Head in The Clous

Head in the cloudsPa u l B u r n sNe o v i s e

L a u r a D i D i oI T I C

M a r t i n K u p p i n g e rKuppinger Cole

M a t t h e w L e e sPatricia Seybold Group

| THE INDEPENDENT RESOURCE FOR IT EXECUTIVES

Head in the cloudsHead in the cloudsHead in the cloudsHead in the cloudsHead in the cloudsHead in the cloudsHead in the cloudsHead in the clouds

Q3 2010

The focus on cloud computing

Also in this issue: – search, security, and social technology

ETM ■ CONTENTS PAGE

8

11 Editor and contributors page

13 Industry snapshot

15 Professional pro� le

122 Events and features

16 GRC—Step by step

In the last few years, GRC has emerged as the meeting point of e� orts to ensure not only compliance with regulatory requirements, but a responsible approach to the management of the enterprise risk that underlies regulatory demands. SCO� C� WFORD (ENTERPRISE MANAGEMENT ASSOCIATES) talks with LUCIO DE RISI (MEGA INTERNATIONAL) and LUC B� NDTS (BWISE), two experts directly involved in helping organizations shape their GRC strategy.

26 � e back o� ce means business

� NDY B� SCHE (GENESYS) and ETM’S ALI KLAVER explore how companies are applying best practices from the contact center to the back o� ce to improve e� ciencies and meet service levels, all while reducing cost.

28 Pure logic

How can businesses be� er operate by identifying and capturing de� ned logic and repeatable rules? DANA GARDNER (INTE� RBOR SOLUTIONS) discusses business rules management (BRM), and explores the value of businesses being agile in a safe way. He is joined by DON GRIEST (FICO), RIK CHOMKO (INRULE TECHNOLOGY) and BRE� STINEMAN (IBM).

38 � e key to success

As cloud computing takes a stronger hold on the IT industry, organizations must realize that there is a another factor that will ensure its success. MARTIN KUPPINGER (KUPPINGER COLE) writes about the importance of service management.

40 Smooth transition

Public versus private cloud computing is one of the ho� est topics in IT at the moment, but there’s still a lot of confusion around its adoption—which has been higher than anyone expected. STEVE B� SEN (ENTERPRISE MANAGEMENT ASSOCIATES) talks with DENIS MARTIN and BROOKS BORCHERDING (NAVISITE) about the scope and transition of cloud computing.

46 Transforming business

ETM’S ALI KLAVER interviews DEEPAK JAIN (WIPRO) about enabling business growth through IT infrastructure transformation.

50 Actionable Intelligence

DR. ANTON A. CHUVAKIN talks about the usability and integration of security information and event management (SIEM) and touches on log management with the added bene� t of three industry experts; MICHAEL LELAND (NITROSECURITY), A.N. ANANTH (PRISM MICROSYSTEMS) and DEBBIE UMBACH (RSA, THE SECURITY DIVISION OF EMC).

62 Create your own app factory

ETM’S ALI KLAVER chats to EDDY PAUWELS (SERENA SOFTWARE) about business process-driven application lifecycle management and how they link to each other, as well as how businesses can bene� t from such a strategy.

Contents

116 One at a time

Enterprise search and subsequent work� ow has long been confused with compliance and policies for archiving. Information governance strategies reset thinking in this area by establishing clear use cases for accessing information versus those that enable retention. SIMON TAYLOR (COMMVAULT) takes ETM’S ALI KLAVER through the di� erent faces of enterprise search.

CONTENTS PAGE ■ ETM

9

Contents

68 � e pros and cons of cloud

LAU� DIDIO (ITIC) describes what to watch for if you’re considering making the jump to cloud computing. She suggests it’s de� nitely a bene� t, as long as you’ve done your research and it’s done right.

72 A marriage of sorts

MIKE ATWOOD (HORSES FOR SOURCES) moderates a panel discussion on IT outsourcing touching on transformation, the cloud and some fantastic case studies with the help of CHUCK VERMILLION (ONENECK IT SERVICES) and � RINE BRUNET (STERIA).

84 SIEM satisfaction

One of the most ignored bene� ts of security information and event management technology is using SIEM technology to improve overall IT operations. A. N. ANANTH and STEVE LAFFERTY (PRISM MICROSYSTEMS) talk to ETM’S ALI KLAVER about how improved operations is seldom given much a� ention but might well provide the most tangible cost justi� cation.

88 A question of semantics

ETM’S ALI KLAVER talks with DR. � THY DAHLGREN (COGNITION TECHNOLOGIES) about an innovative approach to meaning-based text processing technology. Among a discussion on market trends and the bo� om line, it’s clear that Cognition is at the forefront of search—now and into the future.

92 Seven reasons

PAUL BURNS (NEOVISE) shares with ETM why every CIO must embrace Service Level Management as a way to transform the IT organization.

94 Moving with the times

ETM’S ALI KLAVER talks to P� SHANTH SHE� Y (METRICSTREAM) about managing enterprise GRC programs in global organizations, and how to realize the bene� ts that can stem from successful implementation.

100 Business and IT—side by side

DANA GARDNER (INTE� RBOR SOLUTIONS) moderates a discussion on the productivity bene� ts and future of business process management with the help of MARK TABER (ACTIVE ENDPOINTS), DR. ANGEL DIAZ (IBM) and SAMIR GULATI (APPIAN CORPO� TION). � is expert panel examines BPM and explores what it delivers to enterprises in terms of productivity and agility.

110 Archiving on demand

MARTIN KUPPINGER (KUPPINGER COLE) talks to Astaro’s ERIC BEGOC about mail archiving, how it’s changing, and what to expect in the future.

112 Open innovation

With the rise and embrace of social networking and so� ware you could be forgiven for thinking that we’re at the height of innovation. MA� HEW LEES (PATRICIA SEYBOLD GROUP) tells us how social technology can make “innovation” more than just a word.

11

EDITOR’S PAGE ■ ETM CONTRIBUTORS

C o n t r i b u t o r s Pa u l B u r n s

P r e s i d e n t a n d Fo u n d e rNe o v i s e

L a u r a D i D i oP r i n c i p a l A n a l y s t

I n f o r m a t i o n Te c h n o l o g y I n t e l l i g e n c e C o r p ( I T I C )

M a r t i n K u p p i n g e rSenior Par tner and Founder

Kuppinger Cole

M a t t h e w L e e sSenior Contr ibuting Editor

Patricia Seybold Group

HeadquartersInformed Market Intelligence (IMI) Ltd

Farringdon House, 105-107 Farringdon RoadLondon, EC1R 3BU, United Kingdom

+44 207 148 4444

New York68 Jay Street, Suite #201, Brooklyn, NY 11201, USA

+1 718 710 4876

Head in the cloudsIt appears the IT world is slowly but surely opening up a realm of possibilities for businesses globally. While we in the IT sphere have known this for a while, it’s just coming to the attention of businesses looking at their SIEM solutions, their business process management, and especially ROI.

An IT department stuck in the bowels of the building is quickly becoming a thing of the past as business decision-makers realize that creative collaboration is the way to go. Now, IT and management are rubbing shoulders—literally—and working across the gamut of business applications to find ways to grow, collaborate and innovate.

Our Q3 issue is a breath of fresh air and packed full of the answers to your questions. Why not start with our business rules management and business process management podcasts (pages 28 and 100 respectively), as one of our favourite moderators, Dana Gardner, guides you through the essentials with the help of industry leaders.

Matthew Lees from the Patricia Seybold Group tells us how social technology can make “innovation” more than just a word (page 112), while I have an interesting chat with Dr. Kathy Dahlgren from Cognition Technologies about semantic search—certainly one to get the brain working (see page 88).

There is plenty more to read in this issue of ETM, and hopefully in these pages you’ll find the perfect solution to your IT problems. And don’t forget, there are a wide range of podcasts to enjoy on www.globaletm.com

Thank you for reading, and if you would like to contribute to any future issues of ETM, please feel free to contact me via email at [email protected]

Ali KlaverManaging Editor

Fo u n d e r / P u b l i s h e rA m i r N i k a e i n

M a n a g i n g E d i t o rA l i K l a v e r

C r e a t i v e D i r e c t o rA r i e l L i u

I n t e r n D e s i g n e rJ e f f C e r i e l l o

We b D e v e l o p e rV i n c e n z o G a m b i n o

Po d c a s t / S o u n d E d i t o rM a r k K e n d r i c k

A s s o c i a t e E d i t o r sM a r y Wr i g h t

H e l e n a S t a w i c k iL e e L i a n L o n g

A c c o u n t E x e c u t i v e s J o e M i r a n d a

S a n d i n o S u r e s hA i c h a G u l t e k i n

No r t h A m e r i c a n A c c o u n t E x e c u t i v e sFa r r a h Tu t t l eYe s s i t A r o c h o

M a r k e t i n g E x e c u t i v eA l e x a n d r o s T h e m i s t o s

Enterprise Technology Management is published by Informed Market Intelligence

How to contact the editorWe welcome your letters, questions, comments, complaints and compliments. Please send them to Informed Market Intelligence, marked to the Editor,Farringdon House, 105-107 Farringdon Road, London, EC1R 3BU, United Kingdom or email [email protected] submissionsAll submissions for editorial consideration should be emailed to [email protected] reprints of articles published in ETM magazine, contact [email protected] material copyright Informed Market IntelligenceThis publication may not be reproduced or transmitted in any form in whole or part without the written express consent of the publisher.

INDUSTRY NEWS ■ ETM

13

GROWTH IN RUSSIA

Industry snapshot

Groteck Business Media reports that the information security market in Russia was able to develop during the economic crisis. Almost all segments grew in 2008, kept growing in 2009, and they anticipate growth in the 2010-2011 period. � e main drivers were requirements towards protecting personal data and information in public authorities. In the next two years they expect the implementation of electronic document management and the protection of mobile devices to be big growth areas.www.groteck.com

Kenya is registering all mobile phone numbers in a bit to cut crime. Kidnappers o� en use unregistered mobile numbers to text ransom demands and it’s expected most people will support the move to make life more di� cult for criminals. Users must supply ID and proof of address before they get a number, and any numbers still unregistered as of the end of July will be disconnected. Tanzania is also involved in a similar process.

CALLING KENYA

IBM PROBED� e European Commission has launched two separate competition inquiries to discover whether IBM has abused its position in the mainframe market following complaints by two so� ware makers. � e inquiries will examine whether IBM prevented competitors from operating freely and will look at their relations with maintenance suppliers. IBM says the inquiries have no merit.

NEW LICENSING OPTIONS

It looks like the Microso� O� ce license per device concept has had a rethink. With the increasingly mobile workforce, and as virtualization comes to the fore, Microso� has had to clarify its SA policies. Since July, users of a PC with an O� ce license have rights to O� ce 2010 Web Apps from PCs or external devices, but companies will need to host the O� ce Web Apps on either SharePoint Server 2010 or SharePoint Foundation Server 2010. www.microso� .com

Google has trumped Bing in a deal to provide search results and related advertising to Yahoo Japan. � e deal will see Google provide search capabilities to 90% of the PC market and roughly half of the mobile web market. � is is a further boost for Google’s Japanese operation. On another note, the China/Google row continues...

JAPAN EMBRACES GOOGLE

PENTAGON HUNTS WIKILEAKS

� e Pentagon is still on the hunt for the source who leaked more than 90,000 classi� ed US military documents. Bradley Manning, the 22-year-old Army intelligence o� cer currently under arrest for leaking a variety of classi� ed documents, databases and videos to Wikileaks, has not been ruled out as a suspect. Although the leaks reveal past actions, the details are considered nonetheless damaging.

VIRUS TARGETS INDUSTRY

Siemens is tackling a virus that speci� cally targets computers used to manage large-scale industrial control systems used by manufacturing and utility companies. Although this could be one of the biggest malicious so� ware threats in recent years in the form of industrial espionage, Siemens is actively looking to counteract it. � ey’ve already discovered that it’s best to leave current passwords unchanged and to refrain from using USB keys.

h� p://www.GlobalETM.com

EXECUTIVE PANEL ■ GOVERNANCE, RISK AND COMPLIANCE

16

In the last few years, GRC has emerged as the meeting point of efforts to ensure not only compliance with regulatory requirements, but a responsible approach to the management

of the enterprise risk that underlies regulatory demands. SCOTT CRAWFORD (ENTERPRISE MANAGEMENT ASSOCIATES) talks with LUCIO DE RISI (MEGA INTERNATIONAL) and LUC BRANDTS (BWISE), two experts directly involved in helping organizations shape their GRC strategy.

GRC—Step by step

17

GOVERNANCE, RISK AND COMPLIANCE ■ EXECUTIVE PANEL

SC: THERE HAS BEEN A LOT OF TALK ABOUT GRC OVER THE PAST FEW YEARS, AND TO MANY IT SOUNDS QUITE BROAD AND UNDERSTANDABLY SO, CONSIDERING THE BREADTH OF WHAT IS INCLUDED TYPICALLY IN A GRC PROG� M. LUC, HOW DO YOU AND BWISE DEFINE GRC?

LB: We feel that there is a need to integrate all the di� erent “levels” of defence in the organization. So with the � rst level we want to help businesses to responsibly implement policies and procedures, report incidents, implement controls and so on.

� is is supported by a second level of defence, whether it’s risk management compliance or quality management departments, and that’s where a big convergence e� ort is taking place—trying to integrate all the di� erent risk languages into one. We see GRC as o� en being mistaken for just that second level of defence.

� ere’s also more to it, a third level of defence, where internal audit does their independent review of that information, trying to leverage the data that’s out there as much as possible.

Finally, there’s a fourth level of defence, the external auditor and regulators, who hopefully also take that information into account.

What we’re trying to establish, and what organizations are trying to get across, is that all these di� erent entities, departments and views within an organization need to be speaking a single risk language. � ere’s a strong element of risk and a very important component of compliance that is being governed by the processes that help these four levels of defence to cooperate.

LD: Based on customer experience, I think that GRC doesn’t mean the same thing for everybody—just the initiatives today cover a large spectrum of requirements.

