analysts who echoed a single theme: When a cloud service goes offline, users cannot access their data, email or applications. In November 2010, Google made available a number of new products and services to Google Apps customers. To control these applications, they created a dashboard-style interface. The shift to the new interface will probably be completed by the time you read this column. Among the applications available are Google Voice (a Skype-influenced telephony service), Picasa (an image manager and search application), and a somewhat daunting three score more. According to Google’s blog posts and public announcements, they want the enterprise to be “consumerized”. To make the point crystal clear, Google has included its CheckOut service (an online payments system similar to eBay’s PayPal) and AdWords (Google’s online advertising system). Google modified its nomenclature for its expanded service. Of interest to me are Google Apps for Business and Google Apps for Government. Google continues to land high-profile commercial accounts, including Genentech, Motorola Mobile Devices Division and Capgemini, among others. Perhaps Google’s biggest win in late 2010 was a deal to provide Google Apps to the US Government’s General Services Administration. Google lost out on a similar deal for the US Department of Interior and seems to be pursuing legal action against that US government agency. When a company sues a unit of the US, that company is definitely serious about winning enterprise accounts. On a recent trip to Washington, DC, I asked several government executives about their view of Google’s alleged legal maneuverings at Interior. The answer? “No comment.” In my experience, a procurement team becoming involved in legal hassles has negative mojo. Google has been working over the last two years to enhance its enterprise products and services. Among the notable milestones are enhancements to security. Websites and trade publications have focused
on Google’s certification for the US government. FISMA is an acronym for Federal Information Security Management Act. (For details about FISMA, go to http://csrc.nist.gov/groups/SMA/fisma/index.html.) However, the more interesting security capabilities appear in a 2010 white paper: Google Apps Messaging and Collaboration Products. You can download a copy of this 14-page document from www.google.com/a/help/ intl/en/admins/pdf/ds_gsa_apps_whitepaper_0207.pdf. Google acquired Postini, September 2007. Postini, at the time, offered security and corporate compliance solutions for email, instant messaging and other web-based communications. Postini had at the time of the deal more than 35,000 business customers and supported 10 million customers. Postini’s capabilities embraced inbound and outbound policy management, spam and virus protection, content filtering, message archiving, encryption and specialized services to ensure that email is not changed. The question I often hear when I express my confidence in Google’s Postini-centric security methods is: “What’s a Postini? Why have I never heard about these security services?” I don’t have an answer to these questions. My view is that Google’s marketing may not be reaching some audiences. The company’s main website for its enterprise apps is located at www. google.com/enterprise. A newcomer to Google’s service will find that each of the links reveals increasing levels of detail. A good example is the link to Google Apps that Google says will: “Foster stronger communication and collaboration between employees”. The subsite for Google Apps explains the benefits that have earned the company more than “three million businesses” as customers. These include Google’s cost savings compared to on-premise solutions, synchronization of mobile email and calendars, data security and Google’s “reliability guarantee” for 99.9 per cent uptime. Of particular importance is Google highlighting 24/7 customer support. Google relies on email, frequently asked questions and Google Groups’ participants. One criticism I’ve heard is that Google can be elusive when some customers try to contact the firm. In early 2010, the widely-read TechDirt.com blog ran: “Once Again, Google’s customer Service Is Becoming an Issue”. See www.techdirt.com/ articles/20100112/2044117719.shtml. In my experience, customer service is an issue for many vendors. On its main Google App’s web pages Google does not provide a telephone number, preferring to direct inquiries to an Apps team member via email.
that often times they can’t meet basic requirements.” [...] “Constraints such as inadequate product support, failure to provide a roadmap, poor interoperability with other lines of business apps and limited functionality are all reasons why public sector organizations such the State of Minnesota and New York City have said ‘no thanks’ to what Google is offering.” […] “Regardless of how organizations are thinking about the cloud, Microsoft provides a choice for their productivity needs; on premises, in the cloud or as a hosted solution. Google doesn’t offer any such choice.” The sentiment was noted by the Wall Street Journal and dozens of other information services, including the UK publication Channel Register (www.channelregister.co.uk/2010/12/02/microsoft_blasts_google_apps). If tensions are rising between Google and Microsoft, the companies are behaving in a manner familiar to anyone watching the tussle among Hewlett Packard, Oracle and SAP. The battle for the enterprise is indeed serious. Litigation is, in my opinion, replacing innovation. And the stakes are high. Enterprise vendors realize that the “shelf space” in companies for software and services is getting smaller. I’ve noticed that some lobbying activities are underway. Large vendors are using the resources at their disposal to gain an edge in a tough market. Is Google ready for the enterprise? Microsoft thinks so. And Brusselsbased Initiative for a Competitive Online Marketplace (ICOMP) appears to be focusing some of its attention on Google. Coincidence? Possibly. I am fence sitting on this imminent border clash. When big armies fight, the grass gets trampled. Pile the bodies high and all that. Half a world away, Facebook and Baidu are chatting and closer to home Google TV is mostly white noise. Perhaps Google in the enterprise will be the big winner for Google in 2011. The company needs to diversify beyond ad revenue or be pegged as a one-trick pony for yet another year.
STEPHEN E. ARNOLD Mr Arnold is a consultant. More information about his practice is available at www.arnoldit.com and in his web log at www.arnoldit.com/ wordpress.
11 STEPHEN E. ARNOLD
However, you can locate Google telephone numbers via a Google search However, you can locate Google telephone numbers via a Google search point of contact, service and support inquiries go to that organization. TMCNet.com published on December 2, 2010: “Google to Pay More Attention to CRM” (www.tmcnet.com/channels/contact-center-software/ articles/122943-google-pay-more-attention-crm.htm). The write up asserts; “… It’s definitely a good thing that Google is taking customer relationship management more seriously. It’s just a plain fact that you only get lasting business from taking the utmost care of your customers”. When I shift my attention from Google’s security and customer service to developing for Google Apps, I had to run a Google query: “Google apps enterprise developers”. Google maintains separate mini-websites for developers. I could not locate a direct link from the basic information about Google Apps for the Enterprise to the Apps Enterprise Developer information. I located useful information at http://code.google.com/ googleapps. In order to dig into the substantive information, you will need to obtain a free Google account. General information is available without registering, but the code examples and access to developer functions requires registration. Fees may be involved, but details of the programs can change. I recommend that you register and contact Google via email to discuss what you want to build. The Google Apps marketplace makes it possible to generate revenue. You can find this information at http://code.google.com/googleapps/ marketplace. There is one inconsistency in the information presented. Google refers to “two million businesses” in the Apps Marketplace and in the main Apps splash page as “three million businesses.” This is a detail, and a large one. I would like to know how many Google Enterprise Apps customers Google really has. Microsoft probably questions the millions of customers count as well. Google and Microsoft have been less and less reluctant to criticize one another’s enterprise products and services. The rhetorical heat rose in the spring of 2010. One Microsoft-centric blog reported: “Microsoft Blogger Slams Google Apps”. I dismissed the allegations as routine marketing. However, in December 2010, Microsoft made evident its view of Google’s enterprise ambitions. According to DiTii.com, a senior manager at Microsoft’s online services unit allegedly said: “There’s no doubt that businesses are talking to Google, and hearing their pitch, but despite all the talk, Google can’t avoid the fact
SPECIAL FEATURE
hEAD TO hEAD
12 IP-DECT SOluTIOnS
best of both worlds The
http://www.GlobalETM.com
PETER HÄRDI (ASCOM WIRELESS SOLUTIONS) talks with ETM’S ALI KLAVER about the cost savings of IP-DECT solutions for onsite wireless communications. AK: lET’S BEGIn WITh An InTrODuCTIOn. PETEr, TEll uS A lITTlE BIT ABOuT yOur BACKGrOunD AnD hOW yOu CAME TO WOrK fOr ASCOM?
Ph:
Ascom is a Swiss-based company with headquarters in Switzerland. The total group has more than 2000 employees and we’re doing more than 500 million Swiss francs in revenue per year. Ascom consists of three divisions. One is network testing that provides testing services and equipment for the large GSM providers worldwide. Then we have security communication which is very much specialized in communication systems for the Police, military and blue light organizations. My division is wireless solutions providing mission-critical communication systems for onsite communications. As for me, my background is actually in engineering as well as the business side. I spent the first 20 years of my professional life in the IT
industry where I started off in sales and went through positions such as sales manager, then up to marketing and managing director functions. for roughly six years I was Ascom’s managing director for Switzerland and responsible for all of our business there, before I moved to the headquarters of wireless solutions here in Gothenburg to take on the role as vice president of marketing and product management. AK: WhAT IS ThE DIffErEnCE BETWEEn DECT AnD IP-DECT?
Ph:
Actually, DECT and IP-DECT are very closely related. What they have in common is DECT, a radio standard, a pure standard on what we call the air interface for communication. let’s say that the legacy and DECT system were connected to each other, or the network was based on classic ISDn technology. IP-DECT is actually using the same radio standard which is a very secure standard that also
ph:
While most of the other providers of some kind of DECT system are coming from the voice part of the communication, we come in and add value to the communication systems. We never provide just voice. We’ve always been into what we call interactive messaging where we integrate our system to the processes of the business. I think that was the starting point that made us so successful in the enterprise market. What we’ve also seen during the past year is a big movement in the communication market away from traditional PBX dominated communication into the IT market. Requirements on the openness of the system were also increasing, and I see a similar process from my experience as a junior sales in my time in IT more than 20 years ago when the old mainframe providers tried to keep all the PC and LANs out of their proprietary infrastructure. The PBX vendors also started there and never really made or designed the solution to interact or integrate with the other solutions. So what we’re seeing and also profiting from now is the move to the IT our customers expect which is more openness from the system. They want to have any kind of PBX or soft switch and add to those switches any handset or infrastructure which is fulfilling their needs the best. Some PBX vendors are really struggling because this does not fit in at all with their business model. I would say that the openness of the system really helped us during the past year, and now the market is more about integrating our systems into other communication systems. Then it’s also based on the technology we’re using.
is not the same as communicating with
data, it is much more challeng-
ing...”
As we touched on before, the DECT standard is about air interface for the communication system. Below that there is another standard which deals with how you access the handset and how the interaction is between how we call the handset; and there is a standard call GAP with dialling in between the handset and infrastructure to make the connections. There we have a different and higher standard on what is called CAP, which is made for a big system where you can have handover from one base station to the other but also roaming—when you take your Ascom DECT handset from one proximity to the next you can go on with your calls as you would if you were on a GSM handset. This brings us to the next great benefit of the Ascom IP-DECT system—its scalability. We can deal with very small systems up to systems with thousands of handsets. On top of that we’re able to offer customers a move migration from their legacy DECT system into the IP world, meaning that we can deploy an IP-DECT system and reuse their infrastructure. They can keep their legacy base stations, which is a massive cost factor, and integrate it into the IP system. This was very much appreciated by our customers. It is also a given that the handset you buy today should also be useable over the next generation, and this was proved when we made the jump from the legacy DECT system into the IP-DECT system. This has helped us to keep the large customer base that we’ve built over the past 50 years. AK: That is very important especially when you take into account scalability which is vital for small to medium businesses, as well as being able to integrate with legacy systems.
ph:
Yes, it’s exciting because it just hasn’t been possible in the past. I personally was involved in a process where we sold the system to the largest retailer in Switzerland. We were dealing with hundreds of small subsidiaries up to the big shopping centers and I was amazed at how easily the system moved. The legacy-based experiences were always so cumbersome to integrate and deploy in big networks and there were many hurdles in relation to third parties, so it’s much easier today with the IP system. In fact, what we’re facing now has been very successful in Europe but not present at all in the US. It’s interesting that we weren’t able to sell any DECT system in the US some years ago because no one wanted it—it was an unknown standard. There was a lot of hype around Wi-Fi and wireless LAN, and some customers have already changed to the IP-DECT system even in the US now because it’s makes more business sense. This is especially true for hospitals who want to have a very secure communication system. AK: For all of the CIOs and IT directors listening today, can you tell us the major challenges that are facing these types of people in the area of telecommunications such as voice and data transport?
ph:
I would say that the challenge for CIOs, specifically in regard to communications, is that they become more responsible for the voice services within a company and in that process they may also go through a steep learning curve as I did when I came from the IT industry to Ascom. One of the first things I learnt was that voice communication is not the same as communicating with data, it is much more challenging especially since the IP standard wasn’t made for voice communications. For example, when you transfer data from a simple file to an excel file, it doesn’t really matter
13 IP-DECT solutions
AK: Peter, there are different DECT or IP-DECT solutions available at the moment, so how did Ascom become the leader in the enterprise market?
“... voice communication
Head to head
guarantees a very high quality of speech and play transmission. The big difference to the legacy system is that all the networking is on the IP standard. This means that you can use the common IT network of a company for all the voice and messaging communication. This research also opened up new possibilities with regard to integrating more than one subsidiary into one system. With that I would say we entered into the new world, or more or less the best of both worlds—the secure classical DECT standard for air interface and all the value you get from a well-running IT network.
HEAD TO HEAD
16 APPLICATION DEVELOPMENT
Last
The Automation
Frontier
ETM’S ALI KLAVER talks to KEVIN PARKER (SERENA SOFTWARE) about application development and delivery.
http://www.GlobalETM.com
AK: KEVIN, AS CHIEF EVANGELIST AT SERENA YOU MUST MEET A LOT OF CUSTOMERS IN YOUR TRAVELS, SO WHAT TRENDS ARE YOU SEEING CONSISTENTLY ACROSS THE GLOBE?