An analyst’s de� nition would call GRC a set of policies, processes, methodologies and tools that a company implements to phase the increasing pressure of internal and external regulation, and to guarantee that all conditions are met to achieve business goals.

In the beginning, GRC was formed to basically put together siloed initiatives within one global approach, then the acronym of GRC was born. Today, that model of GRC is more about implementing a holistic approach to target � rst business performance, and then � x the technical problems within each department.

SC: THAT LINES UP VERY WELL WITH WHAT WE’VE SEEN AT EMA. THERE’S DEFINITELY A VERY LARGE ELEMENT OF RISK, AND LUCIO, THE ISSUE YOU BRING UP DOES REVOLVE TO A CERTAIN EXTENT AROUND GOVERNANCE.

ORGANIZATIONS THAT WE WOULD QUALIFY AS HIGH PERFORMERS HAVE PLACED A GREAT DEAL OF EMPHASIS ON SE� ING THE TONE AT THE TOP, IF YOU WILL, AND THE SUPPORT OF SENIOR MANAGEMENT IN TERMS OF DEFINING PRIORITIES, ST� TEGY AND A TRULY RESPONSIBLE APPROACH TO ENTERPRISE GOVERNANCE.

ONE OF THE THINGS EVIDENT FROM OUR RESEARCH HAS BEEN NOT JUST SE� ING THE TONE AT THE TOP BUT SENIOR MANAGEMENT SUPPORT FOR GRC EFFORTS. IT’S CRITICAL, NOT JUST FOR LEADING GOVERNANCE INITIATIVES, BUT FOR IMPLEMENTING RISK MANAGEMENT TACTICS—AND THAT INCLUDES MEASURES SUCH AS ENFORCEMENT, FOR EXAMPLE.

LUCIO, WHAT ARE SOME OF THE THINGS THAT YOU THINK HELPS ORGANIZATIONS SUCCEED IN DEFINING EFFECTIVE GOVERNANCE?

LD: First, I’d like to enhance the kind of dichotomy in how to approach GRC in initiatives, and then position the sponsorship from top managers with respect to these two di� erent approaches. � ese two approaches are not opposed, but complementary.

One is what you would call approach based on controls, and the second is based on business improvement. � e role of senior management is di� erent in these two di� erent cases.

Let me clarify what I mean. In some cases, the companies need to apply what I call the control-based approach. For example, you need to respect US law about not exporting to some countries, or you have to guarantee that you provide the appropriate data to the stock exchange. If you’re in Europe you know that you cannot provide any advertising, or you must be sure that you’re not referring to smoking, for instance.

In all these cases, which are basically ma� ers of respecting the law and other strict rules, I think that the control-based approach is the one that companies must apply, even if it’s not the only one.

� e second one that I mentioned, which I call the business improvement-based approach,

Randy Brasche(Genesys) and ETM’S ALI KLAVER explore how companies are applying best practices from the contact center to the back o� ce to improve e� ciencies and meet service levels, all while reducing cost.

Usually a piece of work goes into a queue, just like a telephone call would go into a queue, then the contact center, usually the back office person, has to pull that piece of work out of the queue and they have to validate it in terms of actually doing the work. Then they have to go one step further and execute the work.

What we’ve found is that the process of � nding the piece of work and pulling it out of the queue usually takes about three minutes or so, and that’s tremendously ine� cient when you’re talking about thousands and thousands of work items in the back o� ce every year.

Imagine, for example in the same contact center, if someone were to go ahead and call in, and an agent looked at all the calls in the queue and saw that a person wanted to change their account information. � ey could then pull it out and take care of that customer very quickly and easily.

Imagine how inefficient and frustrating it would be for the customer on the telephone to wait for an extended period of time, or get put through to the wrong department, when all they wanted was the change their account information—these are the exact same things that are happening in the back office today.

AK: THAT’S A GREAT EXAMPLE—CAN YOU PERHAPS TAKE US THROUGH A FEW MORE?

RB: I have a few other great examples.Typically, when you think of the back o� ce, there are usually some penalties or costs associated with it. If you think about provisioning a service like your telephone, or doing a credit card dispute, there’s usually a service level associated with that.

Say that we took, for example, one of our customers who is a large telecommunications company. When they don’t provision a telephone service from the back o� ce, they have to pay � nes to the front o� ce, the contact center and to the customer.

Imagine if all this work is si� ing there and they might have two piles—one might be something as simple as just changing account information, and the other pile is for provisioning a new service—obviously you want to go in and prioritize the provisions on your services to ensure that you don’t have to pay a � ne.

Similarly, one of our customers tries to move ahead quickly and set up new credit card account that they receive from the web, but they get stuck in the back o� ce and they don’t get prioritized. � ese prospects actually end

HEAD TO HEAD ■ BUSINESS PROCESS MANAGEMENT

The Back Offi ce means Business

AK: � NDY, WHY DOES THE BACK OFFICE WANT TO EMULATE THE CONTACT CENTER OR FRONT OFFICE?

RB: Well, if you think of the contact centre, they’ve had years to become e� cient. � e calls that go into a contact centre get prioritized, routed, sent to the right agent, and so on.

When you look at the back o� ce, they sometimes have six times the amount of workers, three to � ve times the costs, and a lot of the time they’re very ine� cient.

Perhaps you had to submit an insurance claim and normally you might be very happy with your experience of the contact center submi� ing that request, but when it came to actually being processed it gets delayed.

And in terms of cost, especially since it’s three to � ve times the cost in the back o� ce, that’s a lot of money companies are spending mostly on individuals in the back o� ce, cherry picking work, not taking the right items, or the work not being aligned to the right person.

AK: WHAT ARE YOU FINDING IS THE SOURCE OF THESE INEFFICIENCIES?

RB: � ere are usually a couple of steps that are taken in the back o� ce when a work item is processed.

26

up ge� ing credit cards from other companies because they weren’t processed appropriately or quickly enough in the back o� ce. So that’s a case of lost revenue.

Both cases are from a service level agreement perspective, and at times you may have to pay � nes for not meeting them. From the other credit card example, this is lost revenue and lost customers that you could have had because you were very ine� cient in the back o� ce.

AK: WHAT ARE SOME OF THE EXISTING TECHNOLOGIES IN THE BACK OFFICE THAT COULD BENEFIT FROM THESE NEW EFFICIENCIES?

RB: � ere are a lot of new technologies that, if you think about it, any process or work based item can use to their advantage.

� e simplest might be a fax server, and I’ll give you an example in a second. Another one might be a service request system, such as a Remedy, trouble ticketing system, a Siebel system or SAP system, and all the way up to the more complex systems such as a business process management system.

� e simplest example I could give is that most people can relate to a fax service. I was using an airline several years ago and they missed crediting me for 5000 miles .� ey said to fax my request in and that it would be recti� ed. So I did that and nothing happened, even when I faxed it again. I ended up ge� ing so frustrated that I switched airlines.

Had they actually known my status as a gold customer, looked at the fax, and a� ached a high priority tag to it and sent it to the right agent, along with an SLA associated with it saying that I needed to be responded to within 24 hours, then I might not have ended up leaving and going to another airline.

I’m now a happy customer at the airline I switched to, so that’s a great example of a technology that could actually bene� t from this type of a process.

AK: THE BO� OM LINE IS STILL SUCH AN IMPORTANT ASPECT OF DAILY BUSINESS LIFE � NDY, SO CAN YOU TELL ME WHAT THE TYPICAL ROI AND SAVINGS ARE?

RB: It’s pre� y dramatic, when you think about it, if you prioritize the work items based upon value and send them to the right person in the back o� ce just like you would with a telephone call in the front o� ce and the contact center. We’ve seen a dramatic improvement of about 15-25% e� ciencies in the back o� ce.

I’ll use another real-time example. We did a pilot with a customer in Australia and they typically had a problem with their nine to � ve work day and the fact that, at � ve o’clock when work was done, they still had a lot of un� nished work and items that weren’t processed that were high priority.

Once we worked with them, implementing this process, their nine to � ve work day went from nine o’clock until two o’clock, so they had three extra hours to re-provision these workers to do other items that could actually bene� t from the next day’s worth of work.

AK: THAT’S ANOTHER FANTASTIC EXAMPLE � NDY. WHAT TYPES OF COMPANIES WOULD BENEFIT?

RB: � e logical ones are obviously the most paper process-intensive companies such as insurance companies that have to deal with claims, � nancial services and so forth. But there are a lot of other companies that you might not even think about.

� ese are companies that have to process leads that they get from their websites, or other companies that have some sort of government regulation and service levels associated with them—to use the credit card example, when you have to go ahead and issue your credit card dispute—then that has to be ful� lled within a certain period of time.

So if you think about any company across the board and any vertical industry, there’s always some sort of business process associated in the back o� ce, so any company could really bene� t from this.

AK: YOU’RE TALKING ABOUT CATERING ACROSS A WIDE � NGE OF INDUSTRIES HERE, AND ESPECIALLY IN THIS ECONOMIC CLIMATE IT’S

ESSENTIAL TO REALLY JUMP ON THESE BACK OFFICE BUSINESS PROCESSES TO ENSURE THAT YOU’RE GE� ING THE BEST POSSIBLE RESULT YOU CAN.NOW FOR OUR LAST QUESTION, WHAT CAN THOSE COMPANIES LISTENING TODAY DO TO GET STARTED?

RB: It really requires self assessment and some internal thinking in terms of: What are my processes? How are they being done? How are my workers being utilized? What are their skill sets? How do I determine which items are the higher business priority? � e list can be endless.

A lot of companies are doing this back o� ce transformation today and I think it really becomes an issue of self assessment. You need to take a close look at what you do in the back o� ce and re-prioritize your resources, your processes, and also implement new technologies to ensure that you’re becoming more e� cient.

At the end of the day, when you’re talking about six times the amount of back o� ce workers at three to � ve times the cost, that translates into a lot of money.

Also, these back o� ce processes are being relied on by the front o� ce and the contact centre, and you’re also talking about customer satisfaction which can result in customer defection. But if you can keep those customers happy, then these happy customers are going to spend more money.

So it really requires self assessment and looking internally to see where you can improve.

BUSINESS PROCESS MANAGEMENT ■ HEAD TO HEAD

Randy is responsible for driving adoption of Genesys’ market-leading customer service and sales solutions. Prior to Genesys, he was a founding member and director of product marketing at Active Reasoning, and held marketing and product strategy positions at Cable and Wireless, Exodus, Oracle, Informix and Liberate Technologies.

Randy is the author of the popular IT Compliance for Dummies and Dynamic Contact Center for Dummies books.

27

Randy Brasche | DIRECTOR OF PRODUCT MARKETING

GENESYS

“... these back offi ce

processes are being relied

on by the front offi ce

and the contact centre...”


EXECUTIVE PANEL ■ BUSINESS RULES MANAGEMENT

28

Pure logic

29

BUSINESS RULES MANAGEMENT ■ EXECUTIVE PANEL

DGARDNER: DON, TELL ME A LI� LE BIT ABOUT YOUR HISTORY. HOW IS IT THAT BUSINESS RULES MANAGEMENT PLAYS AN IMPORTANT ROLE AT YOUR COMPANY?

DGriest: FICO is probably best known for FICO score which is used in credit decisions, when you get a credit card or apply for a loan for a house. It’s been around 50 years now and started with a couple of statisticians, Bill Fair and Earl Isaac.

� ey came up with a way of using data analytics to improve decisions. � ey quickly found out that giving people a good credit score wasn’t enough and that they needed to apply those decisions in making o� ers on products and making decisions about the credit risk.

So they started building applications for banking and then eventually insurance, retail, healthcare and other industries to help them make decisions informed both by the best practices that were in the policies, but and by analytics including predictive analytics, predictive modelling, simulation and optimization.

Today, we sell both applications and then tools underneath that help us build those applications—business roles management being a critical one of those.

DGARDNER: WHAT’S CHANGING? WHAT MAKES BUSINESS RULES MANAGEMENT SO IMPORTANT TODAY? DO YOU AGREE THAT COMPLEXITY IS SPINNING OUT OF CONTROL?

DGriest: I agree that there have been a number of changes in the market. Obviously, the recent economy changes have put a lot of pressure on e� ciency and doing more with less. � is means you need to make faster, cheaper decisions, and you need to be able to make changes to those decisions faster.

At the same time, we’ve got more regulatory pressures coming in not just in banking but also

in healthcare as well. � at is increasing the need for decision-making with great transparency and also being able to minimize the impact to the overall return on the company.

If you look at retail, it’s exploding in terms of what the web has done and in terms of consumer expectations about how many combinations of di� erent products are available and greater competitive pressure to get the right price point and the right o� er to the right customer—and actually still make money doing it.

DGARDNER: I’M GOING TO GUESS THAT AT FICO YOU OFFER SERVICES THAT AMOUNT TO BUSINESS RULES MANAGEMENT, BUT I BET YOU ALSO EMPLOY IT WITHIN YOUR ORGANIZATION. SO YOU’RE A BUSINESS RULES CONSUMER AS WELL AS USER?

DGriest: De� nitely. FICO is known for its scores, so that uses rules management to implement those scores. � ey create formulas that take information at the credit bureaus and apply scoring techniques to create a score. We then have applications that our customers use in origination.

So when you � ll out the loan it actually helps to walk that through the process—a culmination of normal business process � ow but also business rules being at the centre of that. So, yes, it’s used throughout the company.

DGARDNER: RIK AT INRULE TECHNOLOGY, TELL US A LI� LE BIT ABOUT WHAT YOU DO, WHAT YOU PROVIDE, AND HOW YOU SEE THE LANDSCAPE FOR BUSINESS RULES MANAGEMENT SHIFTING OR ADVANCING?

RC: InRule was started about eight years ago and we decided, at the time the .NET

framework was almost brand new, to focus on rule technology for that particular framework and platform.

We’ve been doing that ever since and really pushing harder to be a solution for the .NET platform that provides the authoring, management, storage and execution of the rules applied on that platform.