KP:
For the last decade there’s been a huge compression of IT budgets. I was talking to a customer recently who was saying that we’ve got to the point with IT budgets where: “The lemon has been squeezed so tightly that there is not a drop left. In fact, all you can actually hear are the pips squeaking!” Our customers are under this enormous compression of the available budget, but at the same time the lines of business are bringing all those ideas forward for IT to implement and create solutions for—and they want them faster than ever. The whole pace and cadence of
KP:
As I travel the world it seems to be an almost universal truth that organizations are all looking to solve the same problems at the same time. Year on year, as I travel around, there seems to be a focus on the same topics and perhaps that’s just the fashion. I suspect it’s actually more about maturity and people evolving their IT solutions and their approach to delivering them in a consistent way. Right now I can tell you that it isn’t the core of application delivery that people are focusing on—it’s the book ends; the front end of the lifecycle—demand management, and the back end of the lifecycle—release management. At the front end there are a lot of people trying to work out how to make sure that the money they spend in IT is being spent on the right things. So there is an intense focus and emphasis on understanding the demand management part of the lifecycle.
There was lot of hype around ITIL three or four years ago and now that it’s gone mainstream a lot of my customers say that they’re doing ITIL. They’re implementing it in their own way and aren’t using all the parts of ITIL out of the book, but essentially following the discipline that comes from ITIL. Now that there is this focus on managing changes into production it requires everyone in the lifecycle, both in the production and application of delivery environments, to get much more automated so that it’s possible to seamlessly increase the velocity of delivering to production. There used to be this sense that release management was a bottleneck and the point at which everything stopped. It was a big grind to get things out into production and that is still true in many places, but the really smart people have realized that if you can increase the velocity and the ability to deliver releases into production with crisp execution every time, you can start to get changes into the production environments that meet the rapidly changing needs of the business. We talked about those a moment ago, and of course with new approaches for software delivery like lean and agile, they absolutely demand that we pick up the pace of change and the ability to put smaller batches of change into production much more quickly. If you don’t automate it you are going to bury the release engineers with changes and you will grind to a halt. This is the number one focus customers have these days. AK: SO THIS IS ACTUALLY A MASSIVE UNDERTAKING AND I GUESS THERE ARE QUITE A NUMBER OF PITFALLS THAT YOU MIGHT HAVE SEEN IN THE LAST FEW MONTHS, IF NOT YEARS. CAN YOU TALK ABOUT THOSE?
KP:
Because this is such a massive problem, people are looking at automating from end-to-end so they’re looking for one-size-fitsall solutions. The great thing about one-sizefits-all solutions is that you have one common technology, usually on one common platform, and it’s designed to automate the handoff from the beginning to the end of a lifecycle. The problem with these solutions is that in all cases they are designed for an average kind of environment. No customer is an average kind of environment. A lot of these products are massive and have 1001 different features and functions of which we use only 5-10%. Customers are struggling to make these one-size-fits-all solutions work.
17 APPLICATION DEVELOPMENT
AK: WE ALWAYS TRY TO THINK OF WAYS TO DEAL WITH THESE SORTS OF CHALLENGES, SO WHAT APPROACHES DO YOU COMMONLY FIND THAT ORGANIZATIONS TAKE TO ADDRESS THE THINGS YOU MENTIONED?
How can they make sure that, out of the business ideas that are coming in, they pick the winners? The projects they select need to move the dial for the business the most with the least amount of investment, so where is that increased ROI from these projects not only in terms of increasing the return on investment, but also the new ROI which is eliminating the risk of incarceration? There is a big focus on the front end of the lifecycle and a lot of customers are trying to get systems in place so there is greater visibility. In fact, if there were a keyword for what has been going on in 2010 with the customers I meet, it would be “visibility”. People want to see where their projects comes in the queue; where the “waterline” is that IT is setting in terms of projects they’re going to do this year, and how they can negotiate and arbitrate with their peers in other lines of business. Without a doubt, the biggest focus, and this is universally true with every customer I visit, is that the complexity of delivering applications into production today is so massive that it’s not something that we can hand to humans any longer. We have an interesting situation in most organizations on a Friday afternoon when the release engineer comes in and shepherds all those deployments through until Sunday morning, makes sure that the code gets in the right place, that all the patches get applied, and that the servers get stopped and started in the right order. But because of the complexity of applications today, and due to the interdependence between and among all the applications, we’ve reached the point now where it’s beyond the ability of individual humans to do any more. Most of the customers I talk to are looking for two things; a way to automate the lifecycle process of release management so they can make sure that the right people sign off on the releases, that people downstream are getting clear visibility into the release calendar so they can smooth out the peaks and troughs in terms of demand for new releases, and then at the lowest level there is an intense focus on making sure that we automate so we get complete repeatability, traceability and predictability for how we deliver software. We’re now deploying into this heterogeneous set of target environments that have their own intrinsic topological and technology needs, so we have to encapsulate those needs inside technology. Everyone is looking for solutions that can make that happen. One of the critical drivers of that is ITIL.
HEAD TO HEAD
business continues to accelerate. We now have tighter budgets and demand for faster time to market. We are living in the most highly regulated and compliance-required environment that we have ever seen. This in itself is piling up on the IT departments and then the business is also asking them to implement cool social media stuff and mashups. We’re escalating the technology delivery and complexity, and we’re adding delivery to the cloud, mobile devices and embedded systems, and suddenly we’ve got increasing orders of magnitude and complexity in everything we do. It doesn’t matter whether I’m in the Far East talking to a manufacturing company, in Europe talking to somebody in finance, or here in North America in healthcare—everybody is facing these challenges and it’s got to the point now where there is nothing left that we can do to improve delivery speed. Remember the things we’ve tried such as outsourcing—but there’s really not much more that we can outsource. We bought every package we can and put every ERP and CRM system in place so that we don’t have the development time, and people are now asking what else they can do with less money— especially when “the pips are squeaking”.
ANALYST FEATURE
20 SOCIAL MEDIA
Commercially, and socially, yours‌
Savvy employers are looking at how to integrate social networking into their day-to-day corporate activities, but there are a few things to watch out for. CLIVE LONGBOTTOM (QUOCIRCA) takes you through the pros and cons.
the use of these mega sites has to be where the focus lies and not on trying to make people come to your site directly. The problem lies in doing this effectively. Effective social media depends on what type of business you are and how you want to be perceived out in the market. For example, a retailer may be able to pick up a lot of followers by making special offers through social network streams. Specialist companies may want to have social feeds that are driven by named people who are well known within their realm of expertise. Others may want to drive followers through free gifts in exchange for information, links to other offers and so on—it comes down to what fits with your own corporate profile. However, when compared to a standard website, it has to be remembered that social networking is far more “of the moment”, and that an organization has far less control over something once it has gone out. Those who are tasked with managing social media streams must be seen as trustworthy. This is not the place for an unhappy employee to be given a corporately endorsed voice. They have to be tied in to what is happening within the business. Whatever is promised through social networking has to be known by sales, marketing and the contact center to maintain cohesion for the overall corporate strategy. The various streams have to be kept in synch. There is no point in advertising one offer on Twitter that is then offered in a different manner on Facebook. The users following your organization through both sites will only get confused. Content filtering can be of great use here
“... grab the opportunity and
use it join
there, and
,
the rest of us out
see what can be done.”
Facebook, that site is their center of operations. A worthy site that provides information on a single set of needs just doesn’t cut it any longer—a “private Facebook” will die before it gets anywhere. Organizations have to accept that their role is to take the business to the prospect—not try to drag the prospect to the business. Therefore,
in ensuring that content of certain types does not go out either accidently or maliciously. Intellectual property can therefore be protected, but more importantly, an organization’s brand and profile can be maintained through ensuring that racist, sexist and other offensive material, as well as intellectual property, can be blocked before it hits public sites.
21 SOCIAL MEDIA
very old fashioned”. Employee responds; “Yeah—Acme. Very old fashioned, bad place to do anything. Most people not happy”. Well, that’s worked well for dear old Acme, hasn’t it? The employee has low morale and feels that they are missing out because they know that friends from your biggest competitor, Globalcorp, are on Facebook all day. Your customer base suddenly sees that the company they are dealing with is behind the curve with what is seen as almost a necessity these days. They also see that Globalcorp is more progressive—and probably find that they have their own Facebook, Twitter and YouTube accounts. They follow Globalcorp and find that they are offering special deals through these channels and are willing to engage in direct interactions. If you were in the individual’s shoes, which company would you want to do business with? Interacting with those that are your main focus has to be the aim, but doing it in the right way and in a manner that makes economic sense to the organization. Quocirca researched a while ago into the use of social networking within the public sector and had a remarkable discussion with one local government group. They believed that the best way for them to engage with the citizens they were responsible for was through social networking, but that “obviously, they couldn’t use public systems”. Therefore, they wanted to replicate Facebook. The thought process was that because Facebook was so successful, the local government’s version of it would also be successful. Unfortunately, they soon realized that the real world doesn’t work like that. For those who are spending a large part of their day on
ANALYST FEATURE
“Vodafone suspends employee after obscene Tweet”. “The day United Airlines Twitter was hijacked”. “Facebook ‘costs businesses dear’”, losing 233 million hours of productivity per month in the UK alone, according to research carried out by UK employment law firm, Peninsula. These are just a few of the headlines from recent media platforms that make many organizations think that social networking is something to be avoided at the corporate level, and to be banned at the individual employee level. While control is definitely required, social networking offers definite opportunities to a business. Locking down an employee is increasingly difficult to do within the corporate space and impossible once they go home. So just how should an organization look at social media? Let’s start with a few figures. Facebook has over 500 million active accounts, with over 700 billion active minutes (over 1.3 million man years) spent on the site per month. Twitter has passed the 200 million user mark. Foursquare has passed the two million user mark. Thirtyfive hours of video are uploaded to YouTube every minute. Now look at the figures for your own web site—how many unique visitors have you had in the last year, never mind the last month? The reach of social networking is phenomenal. Even with the accepted overreporting of unique users of social networking sites (many people have more than one account), and the totally banal content of much of what is put up on the social web, the importance of being seen in the social sphere cannot be ignored. Yet many organizations are, to mix a couple of metaphors, burying their heads in the sand and trying to act as King Cnut to fight the tide of their own customers’, prospects’ and employees’ preferences. Technical attempts are made to block access to social sites; dictats are passed down threatening all sorts of ills on anyone found using the sites during company time, while the marketing function hides behind email and standard media-based campaigns. It may be that this results in individuals not being able to use social sites—which has to be good surely? They are now fully focused on doing what we pay them for—company work. But employees go home—where they can log onto their own machines and catch up with their social streams;“Sorry I couldn’t get back to you. Company locks me down. #Fail”. Friend responds; “What company is that? Sounds
Ask the expert
24 Business process mAnAgement
Priceless
ETM’S ALI KLAVER talks to the CEO of HANDYSOFT, HARRY CLARKE, about BPM and why this hot technology is making enterprises successful—even in today’s tough market. http://www.GlobalETM.com
that’s actually training and mentoring and implementation on the customer, with their project. The last phase of that talent development journey is what we call advanced development. That’s around what we call rpm or rapid process management, and it’s also around enabling what we call enterprise self-service. so talent development is the second pillar. The third pillar is technology innovation that is all about BizFlow plus, enterprise selfservice, and how we work with companies to help create user interfaces that the users love to engage with. Ak: i’m Assuming thAt you’ve Been With hAnDysoFt AnD Driving thAt customer sAtisFAction Focus From the Beginning, WoulD i Be right?
hc:
i work for Jae Ahn, he’s our chairman and one of the two founders of the business. i’ve been with handysoft for three years now and came in during the technology phase of our journey and have been here through
“... achieving your business automation objectives, on time, under budget, and producing a compelling rOi with delighted users— .”
priceless
how we help customers succeed than we were even three years ago. in this cycle we came to the belief that process automation for our customers is built on three pillars. The first is methodology and approach—how we help customers adopt a successful approach that is unique and fits nicely with their business. The second pillar is all about talent development. if you took apart a process automation journey you would find six different types of roles or users that are involved in it, from design, through development, implementation and use. so we developed an architecture around how we help our customers develop the talent they need to succeed and that starts with something that we call handysoft university. Then it moves into something that’s really creative, what we call “trainmentation”, and
the inception of what i call our customer success phase. Ak: FAntAstic, AnD congRAtulAtions For celeBRAting your 20th AnniversAry next yeAr.
hc:
Thank you so much.
Ak: it’s Quite A FeAt, especiAlly in the it inDustry. For my next Question i WAnteD to tAlk ABout Bpm BecAuse it’s emergeD As one oF the hoTTest technology sectors. Why Do you think this is?
hc:
i would suggest that it’s because Bpm enables business systems to be developed and to evolve at the speed of business. in other
25 Business process mAnAgement
hc:
There are a couple of great things to start off with. Firstly, 2011 is a big event at handysoft—our 20th anniversary. As is the case with most of these significant events it’s a great time to look back and reflect on the journey you’ve had. We’ve been remarkably consistent on our mission—our vision—for the entire 20-year period. today, as it was 20 years ago, our mission and vision is still to deliver process innovation that results in very compelling customer successes. honestly though, that vision isn’t unique to us. There are companies in our space that have very similar visions, but what separates handysoft from the others is the lifecycle or journey that we’ve come through. i think about handysoft’s evolution in three phases. The first phase for us started in 1991 and i think of it as our process automation expertise phase. During that seven year period, spanning 1991-98, we didn’t have a technology solution. We were consultants working around the globe, doing business process automation and process re-engineering kind of engagements. Throughout that period, and as our engagements got bigger and more challenging, we identified the need for a technology solution that would allow us to engage with a best practices kind of methodology and approach and deliver very consistent results—but to do it much more quickly than if we approached each engagement as totally separate. so three and a half years into that seven year journey we started developing that solution. The launch of the solution in 1998 is the second phase of our handysoft journey, what i call the BizFlow evolution. in 1998 we delivered BizFlow version one, we had offices around the globe, and the solution was adopted quickly. it took off in governments, manufacturing organizations (particularly technology manufacturing), and most other industries as well. on a side note, BizFlow is on version 11.5 so it’s a very mature product, but the Bpm solution that we have today, although it has evolved far beyond where we started, still has the same foundation principles that we started with—to be the fastest, most innovative, most flexible business process automation solution in the market. today we have thousands of processes completed across hundreds of customers with millions of users. so it’s a great story.
in 2008 we entered the third part of our journey. This was an epiphany moment for us when we were in a senior management planning session and looking at how we engineer our business to be even closer to our customers. one of the things we did in the session is, out of all the metrics that we use to measure our business, we locked down on one that would be the single most important measurement that we would focus on and talk about every time we got together as a management team. Through that process we identified and unanimously selected customer success as our most important measurement. But what’s unique about it is how we measure customer success. We decided we would measure it in the trenches, project by project, and we do hundreds of these a year. The metrics by which we would measure that was if the project was accomplished on time, under budget, were the end users engaged in using the solution and was the solution achieving its roi. With that as our mantra did a lot of validation, so now we’re in our third year of what i call our customer success phase. We’ve learned a lot and we are so much smarter about
Ask the expert
Ak: hArry, tell us ABout hAnDysoFt?
executIve pAnel
30 FInAnce And AccountIng outsourcIng
Outsourcing around the
world
MA: FIrstly, I’d lIke to Ask eAch oF you to spend A MInute IntroducIng yourselF. dIgvIjAy And cArol, pleAse tell us A lITTle bIt About your bAckground.
dk:
I’m the vice president for itops delivery at igate and I lead the finance and accounts function and service delivery for the other shared service offerings we have. I also run the voice-based contact center and insurance operations for igate globally. I have many years of experience, primarily in the offshoring space, and have had the opportunity of migrating and setting up operations for multiple clients all across the us, europe, canada and Australia. The primary focus has been on the F&A side.
cu:
I’m the group bpo development director at steria. I came to this role having worked for many years in It outsourcing and major projects and transactions to customers. we went into F&A about eight years ago and at that point I moved into F&A as well and have been working there ever since. our work nowadays spans F&A and what we call vertical bpo which are the industryspecific business process services that we deliver for a number of our clients in a number of sectors.
DIGVIJAY KUMAR (IGATE CORPORATION) and CAROL UNWIN (STERIA) join MIKE
ATWOOD (HORSES FOR SOURCES) on a panel podcast to discuss finance and accounting outsourcing and in particular how to optimize transformation.
http://www.GlobalETM.com
MA: I’d lIke to stArt todAy by AskIng eAch oF you to tAlk About your F&A bpo oFFerIng In terMs oF the FunctIons thAt Are Included. we sAy FInAnce And AccountIng And It cAn MeAn A lot oF thIngs; pAyAble, receIvAble, credIt collectIon, general ledger postIng, procureMent And so on. then IF you could tAlk About how bIg your busIness Is In terMs oF the clIents you ActuAlly servIce, how MAny people you hAve doIng thIs work, how MAny servIce centers you hAve And where those servIce centers Are locAted, thAt would be greAt. It’s quIte A lArge questIon to Answer. cArol—lAdIes FIrst.
cu:
That’s lovely. As I said in my introduction, steria moved into F&A outsourcing around eight years ago and our foundation client was british telecom. we were very fortunate when we took them on in that they came with a very large range of services.
cu:
we certainly have quite a lot. I was trying to add it up before we started talking
MA: dIgvIjAy, cAn you tAlk About whAt Is Included In your oFFerIng And Any oF the stAtIstIcs About the nuMber oF clIents, people And so on?
dk:
we have actually segmented our F&A offering into procure to pay, order to cash, record to report, and other services such as vendor master management, asset accounting and business analytics. The first three are actually end-to-end service offerings, particularly procure to pay, order to cash, and record to report. within each of these large areas we do a lot of work. For example, in procure to pay we would manage everything from procurement, accounts payable, vendor reconciliation, supply performance, management analysis, and even expense accounting. on the order to cash side we would further subdivide it into invoicing, collections, cash applications, managing aged debtors and managing customer reconciliations. In that group we’ve got multiple clients that may start either with an end-to-end service offering, or they may choose to start off the relationship by contracting in one particular area, and as they experience the service delivery the relationship can grow in terms of Fte strength. to put it in perspective, we currently have nine active clients but they vary from each location. we currently have clients in the us, canada, the uk and Australia, and they range from a $35 billion financial conglomerate to the government of Australia. so the spread and the range are wide when it comes to clients using our service offerings. to answer your question on how many people and service centers we have, our bpo offering is pretty robust. we have around 2000 people spread across bangalore and noida in India, and between Mexico and Australia. out of these 2000 there are about 800 people that are dedicated to the finance and accounting function. MA: oKAy, so both oF you Are delIverIng servIces out oF IndIA And other plAces Around the world. let Me throw A questIon In here becAuse It’s soMethIng thAt AlwAys coMes up when I deAl
wIth clIents. It’s to do wIth the FAct thAt englIsh Isn’t AlwAys A coMMon lAnguAge, And Indeed cAn even vAry by country. how Are you hAndlIng the Issue oF Accents And geTTIng people In dIFFerent pArts oF the world to understAnd one Another?
dk:
In finance and accounting processes, other than for certain processes like collections in particular, most of the transactions require people to be conversant with the written english language without actually getting on the phone and speaking. so for the majority, and because most education systems are in english or offer english, it doesn’t matter whether we’re talking to Australia, Mexico or India. This isn’t a challenge. when it comes to voice-based interactions we choose people who speak in a neutral accent that is clear. we check this during the interview stage and these are the kind of resources that would be sourced to be embedded in any programme.
cu:
I agree with digvijay, and I think our approach is probably very similar. we would separate out those functions that are voice dependent and those that are what you might call back office transactions dependent. obviously the mass of transactions are back office dependent but the big thing is: why do you need voice? you generally need voice if somebody phones up because they haven’t been paid or they want to find out the status of their expenses and so on. so if it is a supplier or employee requirement then there are things you can do to neutralize the issues of voice anyway, and you can start to put in portals and proactively give information to the people buying into the service. That way you reduce the dependence on voice and language because you can provide portal information in any language that people might want to receive it. so that is one of the things to look at. The other thing is ensuring that, where you do need voice, it’s the best quality voice you can get. digvijay already said that we invest a lot of time and effort in language lab and making sure that the people who are speaking speak the language that everybody will understand. Accent neutralization is also very important. Funnily enough, the regional accents in the uk can be more complex and more difficult to
31 FInAnce And AccountIng outsourcIng
MA: so when you wrap All thIs up And you get All these clIents, how MAny people do you hAve thAt Are supportIng thIs eFFort?
today and I think if I said there was 4000 people in our bpo practice I wouldn’t be far wrong. The largest volume of these people are in India. I couldn’t break out the F&A numbers separate from the bpo, but it is about 4000.
executIve pAnel
In terms of our bpo offering, that really helped us shape our offering, and with that came requirements such as payable, general ledger, banking, fi xed assets and a little bit of procurement, plus something that is unique to the uk telco sector which is reporting to the regulator. As we’ve taken on new clients over the years we’ve increased the scope of our offerings so we have a significant receivables and collections business now. For instance, for the nhs (national health services) in the uk we collect around £11 billion a year of debt for them so we have a broad range of services. A number of our clients also come with payroll requirements, so we deliver payroll services as part of our F&A offering. some clients also have procurement requirements and that can range from sourcing, which we do in a few categories, through to the procurement administration which we do a lot more of. so it is a big range of activities, and as we grew we evolved the number of centers that we deliver in over the years. Initially we took on the staff from bt and acquired centers in places like Manchester, birmingham and london in the uk. over time we migrated work to India and we have some major centers there, particularly for F&A in pune and chennai, and then we provide a lot of voice sources to supply employee helplines in noida as well, so we are using India significantly. over time we have had more and more clients come on board and in the last few years we’ve increased our bpo footprint in europe. we operate customer centers in spain and are able to deliver bpo services in poland. These are not so much based around F&A but upon other bpo requirements that our clients have across the world. we run one of the largest joint ventures in the F&A world with the nhs in the uk, and that means that we have between 130-140 F&A clients providing full service right through from payables and receivables to payroll and procurement services. some of those clients are nhs clients, but we also have a number of bespoke clients outside that.
HEAD TO HEAD
38 PERFORMANCE AND CAPACITY MANAGEMENT
Lean, mean and
perfect performance Keeping up with the fast pace of today’s market isn’t as hard as you might think. TONY BEESTON (ORSYP) talks to ETM’S ALI KLAVER about performance and capacity management and how success is possible with a little help. http://www.GlobalETM.com
AK: LET’S TALK ABOUT THE CHANGES YOU’RE SEEING IN THE PERFORMANCE AND CAPACITY MANAGEMENT MARKET. ARE THEY QUITE EXCESSIVE OR ONLY SLIGHTLY ALTERING WHAT IS ALREADY ESTABLISHED?
TB:
It’s an interesting market at the moment. Capacity management means different things to different people. For example, ITIL version 3 has a series of best practices for capacity management, so people who have invested or are investing in ITIL are starting to implement these processes around the technology level, the service level and the business level. The first of these, the technology level, is what we have been doing all the time. The service level is starting to have more impact, people are starting to do more of it, there is more traction around it, and some people have even moved to the business level although they are few because there is very little software to help you move into that level. This last point is the one that actually allows IT to operate as a business and provide better value to organizations.
AK: YOU’VE BROUGHT UP LEAN MANAGEMENT—HOW DOES THAT DIFFER FROM TRADITIONAL CAPACITY MANAGEMENT?
TB:
Lean management, in simple terms, is the elimination of waste. It is a continuous process instead of a planning exercise. Retailing, manufacturing and others have already gone through these changes and they found significant cost savings and benefits to the business, and it now seems that it’s time for IT operations management to move into the same area. For example, the head room on our infrastructure is effectively wasted if it is never required, but we see potential waste at different times during the day and configurations need to be more dynamic based on the load being demanded. This move to virtualization has made the elimination of this type of waste possible. There is also waste in the infrastructure that’s been provided but is no longer required or used properly—virtual service sprawl is an example of this. The more traditional planning involves understanding the load placed on our infrastructure by our business applications and making certain that falls with service delivery requirements, while also providing tools to predict the future requirements to maintain those levels both upwards and downwards. AK: I’VE HEARD ABOUT END USER EXPERIENCE MONITORING. DO YOU SEE THIS AS IMPORTANT?
TB:
It’s actually becoming essential. In fact, it becomes very difficult to implement ITIL capacity management or indeed lean management without it. As far as service levels are concerned, it doesn’t matter if the hardware is used 30% or 90%—it’s what the user actually experiences. However, it is very important that once you
have this information that it’s not isolated or sitting in a silo all by itself. If a problem is detected you need the performance information from the hardware layer to isolate the problem and resolve it—the performance management side of the equation. This level of information then allows you better insight into how your applications use the hardware, and also allows you to lower these head rooms for lean management and the costs associated with it with the assurance of no impact to the service level that you’re delivering. There are many ways to capture the user experience and all give you a good indication of response, but in my opinion the best method is scenario replay. Here the actual work carried out by a user is undertaken automatically at the location the user is in, and therefore you get the real responses that the user experiences. Other mechanisms such as probes give you a good indicator to the response but it’s much more technical to implement and still misses some aspects of the user experience itself. It is more a technical monitoring solution for the applications. Having said that, many people are using it today and are very happy with the results. A good example for us is a customer who is a juice maker. They use our solutions and monitor their actual user experience in 20 different locations within their organization. It is one of the primary dashboards in their data center and if their users begin to experience degradation or a problem then IT is informed immediately. This identifies the service that is causing the issue and the infrastructure that is supporting it, and they can see in detail what is happening, how it is different from normality and shorten the time to repair on the problem. Obviously they’ve already automatically informed the users that they’re working on their problem and the user may not yet have realized that they actually have a problem, so this is improving the service that we deliver back to those who matter—our users. AK: YOU MENTIONED PERFORMANCE MANAGEMENT—DOES THAT NOT ALWAYS COME WITH A CAPACITY MANAGEMENT SOLUTION?
TB:
To a degree, it does. It is impossible to undertake capacity management without collecting performance metrics for what is actually going on.