I think what I’ve seen over the last few years has been changing a li� le bit more than what was there before. � ere are always the top three industries that you would apply business rules to—insurance, � nancial services and healthcare—and while those are still going strong today there seems to be an uptake in a lot of other industry sectors that might be looking to use rules, outside those top three.

For example, take the entertainment industry. One of our clients is actually using rules to manage their project plans to enforce consistency and promote realistic planning for a large scale video production.

So it’s kind of interesting where we’re seeing this use of rules grow out from perhaps what people would traditionally apply rules to, and trying to branch into other industries.

DGARDNER: BRE� STINEMAN AT IBM, HOW DO YOU SEE YOUR BRM MARKET SHIFTING OR PERHAPS GROWING IN THE NEXT FEW YEARS?

BS: I’m sure most people have a fairly good idea of who IBM is in terms of the various so� ware, hardware and services that we provide. In terms of business rules management, our o� ering came from an acquisition of a company called ILOG that occurred in 2009.

ILOG has a long history, going back 20 years, in a variety of di� erent types of decision technologies—both from a business rules standpoint as well as optimization and visualization technologies, all of which were used to help organizations make be� er decisions for various parts of their businesses.

How can business better operate by identifying and capturing defi ned logic and

repeatable rules? DANA GARDNER (INTERARBOR SOLUTIONS) discusses business rules management (BRM) and explores the value of businesses

being agile in a safe way. He is joined by DON GRIEST (FICO), RIK CHOMKO (INRULE TECHNOLOGY) and BRETT STINEMAN (IBM).

IT’S NOT ABOUT IAM FOR THE CLOUDGiven that, we have to rede� ne our IAM strategies. We have to think about how to manage everything consistently. � at excludes approaches that run externally and only manage the external services. IAM in the cloud only for the cloud is contradictory to the target of managing everything consistently. � us, we need to expand what we have (or should have) in IAM, and access governance to support our future IT infrastructure.

Approaches that aren’t focused on supporting a hybrid cloud environment can only be tactical approaches, if at all. On the other hand, internally focused tools have to expand their reach to external services.

ONE IT—ONE MANAGEMENTIt obviously doesn’t make any sense to deal with external services that di� er with internal services. � at will make management inconsistent, redundant and error-prone, plus, it will inhibit

the � exible change from internal to external services and back.

Consuming external services is one element of the overall IT service provisioning. And it is, by the way, an element which is in place in virtually any organization. � ink about web hosting, web conferencing and many other applications which are frequently provided by external service providers.

� e quintessence of cloud computing is that it standardizes the service management across

ANALYST FEATURE ■ SERVICE MANAGEMENT IN THE CLOUD

As cloud computing takes a stronger hold on the IT industry, organizations must realize that there is a another factor that will ensure its success. MARTIN KUPPINGER (KUPPINGER COLE) writes about the importance of service management.

As cloud computing takes a stronger hold on the IT industry, organizations

The key to success

Cloud computing is the hype topic in IT. And without a doubt, cloud computing is about a fundamental paradigm shi� in IT. However, it is not so much about procuring external services. It is about the way IT services are produced, procured and managed—

internally as well as externally. � at is where service management comes into play.Service management, from the Kuppinger Cole perspective, is the key success factor for cloud computing. When talking about cloud

computing, it’s something di� erent than “the cloud”.First of all, there are several clouds, in the sense of environments which deliver IT services. � ese might be internal or external; they might be private or

public; but all of them provide IT services at di� erent levels of granularity. � ese levels range from granular web services to coarse-grain services like complete application environments and many SaaS (So� ware as a Service) approaches.

Cloud computing, on the other hand, is about selecting, purchasing/requesting, orchestrating and managing these services. � e management spans the entire range from technical aspects to auditing and accounting.

While the services might be delivered by many clouds, there has to be one consistent management approach. � is approach has to cover internal and external IT services. It is about one view on the IT, regardless of the service provider (or cloud, to use that term).

38

all types of services and thus allows you the � exibility to choose services from di� erent providers. Another e� ect is that internal IT services have to become standardized and (from a cost perspective) produced e� ciently—internal IT service production should signi� cantly bene� t from that approach by becoming more “industrialized” and automated.

FOCUS BEYOND SERVICE FUNCTIONALITYTo ful� ll the security and governance requirements, service management has to focus not only on the functional aspects (and, like frequently seen today when looking at the cloud, costs).

For each service there has to be “governance” requirements, including aspects like encryption of data, requirements for privileged access management, allowed locations for processing and storing the data, and many more.

When describing services and de� ning the service requirements, there has to be a standardized set of such requirements to ensure that these aspects are considered when selecting the (internal or external) service provider. � e most appropriate provider isn’t the one with the most advanced functionality or the lowest cost—as long as he doesn’t meet the governance requirements.

BUSINESS SERVICE MANAGEMENTWhen talking about service management in the context of cloud computing, it becomes obvious that there are multiple layers of services. Within IT services there is a range from single web services at the application level to complex SaaS applications. However, that can be managed with a consistent approach because the fundamental principles of service management apply to any level of service.

Beyond the IT perspective, there has to be business service management as well. Business service management is, in contrast to today’s

vendor marketing, about having descriptions from the business perspective of their requirements to IT.

It is not about availability management for business processes or something similar, it is about mapping the required IT services to a business requirement—for example, mapping storage and archiving services, information rights management and other services to the requirement, that contracts are handled in a de� ned way.

One element within such a business service management is providing the input for the governance requirements of IT services. � ese requirements typically are derived from business requirements, including regulatory compliance.

ERP FOR ITAn interesting opportunity within this approach of consequently using service management paradigms at all levels is that the ability for accounting will signi� cantly increase. Once everything is understood as a well-de� ned service, it is relatively easy to have a price tag on these services.

� at, in consequence, will allow you to do much be� er resource planning and to predict costs of new business services (eg. new requirements to the IT) much more reliably than before.

In other words: service management is the foundation for an “ERP for IT”, the ERP application which is still missing today. However, today’s service management applications aren’t an ERP for IT, even while some vendors tend to start telling this to their customers.

FOCUS ON SERVICE MANAGEMENT—AND SUCCEED WITH CLOUD COMPUTINGLooking at cloud computing and service management, it is obvious that these two things can’t be separated. Service management is the foundation for successful cloud computing. And cloud computing will drive the service management initiatives in organizations and will require the internal IT to standardize their services.

� e most important reason for this is that otherwise the internal IT can’t prove that they are providing the most appropriate services because they can’t directly compare with cloud services. Only with complete service requirements, including the governance aspect, can internal IT can validate that their service procurement suits the needs of the business be� er than the (sometimes) cheaper external service.

It will absolutely change the way the internal IT is working—but it is the only opportunity the internal IT has: standardize services, optimize the service production, and be be� er in meeting all the service requirements.

From an overall IT perspective, service management is key to success in cloud computing as well because it is the prerequisite for being able to � exibly switch between internal and external service providers and back.

SERVICE MANAGEMENT IN THE CLOUD ■ ANALYST FEATURE

Martin established Kuppinger Cole, an independent analyst company, in 2004. As founder and senior partner he provides thought leadership on topics such as identity and access management, cloud computing and IT service management.

Martin is the author of more than 50 IT-related books, as well as being a widely-read columnist and author of technical articles and reviews in some of the most prestigious IT magazines in Germany, Austria and Switzerland. He is also a well-known speaker and moderator at seminars and congresses.

39

Martin Kuppinger | FOUNDER AND SENIOR PARTNER

KUPPINGER COLE

“While the services might be

delivered by many clouds,

there has to be one consistent

management approach.”

HEAD TO HEAD ■ CLOUD COMPUTING

40

Public versus private cloud computing is one of the hottest topics in IT at the moment, but there’s still a lot of confu-sion around its adoption—which has been higher than anyone expected. STEVE BRASEN (ENTERPRISE MANAGE-MENT ASSOCIATES) talks with DENIS MARTIN and BROOKS BORCHERDING (NAVISITE) about the scope of cloud computing and its transition.

Smooth transition


41

CLOUD COMPUTING ■ HEAD TO HEAD

SB: TODAY WE’LL BE TALKING ABOUT PUBLIC VERSUS PRIVATE CLOUD COMPUTING, CERTAINLY A HOT TOPIC AND ONE AROUND WHICH THERE IS A LOT OF CONFUSION. I DON’T SEEM TO BE ABLE TO PICK UP A T� DE MAGAZINE THESE DAYS WITHOUT SEEING REPEATED REFERENCES TO CLOUD.

ACCORDING TO EMA PRIMARY RESEARCH, IN FACT, 11% OF ALL BUSINESSES HAVE ALREADY ADOPTED SOME FORM OF CLOUD SERVICES IN ORDER TO ACHIEVE THEIR BUSINESS OBJECTIVES. THIS IS VERY FAST ADOPTION WE’RE SEEING, FOR WHAT IS REASONABLY CONSIDERED A FAIRLY NEW TECHNOLOGY. WE’VE PROJECTED THIS TO BE SOMEWHERE BETWEEN A $40-50 BILLION DOLLAR INDUSTRY BY THE END OF 2011, AND GROWING ROUGHLY TO $160 BILLION BY 2015.

YET WITH ALL THIS PROMISE AND HYPE, IT’S SURPRISING THAT THERE DOESN’T SEEM TO BE MUCH CONSENSUS ON EXACTLY WHAT CLOUD IS AND WHERE THE SCOPE IS, WHICH LEADS ME TO MY FIRST QUESTION—HOW WOULD YOU DEFINE THE SCOPE OF CLOUD COMPUTING, AND HOW DO YOU DIFFERENTIATE PUBLIC AND PRIVATE CLOUD COMPUTING?

DM: You’re right Steve, there is a lot of confusion in the market today around cloud. Today we’ll talk about it primarily from an infrastructure perspective, but even then there’s a lot of confusion about what a public cloud is compared to a private cloud.

In that spectrum from private to public, the consensus de� ning factor that’s emerging is how many customers are on the cloud. If there is more than one, it’s typically de� ned or put in the bucket of being a public cloud. If it’s only one, then it’s eligible to be quali� ed as a private cloud.

Even then there are a number of options or gradients along that spectrum where it’s not so black and white. For example, NaviSite offers private hardware where we can put one customer on a piece of hardware, yet they’re sharing other components of the underlying infrastructure.

Is that private, or is that public? We think of it as quasi-private and we think we provide all the bene� ts of a private cloud without any of the downsides. It’s not so cut and dry that there is a single di� erentiator between public and private.

BB: I’d like to add to what Denis said and to your initial points, Steve, around rapid adoption.

If you take a step back and consider why cloud has become so interesting and gathered so much hype, it’s because it is a true revolution and a true transformation of the way that companies are consuming IT resources.

So be it public, private or a hybrid of anywhere in between, I think at least in our generation, that we’ve very rarely seen something of this magnitude that is changing the fundamental consumption paradigm of IT.

We certainly have experienced that where we’re based here, in the enterprise space, but you can see this very rapid consideration of alternatives to the way that companies are consuming IT resources from consumers across the enterprise spectrum.

SB: WHAT ARE THE PRIMARY BENEFITS AND CHALLENGES OF PUBLIC AND PRIVATE CLOUD IMPLEMENTATIONS?

DM: From the public cloud perspective, the biggest bene� t is the ease of access and the ease of on-boarding.

Typically you can get on a public cloud, whether it’s for compute and storage or a combination of them, usually within minutes by simply providing a credit card number and commitment to pay and then your access is immediately available. So it’s a very simple on-boarding process.

� e challenge on the public cloud, because it is geared for larger groups of users and for a general usage case and not for speci� c usage cases, is that it’s geared typically for non-production services with very low service level agreement guarantees, and in some cases almost to the point of best e� ort-type performance.

You really don’t rely on them for services other than things like development or some sloppy bursting that you might need, but for today at least, they’re not geared for the rigors required for producing and supporting production applications.

Private clouds, on the other hand, inherently have all of the features required for not only doing high level SLAs, but also providing the complete infrastructure lifecycle management.

So in the case of public cloud, you might only have the ability to manage your CPU and the amount of memory, but you don’t have control over � rewalls and load balancers and the other components that are required to provide the use of the machine that you created, the � rewall rules that you apply to it, the load balancing and so on.

On the private side, since it is fully controlled, you do have the ability to create and work on the machines, apply � rewall rules to them, apply load balancing as needed, and then expose them from either the back end network or expose them on the public network space automatically.

It’s a much more robust environment for providing a range of services, whether it’s simply for development and testing, and all the way to the level of providing production services with four nines or � ve nines availability.

BB: I think a couple of the general bene� ts, be it public or private, is the fact that cloud services do have a promise of mitigating the complexity of IT. So, from a consumer perspective, it is easer to look at this as an alternative to acquire these resources, be they compute resources, or be they application on demand or SaaS-type capabilities.

So from both, there is this promise that we can make it much simpler to consume IT. And on both, I think there’s also a promise, be it public or private, consumer or enterprise, that there will be a reduction in capital expenditure and an increase in operational e� ciency across the spectrum.

Where the di� erentiation comes between public and private, as Denis mentioned, is that they’re built to deliver enterprise-type class services—at least, that’s the approach that we’ve taken at NaviSite.

So it’s taking everything from the quality of the underlying infrastructure and technology through to everything else that would be required such as the security standards, the wraparound services that you would expect, and then the ongoing support.

“... a quasi-private cloud, as an extension of your IT environment, is re-

ally a win-win on both sides.”

ASK THE EXPERT ■ IT INFRASTRUCTURE TRANSFORMATION

AK: CAN YOU GIVE US A BRIEF SUMMARY OF WIPRO’S INF� STRUCTURE SERVICES BACKGROUND AND HOW YOU HELP BUSINESSES SUCCEED?

DJ: Wipro has been o� ering IT Infrastructure services to its customers for over 25 years. Our customers are spread across North America, Europe, Asia Paci� c and Middle East geographies. Wipro’s IT infrastructure business is US$926 million and contributes 21% of our IT services revenues globally.

We’re seeing robust growth in this business and have been ahead of company growth at 40% CAGR for the last three years. We have seven datacenters and 17 global command centers including 14 security operations centers globally. Over 16,000 associates work for this division.