39 PERFORMANCE AND CAPACITY MANAGEMENT
TB:
Nearly 30 years in IT has given me a good personal view of all the changes within IT. I started off in the mainframe world developing software for business, and then moved all the way through open systems and into our modern technology today. It’s been an interesting journey and I’ve actually done most jobs within IT. Today, I’m in product marketing and its purpose is to determine the future requirements to address our customers’ needs. We talk to the industry, our customers and our competitors to identify what people need, then we drive that through our business and release it out into the market. ORSYP is an independent software company and we specialize in solutions for the IT operations market. We’ve been around for 25 years and have a presence in all the major regions around the world with two major flagship products; one in workload automation called Dollar Universe, and one called Sysload which specializes in both performance management and capacity management.
Outside of this we see a move to a lean management process approach to capacity. This is making the best use of the infrastructure that already exists and providing a service that consistently delivers value to the business at the right cost. The majority of companies are still using the more traditional routes in capacity management with trend analysis, the “what if ” scenarios and utilization reporting.
HEAD TO HEAD
AK: TONY, YOU’RE A PRODUCT MARKETING MANAGER AT ORSYP. HOW DID YOU GET THERE AND WHAT DO YOU DO TODAY?
HEAD TO HEAD
42 CONTROLLING ENDPOINTS
Capturing control
http://www.GlobalETM.com
Controlling your endpoints and keeping them secure is becoming a harder task with each new innovation in technology. MARC BRUNGARDT (PROMISEC) says that a unique solution will enable companies to operate the way they need to. He speaks to ETM’S ALI KLAVER.
Promisec helps companies regain control of their endpoints—specifically their laptops, desktops and servers. We address several inherent challenges of managing endpoints effectively, like visibility, for example. When it comes to endpoints many companies don’t have a good handle on what they have and what’s going on. They don’t know if they have unmanaged or rogue devices on the network. The companies own and depend on a host of agent-based solutions for mission-critical tasks including things like antivirus encryption and patch management solutions. When those agents fail, so do the mission-critical tasks associated with those tools. End users are a common egress point as well. As we know they can and will do things that complicate endpoint control. And last but not least, while the Windows environment is very powerful, it is subject to change by intent or accident which can cause significant disruption in unexpected and unnecessary ways. The way the industry has addressed this fragile nature of the Windows environment is by laying product upon product on top of that OS to protect both the environment and the data that resides on those endpoints. The fact is that these agent-based layers for AV, patch and DLP are just as susceptible to changes as the OS, therefore it requires a nonagent based approach that is not dependent on WMI or GPO to work. At the end of the day, these things add up to a loss of control at the endpoints and that’s
Companies are using all types of strategies for managing endpoints. The one thing they all have in common is that they rely on those same agents for their functionality. Because they’re agent based they’re subject
where the value proposition of Promisec comes to bear. I’d like to share a quick real-world example of the types of things we see. Recently I was working with a large regional insurance company in the north east. They had approximately 10,000 endpoints and upon first inspection we realized that almost one third of the endpoints were severely out of compliance for their internal patch policy. These problems were multi-fold. A couple of things were going on. They had endpoints
to the intrinsic limitations of all agent based solutions. Promisec does have overlap with functionality of some of those solutions but we don’t really consider them a competitive product at all. In fact, we actually complement those solutions by making them work better, thereby avoiding a very costly rip and replace scenario. As another example, we recently worked with a large metropolitan city agency with a little more than 20,000 endpoints. An initial inspection showed that more than 40% of
AK: WHY ARE THE THINGS YOU JUST TALKED ABOUT A PROBLEM? I WOULD HAVE THOUGHT THAT EXISTING ENDPOINT MANAGEMENT TOOLS WOULD HAVE BEEN SUFFICIENT. IS THIS THE CASE?
MB:
their endpoints were out of compliance for their antivirus solution. The problem was that this agency was relying on the AV console and, based on some mistakes made during a product refresh, those machines were not being managed correctly by the console. Promisec does not compete or provide the same functionality at all as the AV vendor suite provides, but we did compliment it in a big way by being able to restart stop services, we validated that required services and processes were running, that all machines were being managed and running the latest DAT file, and all of these are functionalities that the AV vendor cannot provide. The net result was a 40% improvement in their AV security posture. IMPACT ON END (POINT) GAME AK: SO HOW EXTENSIVE DO YOU THINK THE ENDPOINT CONTROL PROBLEM IS?
MB:
Typically we find that 20-30% or more of an organization’s endpoints will fail a compliance check, not necessarily for a standard, but for those company’s specific policies—what they need or believe is occurring on their endpoints. We publish an annual audit report that is available on our website at promisec.com. It explains in greater detail about the usual suspects internally, as we refer to them. So now would be a good time to make a suggestion based on the ease and speed of our solutions. Companies might also want to consider a proof of concept of their own network. There is
no cost or obligation and in less than one hour we can inspect several thousand machines and provide an executive report on our findings. At the least, everyone always finds this to be a very insightful opportunity. AK: WHAT IS THE IMPACT TO IT ORGANIZATIONS THAT DON’T LOOK AT RESOLVING THIS ISSUE?
MB:
This is a great question and one that I like to turn around to our customer by
43 CONTROLLING ENDPOINTS
MB:
that didn’t have the agent for the patch management application installed at all and, perhaps more commonly, they had a bunch of agents that were installed but required processes that weren’t running for that solution. In this organization they had a segregation of duties between the endpoint security team and the patch management team. The patch group felt their job was done as long as they were pushing the patch three times. The problem was that there was no validation, the patches were successfully making it to the endpoints, and they had no plan for contingency of failure. One can imagine the concern from the security team when they realized that 3000 of their machines unknowingly contained critical vulnerabilities. This is a classic example of loss of control at the endpoints. Lack of visibility kept the problem unseen, required processes associated with their patch management application were failing rendering those solutions ineffective, and the net result was a significant vulnerability in those organizations.
HEAD TO HEAD
AK: WHAT CUSTOMER PROBLEM ARE YOU SOLVING AT THE MOMENT?
CEO FEATURE
COMMUNICATION
46 CUSTOMER RELATIONSHIP MANAGEMENT
OVERLOAD MARLON BOWSER, CEO at HTK, looks at how companies can get the most out of the increasing number of customer communication channels.
Few would argue that there has been a communications revolution over the last decade. The explosive growth in web use, email and the range of mobile communications have given businesses the potential to dramatically improve the way their interaction with customers and increase satisfaction and brand loyalty. In a recent Forester Customer Experience Survey, customer experience was rated as more important than low prices across all 12 sector categories from banking and insurance to PC manufacturers and service providers. But it is not just about customer service; businesses should be making use of these channels to promote new products and services to increase revenue. The problem is that all too many companies are not only failing to grasp the opportunities that these communication channels bring; but they risk irritating and alienating customers by getting it wrong or simply not being equipped to handle so many contact methods. The result is disjointed, unpredictable and unreliable communication on all fronts. Maybe this is not surprising with so many ways for customers and businesses to connect— email, web forms, social media forums, instant messaging, twitter, SMS and of course the old faithful phone, fax and post.
Each of these has the potential to shape and change the all-round customer experience in an instant. For example, it’s great to send a customer a tailored offer via email that has been cleverly based on their recent buying habits, but if they end up on hold for ages or there is no record on the system when the customer calls, all the hard work is for nothing. In fact, it is likely that the customer will be less loyal that they would have been had they never received the special offer. So what needs to be done to avoid mistakes and take full advantage of this new world of choice and instant communication?
The missing CRM link
One problem is that the increase in the number of new customer contact points has meant that many organizations are struggling to provide a seamless and personalized service because their CRM solutions are simply unable to cope. At the same time, tech-savvy customers have become increasingly demanding, expecting far more from their interaction with a brand. The younger generation in particular know how to use communications technology and expect a more immediate and far richer, personalized experience from the companies they deal with—and rightly so.
What is lacking is true integration between the communications channels and CRM systems. While most companies have the ability to send and receive messages in a variety of ways, they work independently of each other. Knowledge captured by a CRM solution needs to be harnessed and used dynamically to deliver highly tailored, targeted multi-channel marketing and customer service, every step of the way. In fact, it is possible to use the information held within an existing CRM system to personalize each and every customer interaction. And by acknowledging customers as individuals and treating them accordingly, negative experiences can be avoided. Instead, positive emotions such as feeling valued and cared for can add to a positive experience and enhance loyalty. The problem is that most CRM solutions are designed to capture and analyze information and ensure maximum efficiency in dealing with and managing customers. They are not designed to support direct interaction with customers. So while CRM systems can help to get things operationally right, they do not look at the wider issue of improving the whole customer contact experience.
Look who’s calling?
With the sheer volume of incoming communications, many businesses find it hard to differentiate between important calls and messages that need to be actioned immediately, and those that have a lower priority. For large customer-facing organizations in particular, it is important to automatically recognize incoming customers along with the value and nature of the contact; be it an ongoing complaint, service renewal or late bill payment, for example. In the case of an inbound phone call, it should route them automatically to the right person, avoiding leaving them frustrated because they are waiting in the queue or navigating IVR menus. This streamlines the process and prevents wasting the valuable time of both the customer and the service operators. For utilities and telecoms providers, it is also possible to use the same technology to play automated messages to update customers calling from a particular location that has been affected by a service outage, for example. The system can also intelligently “guess” the most likely reason for a call if customers have just been sent their bills or specific personalized marketing promotions. Email and SMS messages can also be routed automatically based on knowledge built up about the customer. This makes customers feel valued and important. There is nothing more frustrating than getting the impression the company you have given your business to knows nothing about you.
Bringing it all together
With so many communication options, it is also essential to control the sequencing or interaction between different channels. An SMS
that was sent after an email may actually be read first; or a phone call could be made before an earlier email has got to the right person or department. This not only leads to confusion and wasted time but may well end in the loss of the customer altogether if there is no knowledge of order between disparate communication systems. By bringing it all together into one multi-channel platform this can be easily achieved. In the past, poorly executed automated communication technology has earned itself a bad name. Spam emails to outbound voice marketing and complicated “press 1, 2, 3” menus that seem to bear no relation to what the call is about are obvious examples. However, these technical capabilities that were originally introduced to cut costs can actually help deal with the communication overload and improve the entire customer experience. Instead of a random, obtuse email, how about a timely email with options when the customer’s contract is about to end? Or an outbound message to let them know that their train is running late and an IVR menu that immediately offers to route them where they want to go? Suddenly, it’s a whole different picture. Even better—when the outbound method of communication is the one the customer chose in the first place. It is only by integrating all customer communication into one cohesive platform integrated with CRM systems that businesses can truly harness the enormous potential of advances and variations in the communication channel. Once that is achieved, it is possible to personalize interaction to keep customers satisfied, deliver a whole a new level of customer engagement and gain a competitive edge.
Marlon Bowser | CEO HTK
Marlon founded HTK in 1996, with responsibility for technical direction and core applications development. In 2003 Marlon adopted the role of CEO to lead the company into position as a leading managed service provider. Before HTK, Marlon worked for five years as a consultant engineer to BT Laboratories Advanced Research and Technology division, designing and developing some of the first systems to exploit speech technology in a digital telephony environment. Marlon graduated in 1991 from the University of Manchester Institute for Science and Technology (UMIST) with a first class honours degree in Computation.
47 CUSTOMER RELATIONSHIP MANAGEMENT
potential of CRM, enabling a more personalized approach to customer service and marketing automation.
CEO FEATURE
One of the most important and seemingly simple things to get right is to understand how customers want to be contacted. But all too often companies just play lip service to this. They ask the question and then file the answers neatly away in a CRM system before emailing everyone, just because it’s quicker and easier that way. Rather than expecting customers to fit around the way an organization does business and communicates, these processes should be, where possible, automatically adapted to meet individual customer’s needs. Knowing how, when and why customers want to interact and acting upon this information is extremely valuable. Having to tell a customer “the computer says no” is simply not an option when they have asked what seems to them a simple request such as a: “Could you text me to remind me about my delivery?” or a: “Please don’t call me” email. To get the most out of CRM data, there has to be a further link. It has to be opened up to all of the people and systems across the organization that have any customer contact. But this can take a serious amount of time as well as money, and also presents significant operational challenges in terms of performance, governance and day-to-day control. What’s needed is a secure and controlled environment that can make CRM data readily available to customer service, marketing and other business departments on demand—in essence, agile CRM. By making CRM flexible and integrated with communication channels, new and improved business processes for improving customer interaction can be rapidly tested and operationally deployed without the risk of disruption to existing systems. A new generation of multichannel marketing and customer service automation solutions, such as HTK’s Horizon™ platform, help to unlock the customer interaction
ASK THE EXPERT
48 DATA STORAGE AND TAPE TECHNOLOGYOGY
Problem
solved
Data storage shouldn’t be a hard task, particularly with the technology available today. RYAN DUFFY (QUANTUM CORPORATION) tells ETM’S ALI KLAVER that easy adoption and integration is possible. AK: TELL US ABOUT QUANTUM AND HOW YOU CAME TO WORK FOR THEM.
RD:
Quantum has been in the tape and storage business, and data protection in general, for over 30 years. We’ve had a number of different products and acquisitions throughout that time and have been a leader in tape automation with SDLT and LTO, being part of the LTO consortium, and now with their market leading scale of products. My story is quite interesting. I’ve been in the storage business for over 10 years and a good part of that has been with tape specifically. When I was with Sun and StorageTek I always admired the Quantum solution, particularly what they did with their management solution—iLayer management. It was a tough thing to compete against because it provid ed a lot of value to customers. So when I saw the position come open to manage these products I jumped at the chance. AK: I GUESS IT’S NO SECRET THAT ENTERPRISES HAVE TO DO A LOT MORE WITH A LOT LESS. IN YOUR OPINION, HOW ARE BUSINESSES COPING WITH THIS SITUATION BECAUSE I KNOW A LOT OF THEM ARE LOOKING AT THINGS LIKE VIRTUALIZATION AND THE CLOUD IN ORDER TO EASE THE BURDEN. IS THIS TRUE PARTICULARLY WITH DATA STORAGE?
http://www.GlobalETM.com
RD:
Absolutely. LT0-5 can solve a number of issues, not just from helping customers do more with less or to manage costs, but also to manage the incredible data growth that many customers see, getting their backup on time, and making sure that their archives can fit inside a library and within the equipment they have. LTO-5 basically doubles the capacity of what you had with LTO-4. A lot of customers generally skip generations between LTO, so those looking at LTO-5 who were LTO-3 customers get a capacity increase of 4x. Now our customers can store up to three terabytes per cartridge on a single LTO-5
have to look at the comparison of what they’re spending today versus replacing it with something new. The first piece of that is very similar to what we just talked about with an upgrade of
customers have realized big savings by implementing a Scalar i6000 and using partitioning to “...
virtualize their
environment.”
So when you combine those two features, it helps customers do more in a smaller footprint with less power and in a shorter amount of time. In addition, because they’re using less equipment, their maintenance costs go down. Then they’re managing fewer devices since they can have fewer tape drives, so they save money there as well. LTO-5 also has the promise for a lot of savings down the road. With LTO-5’s new feature, you can now partition not just the physical library, but an individual cartridge as well. With the new linear tape file system, LTFS, there’s going to be applications that come down the road that offer a file system on a cartridge, so it will make tape look very similar to what your hard drive looks like on your PC where it will be possible to just drag and drop files. Traditionally, tape has been a little more challenging to manage for some IT managers, but with this new feature it will become very easy to move data to and from tapes. So there’s a lot of promise with LTO-5 in a lot of different areas for customers. AK: THE WAY COMPANIES EMBRACE THESE NEW TECHNOLOGIES IS AFFECTED BY THE BOTTOM LINE AND BEING ABLE TO PROVE ROI FOR THE BUSINESS. HOW WOULD THE IT DIRECTOR OF A MAJOR COMPANY PROVE THE ROI OF SOMETHING LIKE SCALAR?
RD:
If you’re an IT director you probably already have a tape solution in place because it’s been around for a long period of time. Generally, those customers and directors
drive technology. These customers will be using something perhaps a little older, and as part of an upgrade you can justify it by upgrading to newer drive technology and gaining the benefits of getting jobs done faster and reducing your footprint, but still managing the explosion of growth that they’re seeing without spending more in power and footprint. As well as management time, one of the things that Quantum has excelled at is our iLayer software. Customers come to us all the time and tell us that, compared to what they were using before, they’ve saved up to 75% of the management time they were spending before on older solutions. We completed a survey recently where 70% of our customers told us they saved up to 50% of the time they spent on managing tape prior to getting our library. That’s another way they can use to justify the expenditure of a new system. They can use that time to get other projects done. In addition, many of our customers find reliability increases from one system to the next. We like to say that our iLayer software is intelligent because we built so many intelligent algorithms over time, we have up to 30,000 libraries out in the field, and they’ve been in customer environments for many years. When we receive data back from those libraries we can constantly monitor what kind of errors have happened, what the best way of avoiding those errors is, and give customers proactive notice that something is about to happen and to fi x it before it happens. We’ve noticed a couple of different benefits from that iLayer software. The first is that the service calls go down by 50%. The second thing is that when a service call is necessary, the time
49 DATA STORAGE AND TAPE TECHNOLOGYOGY
AK: QUANTUM HAS RECENTLY RELEASED LTO-5 TECHNOLOGY WITH YOUR SCALAR i6000 TAPE LIBRARY, SO IN VIEW OF ALL THE CHALLENGES THAT ENTERPRISES ARE FACING TODAY, AND NOT NECESSARILY AT THE BOTTOM LINE EITHER, CAN AND DOES YOUR NEW IMPROVEMENT ADDRESS THE MOST PRESSING DATA CONCERNS OF THE BUSINESS?
cartridge. That’s four times what customers had with LTO-4. In addition to that, the performance increases for throughput and streaming data to the tape has also increased—it’s 75% faster than what customers had with LTO-3.
ASK THE EXPERT
RD:
Yes it is. People are certainly looking at virtualization and they’ve been doing virtualization for a number of years. It continues to hold a strong value proposition for customers. This is true particularly with tape. The way most manufacturers deal with this is they provide a partitioning feature that basically virtualizes the library so you can present multiple virtual libraries to multiple hosts or applications, and by doing so maximize the efficiency and the utilization of your assets. With Quantum we offer a partitioning solution that allows customers to create up to 16 virtual libraries per physical library. We have a number of customers that use this virtualization solution to maximize their efficiency. It saves them quite a bit of time when they’re dealing with the management of a single asset, versus up to 16 assets. And it saves them floor space, power and so on. So in terms of doing more with less, the virtualization or partitioning for tape is something that a lot of customers take advantage of. In addition to that, Quantum offers another solution with their encryption key management. We’re the only provider in the industry who offers an encryption key management solution that runs on virtual machines as well. So we’re taking the virtualization value proposition to another level with our products.
ANALYST FEATURE
Introduction
52 CLOUD COMPUTING
Road
The to The Responsible Cloud
With the benefits of cloud computing well understood, well-prepared enterprises show one element that stands out in common—a richly automated, well monitored, and effectively provisioned array of cloud and hybrid services. This is what EMA calls: “The Responsible Cloud.” ALBERT LEE (ENTERPRISE MANAGEMENT ASSOCIATES) says that consistency in designing cloud computing infrastructures and diligence in applying service management best practices are the keys to The Responsible Cloud.
Basking in the promise of bringing greater efficiency, supportability, accessibility and cost effectiveness in optimizing IT infrastructures, cloud computing is evolving toward a set of powerful consolidating architectures for delivering IT and business services. Although commonly built upon long established technologies—virtualization, grid computing and clustering etc.—the concepts behind cloud implementations are still fairly young. We are still only on the verge of cloud computing proliferation. EMA research results identified only 16% of organizations that have seriously or broadly considered cloud computing for their IT services (The Responsible Cloud, EMA, 2010), indicating an explosive potential for future growth as the value proposition becomes more widely accepted. Cloud computing implementations have the potential to drive significant improvements in operational efficiency and reductions in operational expenditures. To ensure reliability and efficiency in a cloud infrastructure, however, organizations must adopt service management practices and infrastructure designs consistent with what EMA has referred to as “The Responsible Cloud”. This is a new paradigm for a well-managed, secure, reliable and compliant cloud that delivers consistent and efficient business services. Organizations can achieve The Responsible Cloud with the introduction of key disciplines and by enabling management tools that aid in appropriately sizing the infrastructure, ensuring high-availability and minimizing operating expenses while ensuring that SLAs are met and user experience remains as good as, or better, than it was before the introduction of cloud services.
Cloud and The Responsible Cloud
Cloud computing and the preferred delivery model Cloud computing, as defined by the US National Standard Institute of Standards and Technology (NIST), is a delivery model for enabling on-demand access to a shared resource that can be reusable, rapidly reconfigurable and accessible with little manual intervention. Cloud computing is less a new revolutionary technology than it is a way of using technologies more creatively and dynamically in support of service delivery. Through cloud, organizations can achieve economies of scale and offer self-service to
Careful planning and step-by-step process improvements should be employed to achieve T he Responsible Cloud when developing onpremise and private cloud deployments. These types of deployments require a cloud implementation that is well managed to support the delivery of secure, compliant and high-quality business services. More haphazard approaches can result in a failure to meet
Constructing the right infrastructure foundation for Responsible Cloud Cloud characteristics
According to NIST’s definition, cloud computing often leverages the following common characteristics: massive scale, homogeneity, virtualization, resilient computing, low cost software, geographic distribution, service orientation and advanced security technologies. Based on these common characteristics, the guidelines can become useful and relevant in infrastructure deployments: • Rapid elasticity—The rapid and elastic provisioning capabilities of cloud service.
This requires capabilities to enable the quick scale out, rapid release and facile retirement of cloud services. To accomplish this, it is critical to account for implicit or explicit resource limitations, with clear visibility into the impact and interdependencies of complex scale out requirements. • Resource pool—Resources must be made available on-demand to provide a nondisruptive supply of computing resources. The resource pool should include storage, processing, memory, network bandwidth and virtual machines. • Self-service—On-demand self-service requires immediate resource or service provisioning without human intervention through well designed capabilities for automation. • Access (broad network access)— Standardized access mechanisms that are transportable across multiple heterogeneous platforms. • Utility service (measured service)— Abstraction and automation of resource usage to provide control and optimization of resources. Resource usage can be monitored, controlled and reported providing transparency
Hybrid Clouds
Community Cloud
Private Cloud
Software as a service [saas]
Platform as a service [paas]
Public Cloud
Infrastructure as a service [iaas]
On Demand Self-Service Broad Network Access
Rapid Elasticity
Resource Pooling
Measured Service
Massive Scale
Resilient Computing
Homogeneity
Geographic Distribution
Virtualization
Service Orientation
Low Cost Software
Advanced Security
Figure 1: The NIST cloud definition framework
(Source: Effectively and Securely Using the Cloud Computing Paradigm, NIST, October, 2009)
53 CLOUD COMPUTING
Responsible Cloud
business expectations and, in some cases, may have to be redone. In an EMA survey of businesses that have deployed a cloud infrastructure, 28% actually saw an increase in operational expenses and 30% reported decreased flexibility, principally due to inadequate management practices. Ensuring value in a cloud investment begins with deployment and continues through the entire lifecycle of the infrastructure.
ANALYST FEATURE
application and infrastructure resources that are available on demand. There are numerous organizations taking on this challenge of building more flexible, serviceoriented networks using existing products and methodologies. Cloud implementations can be offered internally (privately) where the cloud infrastructure is operated solely for an organization’s internal purposes over onpremise infrastructures or off-premise data centers. Or cloud implementations can be serviced publically over the internet through a variety of established and emerging service providers. A hybrid approach with a standardized but versatile set of options for the transport and portability of data and applications is also valid and will likely to be the most popular form of cloud computing. At the very least, this is an essential transition state for organizations with significant existing service deployments and, for many, will likely remain a desirable end state for leveraging cloud computing. According to EMA research, while public cloud has gained the most publicity, private cloud has seen by far the largest adoption with 75% of organizations planning to adopt a private cloud of which 84% include on-premise deployments. The same research also shows that the majority (52%) are choosing a hybrid (onpremise/off-premise) deployment model. This is mainly due to the concerns with public cloud in terms of security and compliance, performance and availability, and above all, politics. The process issues of assigning ownership and responsibility for consistently managing change, for instance, across an entire ecosystem of organizations some of which are most likely competitors, have yet to be well defined even as questions, let alone answers. EMA likes to call this ITIL 7.5. All of these concerns are much more easily assuaged when they are within the direct control of the organization itself, within a private cloud.
HEAD TO HEAD
56 PROJECT MANAGEMENT
Follow the flight path MARK KENNY (ENTERPLICITY) talks to ETM’S ALI KLAVER about the five lessons that project management can learn from aviation.
http://www.GlobalETM.com
AK: IN THIS DISCUSSION WE’RE TEAMING PROJECT MANAGEMENT WITH AVIATION WHICH IS QUITE AN INTERESTING APPROACH. WHY IS AVIATION A GOOD SOURCE?
MK:
If you think about it, a lot of project management is based on risk and the need to produce predictable outcomes. We create scope documents to reduce the risk of creating the wrong thing or not meeting stakeholder objectives and expectations—plus monitor project schedules to reduce the risk of being late. We need our projects to be predictable and manage risk so the organization can rely on them and create and implement strategies—and therefore make them happy. That has been the focus of aviation for a long time—properly managing risk to produce those safe and predictable outcomes. I think we’ve all heard how statistically safe airlines are. Granted, we complain about delays and things like that, but when the plane takes off it generally gets to its destination—there’s a predictable outcome there. Why is that? It’s not because there’s no risk—there is inherent risk in aviation—it’s
AK: I TEND TO GO HOME TO AUSTRALIA FROM LONDON AS OFTEN AS I CAN, AT LEAST ONCE A YEAR.
MK:
Have you noticed that at some airports you fly into it’s just a simple fly in and land procedure, and then at other airports it feels like you’re zigzagging all over the place before you get to the airport?
“... when we do training for EnterPlicity
focus
we try to get people to on the process... instead of just focusing on training on these
features.”
AK: WHAT CAUSED YOU TO BE INTERESTED IN AVIATION AT THE START, AND TO DRAW THESE LESSONS AND LINK THEM BACK TO PROJECT MANAGEMENT?