Our growth strategy is to keep on expanding our portfolio and, today, in our infrastructure services business, we o� er end-to-end IT outsourcing solutions from design and implementation services, managed services, DC outsourcing including technology transformation, and audits to continually improve the performance of IT systems.

We also have comprehensive o� erings to cater to complete IT security management services (consult –deploy –manage–audit). We also have a strong o� ering on the Core Telecom networks.

AK: HOW DO YOU HELP BUSINESSES SUCCEED IN THE CURRENT MARKET?

DJ: Our approach is to partner with our customers and look at long term relationships. Our domain knowledge helps us understand the clients’ business better, and then propose solutions more aligned to business.

Unlike many Indian IT companies focused on remote infrastructure management and cost arbitrage, we also focus on improving the business KPI’s, for example, how IT can help in faster inventory turns or reduce cycle time for order to cash, or how we can reduce cost to serve for our clients’ end customers.

AK: LET’S TACKLE THE SUBJECT OF TODAY—IT INF� STRUCTURE T� NSFORMATION. HOW DO YOU DO IT? HOW DOES IT T� NSLATE INTO COST SAVINGS?

DJ: IT Infrastructure optimization and transformation has to be looked at through four broad areas:CONSOLIDATION: Our experience of working with customers across industries proves that consolidation is a big lever for cost savings. As IT assets increase so does IT infrastructure complexity, creating signi� cant management problems. In addition, data center energy consumption is skyrocketing, not to mention the energy prices rise. � erefore, the consolidation approach should focus on:

Consolidation of IT operations, such as a central monitoring and • command centre, IT service desk and knowledge databaseConsolidation of IT Infrastructure, such as a reduced number of • datacenters and computer roomsConsolidation of IT procurement. We believe that procurement for • global organizations gives them the scale to negotiate and manage hardware and so� ware spend be� erConsolidation of services through shared model for service desks, and • factory model for application packaging.

46

ETM’S ALI KLAVER interviews DEEPAK JAIN (WIPRO) about enabling your business growth through IT infrastructure transformation.

Transforming

business


47

IT INFRASTRUCTURE TRANSFORMATION ■ ASK THE EXPERT

STANDARDIZATION: Simpli� cation is again an important lever for controlling costs. Over time, many customers have added complexity into their IT environments which could be in the form of disparate applications, operating systems, technologies, processes and tools being used.

We recommend our customers make one-time investments to standardize the IT estate and look at ROI over � ve to seven years.� TIONALIZATION: Application and infrastructure rationalization is another key driver for cost reduction.VIRTUALIZATION: Both on the data center side and on the end user side. � e data center side is where one consolidates the servers and storage across the enterprise. � is leads to lower support costs and easier administration without sacri� cing compute power and storage capacity.

On the desktop side—virtualization of desktop or VDI—this leads to be� er control over the desktops, lower costs and increased ease of desktop management and refresh.

AK: WHY IS IT IMPORTANT FOR A BUSINESS TO DO THIS NOW, PARTICULARLY IN THE CURRENT ECONOMIC CLIMATE? WHAT ARE THE MAIN BENEFITS?

DJ: � e CIO/CTO organizations have realized that a� er a phase of over abundance there is a need to get to a state of equilibrium.

Also, the future trends and technologies, including the disruptive trends like cloud computing, will require organizations to seriously look at consolidation, standardization and rationalization. � erefore, it’s important that organizations are ready to make the best advantage and avoid high transition/migration costs as these trends mature.

� e cost take-out initiative that companies started in 2008-09 also continues because it was a multi-year program. First tranche of savings came in from discounts from vendors. However, to get a sustainable cost advantage, transformation is essential. Without this further cost take-out will be extremely di� cult.

We also believe that organizations will consolidate their business portfolios and that the center of economic activity will shi� to newer geographies—time to market will be the key parameter to gain market share.

� erefore, end users will not be bothered about the technology used but will be more focused on the functionality it delivers. � e economic environment will move customers from being buyers of technology and building on capacity, to looking at capacity on demand and utility models.

Companies that achieve the above will be quick in making the best use of on-demand computing and manage � exibility of infrastructure costs based on business cycles.

AK: WHAT IS YOUR FAVORITE CASE STUDY THAT REALLY HIGHLIGHTS WHAT WIPRO CAN DO IN THIS SPHERE?

DJ: We have multiple case studies to talk about, and there are three important ones in particular.

We are currently engaged with a customer in the energy and utility space to transform their retail business, and one of the key KPI’s is to bring down their cost to serve by 10% per subscriber.

Secondly, we’re working with a client in the retail space to help manage their IT cost as a function per square foot of retail space.

And thirdly, we manage IT cost as a function on the number of subscribers for a client in the telecom space.

All of the above are large deals, not in the context of technology transformation alone, but more importantly in terms of business transformation. We believe that IT costs as a function of customer revenues is important, but linking it to business parameters like the ones above ensures

that IT operations, technology adoption and spend on IT transformation is optimal at all times and can be a function of the business growth.

AK: WHAT ARE THE LEVERS FOR SUSTAINABLE COMPETITIVE ADVANTAGE THROUGH INF� -T� NSFORMATION?

DJ: IT transformation positions organizations to:BE� ER MANAGE COST AND RISK: Our hindsight experience of delivering these services for close to three decades helps us to do the job with the least possible risk, and at the most optimized cost through our Global Delivery Model.SUPPORT BUSINESS INNOVATION: Our domain understanding and its trends helps us to understand our customers’ current and future needs. We drive innovation in our solution to bring about business innovation for our customers.SCALE MORE EFFECTIVELY: We are not into product reselling on a stand-alone basis, and we’re not incentivized to dump more products. We analyze the customers’ current needs and the impact of their ever changing business environment. � at helps us to provide the most optimized solution for today’s challenges while keeping scalability in mind for future growth.REDUCE ARCHITECTU� L COMPLEXITY: � rough application rationalization and infrastructure consolidation, we try to simplify IT for our customers so that it becomes easily manageable and more meaningful to their business.INCREASE THE VALUE OF REVENUE-GENE� TING SERVICES: In many cases today we help our customers to increase their touch points with their own customers, reduce their time to market, help them to deliver more e� cient services to their customers, and become more agile and competitive in the market place.ENHANCED END USER EXPERIENCE: While traditional methods of monitoring IT services have been quite discrete in their approach, today we measure our performance through the eyes of the business user that experiences our services.

It is no longer enough if the servers are up 99.99% and the network is up 99.99% etc; what really ma� ers is that the end user who is trying to complete a transaction through an application is able to do it in the speci� ed time. By monitoring the performance across each layer of the chain we are able to control the performance and deliver enhanced end user experience.

AK LET’S LOOK TO THE FUTURE—WHERE DO YOU SEE THE FUTURE OF IT INF� STRUCTURE T� NSFORMATION IN THE NEXT TWO TO FIVE YEARS, AND WIPRO’S PART IN IT?

DJ: Wipro is very actively promoting a concept called “21st Century Virtual Corporation”. Essentially it means organizations globally should have:

A detailed look at core and non-core processes• Lean process optimization to drive sustainable productivity improvement• Optimization of technology to enable innovation• Extended execution leveraging “partners” versus contractors in a whole • new way.

By virtue of three decades of experience in IT services and solutions, Wipro is increasingly being chosen as a partner of choice by customers for IT transformation.

Customers are increasingly looking to achieve business and IT alignment, more meaningful reporting, be� er coordination between various departments, a reduction of the overheads associated with managing multiple vendors, and so on.


EXECUTIVE PANEL ■ SECURITY INFORMATION AND EVENT MANAGEMENT

50

Actionable Intelligence

51

SECURITY INFORMATION AND EVENT MANAGEMENT ■ EXECUTIVE PANEL

AC: WHAT ARE YOUR CRITICAL SUCCESS TIPS FOR USERS? HOW DO YOU INCREASE THE CHANCE OF SIEM DEPLOYMENT BEING SUCCESSFUL EARLY ON AND THEN GET TO ONGOING OPE� TIONAL SUCCESS?

ML: � e most important thing is to manage expectations and align the necessary resources. Ensure that you have agreement from every department that expects to bene� t from a SIEM, and make sure the technical resources they can apply to the planning and implementation phases, as well as what metrics they’re going to use, measure the success.

When working with larger organizations and enterprises with de-centralized networking, it’s likely that a SIEM vendor was probably selected having gone through a proof of concept deployment. � e learning from these test runs can be critical to planning and successfully implementing production SIEM’s.

Identify where the obstacles throughout the organization might be as well as the individuals who support the e� ort and can help champion the cause, trying to � nd some way that each area of the enterprise will bene� t from the tool.

Also, don’t assume that a SIEM that performs well in its concept with just two weeks’ worth of production data will perform equally as well with 12 months. If you can’t generate in the kind of volume your SIEM will be faced with in the real world, make sure the vendor can supply sample data or provide access to a host with commensurate volumes of information to demonstrate what you’ll be faced with a year down the road.

DU: I agree with you in terms of the POC and production environments. A lot of folks don’t anticipate what their volume will be and assume that it’s going to be able to scale. Vendors can provide tools to inject that data and there are other options to help you do that.

Se� ing expectations and ge� ing executive sponsorship and support is very key. � e customers that we’ve seen have the most success with implementations. It starts from the top, assigning resources and making sure that folks are on board.

� ere are some process changes that go along with it—the technology is not going to work like magic. It’s a tool and it needs to be adopted by individuals and users.

I would also suggest you start with simple use cases based on policies you’ve already de� ned and for which you may or may not already have processes in place, but at least you’re starting small and you can get them in place. � at helps you to validate and gain con� dence in the system.

One example would be server monitoring. You want to try to identify whether someone is compromising a server and knowing this information can prevent insider abuse before signi� cant damage is done. So ge� ing server user monitoring processes in place is an early use case to start with.

Another common use case is � rewall monitoring to meet compliance needs as well as to make sure that you can identify activity pa� erns for forensics purposes, for example. � e next thing would be to really iterate over these use cases.

So you start with the simple use cases and then plan for the next phase of use cases which maybe a li� le bit more advanced. � is way you’re taking baby steps as you go, validating, making accomplishments, and then preparing yourself for future success.

AA: You should think of it as a classic IT project. Plan, install, tune and train. When I say plan, it’s about involving the stakeholders who might use this and then, be� er yet, the vendor that you’ve selected, because quite o� en they can have useful advice for you. � ink about volume, usage, what you’re going to audit and so on.

DR. ANTON A. CHUVAKIN talks about the usability and integration of

security information and event management and touches on log management

with the added benefi t of three industry experts; MICHAEL LELAND (NITROSECURITY), A.N. ANANTH (PRISM MICROSYSTEMS) and DEBBIE UMBACH (RSA, THE SECURITY DIVISION OF EMC).

HEAD TO HEAD ■ BUSINESS PROCESS-DRIVEN ALM

62

ETM’S ALI KLAVER chats to EDDY PAUWELS (SERENA SOFTWARE) about business process-driven application lifecycle management and how they link to each other, as well as how businesses can benefi t from such a strategy.

ETM’S ALI KLAVER chats to EDDY PAUWELS

Create your own app factory


63

BUSINESS PROCESS-DRIVEN ALM ■ HEAD TO HEAD

AK: EDDY, CAN YOU GIVE US A QUICK INTRODUCTION OF YOURSELF AND SERENA SOFTWARE?

EP: I am based out of Belgium and head up the Product Marketing Department for ALM within Serena and have been with the company for about � ve years. I have a Masters in Computer Science from the University of Brussels and I have been working in ALM for over 20 years now.

During those years I have witnessed the evolution in methods as well as in tooling to support the development process and have seen applications morph from a monolithical source � le to currently thousands of tiny li� le � les that need to be combined.

I have also seen development teams being spread more and more globally. I have seen the internet changing the capabilities we have in the marketplace, and also the number of platforms and operating systems that have been introduced over the years.

As a result, the complexity to build applications with con� dence has only become harder to do and this is actually one of the main reasons that brought me to Serena. We have a mission to help enterprises develop and deliver applications with con� dence, given the increase in complexity and pressure from the business.

So who is Serena? Serena is an enterprise skill company with over 29 o� ces worldwide. We have over 700 employees of which more than 300 are in engineering which is signi� cant for a company in IT. We produce over $200 million in revenue each year.

We have a size that enterprises feel comfortable working with and that sets us apart from the smaller players, but on the other hand we also have a very dedicated focus on ALM and app factories which set us apart from the mega-vendors because they can’t bring that to the party.

Serena is owned by Silver Lake which is the world-leading technology investor. As a company we think that, as in a modern supply chain driven factory where you can order highly customized products and get them into a predictable period of time, plus get them in high quality and at competitive cost, it should be the same when you’re creating applications. � ey should come in the same predictable way so that you can develop them similar to those supply chains within factories. � is is what we call “create your own app factory”.

At Serena we have developed a solution set to deliver and create your own app factory yourself. � e purpose of a factory, if you look at the factory itself, is to produce goods that are in demand in the market so that they can be sold and pro� t can be made.

Similarly, you want apps that can be used within a business because the business demands it, and they can add value to the business process. � is is why I love to speak about business process-driven ALM.

AK: WHAT DO YOU MEAN BY BUSINESS PROCESS-DRIVEN ALM?

EP: As I mentioned before, more and more apps are getting at the core of the business process. In today’s world, apps are critical to create competitive advantage regardless of industry. I see it in all business areas—banking, automotive, air space and defence.

Organizations want to have killer apps—those that bring in revenue more effectively than the competition and that remove cost more effectively than the competition. They can provide necessary transparency more effectively than the competition, and better service to customers more effectively than the competition as well.

This is what killer apps are, and if you can’t deliver them on time then your competitor or successor will. This is what organizations are trying to look for—applications within that business that can

differentiate themselves and set themselves apart.

Understanding the business process is vital to being successful. Another vital aspect is the timing, because the window that you have in order to create something new that is leading edge is very small in today’s economy because everything is moving so fast.

So whenever possible, you should aim to try to configure apps or assemble them together so that you can create new processes and automate them. You have to be able to do this with a limited set of resources because IT is very constrained with resources.

In the early days the only way to create a new application was by coding or engineering and it took sometimes months or years to do it. Now we have learned over time what we can deliver some of them by configuring and assembling them together.

Configuring apps are especially suited for automating business processes that are evolving rapidly because business itself can evolve very rapidly, so sometimes you even need overnight agility to respond to those requirements and this is where configuring apps is the way to go.

Sometimes, if you don’t have the building blocks or it’s too complex, you need to use the limited IT resources, but in order to be successful they need to have a very close alignment and understanding of the business and the processes itself.

So the way I look at business process-driven ALM means putting the business processes and constraints at the forefront of the development process so that you can create those killer apps. Ideally you could do that by configuring, assembling or by coding them, but always put the business process upfront.

AK: WHAT DO YOU MEAN WITH CONFIGURING APPS? I HEARD YOU TALK ABOUT PROCESS AUTOMATION, SO HOW DOES THAT LINK TO BPM AS WE KNOW IT TODAY?

EP: I have been asked that a couple of times, and I think that business process management and automation has indeed some alignment with what I call con� guring of apps. But the problem lies more in the details.

When you’re looking at the traditional BPM tools they are extremely labour intensive. I heard some of our customers talking about creating those applications in months. What we do with Serena technology is provide an ecosystem that allows you to create those applications with the more technical savvy business people so that you can collaborate with IT, but not necessarily consuming all the IT resources for doing it.

� is way you’re not only reducing the amount of IT resources that you need, but you’re also doing it in a tenth of the time and cost in comparison to the traditional BPM tools in the market. � is gives us a unique position in the space.

We do that by providing a tool that is extremely � exible and simple, it is highly graphical as well so that you can con� gure those modules in a graphical way with limited or no coding at all which gives you the possibility to come to market extremely quickly. We’re giving you almost overnight agility in order to be able to respond to the changes that you might have in your business environment.

Every year or so the high technology industry gets a new buzzword or experiences a paradigm shi� which is hyped as “the next big thing”.

For the last 12 months or so, cloud computing has had that distinction. Anyone reading all the vendor-generated cloud computing press releases and associated news articles and blogs would conclude that corporations are building and deploying both private and public clouds in record breaking numbers.

� e reality is much more sobering. While there is a great deal of interest in the cloud infrastructure model, the majority of midsized and enterprise organizations are not rushing to deploy private or public clouds in 2010.

An ITIC independent web-based survey that polled IT managers and C-level professionals at 700 organizations worldwide in January 2010, found that spending on cloud adoption was not a priority for the majority of survey participants during calendar 2010 (see Figure 1).

However, that is not to say that organizations—especially mid-sized and large enterprises—are not considering cloud implementations. ITIC research indicates that many businesses are more focused on performing much needed upgrades to such essentials as disaster recovery, desktop and server hardware, operating systems, applications, bandwidth and storage before turning their a� ention to new technologies like cloud computing.

Despite the many articles wri� en about public and private cloud infrastructures over the past 18 months, many businesses remain confused about cloud peci� cs such as characteristics, costs, operational requirements, integration and interoperability with their existing environment or how to even get started.

DE-MYSTIFYING THE CLOUDWhat is cloud computing? De� nitions vary. � e simplest and most straightforward de� nition is that a cloud is a grid or utility style pay-as-you-go computing model that uses the web to deliver applications and services in real-time.

Organizations can choose to deploy a private cloud infrastructure where they host their services on-premise from behind the safety of the corporate � rewall. � e advantage here is that the IT department always knows what’s going on with all aspects of the corporate data from bandwidth and CPU utilization to all-important security issues.

Alternatively, organizations can opt for a public cloud deployment in which a third party like Amazon Web Services (a division of Amazon.com) hosts the services at a remote location. � is la� er scenario saves businesses money and manpower hours by utilizing the

What are the organization’s top IT spending prioritiesfor 2010 (select all that apply*)?

Disaster recovery 47%45%

44%41%

37%36%36%

35%31%

30%27%

24%17%

15%13%

11%11%

10%9%

6%2%

Upgrade server hardwareDeploy new apps to support the business

Server virtualization softwareReplace older versions of server OS

SecurityUpgrade desktop OS

Upgrade desktop hardwareStorage

Upgrade legacy server-based apps/DBsImprove revenue and profitability

Increase bandwidthSkills training for existing IT staffers

Desktop virtualization (VDI)Upgrade the WAN infrastructureAdd remote access and mobility

Application virtualizationGreen datacenter initiatives

Add IT staffBuild a private cloud infrastructure

Implement a public cloud infrastructure *Total may exceed 100%

Copyright © 2009 ITIC All Right Reserved

ANALYST FEATURE ■ CLOUD COMPUTING

LAU� DIDIO (ITIC)talks about the partnerships, and divisions, between the two sets of players in the current virtual desktop infrastructure market—Citrix/Microso� and VMware/EMC.

The pros and cons of cloud

68

host provider’s equipment and management. All that’s needed is a web browser and a high-speed internet connection to connect to the host to access applications, services and data.

However, the public cloud infrastructure is also a shared model in which corporate customers share bandwidth and space on the host’s servers.

Organizations that are extremely concerned about security and privacy issues, and those that desire more control over their data, can opt for a private cloud infrastructure in which the hosted services are delivered to the corporation’s end users from behind the safe con� nes of an internal corporate � rewall.

However, a private cloud is more than just a hosted services model that exists behind the con� nes of a � rewall. Any discussion of private and/or public cloud infrastructure must also include virtualization. While most virtualized desktop, server, storage and network environments are not yet part of a cloud infrastructure, just about every private and public cloud will feature a virtualized environment.

Organizations contemplating a private cloud also need to ensure that they feature very high (near fault tolerant) availability with at least “� ve nines” (99.999%) uptime or be� er.

� e private cloud should also be able to scale dynamically to accommodate the needs and demands of the users. And unlike most existing, traditional datacenters, the private cloud model should also incorporate a high degree of user-based resource provisioning.

Ideally, the IT department should also be able to track resource usage in the private cloud by user, department or groups of users working on speci� c projects for chargeback purposes.

Private clouds will also make extensive use of business intelligence and business process automation to guarantee that resources are available to the users on demand.

Given the Spartan economic conditions of the last two years, all but the most cash-rich organizations (and there are very few of those) will almost certainly have to upgrade their network infrastructure in advance of migrating to a private cloud environment.

Organizations considering outsourcing any of their datacenter needs to a public cloud will also have to perform due diligence to determine the bona � des of their potential cloud service providers. � ere are three basic types of cloud computing although the � rst two are the most prevalent. � ey are:

So� ware as a Service (SaaS)• which uses the web to deliver so� ware applications

to the customer. Examples of this are Salesforce.com, which has one of the most popular, widely deployed, and the earliest cloud-based CRM application; and Google Apps, which is experiencing solid growth. Google Apps comes in three editions—Standard, Education and Premier (the � rst two are free). It provides consumers and corporations with customizable versions of the company’s applications like Google Mail, Google Docs and Calendar. Platform as a Service (PaaS)• o� erings; examples of this include the above-mentioned Amazon Web Services and Microso� ’s nascent Windows Azure Platform. � e Microso� Azure cloud platform o� ering contains all the elements of a traditional application stack from the operating system up to the applications and the development framework. It includes the Windows Azure Platform AppFabric (formerly .NET Services for Azure) as well as the SQL Azure Database service. Customers that build applications for Azure will host it in the cloud. However, it is not a multi-tenant architecture meant to host your entire infrastructure. With Azure, businesses will rent resources that will reside in Microso� datacenters. � e costs are based on a per usage model. � is gives customers the � exibility to rent fewer or more resources depending on their business needs. Infrastructure as a Service (IaaS)• is exactly what its name implies: the entire infrastructure becomes a multi-tiered hosted cloud model and delivery mechanism. Both public and private clouds should be � exible and agile. � e resources should be available on demand and should be able to scale up or scale back as business needs dictate.

CLOUD COMPUTING—PROS AND CONSCloud computing like any emerging new technology has both advantages and disadvantages. Before beginning any infrastructure upgrade or migration, organizations are well advised to � rst perform a thorough inventory and review of their existing legacy infrastructure and make the necessary upgrades, revisions and modi� cations.

Next, the organization should determine its business goals for the next three to � ve years to determine when, if, and what type of cloud infrastructure to adopt. It should also construct an operational and capital expenditure budget and a timeframe that includes research, planning, testing, evaluation and � nal rollout.

PUBLIC CLOUDS—ADVANTAGES AND DISADVANTAGES� e biggest allure of a public cloud infrastructure over traditional premises-based network infrastructures is the ability to o� oad the tedious and time consuming management chores to a third party. � is in turn can help businesses:

Shave precious capital expenditure • monies because they avoid the expensive investment in new equipment including hardware, so� ware and applications as well as the a� endant con� guration planning and provisioning that accompanies any new technology rollout. Accelerated deployment timetable.• Having an experienced third party cloud services provider do all the work also accelerates the deployment timetable and most likely means less time spent on trial and error. Construct a � exible, scalable cloud • infrastructure that is tailored to their business needs. A company that has performed its due diligence and is working with an experienced cloud provider can architect a cloud infrastructure that will scale up or down according to the organization’s business and technical needs and budget.

� e potential downside of a public cloud is that the business is essentially renting common space with other customers. As such, depending on the resources of the particular cloud model, there exists the potential for performance, latency and security issues as well as acceptable response, and service and support from the cloud provider.

Risk is another potential pitfall associated with outsourcing any of your � rm’s resources and services to a third party. To mitigate risk and lower it to an acceptable level, it’s essential that organizations choose a reputable, experienced third party cloud services provider very carefully.

Ask for customer references and check their � nancial viability. Don’t sign up with a service provider whose � nances are tenuous and who might not be in business two or three years from now.

� e cloud services provider must work closely and transparently with the corporation to build a cloud infrastructure that best suits the business’ budget, technology and business goals.

To ensure that the expectations of both parties are met, organizations should create a checklist of items and issues that are of crucial importance to their business and incorporate

CLOUD COMPUTING ■ ANALYST FEATURE

69

EXECUTIVE PANEL ■ IT OUTSOURCING

72

MIKE ATWOOD (HORSES FOR SOURCES) moderates

a panel discussion on IT outsourcing touching on transformation,

the cloud and some fantastic case studies with the help of CHUCK VERMILLION (ONENECK IT SERVICES) and KARINE BRUNET (STERIA).

A marriage of sorts


73

IT OUTSOURCING ■ EXECUTIVE PANELL

MA: AS YOU EXPAND YOUR BUSINESS, WHAT IS YOUR IDEAL CLIENT AND WHAT LETS YOU RECOGNIZE THAT?

KB: A typical client is one that wants to experience a big transformation in the coming months or years. It can be transformation of its IT or its entire organization, perhaps through mergers and acquisition. I think this is where an outsourcer can bring the best value.

Looking especially at the pro� le of Steria, we work very closely with our clients to assist them in their transformation. So for us, a very good client is one with a transformation agenda.

MA: AND IN TERMS OF IT RESOURCES, IS WHAT YOU’RE PROVIDING HOSTING, AND HOW DOES THAT HELP WITH A T� NSFORMATION?

KB: I think we’re providing not resources but services, and that’s what we mean by outsourcing.

Steria is a mid-sized player in the market and it’s one of the top ten players in the European market. One of our di� erentiators is the fact that we have very good proximity and � exibility with our clients.

Prior to migrating a client, one of our key capabilities is to be � exible enough in the transformation phase to adapt our service solution to whatever the client challenges are. Another demonstration of that � exibility may lie in that one part of our service incorporates an o� shore alternative, but we may still need people on site for certain services because the client is not mature enough to have everything fully outsourced.

We are able to accommodate that, and then industrialize the service delivery and the service mechanism to achieve an e� cient delivery.

MA: DO YOU PROVIDE ANY T� NS-FORMATIONAL CONSULTING SERVICES?

KB: We provide two types of transformation consulting services; one in the technical aspect which is about transforming your IT infrastructure—meaning virtualization and platform as a service or cloud—and one which is much more on the organizational level.

Restructuring the way you operate your IT services can be tricky, but as a mid-sized player, we see more and more clients deciding on selective sourcing. � is requires that they organize the governance, processes and how they’re going to manage multiple suppliers, as well as the potential to mix with internal teams.

We also provide organizational consulting to assess the maturity of the organization and their processes, and advise on that.

MA: CHUCK, WHAT IS YOUR IDEAL SCENARIO?

CV: For us it starts with pain—we don’t like that our customers are in pain—but we like to talk to companies that are experiencing pain because, generally speaking, they’re trying to avoid the experience of managing their own IT systems and have just had enough. � ey want someone else to do it for them.

Or, they recognize the pain when they’re implementing a new system and have decided they’re not up to the task of e� ectively managing that new environment.

� e second thing we look for is a complicated environment. I think we really di� erentiate ourselves when we � nd that it’s not just a single application our customers are looking to host or outsource, but rather, they’re looking to outsource a multiple set of applications on several di� erent types of infrastructure.

� is is where we’re best able to di� erentiate our capabilities.

MA: AND DO YOU PROVIDE ANY SORT OF T� NSFORMATIONAL SERVICES?

CV: IT outsourcing generally creates transformation within a company because you’re signi� cantly changing the way they view and access their IT services. With regards to calling it transformational services—no, we don’t provide any services described as such.

We know who we are as an outsource provider of IT services. We pride ourselves on the fact that customers would look at us not as a vendor, but recognize us as one of their employees.

MA: ONE OF THE ISSUES THAT NORMALLY ARISE WHEN SOMEONE IS THINKING ABOUT OUTSOURCING IS: WHAT EXACTLY DO I OUTSOURCE? WHAT IS THE SCOPE OF THE OUTSOURCING PROJECT, AND WHAT AM I GOING TO SEND OUT? CHUCK, WHAT WOULD YOU ADVISE A CLIENT THAT THEY SHOULD OUTSOURCE?