MK:
I personally have a pilot’s licence, and I’m not an airline pilot but I almost went into that as a profession. I love everything about flying. I’ve also been involved in project management, both as a project manager and by helping organizations implement EnterPlicity. Recently I was reading an article in an aviation magazine called: “15 Ways to Become a Better Pilot”. It struck me just how many times I’ve seen similar articles like that about project management. For some reason that really stayed with me and as I looked into it more I realized that there are a lot of carry over lessons there, and that’s what got me interested in the link between the two. AK: ONE OF THE LESSONS YOU’VE IDENTIFIED IS PREDICTABLE PROCESSES—TELL US A LITTLE BIT ABOUT THAT.
MK:
When you fly, you can’t do things on a whim, and airlines in particular obviously have specific procedures that you follow. When an airliner comes in to land there are certain things to do at certain times—when the flaps come down, when the landing gear comes down, and the specific route to fly for a specific airplane and airport. Do you fly much Ali?
AK: ABSOLUTELY.
MK:
There’s a reason for that. Some of the busier airports have a very specific procedure that all the airplanes are following that tells them exactly where to go, at what altitudes, and what route to take to get down to the runway. Those are some examples of procedures. If you remember the Hudson River ditching with Captain Sullenberger and First Officer Skiles—that was an emergency and they knew exactly what to do. Sullenberger took control of the aircraft and Skiles started looking at the appropriate checklist and processes. There’s a lesson there for project management. In project management we tend to make the same mistakes over and over again, so we needed to find better systems and processes even for something as simple as starting a new project, reporting or scoping, or how we assign resources to a project. They need to be predictable and repeatable. One of our clients is a manufacturer of gas burners to the appliance industry and they’ve been using EnterPlicity for years now. One of the problems they had before was that they couldn’t deliver products on time or create predictable schedules—and of course customers generally weren’t thrilled with that. Several years ago they decided to do two things. First, they developed a systematic process for how they engineer a part; how they create a project schedule and communicate that to clients. In other words, before they initiated a project and gave the customer a date, they
57 PROJECT MANAGEMENT
MK:
First, we develop a tool called EnterPlicity, which is a project information system that focuses on four aspects. It extends project management tools such as Gantt charts and similar things to everyone so they have the tools to work better. It shares all types of project information like documents, time and costs to reduce all the scattered information out there. It automates some of the key processes so people can focus on what matters and it analyzes data through reporting for better decision-making. That’s the primary thing we do, and we’re a little different in that a lot of larger organizations will do a big implementation of Sharepoint and maybe Microsoft Project Server, but we focus on what we call the mid-market and companies that don’t have the budget, time or the stomach for the complexity that something like that entails. EnterPlicity provides similar functionality in one system with less cost and less or no technical resources and they’re a lot easier to get into. We also help companies that have Sharepoint to use it better and tack on some project management capabilities to make it a good project information system for them.
because they’ve done such a good job of managing that risk and putting the right things in place to produce a predictable outcome. I think there’s a lot that we can learn from aviation because those are some of the similar types of things that we’re trying to learn from or that we’re trying to do in project management. It’s a fresh, new way of looking at it and I think there’s something we can learn that aviation has learned already.
HEAD TO HEAD
AK: TELL US ABOUT YOUR COMPANY— WHAT DO YOU DO AND HOW DO YOU HELP OTHER ORGANIZATIONS?
ASK THE EXPERT
http://www.GlobalETM.com
60 ENTERPRISE PORTFOLIO MANAGEMENT
The Capacity Quadrant JERRY MANAS (PLANVIEW) is a best-selling author and Planview’s senior writer and editor of PRISMS best practices. ETM’S ALI KLAVER talks to him about his most recent foray into demystifying resource management. AK: TELL US A BIT ABOUT PLANVIEW AND HOW YOU CAME TO WORK WITH THEM?
JM:
Planview is the market leader in enterprise portfolio management solutions, what we call EPM. For those who don’t know, EPM tools focus primarily on project portfolio management, project management and resource capacity planning. In our view it’s a little bit broader and we include things like service portfolio management, application portfolio management and product portfolio management which is becoming a hot item. We integrate all of that in a holistic fashion and call it end-to-end portfolio management. Together, it helps bridge the gaps that usually exist between strategy, operations and finance, and that’s where we find most of the gaps happen in organizations. Most companies tend to look at the various operational components in silos and not as part of an ecosystem.
We take quite a broad view and I think we’re somewhat of a thought leader in that aspect. As for how I came to Planview, a number of years ago I was actually a customer of sorts. I was a consultant and implemented Planview at a number of large accounts, and then about a year ago I was asked to edit and provide comments for a book called Taming Change, written by Planview CEO Pat Durbin and Terry Doerscher, our chief process architect. In the book, they talk about using portfolio management more broadly as an alignment tool to better adapt to the relentless change that we all know and love today. After I did the editing they told me they needed someone to write best practices for Planview, and ideally someone who’s a writer but also had a background as a practitioner. I seemed to fit the bill. I liked their forward-thinking approach in the book and it also echoed the company’s approach. For me it was a no-brainer—it was a great fit, and that’s how I came to Planview.
AK: LET’S DIVE IN AND DISCUSS THE CAPACITY QUADRANT FROM YOUR RECENT WHITE PAPER. WHAT DO YOU MEAN BY THIS, AND IS IT A NEW TERM?
JM:
It is indeed a new term. Over the years I’ve done a lot of research on common challenges for organizations and one issue that consistently appears at the top is resource capacity management—how do we take on all this work with limited resources and how do we best use those resources? When I decided to tackle the problem in a white paper for Planview I used many observations from my years in management, plus my years of articles on the subject, but this time I decided to look at the problem more holistically and create a framework around it. What emerged was that capacity planning requires four distinct disciplines. Visibility is first, and by that I mean broadening your view of capacity, demand and a number of other related areas.
what I call importance-based categories like mandatory, strategic, discretionary or base services. Then there are benefit-based categories where an initiative can be classified as being for growth, efficiency, reliability or some other benefit. The key is to look at work in a variety of ways and through multiple category lenses.
AK: LET’S START WITH A DISCUSSION ON VISIBILITY. YOU ALSO SAID THERE ARE A NUMBER OF WAYS TO BROADEN VISIBILITY FROM A SUPPLY AND DEMAND PERSPECTIVE. CAN YOU TELL US MORE ABOUT THAT?
AK: YOU ALSO MENTIONED PRIORITIZATION. HOW CAN COMPANIES BETTER PRIORITIZE THEIR DEMAND, AND ARE THERE ANY TRENDS YOU’RE SEEING HERE IN TERMS OF CRITERIA FOR SCORING OR CATEGORIZING THE DEMAND?
This is certainly an important area, and once you have the clear visibility of capacity and demand and those productivity killers, along with a good sense of priority through your categorizations and alignment, you can start to focus on making efficient use of the resources. There are a number of ways to do that. One of them is to address all the systemic barriers we talked about earlier—those productivity killers when we were talking about visibility—so right off the bat you can gain some efficiencies there. There are also lessons to learn, believe it or not, from the military. I wrote a book about the lessons we can learn from Napoleon who is widely considered a brilliant master of strategy and organization. One concept he created, later called economy of force, is still in use today in the US military and in other countries as well. The idea behind it, and I think it applies to business, is to focus the maximum effective amount of resources on your primary objectives. That seems like an obvious statement, but maximum effective means that there is a maximum effective amount, and if you go beyond that it actually makes it less effective because you’re starting to add communication channels and all those other issues that create complications and confusion. So the maximum effective amount of resources should focus on your primary objectives. On your secondary objectives, allow the minimum effective amount—just enough to keep it going but not so little that it’s all of a sudden going to become a major objective by default. It’s a very subtle art, but the idea is to focus your resources on your primary objectives, and the secondary objectives should have the minimum effective amount. Just enough to keep the lights on. This gives people more focus toward their key objectives.
JM:
The way I see it is that there are three lenses of visibility. There’s the demand lens—to look at all the planned work competing for resources’ time. A lot of organizations look at one section of work, or only projects, but when you look at all the work that’s competing for resources’ time, and by this I mean all the planned work, then you start to get a true picture of demand. Likewise, the capacity lens is about seeing true availability—we need to be able to look at our resource hours but then subtract the estimated time off from the allocated planned work that they have, and we need to subtract the estimated administration time and the unplanned work such as the support work they do. At Planview, we call these standard activities. The idea is to be able to estimate, on a percentage basis, how much time people are spending on things like administration, operations and things that are ongoing but not necessarily discrete planned work. This is so important because a lot of the time people are available a lot less than they think they are. You’ll think someone is available 80% and it turns out they’re only available 40% when you take into consideration all the other things they’re doing. So we need to look at the full spectrum of planned work for the demand, we need to look at the true availability for capacity, and then there’s what I call the system lens, or hidden demand. That refers to all those barriers to efficiency that decrease people’s availability. It’s not just the obvious planned projects and estimated operations and support, there
JM:
There are a number of aspects to this. First of all, with prioritization there’s alignment with the organization’s goals, the objectives, and the product or service road map. Looking at alignment with products and services is certainly an emerging trend and one we’re on top of at Planview. So we have the organizational objectives and how to align them with the road map, and then we can begin to look at the benefits and the risks. Organizations are familiar with assessing benefits and risks, but I think there’s a trend towards a broader view of scoring. With benefits, this not only includes financial but also strategic, market and internal process benefits. I think organizations are spending more effort looking at a broader, more business-like view of benefit scoring. It’s the same with risks where we need to look at technical risks or program complexity and even things like achievability—do we have the capacity to do this, the resources and the right people? With market or financial risks you’ll find that organizations tend to not look at them too closely, but I think there’s a trend towards looking more at those aspects. In general you’ll see a common theme here. There’s a conscious effort to look at things in a broader business and market context and I think those who don’t will fall behind. Finally, there’s the categorization of the work and that also helps with prioritizing. I’ve seen companies use a number of approaches,
AK: THE THIRD AREA WAS OPTIMIZATION WHICH IS ALL ABOUT MAKING MORE EFFICIENT USE OF LIMITED RESOURCES. WHAT METHODS AND TOOLS WOULD YOU SUGGEST FOR THIS?
JM:
61 ENTERPRISE PORTFOLIO MANAGEMENT
are hidden things that also decrease availability such as knowledge sharing capability, inefficient organizational structure, collaboration technology, cultural issues, teamwork, an overly complex approval process where checklists might be better, redundant process steps, any leadership issues, excessive multi-tasking and so on. Also, your intake filters that filter out the demand that is not worth doing. This is just a partial list but it’s what I mean by taking a holistic view of capacity and demand around true availability and the full spectrum of demand, then there are the hidden demands or the productivity killers that tend to decrease availability.
ASK THE EXPERT
Prioritization is another area, and that’s about understanding what’s important, and then optimization is the third one which is about focusing on efficiency and value. People tend to want to start with optimization, but first you need better visibility and you need an understanding of what’s important. A lot of organizations jump right in and don’t spend as much time as they should up front. Finally, there’s iteration, the idea that planning happens at multiple levels, is cyclical, and happens by multiple parties. Those are the four main areas and I decided to call it the Capacity Quadrant.
executIve panel
64 corporate performance management
top of the food chain Corporate performance management software is no longer just for the most sophisticated or progressive companies, it’s something that has been made available and attainable for just about any sized enterprise. SHAWN ROGERS (ENTERPRISE MANAGEMENT ASSOCIATES) moderates a panel podcast with the expert opinion of JON KONDO (HOST ANALYTICS), GEOFFREY NG (PROPHIX SOFTWARE) and TONY LEVY (IBM). http://www.GlobalETM.com
Like a lot of things, if you jump in ahead of taking the time to think about what you’re doing you are prone to making mistakes. The three areas that I often see mistakes in are as follows. One is that companies assume that a system will do it all. The system is only part of the solution and needs to include the people, the processes and the overall philosophy across a company that performance management is important. A robust solution helps to enable that but it has to be across the company. The second area would be assuming that you have to get your CPM solutions set from an ERP vendor because it’s going to be more integrated or included, so to speak. What we find is that when companies look across the business there is actually data coming from lots of different areas, so having it integrated from an ERP vendor isn’t necessary and oftentimes is cumbersome. The third area is waiting for the allencompassing CPM project to be done, a yearlong project. I think it’s more important that you do it in a phased approach with quick wins because what often happens is that people find it’s an interesting piece of discovery and that it would be great to add more functionality to it. If you can iterate multiple times and have the flexibility to do that, you get to a more valuable solutions set in a much faster fashion. So those are the three areas I’ve seen from my experience.
gn:
I agree with some of the things that Jon mentioned. In my observation and when working with various customers around the world, one of the biggest challenges is that they often try to do too much at one time. In my experience the really successful organizations whose projects have yielded significant business value are those that have taken a more incremental or phased approach usually beginning with an extremely focused initiative, whether it be planning, forecasting or reporting, and not trying to do everything at once. CPM is about the people and the strategies in place. Also to Jon’s point, I think the other thing is that CPM is not simply about the technology—
tl:
I want to build on Geoff ’s comments. He highlighted the lack of strong executive sponsorship as an obstacle; I would echo that and say that the executive support needs to encourage new tools and deploy new practices that will both automate and ultimately transform their critical processes. Geoff also mentioned the lack of a strong partnership between business and IT as another obstacle. I would highlight one other obstacle that we often see and that is lack of clear vision and road map for a performance management journey. We find that successful companies generally follow at least a three step road map. The first step is that they recognize the opportunity to automate what is largely manual spreadsheetbased approaches to planning reporting and analysis. The second step is to adopt best practices— for instance, looking at both the leading and lagging indicators; treating highly variable and material KPI’s differently from low variability and low materiality KPI’s; enabling rolling horizons for planning and forecasting; and designing business drivers into their processes, just to name a few. The third step is something that you echoed earlier in your introduction, Shawn—to extend enterprise life. Often these initiatives seem to be spearheaded by the finance department, but there is significant value that can be unlocked when it is extended beyond finance to integrate operational performance management processes with financial processes. sr: The interaction between IT and business management is clearly important, and obviously a culture or a foundation within the organization needs to be present to make these initiatives successful. What is the best way to get IT and business management interactive around things like what data they need to select, how to define and determine KPI’s, and in the end, how to execute around CPM? There is always a gap between IT and
business management, but what are the best ways that you see to bring them together around these types of initiatives?