CV: We can provide a broad array of services and do everything for our customers; from as low as the base infrastructure providing the data centre services, all the way through

the application level that includes not only the enterprise or ERP application management, but also functional consulting on top of that.

Our support centre is one where someone can not only call in if they’re having a technical issue, but they can also call our support centre if they’re having functional issues, such as ge� ing a batch release in the ERP system, or how to be� er use the manufacturing functionality to accomplish a particular task.

Also, with regards to the EDI or electronic data interchange, we will host and manage customers’ EDI translators. We’ll establish the trading relationships with the trading partners, test those transaction sets, and then ensure that they go forward in production.

When there are errors � agged by the translator, we’ll research the nature of the issue and then forward that information back to someone in the company to help � x whatever data issue is causing the problem. It’s almost business process outsourcing in some of these cases.

We also do outsourcing of desktop administration. In some cases it’s done with on site desktop resources, and in others it’s done with the desktop resources in our location in a depot fashion. We have a very broad capability.

MA: AND WHEN YOU DO THE OUTSOURCING, WHAT ASSETS DO YOU OWN AND WHAT ASSETS DO YOU ADVISE THE CLIENT THAT THEY OUGHT TO KEEP OWNERSHIP OF?

CV: We’re pre� y � exible with regards to asset ownership. Generally speaking, we encourage customers to keep the assets they started with. We move the assets from their facilities to our facilities and provide the services.

However, as the relationship starts to mature and the assets come to the end of their useful life, our customers can decide what they’re going to do from a new equipment acquisition perspective. O� entimes they look to OneNeck’s cloud services as an alternative to owning their own assets. However, from a desktop perspective, they normally continue to own their own assets.

MA: IS THERE SOME SCOPE THAT WOULD BE TOO SMALL OR THAT YOU WOULDN’T TAKE ON?

CV: No, for us it’s all about making sure our customers are satis� ed and that we’re solving a business problem.

have everywhere is to verify that the accounts for these departing employees have been properly terminated.

� ere is a use case which is called the pink slip null which is essentially when HR tells you that a person has been let go or has chosen to resign, which to IT means that their access and accounts must be removed from the

directory. You can put that username into your list and start looking for any activity from those usernames for the next few weeks.

� is is a failsafe to make absolutely sure that there is no further activity. If you’re doing Active Directory you’ve probably removed that username or disabled them, but they could have con� gured a service with their name, as we

ASK THE EXPERT ■ SECURITY INFORMATION AND EVENT MANAGEMENT

SIEM satisfaction

AK: ANANTH, COULD YOU GIVE US A FEW EXAMPLES OF SIEM IN OPE� TIONAL USE CASES?

AA: One example that’s clear in these recessionary times is that people have had turnover in sta� , particularly in North America, as so-called pink slips. A problem that IT people

One of the most ignored bene� ts of security information and event management technology is using SIEM technology to improve overall IT operations. A. N. ANANTH and STEVE LAFFERTY (PRISM MICROSYSTEMS) talk to ETM’S ALI KLAVER about how improved operations is seldom given much a� ention but might well provide the most tangible cost justi� cation.

84

found out with one of our customer locations some time back.

So it’s a good idea to do this because it’s very inexpensive to run and should be coming up empty if you’ve done your job right. It’s a fantastic way of assuring yourself that things have gone according to plan.

If you look at the security vulnerabilities, a lot of it happens because of default accounts that have been dormant for a long time and no one ever turned them o� a� er the use was over. So the pink slip null is a really good operational use case.

Another example is update failure of antivirus. One of our customers is a government contractor that chooses to use McAfee, and their concern is that the antivirus has not updated on a nightly basis. � ere is no fun in looking for successes because most of the time that’s what you get, but they look for an update failure and those desktops or servers, for whatever reason, couldn’t update.

A very small percentage of machines will have this issue so it’s a small report, but it’s also very useful because this is an operational problem. If any of your machines are not properly updated they could potentially infect the whole network.

SL: Operations is tasked with keeping the infrastructure running. Typically, when something goes wrong in the infrastructure, the only way they hear about it is when a user calls and says their service or application isn’t running.

With SIEM collecting all of the information from all the systems, applications, users and everything else, it has unique knowledge of things that will going wrong before they go wrong. So operations can go in there and proactively prevent things from happening before the user is actually impacted.

It can also monitor things, as Ananth mentioned before, like process and service monitoring and virtual infrastructure monitoring.

All these infrastructure components that are pulling o� logs that the SIEM product is monitoring—collecting, alerting on and everything else—greatly helps operations in being able to keep that infrastructure running well and available to the end users.

AK: IT SEEMS THAT SIEM IS ALMOST A SAFEGUARD IN ANTICIPATING WHAT WILL HAPPEN � THER THAN DEALING JUST WITH THE CLEANUP, SO THE BENEFITS ARE FAIRLY TANGIBLE AND OBVIOUS.

AA: Yes—a� er all, the old adage about an ounce of prevention being worth a pound of cure is right in this sense. � e ROI with this technology in the operations use case is quite compelling.

We’re well aware that IT budgets everywhere are under pressure and are shrinking. For example, the typical ratio of system administrator to server which used to be 1-25 a year or so ago has jumped up to 1-40. � at means one system administrator is now responsible for 40 machines and this is even true a� er you have virtualized.

So the pressure on the system administrator to manage these machines and uptime is a big deal for all these organizations. � ese machines all have some business function, otherwise they wouldn’t exist.

To be able to automate this so that expensive expert admins can focus on the real issues and those that are going to become issues, as opposed to having to chase your tail and react all the time, is a compelling one. Ops people will generally � nd that this technology can be their friend. � ey’re the ones who su� er all the time having to stay back on long weekends for upgrades and being called in the middle of the night.

� e more that you can head that o� at the pass, as it were, the be� er SLA you’ll have in your organization.

SL: � ere is also a lot of functionality that SIEM will provide to help with capacity planning and performance of your critical systems.

Looking at CPU trends, memory trends and disk space trends allows you to anticipate long term issues and plan well in advance to get more disk space, put more memory in, or perhaps deploy your critical applications on bigger servers.

AK: SO SIEM ACTUALLY TIES INTO THE OVE� LL BUSINESS ST� TEGY AS WELL?

AA: Traditionally, SIEM has been something that only a subset of the IT department has tended to use for limited purposes, for example, security or compliance. � is is shallow root, meaning the technology is capable of doing a lot more within the enterprise, but that potential is not realized.

We know that data owners, usually middle management, are the people that understand the data best, but IT is the custodian of the system on which the data resides, and

this technology can do a lot for middle management.

So if you present this information to the end users of the data it would be of much greater value to the entire business process. As the technology is currently used and named (SIEM) it is o� en limited to one or two tricks, however it’s capable of a lot more and of o� ering much greater value.

SL: Certainly, the business owner can provide context to the data that IT operations simply can’t because they don’t understand the usage pa� erns and the typical things that people would do in their operation or in their organization—so that’s a great point.

AA: To give you a speci� c example of this; a sales manager focuses entirely on quotes and he knows about underperforming sales people.

For example, say a member of the team isn’t doing well and the sales manager is unhappy with him. � e fact that that salesman has sensed it and has begun copying all of his quotes o� onto a USB would be a major red � ag for the sales manager, but might mean nothing at all to IT because that salesman is authorized and within his rights to do this.

Showing that kind of trend to the data owner versus the custodian can make a huge di� erence and can be very valuable inside an enterprise.

AK: WHY DO YOU THINK OPE� TIONS GETS SHORT SHIFT WHEN COMPARED TO SECURITY COMPLIANCE?

AA: I do think that the security guys thump their chests and get a lot of a� ention. Quite frankly, in 2010, security is everyone’s problem and has loomed large in all of our sensibilities.

Our observation is that security folks will typically leverage the compliance requirements in order to get whatever they need and operations comes third in the sense that, once the evaluation is done, operations gets to actually use it. So their use cases aren’t o� en considered on par.

It is also a fault of the analyst community that has chosen to position this technology as SIEM—this is limiting in and of itself.

� e log management space has a number of applications, security being perhaps one of the most important, but it’s certainly not the only one. If a user chooses to limit their use of this technology and security, that’s � ne, but it doesn’t mean the technology itself is limited in some fashion.

SECURITY INFORMATION AND EVENT MANAGEMENT ■ ASK THE EXPERT

85

HEAD TO HEAD ■ SEARCH TECHNOLOGY

AK: CAN YOU GIVE US A BRIEF OVERVIEW OF COGNITION, WHAT YOU DO, AND PERHAPS TOUCH ON THE BACKGROUND OF THE TEAM YOU WORK WITH?

KD: Cognition Technologies, based in Culver City, California, is made up of a team of PhD’s that have been with me for 20 years. We have developed, with over 450 man years, a search engine that is years ahead of its time.

While everyone else has been developing statistics-based search, we have been using linguistics to really understand the complexity of language so that the computer will understand you. It is the next evolution in search technology.

We patented a semantic search architecture, known as CognitionSearch, that employs a unique mix of linguistics and mathematical algorithms. We’ve developed a special program that actually understands English to some extent. And I really stress “understand”. � e Cognition team has built the largest computational semantic map of English in the world today.

Almost all search engines use statistics or popularity rankings to bring up search results based on your search terms or phrases. Google, for example, uses a combination of statistical methods and popularity rankings. But the problem with statistics or popularity rankings is that you only get the most “likely” results for your search. It is just not possible for it to be precise.

Cognition is precise, while at the same time being complete and exhaustive in what it � nds. � is di� erence between statistical methods and popularity rankings and what we do is huge. We understand the search terms and phrases.

I started at IBM working on this in the 80s, and now with a team of PhD computational linguists we have gone against the popular opinion of our time. I have really invested in the belief that what we call semantic search is critical to being able to do e� ective search.

So to clarify what we do, because it is a bit complicated, we not only understand the search terms or phrases, but we also get all the synonyms within a context. � is issue of context is super important in search. Just think about any time you say something—it’s not just about the words, it’s also

88

ETM’S ALI KLAVER talks with DR KATHY DAHL-GREN (COGNITION TECHNOLOGIES) about an innovative approach to meaning-based text processing technology. Among a discussion on market trends and the bot-tom line, it’s clear that Cognition is at the forefront of search—now and into the future.

A question of semantics


89

SEARCH TECHNOLOGY ■ HEAD TO HEAD

everything around it. For example, if you want to look up websites on heart disease, you’re not interested in documents about “the heart of the city” or “the heart of the ma� er”.

Cognition understands the context to � nd only the desired information. At the same time, Cognition � nds synonyms like “cardiac disorder” and more speci� c concepts like “ischemia” and “� brillation”. We understand what you’re looking for so we can get 90% precision and 90% recall linked not only to the search terms but to the “meaning” of what you’re looking for.

CognitionSearch really helps organizations that need to � nd very speci� c information in terabytes of data. We have developed solutions for law � rms and scientists developing drugs to � nd very speci� c information in their unstructured data.

For example, if you’re looking in a huge database of scanned articles and you want to � nd one relevant piece of information among literally tens of thousands of documents and emails, it takes half the amount of time with Cognition as with other methods. And Cognition � nds the smoking gun that can be missed altogether because of variations in wording.

We deliver savings of 50% for our customers just by eliminating the sheer man hours that are needed to go through all that unstructured data.

I also want to stress how easy we are to integrate into your technology stack—we’re certainly not a headache at all. We work on Windows and Unix and are a plug and play kind of technology. CognitionSearch easily � ts on top of any unstructured data environment.

AK: WHY ARE YOU FOCUSING ON THE SEMANTIC WEB NOW? WHAT HAS CAUSED THE RISE IN SEMANTIC SEARCH?

KD: There’s a lot of buzz relating to upcoming “Web 3.0” and the semantic web. Over the last 15 years, finding simple terms through popular queries has been the norm.

Even though in total count 80% of today’s queries are popular, in terms of distinct queries, 80% of them are unique. This “long tail” presents a daily problem, especially for the professional searcher with something very particular in mind.

Attempting more specific or complex queries has made all of us aware of the drawbacks of today’s search technologies. More and more, people want to think of the web as a giant database from which they can get answers to their questions.

To sort through all this information requires context, disambiguation of the queries and the use of more natural or conversational language. Simply said, when a computer understands meaning it can do intelligent search, reasoning and combining. This demands the kind of semantic capabilities that Cognition has now.

One of the interpretations of the term “semantic web” has involved hand coding of documents with semantic tags and relationships among them. Semantic tagging has had a following but ultimately it won’t be practical.

As content continues to grow at an exponential pace, who is going to do all the tagging and how do all the definitions stay synchronized? For others, the semantic web means automatically interpreting the documents for meaning and automatically inferring relationships among them.

This will become the mainstream approach and this is what the CognitionSearch tools enable.

AK: TAKE US THROUGH WHAT YOU CAN OFFER YOUR CUSTOMERS. HOW WILL WORKING WITH YOU IMPROVE THINGS SUCH AS APPLICATION PERFORMANCE, USER SATISFACTION AND SO ON?

KD: Cognition is helping Microso� Bing bring intelligence to their search function in collaboration with Microso� division Powerset.

Cognition Text Analytics analyze a document base for word, concept, frequent word sequences and unknown words. Measures of frequency and salience are reported. � ese analytics highlight unusual or unexpected terminology which may be suspicious for a legal case or very useful in a market research case. Also, they provide input to a customization process where the “company speak” or local slang of the client or customer base can be added to the Cognition semantic map.

Cognition More-Like-� is interprets the meaning of documents and can � nd those with similar content. � e basis document can either be a document in a Cognition index or any document identi� ed by URL. Unlike other document-similarity systems, Cognition More-Like-� is is based on conceptual similarity rather than string similarity.

Auto-categorization is where Cognition reads and understands documents, and places them in categories provided by the client. Auto-categorization compares the salient concepts with given category meanings and ranks the match. Various statistical methods are deployed for the comparison along with the Cognition ontology.

Cognition Document Foldering enables the user to automatically place documents in pre-chosen topic areas, for example, for a legal case. Foldering queries are o� en complex concept Booleans that express the content of the topic areas, and the results are segregated into the appropriate folders. Each part of the Boolean is interpreted linguistically with semantic concepts.

� e semantic search engine, CognitionSearch, is available for use in, for example, Wikipedia.cognition.com and medline.cognition.com. Users experience � nding all and only the desired information and don’t waste time browsing irrelevant documents. Cognition � nds the particular content you‘re looking for.

� e Cognition Ad Matcher interprets the meaning of queries, documents and phrases and ad copy. Using meaning as the medium, this ad placement technology maximizes the number of ad phrases matched and minimizes the poor matches.

AK: HOW DOES COGNITION DIFFER TO OTHER SOLUTION PROVIDERS IN THE MARKET AT THE MOMENT?

KD: Other solutions in the space use pa� ern-matching or statistical methods to compute relevance, guess meaning and match documents and query. Such methods make many errors, typically performing with 20% precision and recall.

Statistical methods are popular as they have the promise of relatively low development cost while yielding improvements that are hoped to be

“Many companies need highly precise and thorough search capabilities of their unstructured data—we can deliver that and we are the only ones who can!”

PAUL BURNS (NEOVISE) shares with ETM why every CIO must embrace Service Level Management as a way to transform the IT organization.

Service Level Management (SLM) is not the ho� est hot topic in IT. In fact, it is not even a new topic. SLM has been in use for many years, improving IT service quality,

performance and availability. It has also been used to increase customer focus and grow the maturity of the IT organization.

Still, many CIOs have yet to implement SLM to any signi� cant degree. Some remain focused on infrastructure and technology

components rather than the more abstract notion of IT services. Others have implemented ad hoc processes which address—at least super� cially—a couple of aspects of SLM such as service level monitoring or reporting.

� is is not to suggest that ad hoc implementations are not worthwhile or that “to do SLM properly” requires strict adherence to every possible element of SLM. � e idea is that SLM must be � rmly embraced in order to achieve the most bene� t. Of course, there are

always a large number of projects and processes competing for the a� ention of IT, and not all of them can be managed to peak levels of bene� t. So why should an investment in SLM receive priority over other initiatives?

While seven speci� c reasons will be o� ered here, it is also helpful to look at two conceptual bene� ts of “SLM done right”. First, SLM can be foundational. Rather than being treated as an independent process, SLM should provide support to other critical IT processes.

SLM should not just be about monitoring and reporting on service levels, it should also be about ensuring the right resources are applied to the right services in order to optimally support user needs.

To do this, the SLM process needs to link with other IT processes from � nancial management and service de� nition to supplier management and continuous improvement.

� e second conceptual bene� t of SLM is that it can be transformational. SLM should be used to drive a greater understanding of customer needs and their relative business priorities. � is clarity should result in far be� er alignment between the IT organization and the business it serves.

� e actions of IT should then begin to provide more direct value through consumable services rather than indirect value through the technology infrastructure that supports those services.

SLM as a transformational process not only helps the IT organization see the world

di� erently—it helps IT take more of a leading role within that world.

With the conceptual bene� ts of SLM in mind, as well as some SLM philosophy, every CIO should be ready to learn why they must embrace SLM. If your IT organization is already using SLM heavily, the following seven points should still provide some fresh thoughts on what you could be ge� ing from your SLM process. If SLM is still an ad hoc process or only used on a limited basis within your organization, these seven points may help you identify some important gaps.

Finally, if you are still just considering SLM, it is hoped that these seven reasons will provide that last bit of evidence or motivation required to move your SLM project forward.

REASON ONE: SLM IS FOCUSED ON SERVICESLet’s face it; most IT consumers only care about the services they receive and not at all about the underlying technology. While that shouldn’t be

news to any CIO today, the idea of managing services rather than technology has not yet fully permeated all IT organizations.

� e concept of a service is supposed to provide a level of abstraction above the IT infrastructure and even many applications. � is way, IT consumers are not bothered with the details such as servers, operating systems, VLANs or SANs.

However, this abstraction is not just for the IT consumer—it must also be used by the IT organization. Only by adding the end-to-end service perspective can the IT organization operate in a way that both allows them to drill in to deep technical issues, and maintain an appropriate interface for the consumer. Adopting SLM helps ensure the IT organization has an appropriate level of service-orientation.

REASON TWO: SLM ENABLES QUALITYQuality is an interesting and involved topic of its own. For example, depending on the particular situation, there can be several

HANALYST FEATURE ■ SERVICE LEVEL MANAGEMENT

Seve

n R

easo

ns

92

SERVICE LEVEL MANAGEMENT ■ ANALYST FEATURE

Neovise is an IT industry analyst � rm that uniquely adds business perspective to technology. Paul has nearly 25 years experience in the so� ware industry, driving strategy for enterprise so� ware solutions through product management, competitive analysis and business planning. He has held a series of leadership positions in marketing and R&D, and spent two years as Research Director/Senior Analyst at another � rm immediately prior to founding Neovise.

Paul earned both B.S. in Computer Science and M.B.A. degrees from Colorado State University.

Paul Burns | PRESIDENT AND FOUNDER, NEOVISE

93

competing dimensions of quality. Do users view quality as higher when trouble tickets are resolved quickly or when they don’t have to be re-opened again for a slightly di� erent use case? Users may be willing to trade o� one for the other to some degree, and IT organizations o� en � nd themselves trading o� quality dimensions such as speed and reliability.

� ere can also be economic or cost di� erences when trading o� dimensions of quality. It turns out that the process of creating a service level agreement (SLA) can go a long way toward arriving at the proper quality mix for IT services. SLM is just what is needed to drive this process with inputs from users, business leadership and the IT organization.

REASON THREE: SLM ENABLES PRIORITIESAs a CIO, you don’t just want things done right; you also want the right things done. As discussed, the notion of quality helps get things done right. However, it is the separate notion of prioritization that helps the right things get done. So what is the best approach to take for prioritizing capital investments, hiring, improvement projects, or anything else within IT that has inherent tradeo� s?

� ere are many approaches that can help, and perhaps no single approach will work in all cases. Yet there is a lot to be said for leveraging the priorities that are established for various IT services as part of the SLM process. � rough SLM, the IT organization should build an understanding of which services provide the most value. � e needs of those services should be addressed before the needs of lower priority services.

REASON FOUR: SLM IS PROACTIVEOne easy recipe for creating an under-performing IT organization is to be reactive—there are so many ways for IT to become reactive.

How many dashboards and reports and statistics are available to analyze? While this type of information is critical, the risk is that IT may begin to drive too many decisions from lists of issues, problems and challenges. What is needed instead is for IT to be proactive. � at means deciding on desired outcomes up-front, and then making them happen.

Reviewing a report that says email is down for one to two hours every month, and then pulling together a team to resolve it, is reactive. Having an agreed amount of email availability documented in an SLA, and having made the appropriate investment to ensure it—as well as detect issues early, before they impact the SLA—is proactive.

REASON FIVE: SLM SETS EXPECTATIONSSLAs need to be visible. Users should be able to see at a glance the commi� ed service levels for a given service. Otherwise they are far more likely to arrive at a set of expectations that has nothing to do with what the IT team intends to deliver.

When a user knows that a particular application is not typically available on the weekend, frustrations can be greatly reduced even if the user still wants the application available every day.

Of course, se� ing expectations should not simply mean keeping expectations low. Some service levels may be improving over time and that represents some positive publicity which should not be lost.

Further, IT should indeed be “on the hook” for delivering to the challenging service levels to which they have commi� ed. � e business that IT supports has commitments to its customers and owners and must know it can rely on IT to meets its needs.

REASON SIX: SLM FACILITATES NEGOTIATIONSince IT organizations do not have the luxury of an “all you can spend” budget, they must demonstrate the value they deliver through services. However, the related budget process is not as simple as it may sound. � e business will always want and need more service than it is receiving, and the IT organization will always want and need more budget than it is granted.

So once again, the SLM process is involved with tradeo� s—in this case in the role of negotiator. � e list of services and associated service levels can become central to the budget discussion. For example; “� is is the value we are delivering today, under the current budget. Alternatively, with the incremental budget proposal, we can improve the performance and reliability of the CRM system.”

SLM helps ensure that budget discussions are based on facts and tradeo� s, rather than dreams and politics.

REASON SEVEN: SLM IMPROVES IT MANAGEMENT� e level of complexity in IT is growing every day. IT managers, from supervisors to the CIO, must rely on technical specialists, third parties and others more than ever to design, deploy and operate IT systems.

SLM helps management transfer responsibility to others by clarifying service a� ributes and required service levels. For di� erent departments within the same IT organization, operating level agreements (OLAs) may be used to formalize expectations around technical services in support of SLAs.

For third parties, SLAs and underpinning contracts help transfer responsibility for how things get done while maintaining management control over the outcomes and related service levels.

� is indirect approach to management allows IT to scale without creating a loss of control. Every CIO that makes use of critical third party services—whether through desktop support services, so� ware as a service (SaaS), or others—must have a proven SLM process in place.

SLM is neither the newest nor the ho� est topic in the IT industry today; however it does provide a solid foundation for IT. SLM is not a process that stands alone or simply a so� ware package that can be purchased and installed. It is a philosophy that touches on many other IT processes and provides the most value when woven in to the broader IT management fabric.

SLM also provides a way for the IT organization to transform itself. Rather than focusing on technical infrastructure, SLM allows IT to address end-to-end services in support of user and business needs. If you are a CIO, you now have at least seven good reasons to embrace SLM.

ASK THE EXPERT ■ GOVERNANCE, RISK AND COMPLIANCE

94

ETM’S ALI KLAVER talks to PRASHANTH SHETTY (METRICSTREAM) about managing enterprise GRC programs in global organizations, and how to realize the benefi ts that can stem from successful implementation.

ETM’S ALI KLAVER talks to SHETTY (METRICSTREAM) managing enterprise GRC programs in global organizations,

Moving with the times


95

GOVERNANCE, RISK AND COMPLIANCE ■ ASK THE EXPERT

AK: TELL US ABOUT THE SOLUTIONS YOU OFFER. WHAT YOU CAN DO FOR CUSTOMERS OUT THERE?

PS: MetricStream is the market leader in enterprise-wide governance, risk, compliance and quality solutions for global corporations.

MetricStream solutions are used by leading corporations such as NASDAQ, � e United Bank of Switzerland, TVA, Amedisys, Cummins, and many other customers in diverse industries including energy, � nancial services, pharmaceuticals and manufacturing. We manage their risk processes, internal audit, and regulatory and industry mandated compliance.

In addition, we also own a web property called Compliance Online which is used by over one million compliance professionals worldwide for the purpose of gathering compliance intelligence, training and discussion groups. MetricStream has also been ranked as the world leader in enterprise GRC and IT GRC solutions by leading independent industry analysts.

In summary, we are a privately-held pro� table company with investments from some of the best known names in venture capital including Kleiner Perkins Caul� eld & Byers, as well as Advanced Equities.

AK: LET’S LOOK AT MARKET TRENDS—WHAT ARE THE KEY CHALLENGES THAT ORGANIZATIONS ARE FACING TODAY FROM A GRC PERSPECTIVE?

PS: We’ve seen a few different challenges. I would classify them primarily as organizational, operational and technology challenges.

On the organizational side this really has to do with a lack of sufficient buy-in on the importance of GRC from the upper echelons of management. This either happens because there are other pressing priorities, or some of them just don’t want to change the status quo.

In fact, I was recently in a meeting with some executives in a leading pharmaceutical company and one of them said: “We’ve been in business for over 100 years and we didn’t have to do anything special on the GRC front—so why change now?”

I think this reflects some of the organizational mentality that is contributing to the challenge of GRC adoption. As a result, GRC sometimes gets adopted very sporadically or inconsistently, which makes it quite ineffective.

Secondly, there’s the operational challenge—even when the organizational buy-in does exist, companies still face the execution challenge which is: How do I really operationalize this? Where do I get started? What sequence do I proceed in? This is the classic case of there being too many things on the table and not being sure where to begin.

Finally, the challenge on the technology side is that ever since GRC became a mainstream term in the last few years, there have been myriad technologies that have been positioned as GRC-centric. Several technology solutions like business process modelling or BPM, business intelligence or BI, and event monitoring—these are just some examples.

Companies are also faced with the decision of which technology solution to deploy, and which is more effective than the others. They also have to consider how much technology to deploy versus human judgement.

After all, functions such as compliance, controls and audits have been done manually for a long time—and for good reason—because a lot of these are based on human judgement. So you really need to strike the right balance between technology automation and judgement. These are just some of the challenges that we’ve seen. And in spite of these challenges

I would say some organizations are starting to figure out how to work through this by starting with the basics and keeping their focus on business objectives and performance metrics, then using that as a starting point to move forward.

AK: WHAT STEPS ARE GLOBAL ORGANIZATIONS TAKING IN ORDER TO CONSOLIDATE THEIR GRC PROCESS? CAN YOU TALK ABOUT SOME OF THE P� CTICAL CHALLENGES OF TRYING TO REALIZE THE INTEG� TION OF GRC INITIATIVES IN THESE GLOBAL ORGANIZATIONS?

PS: � e one fact that organizations are beginning to realize is that, until now, disparate functions of audit, risk management, compliance, policy governance and so on, are not truly siloed initiatives, rather, they are interconnected with one another. And companies are now looking to exploit the bene� ts of this interconnectedness.

So when we talk about consolidation, it can be realized in many di� erent ways. One of the common ways is using, for example, a risk-based approach to audit and compliance. Organizations � rst begin by identifying the major material risks facing the company and then use that to drive compliance testing and audit strategies, or both. In fact, MetricStream’s solutions themselves are designed to support exactly this approach of the risk-based methodology.

Another approach to consolidation that we’ve seen is addressing the so-called multiple compliance problem by using a standardized set of either business process or IT controls to address, in a rationalized manner, several di� erent regulatory and policy requirements.

So again, our platform and our solutions really support this risk-based approach as well as this notion of shared or rationalized controls. And this level of consolidation is starting to enable customers to derive the maximum bene� t from their solutions.