gn:
It is vital that there is executive sponsorship for all CPM strategies to break across often silos within the organization. After all, CPM is really about collaborating and sharing information so that it can be analyzed and measured and so that decisions can be made. This needs to be ongoing and not just last for the duration of the CPM implementation project which is what sometimes occurs. In some organizations an individual is designated as a leader of the CPM strategy, or a group of individuals are designated leaders following the best practices group. They are responsible for defining a strategy for successful deployment and then nurturing it afterwards. This is usually an individual or a group of people with great communication skills, business acumen and who understand technology usage. Ultimately, this person or group of people has to break down silos between departments which I think is vital. As also mentioned earlier, I think that getting business stakeholders and IT together is quite important during the CPM planning stages so that both sides understand the opportunities and challenges once the overall strategy has been crafted—there needs to be a well defined set of responsibilities. People need to know who is doing what and this is important because IT needs to recognize and accept that business management has rapidly changing needs and can always fully predict ahead of time what their data requirements are. Equally well, business management needs to recognize and respect that delivering accurate and timely data cannot always be done instantly and that the data they require may not even be available. Due to these issues I think it’s important for mature organizations to have these groups together so there is proper communication during that process. That way you can ensure that you select the correct KPI’s and can back it up with the data available so IT can get that for you.
tl:
I would add to those observations that both business and IT need to understand each other. I’ve observed in some of our clients where the top performers almost merge a career crack. A person in IT goes back, gets a CPA, works in finance, and then comes back into IT.
65 Corporate performance management
jk:
therefore don’t let it become the centrepiece of the solution. It is about defining the strategy and having management buy into the overall process. So when defining a CPM strategy you want IT to be your partner along with the business stakeholders when decisions are made.
Executive panel
sr: I’d like to ask the panel about their thoughts on the three most common mistakes that companies make when they’re planning a CPM strategy. Jon, let’s start with you—from your experience, what do people need to avoid?
ASK THE EXPERT
74 INFORMATION IN THE CLOUD
Preservation and
privacy
SIMON TAYLOR (COMMVAULT) says that, in order to migrate, move and manage information in the cloud regardless of the business or IT driver, it’s essential to involve experts in the field to establish a methodology around how you’ll do it.
http://www.GlobalETM.com
AK: DOES THIS MEAN THAT CLOUD IS SOMETHING NEW, OR A NEW DEFINITION FOR SOMETHING WE’VE BEEN DOING FOR SOME TIME?
ST:
I think that cloud isn’t something providers were doing around capacity
INFORMATION IN A CLOUD?
ST:
I think there are a lot of different use cases in this area. People tend to move stuff into a cloud, whether it’s private or public, due to cost. They’re looking to do things more cheaply. A private cloud, a collection of all the available assets of an organization, or more importantly a particular vendor or set of providers involved, allows people to get better economies of scale over the investments they’ve made. If they’re contracting with one particular vendor then they can have the whole organization utilizing that service, so it becomes a better way of managing cost, for example. If you think about information clouds internally—the ability to have records managed in a single place with a single set of definitions in terms of retention, and how those are coordinated over time—it becomes a very viable proposition in that there’s almost a private information cloud in an organization.n.
“Involve some expert help so that you don’t have to try to anticipate and work though all the issues yourself.” that—all built in. So yes, it’s an evolution, and if we look to see what’s happened with, for instance, email— you find that people have adopted an external service model that is obviously more of a public cloud model around hosting email as people have outsourced that whole requirement. The outsourced service provider model has also matured into a public cloud model as well where people think about how simple this could be; “I’m going to go on the internet, find a HTTP type-interface, and write stuff to it, getting secure references to the information I write”. Ultimately, it becomes a lot simpler to do that. When we think about the public cloud, the birth of the internet, and the ability to connect to these different types of services over the internet almost seamlessly and simply— these are what has spawned the public cloud enthusiasm we’ve been seeing over the past few years. AK: THE CLOUD SEEMS LIKE IT WOULD HAVE A LOT OF SECURITY AND DATA PROTECTION CONCERNS. COULD YOU PROVIDE SOME BACKGROUND AS TO WHY PEOPLE WOULD STORE BUSINESS
Public clouds have a huge part to play in cost because smaller organizations don’t want the investment internally, and so reduce costs through contracting to external services under the same sort of model. But of course, the costs are a lot cheaper because of the multi-tenanting and multi-hosting that’s going on in the external public clouds. I think one of the key drivers right now is retention. For instance, people are moving data off to these places because they need to reduce costs, but more importantly, they know they need to keep it. They don’t necessarily want to have it clogging up their own internal systems, but they want to move it somewhere else so they can still get access to it but can do so aligned to a more long-term retention strategy. Built into that is how the costs of retrieval and the expenses around that are managed in terms of people looking at that information over a period of time. There’s also a third area which is more around risk and the outsourcing of liability. As we’ve seen in certain compliance and eDiscovery scenarios, people who know they have to preserve types of information on a regular basis are starting to contract to external eDiscovery cloud providers, or legal
75 INFORMATION IN THE CLOUD
ST:
Actually, “cloud” is probably one of the most misused terms right now. People use it to describe all sorts of collections of services, whether it’s for eDiscovery in the legal world and moving information to legal cloud providers, or for storage services that people require for moving data offsite. For example, Microsoft Azure, Iron Mountain and those types of companies that offer specific cloud storage services for the long term retention of data. Realistically, I think clouds themselves fall into a couple of types. One is a private cloud, and the other is a public cloud. The difference between the two is very simple. A private cloud is something that describes a collection of services or utilities inside an organization that people can contract to or get a service from through a single simple interface. For instance, if you took a storage vendor type model you’d find that they would create a private cloud storage facility where you would write information to one place, using one set of interfaces, and it would be stored internally with a set of capabilities around that. In contrast, public cloud is very much an external service, utilized across multiple different organizations. You often find that if you contract to a particular service with an external cloud provider, that service is delivered off a platform that multiple other different organizations are contracting to at the same time. It does raise some concerns, but of course you get their economies of scale because the actual provider themselves is able to host more from that one platform. The downside is that your information is intermingled with other peoples’, whereas a private cloud is inside your organization and therefore offers a lot more security around what you do internally.
management probably around 10 years ago. Some of the leading companies in that space have been storage vendors who were providing hosted services to organizations that, depending on the demand of the organization, gave additional capacity and provided it in such a way that it was fairly seamless to the organization. Consequently, what we end up with is a scenario where that model has been taken forward with added services capabilities, and then internally has become a provision of a range of capabilities that not only provide business information access but a way of storing and managing records, finding them, and knowing that they only have to go to one place to do that. It’s also a consolidation of the assets of an organization from an IT point of view. They can reuse additional space in different parts of the organization right to a single point where that data is managed, protected, stored, retrieved, and recovered after a disaster and things like
ASK THE EXPERT
AK: THERE’S QUITE A LOT OF BUZZ AROUND THE WORD “CLOUD” TODAY IN TERMS OF BOTH IT AND BUSINESS INFORMATION SERVICES. COULD YOU PROVIDE MORE INSIGHT INTO WHAT CLOUD ACTUALLY MEANS AND THE TYPES OF CLOUD, PARTICULARLY IN REFERENCE TO HOW THEY MANAGE INFORMATION?
ANALYST FEATURE
78 VIRTUALIZATION SECURITY
Still a lot of work to do… A lot of CIOs and CISOs don’t do upfront research and put enough thought into looking at virtualization security for their organizations. MARTIN KUPPINGER (KUPPINGER COLE) says that this is a must if security targets are to be met, and to move forward with a successful cloud computing platform.
You could claim that virtualization security isn’t a hype topic anymore. Yes, correct—it is a real topic now and relevant for most organizations today. However, a recent survey of Kuppinger Cole, supported by CA Technologies, unveiled that there is still a long way to go for most organizations. Given that, focusing on doing the home work in virtualization security is a must for CIOs and CISOs to ensure that security targets are met and to build the foundation for successful cloud computing in IT. Virtualization is a key technology in today’s IT environments. However, there are several types of virtualization with somewhat different value propositions. It comes as no surprise that the primary focus of organizations is server virtualization and storage virtualization. By the end of 2012, over half of the organizations surveyed expect to have deployed server virtualization to more than 50% of their systems in production environments. A third of the organizations expect to have deployed storage virtualization for more than 50% of the systems. The numbers for desktop virtualization and application virtualization are significantly lower. From the Kuppinger Cole perspective, these numbers show the gap between the hype around virtualization and its real, phased implementation especially when looking at production environments. Interestingly, organizations rely typically at least on two different virtualization technologies, with VMware being the clear leader but others including Citrix and Microsoft becoming strong followers.
The major driver for virtualization is that of IT operational efficiency. This is rated as the major driver or at least a driver by more than 90% of the organizations. Another important driver is the control of IT costs—however, virtualization is just a technical element. Full control requires a strong service accounting and thus service management. Interestingly, the least important drivers are the preparation for cloud IT and the ability to meet green IT targets. The fact that cloud IT isn’t a major driver is based on the value virtualization has by itself and the relative immaturity of strategic cloud IT initiatives. Virtually any respondent is fully aware of the need for virtualization security in these virtualized server and storage environments. However, there are still many inhibitors. The major inhibitor for implementing virtualization security is the lack of expertise and skills to plan and implement it. Other critical points are budgets for the upfront costs of implementing virtualization security and the complexity of managing security across virtual environments and platforms. When looking at the overall numbers it becomes obvious that the biggest inhibitor for virtualization security is still the relative immaturity of organizations when it comes to virtualization. There is a lack of expertise and skills; there is also a lack of processes, policies and standards, and a need for improved support for virtualization security from vendors. Around a quarter of organizations claim that virtual environments in general are less
CA Technologies CA Technologies is an IT management software and solutions company with expertise across all IT environments. CA Technologies manages and secures IT environments, enabling their customers to deliver more flexible IT services. Their solutions help customers gain a level of deep insight into and exceptional control over complex, mixed IT environments. It’s that level of insight and control that enables IT organizations to power business agility.
79 VIRTUALIZATION SECURITY
Kuppinger Cole, founded in 2004, is a leading Europe-based analyst company for identity-focused information security both in classical and in cloud environments. Kuppinger Cole stands for expertise, thought leadership and a vendor-neutral view on these information security market segments, covering all relevant aspects such as identity and access management (IAM), risk management and compliance (GRC), cloud security and management, governance and virtualization.
ANALYST FEATURE
Kuppinger Cole
HEAD TO HEAD
82 ENDPOINT SECURITY
Layer by Layer Delving into the specifics of being and staying secure at endpoints is a favourite topic of LANDesk experts ANDY KING and BEN HALL. They talk to ETM’S ALI KLAVER about the fundamentals of endpoint security and how it all starts with knowing exactly what is on your network.
http://www.GlobalETM.com
BH:
Before joining LANDesk I worked for a number of systems management providers in Europe. One of those was actually one of LANDesk’s largest outsourcing companies so it was a natural progression to join LANDesk. AK: WITH THE RAPID ADOPTION OF MOBILE DEVICES AND PERSONAL PHONES AND THEIR USE TODAY, IT MUST BE QUITE HARD TO STAY SECURE AT THE ENDPOINT. IS THIS JUST ONE OF THE CHALLENGES OF ENDPOINT SECURITY IN THE CURRENT MARKET? WHAT MIGHT BE SOME OTHER FACTORS?
BH:
It is definitely difficult to stay secure. Here at LANDesk we treat mobile devices no differently to laptops or desktops— it’s just another device that needs securing under the endpoint security umbrella.
AKing:
As we’ll discuss later, what we’re seeing is a huge rise in the number of devices. The days of somebody only having a desktop are over. More laptops now are sold than desktops, and most people have a laptop at least—if not a laptop and a desktop. Then they also have some sort of Smartphone. Nowadays there are other devices, whether they are the Apple brand, or i-somethingor-other, that are being used extensively everywhere, or one of its equivalents. And a lot of people are using Notebooks today. In this world of security management, it’s about figuring out how on earth to manage the user as opposed to the device, because the user is demanding more and more. They want to bring their private devices onto the network and companies have to get their heads around how they’re going to allow that. What policies and procedures do they need to put in place? How do they secure them, if they’re going to be a part of the business from now on? That’s a huge issue that a lot of end users, and business managers, are trying to get to grips with right now. AK: SO IT SOUNDS LIKE THERE ARE QUITE A LOT OF ENDPOINTS DEFINED
Andy King
|
AREA DIRECTOR, UK AND NORTHERN EUROPE LANDesk
Andy has been with LANDesk for over three years. Prior to this he worked for a number of enterprise software vendors. Andy is passionate about ensuring the users get value for money from their software investments and receive the customer service they expect. He states that one of the key reasons he’s with LANDesk is the great ROI. Andy is responsible for all of LANDesk’s business partners and resellers in EMEA North region, covering UK, Benelux and Nordics.
UNDER THAT ENDPOINT SECURITY UMBRELLA. ANDY, WHAT ARE THE OTHER BASIC FUNDAMENTALS NEEDED FOR ENDPOINT SECURITY TODAY?
AKing:
There are actually quite a few. What we’re seeing in the market now is a merger between the endpoint security and the endpoint management. It wasn’t so many years ago that those two things were completely separate, whereas now we are seeing them merging more and more because you can’t really secure something that you can’t manage. Another way of saying that is: You have to know what you’ve got in order to secure it, as well as manage it. That’s where the overlap comes in. Is it a security question or a management question to know whether or not there is a certain copy of a certain piece of software on your network which you have deemed to be a security risk? That could also be a systems problem because software is licensed and so instead you should be worrying about software licensing. So we’re seeing this convergence and the fact that, fundamentally, you have to know what you’ve got, you have to know who’s using it, and you have to know what they’re using. They are some of the core fundamentals. Once you’ve done that, the next one is—is it patched up-to-date, for example? Is it at the latest release? Do we have some sort of conformity about what’s on our network and what our endpoints are? Are they literally all over the map in terms of operating systems and hardware platforms etc? Then you get more into about how to control removable media, what you have to do about anti-malware, antivirus and whether you’ve considered remote users and so on. All
83 ENDPOINT SECURITY
AKing:
LANDesk, in one form or another, has been in existence for over 20 years. We are an independent software company. We are one of the only specialists in the market that focus on systems lifecycle management, endpoint security and an ITIL-based service management policy, and they are our three main solutions. We’re an organization that is 700 people strong, and most of our business goes through business partners so our route to market is through a channel company. I’ve been in the systems management world for five years, and the uptake of systems management technology that is required in the market still amazes me.
Other major factors are obviously roaming users out on the internet. At LANDesk we obviously consider those as very important, but we also realize that the key to endpoint security is a layered approach. You can’t just focus on one aspect of endpoint security such as only securing antivirus or selecting vulnerabilities—it’s not enough. You need to look at it from a multi-tier approach and consider security compliance, vulnerability, spyware management and policy enforcement as well.
HEAD TO HEAD
AK: ANDY, START US OFF BY TELLING US ABOUT LANDesk AND HOW YOU CAME TO WORK WITH THEM?
ASK THE EXPERT
86 ENTERPRISE SEARCH
The
source
http://www.GlobalETM.com
Enterprise search is as much about the tools you use as the way users actually search. BRIAN PINKERTON (LUCID IMAGINATION) says that it’s search that has now become a vital part of a user’s everyday life. He talks to ETM’S PINAR GENCTURK.
PG: HOW IS LUCENE AND SOLR OPEN SOURCE CHANGING THE FACE OF SEARCH? WHAT ARE THE NEW TECHNICAL CAPABILITIES IT INTRODUCES, AND WHO HAS BEEN SUCCESSFUL AT USING IT?
BP:
Lucene and Solr have done an incredible job of penetrating the search world because they do two things. One is that they offer enough full text features to be useful, and they also do that in a way that’s free. They are a modern technology, they offer incredible relevance and great performance, and they do it in a way that is flexible for the users. Lucene is an embeddable library that people use to link in with their applications at a low level, and Solr is a much more fully featured search application that people can use. They are free but also very accessible to developers so they can pick one of these things up, start running it, and be productive within a day or two. Within typically a week or a month, depending on the complexity of their application, they are fully up and running and near production levels, so Solr has been great at being accessible, usable and delivering the features that the users need. In the end I wouldn’t say that they deliver many more technical capabilities than some of the commercial competitors, but what they do offer they offer incredibly well so the performance is fantastic, the relevance is great, and it’s all tuneable and very accessible so you
PG: LUCID IMAGINATION HAS JUST ANNOUNCED A NEW SUBSCRIPTION PRODUCT OFFERING—LUCIDWORKS ENTERPRISE. HOW IS LUCID’S PRODUCT HOUSING OPEN SOURCE SEARCH?
BP:
LucidWorks Enterprise extends Solr and Lucene with features that are commonly needed by our commercial customers. We are focusing on providing technology that makes Lucene and Solr more accessible to more people. For example, a common need that people have is to get started with search. They want to get up and running a lot faster and for some of our customers that means using a user interface instead of configuring. It means not having to understand the full functionality of search to get up and running, but rather just doing the basics such as finding data and indexing it. They don’t necessarily want to mess around, at least at the start, with fields and all the different search parameters that they probably don’t know anything about. Our goal with LucidWorks Enterprise has been to simplify all the aspects of getting started so that you can get up and running in five minutes if your data is already accessible on the web, in a file system or database. Another great aspect of LucidWorks Enterprise is that we focused on making it so that people can build what I call completely functional search applications out of the box. If you take the barebones of Lucene or Solr, they are tuned for maximum performance and less emphasis on the features when you take it out
of the box. In order to build up a fully featured search app you actually have to learn about the configuration and all the aspects of search. For example, if you want features like auto complete, spell checking, unsupervised feedback to enhance relevance and all those other aspects, then those are features that you have to add on top of Solr. They are available as the part of the open source package but you have to figure out how they work and turn them on, so it’s not a very friendly experience. We’re taking the opposite approach. We want to give people a great search experience right out of the box and make it as automatic as possible for folks to use. The other aspect of LucidWorks Enterprise that we’re focused on is trying to make it easier to integrate into today’s enterprise. If you look at most of these search applications they are like a database—they are standalone islands of functionality that you have to configure. They don’t necessarily integrate so well with how you want your enterprise to work. Perhaps you need to write some applications around this in addition to using the search results. The applications may want to configure the search application and app, although it is hard to write the xml file and then reboot the search server to read that. It would be much easier if there was, for example, an API you could use to configure the search server. LucidWorks Enterprise is configurable with the rest of the API, and it has a bunch of extra stuff around the edges like security and connectors that enable it to work in an enterprise environment right out of the box. PG: WHAT STEPS HAVE BEEN TAKEN TO ENSURE THE STABILITY OF THE OPEN SOURCE SEARCH PRODUCT YOU OFFER?
BP:
That was a very important area for us to focus on because the open source community is moving so quickly that we needed to ensure the product is stable and insulated from that fast moving culture. At the same time, we want to take advantage of the speed of development because the new features come thick and fast in the open source community and they’re always making extraordinary leaps in terms of performance, resource utilization and things like that. We have a QA department that we subject Lucene and Solr to, as well as our own code to ongoing continual QA efforts. We’re stress testing it in terms of load and are also continuously testing the components as they’re developed.
87 ENTERPRISE SEARCH
BP:
Search is becoming a huge part of most enterprises in terms of what I would call a first class service—that means you know search is the product to be delivered but also that it’s a component of many other applications. If you take some of the common applications that people are using in the enterprise today—for example, an application such as Salesforce.com—search is a very important part of that application. It’s also an important part of applications that people build on their own, inside the enterprise. From a first class perspective and from a component perspective it has become basically part of everyone’s everyday life. The users inside the enterprise are all accustomed to searching for information now because it’s how they find out what they need to know. So it has to be an integral part of these applications.
don’t have to call up your vendor if you need access to a certain API. It has been super successful across a huge variety of applications. We see people using Lucene and Solr in Silicon Valley in what I would call the start-up land where people can’t afford commercial solutions. They’re all using Lucene and Solr because it’s free. We’ve seen some competitors to Lucene and Solr sprout up because they have been so successful. In addition, Lucene and Solr have penetrated the enterprise as open source has become more and more acceptable inside the enterprise, so lots of the enterprises running on Linux now see that open source has become accepted practice inside even the most traditional enterprises. For example, Wall Street and Fortune 500 companies are all using it and have been amazingly successful at building very cool applications using this technology.
ASK THE EXPERT
PG: CAN YOU TELL ME WHY SEARCH IS SUCH AN IMPORTANT TECHNOLOGY FOR THE ENTERPRISE IT DECISIONMAKER TO KNOW ABOUT?
Events and features
90
Events and features 2011
ETM is focusing on:
Social media, GRC and management
2011
BUILDING YOUR ENTERPRISE DATA STRATEGY DATES: 13 – 18 February 2011 LOCATION: Las Vegas, NV URL: http://events.tdwi.org/events/las-vegasworld-conference-2011/home.aspx
GARTNER INFRASTRUCTURE, OPERATIONS AND DATA CENTER SUMMIT DATES: 15 – 16 March 2011 LOCATION: Sydney, Australia URL: www.gartner.com/technology/summits/ apac/data-center/index.jsp
GARTNER BUSINESS INTELLIGENCE AND INFORMATION MANAGEMENT SUMMIT DATES: 22 – 23 February 2011 LOCATION: Sydney, Australia URL: www.gartner.com/technology/summits/ apac/business-intelligence/index.jsp
DATA GOVERNANCE CONFERENCE EUROPE 2011 DATES: 21 – 23 March 2011 LOCATION: London, UK URL: www.irmuk.co.uk/mdm2011
3RD INTERNATIONAL CONFERENCE ON WIRELESS INFORMATION NETWORKS AND BUSINESS INFORMATION SYSTEMS DATES: 27 February – 1 March 2011 LOCATION: Kathmandu, Nepal URL: www.win-bis.com/registrationpage11.php GARTNER CIO LEADERSHIP FORUM DATES: 28 February – 1 March 2011 LOCATION: Dubai, UAE URL: www.gartner.com/technology/summits/ emea/cio/index.jsp TDWI SOLUTION SUMMIT DATES: 6 – 8 March 2011 LOCATION: Savannah, GA URL: http://tdwi.org/sitecore/content/ Home/TDWI/TDWI-Events/Events/SolutionSummit-Savannah-2011/Home.aspx GARTNER BUSINESS PROCESS MANAGEMENT SUMMIT DATES: 7 – 8 March 2011 LOCATION: London, UK URL: www.gartner.com/technology/summits/ emea/business-process/index.jsp CLOUD COMPUTING WORLD FORUM: MIDDLE EAST AND AFRICA DATE: 9 March 2011 LOCATION: New York, NY URL: http://summits.aberdeen.com/index. php/hcm.html
MOBILE NETWORK OPTIMISATION ASIA PACIFIC SUMMIT 2011 DATES: 22 – 23 March 2011 LOCATION: Bangkok, Thailand URL: www.mobilenetworksasia.com GARTNER PORTALS, CONTENT AND COLLABORATION SUMMIT DATES: 28 – 30 March 2011 LOCATION: Los Angeles, CA URL: www.gartner.com/technology/summits/ na/portals/index.jsp WEB 2.0 EXPO DATES: 28 – 31 March 2011 LOCATION: San Francisco, CA URL: www.web2expo.com/webxsf2011 THE SUPPLY CHAIN MANAGEMENT SUMMIT DATES: 29 – 30 March 2011 LOCATION: Chicago, IL URL: http://summits.aberdeen.com/index. php/Supply-Chain-Management-Summit/2010scm-summit-overview.html
GARTNER CUSTOMER 360 SUMMIT 2011 DATES: 30 March – 1 April 2011 LOCATION: Los Angeles, CA URL: www.gartner.com/technology/summits/ na/customer-360/index.jsp
WORLD CONFERENCE: PERFORMANCE MANAGEMENT DATES: 3 – 8 April 2011 LOCATION:Washington, D.C. URL: http://tdwi.org/Calendar/2011/04/ World-Conference-Performance-Management. aspx GARTNER CIO LEADERSHIP FORUM DATES: 4 – 6 April 2011 LOCATION: London, UK URL: www.gartner.com/technology/summits/ emea/cio-forum/index.jsp CUSTOMER CONTACT 2011, EAST: A FROST AND SULLIVAN EXECUTIVE MINDXCHANGE DATES: 10 – 13 April 2011 LOCATION: Marco Island, FL URL: www.frost.com/prod/servlet/summitsdetails.pag?eventid=198886397&as=attend GIL 2011: MALAYSIA DATE: 12 April 2011 LOCATION: Kuala Lumpur URL: www.gil-global.com/malaysia/index.html GARTNER BUSINESS PROCESS MANAGEMENT SUMMIT DATES: 27 – 29 April 2011 LOCATION: Baltimore, MD URL: www.gartner.com/technology/summits/ na/business-process/index.jsp INTEROP LAS VEGAS DATES: 8 – 12 May 2011 LOCATION: Las Vegas, NV URL: www.interop.com/lasvegas scip 2011 DATES: 9 – 12 May 2011 LOCATION: Orlando, FL URL: www.scip.org european identity conference 2011 DATES: 10 – 13 May 2011 LOCATION: Munich, Germany URL: www.id-conf.com
Interested in contributing? If you’re an analyst, consultant or an independent and would like to contribute a vendor-neutral piece to future issues of ETM, please contact the managing editor: Pinar Gencturk: pgencturk@imipublishing.com
To read the
full version of the Q1 2011 issue, please go to
“www.globalETM.com” please go to
full version of the Q2 issue, To read the