As straightforward as this sounds, consolidation is not always easy and this is because some companies don’t even have a discipline of formal risk management so they don’t know what their major material risks are and how to measure them.

Another issue is that there are times when the data lies in disparate, separate systems and companies have to take on the overhead to do a lot of this technical data migration to get the integration to work. � at is not always easy.

AK: I KNOW GRC IS A RELATIVELY NEW TERM, BUT WHAT IS YOUR PERSPECTIVE ON THE EMERGING CONVERGENCE OF ENTERPRISE GRC AND IT GRC?

PS: At MetricStream, we believe that this current distinction between enterprise GRC and IT GRC is based on a dated understanding of the market, and is fairly quickly bound to change.

� is separation was more from a convenience standpoint and was arti� cially divided into two spaces, but honestly, from what we’ve seen, there is a good deal of overlap and a natural convergence of EGRC and IT GRC.

We believe that IT GRC, for instance, is not just driven by technical objectives alone but by business objectives such as corporate performance indicators, which in turn are tied to the integrity of IT processes and systems. And these are exactly the same drivers as enterprise GRC so they do share much in common.

EXECUTIVE PANEL ■ BUSINESS PROCESS MANAGEMENT

100

DANA GARDNER (INTERARBOR SOLUTIONS) moderates a

discussion on the productivity benefi ts and future of business process management with the help

of MARK TABER (ACTIVE ENDPOINTS), ANGEL DIAZ (IBM) and SAMIR GULATI (APPIAN CORPORATION). This expert panel

examines BPM and explores what it delivers to enterprises in terms of productivity and agility.

Business and IT—side by side

101

BUSINESS PROCESS MANAGEMENT ■ EXECUTIVE PANEL

DG: WHAT IS IT FROM YOUR VANTAGE POINT ABOUT BPM THAT IS MAKING IT SO POPULAR NOW? WHAT ARE THE BUSINESS AND TECHNOLOGY DRIVERS THAT ARE MAKING THIS THE RIGHT TIME FOR MANY FOLKS TO BE GE� ING INTO BPM IN A BIG WAY?

MT: � e big trend that we see is a power shi� from central IT (mega-projects) to the line of business. � is has huge implications because of the fact that smaller departments are much more expertise-bound and require real-time ROIs.

What is most important to the project manager is gaining e� ciency while at the same time reducing risk. � e ROI must be believable for the current year. Proof is much more rigorous and this is where BPM comes into play.

AD: I think all of us who have been in the BPM business know that it’s been around for quite some time; everything from the basic assembly line to providing power to the people, and allowing business folks to be � rst class participants in the design and understanding of what the key business outcomes are, and the rapid implementation of those.

It’s important when you look at where our customers are headed in the next year or so. It’s very clear that yesterday’s best in class is no longer good enough. � e workforce needs to be more productive and we expect that across the board—a 26% increase in productivity.

Supplier’s lead times, 62% faster in two years; stock to stock, 50% faster in two years. Key organizations need to be 25% more e� cient in two years. How are we going to get there? By very prescriptive approaches, as Mark was saying, by focusing on business problems and involving all the stakeholders, business leaders, line of business executives, IT developers and business analysts.

� ese people are needed to deliver imitative, quick solutions to the market that address those speci� c customer needs. It is a greater in� ection point in both business and technology.

� e con� uence of many technology buzz words and acronyms to do with social, textural capabilities, dynamic networks, IT conversions—that type of technology converging with the business needs is bringing us to an exciting point in the industry.

SG: For us, business has always led the charge for BPM initiatives. � ere has to be a compelling business need to deploy BPM and

when there is, it catches � re very quickly. Typically, IT comes along for the ride and

then realizes that it’s an extremely powerful technology and can be applied in a number of di� erent areas, so the business imperative is key.

What is happening now is that business is ge� ing more and more educated about the bene� ts BPM drives and all the ideas that can reduce cost, increase productivity and lead to things like improved response time or agility.

What we’re � nding with our customers—because they’re maturing now in terms of the usage of BPM—they’re seeing things like increased quality where you have more process consistency and be� er rigour in terms of the way you’re doing business.

It leads to be� er executive management visibility of end-to-end processes and improved customer service. BPM is � nding its way into a lot of customer-facing processes and that is impacting customer retention and service with improved risk management as a by-product.

So I think business is now appreciating all the other bene� ts of using BPM technology that aren’t the traditional bene� ts of reduced cost and improved response time.

In a time where people are now trying to come out of this recession and introduce some new products, it’s critical to have that end-to-end visibility.

Business is leading this comeback but technology trends are driving adoption. It really has to do with increased collaboration. If you look at the workforce today, everyone is adopting social media and wants to work more e� ectively. BPM is the perfect platform to drive that.

And with the increasing mobile workforce, BPM technology can adapt to this new workforce that is both collaborative and mobile. � is will really drive adoption from a technology perspective.

DG: IT’S INTERESTING THAT WE’VE TALKED ABOUT COLLABO� TION IN A SOCIAL CONTEXT AND THE FACT THAT THE OLD STATIC APPLICATION FOR COMMUNICATIONS MIGHT NOT BE THE BEST WAY TO COMMUNICATE ACROSS PROCESS BOUNDARIES AND DOMAINS.

FROM YOUR PERSPECTIVE AT ACTIVE ENDPOINTS, MARK, DO THE BPM AND COLLABO� TION TREND LINES EITHER MEET OR DIVERGE—WHAT IS THE RELATIONSHIP?

MT: I am going to take maybe a

HEAD TO HEAD ■ MAIL ARCHIVING

MK: ERIC, MANY PEOPLE STILL DO NOT KNOW THAT MOST COUNTRIES ENFORCE STRICT BUSINESS REGULATIONS GOVERNING EMAIL ARCHIVING. HOW CAN THIS BE?

EB: Well Martin, the problem is that everybody is in a kind of standby state. If one does not really know what standards should be enforced because the requirements and the consequences of not being compliant are not clear, one just waits.

Another problem is that most email archiving solutions are far too expensive and require much administration. So I guess at the current time, a lot of companies would rather just wait and hope that being caught doing nothing is cheaper than implementing what should be a business standard.

MK: WHY SHOULD EMAILS BE ARCHIVED IN THE BUSINESS ENVIRONMENT, OR WHY HAVE THEY TO BE ARCHIVED THERE?

EB: First and foremost, and you’ve actually already stated it, archiving emails is the law. So I’d like to point why that is. Email today is seen to be on a par with printed business letters. And no one has ever doubted that you have to archive documents that are related to your contracts which include business communication in written form. It was just a logical consequence to make the archiving of emails obligatory.

Also, the burden of proof lies directly with you when there is any arguable text matter at hand. If you can’t prove your position, you will have to pay a penalty. And still compliance is not the best thing about a good email archiving solution.

MK: THAT IS THE SORT OF THE MESSAGE WE HEAR ALL THE TIME FROM THE INDUSTRY—WHAT ELSE IS THERE?

EB: � at’s right, for example, with productivity. In terms of personal organization, when an employer searches for a speci� c email he may waste a good part of an hour.

Some time ago, I had many folders in my email inbox and I was scared

of deleting any email that I was not sure I would ever need it again. But the real charm of an intelligent archiving solution, in addition to providing compliance, is that I may delete any email without any other thought. Because every time I delete a message I know it is securely stored in the archive and that I will � nd it again in seconds whenever I need it.

MK: SO THERE’S MUCH MORE VALUE THAN JUST FULFILLING COMPLIANCE NEEDS, WHICH I THINK IS VERY IMPORTANT, BECAUSE THERE’S A REAL BUSINESS VALUE IN MAKING PEOPLE MORE EFFICIENT. SO WHAT SOLUTIONS FOR EMAIL ARCHIVING ARE OUT THERE, AND HOW DO THEY DIFFER FROM EACH OTHER?

EB: � ere are di� erent kinds. First, there’s the traditional mail archiving so� ware that just installs on an email server. It may look like a cheap and easy way to archive those emails, but you should keep in mind that these solutions are limited by the hardware and are not very scalable.

Another approach out there is the email archiving appliances which take o� the load from the main servers. � is is a good thing, but as those vendors are traditionally more active in the storage areas, those solutions are complex and expensive. Plus, we will still have those scalability issues at some point.

And let’s not forget that those so� ware and hardware-based solutions will both require additional expenditure for maintenance and upgrade, for example. So you need an unlimited capacity and scalability—why not make use of a cloud?

MK: WHAT ADVANTAGES DO YOU SEE IN ARCHIVING SOLUTIONS TO MAKE USE OF THE CLOUD?

EB: Well, in the traditional solutions we just saw, you needed to go through several steps. You had to contract your IT partner, order the product, wait for delivery—and of course wait for your partner to install it which is a very lengthy and complex process. On top of that there are all the troubles that I mentioned before.

110

MARTIN KUPPINGER (KUPPINGER COLE) talks to Astaro’s ERIC BEGOC about mail archiving, how it’s changing, and what to expect in the future.

Archiving on demand


111

MAIL ARCHIVING ■ HEAD TO HEAD

� erefore, we set about creating a solution that solves all those problems, and we decided to go for a cloud-based solution. Astaro Mail Archiving makes archiving really easy.

� ere’s an automated set-up process providing step-by-step guidance which will get you up and running 15 minutes from the initial stand up. You won’t spend any time on recurring maintenance tasks such as daily monitoring, for example. Also, updates are supplied automatically so you are always using the latest so� ware releases.

Other big advantages of course include unlimited storage capacity, so scalability and hardware upgrades are no longer an issue—even if you want to archive emails for decades. � e Google-like search helps you to � nd messages in seconds and, together with a seamless Outlook integration, people work the way in which they are comfortable, so additional training is not an issue.

MK: SO ARCHIVING BUSINESS EMAILS FROM THE CLOUD—I THINK A LOT OF PEOPLE WON’T FEEL REALLY COMFORTABLE WITH THIS THING ABOUT PRIVACY ISSUES AND COMPLIANCE. HOW DO YOU SEE THIS TOPIC?

EB: Well true, but why is that? It’s because people assume that cloud providers are not as safe as their service providers next door. And that of course is just because the guy next door gives them a feeling of trust, which is based on emotion as much as on facts.

So how can people ensure that their provider won’t breach the privacy laws or, for example, forward company communication to other parties? It’s a di� cult issue based only on trust.

� e repeated statement: “We need to make the cloud secure”, is something that is true for every solution and every provider without exception.

MK: IF I WANTED TO ARCHIVE MY EMAILS IN THE CLOUD AND WAS LOOKING FOR A SOLUTION, AND IN FACT FOR A PROVIDER, WHAT SHOULD I PAY A� ENTION TO?

EB: � ere are many cloud solutions out there. When thinking about selection criteria, the � rst thing that springs to mind may be those compliance and local regulations, but there’s more that should be considered. Whether a solution matches those local regulations can be found out very quickly.

One important point is to make sure that a solution comes without hidden costs, for example. Storage space which is included in a subscription is o� en limited in other o� erings. If you need more later on, the cost will rise.

Also, � nd out what has happened to archives for email boxes that are no longer needed—for example when an occasional employee leaves the company. If continuing to archive them costs you money, you budget for email archiving.

Another example of what to pay a� ention to is usability—for your IT administrators as well as your employees. Check if a solution o� ers quick and easy access to archive email as well as if it contains features that simplify the auditing tasks you will require.

MK: SO YOU TALKED ABOUT SEVE� L REASONS FOR MOVING TO THE CLOUD, AND BEFORE YOU ALSO TALKED ABOUT THE PROBLEM OF TRUST IN THE CLOUD AND THE PROBLEM OF TRUSTING THE PROVIDER.

ARE THERE ANY SPECIFIC POINTS WE SHOULD LOOK AT TO ENSURE THAT IT’S NOT ONLY ABOUT TRUST, BUT THAT WE ALSO HAVE SOME ASSU� NCE THAT WE REALLY CAN TRUST A SPECIFIC PROVIDER FOR FULFILLING COMPLIANCE REQUIREMENTS WHEN ARCHIVING MAIL FROM THE CLOUD?

EB: Well, if you’re looking at those providers I think it’s always a good idea to look at their processes and of course trusting the provider who has a transparency and make available all that information so that you can assure yourself about how their processes are in place, how they are living, and trust in those solutions.

Of course, if you look at those providers you will o� en � nd that transparency is really very key to their service.

MK: SO PROVIDERS WHO ARE OPEN ABOUT WHAT THEY’RE DOING ARE MORE TRUSTWORTHY. I PERSONALLY THINK THAT THE CLOUD IS A VERY INTERESTING PLACE TO DO EMAIL ARCHIVING, AND I ALSO FULLY AGREE WITH IT BEING ABOUT WHAT THE REAL BUSINESS VALUE OF IT IS. IT’S NOT ONLY COMPLIANCE; IT’S ABOUT HOW YOU CAN RETRIEVE ALL OF THIS INFORMATION AND KNOWLEDGE WITHIN EMAILS IN AN EFFICIENT WAY.

Eric started with Astaro at the beginning of 2008. He has amounted extensive experience in the email security and archiving technology areas through his days at the security provider GROUP Technologies.

Today, with more than 15 years of project and product experience in the IT business, Eric is responsible for the Astaro Mail Archiving product.

Eric Bégoc| PRODUCT MANAGER, ASTARO

Martin established Kuppinger Cole, an independent analyst company, in 2004. As founder and senior partner he provides thought leadership on topics such as Identity and Access Management, Cloud Computing and IT Service Management.

Martin is the author of more than 50 IT-related books, as well as being a widely-read columnist and author of technical articles and reviews in some of the most prestigious IT magazines in Germany, Austria and Switzerland. He is also a well-known speaker and moderator at seminars and congresses.

Martin Kuppinger - MODERATOR| FOUNDER AND SENIOR PARTNER,

KUPPINGER COLE + PARTNER

ANALYST FEATURE ■ SOCIAL TECHNOLOGY

With the rise and embrace of social networking and software you could be forgiven for thinking that we’re at the height of innovation. MATTHEW LEES (PATRICIA SEYBOLD GROUP) tells us how social technology can make “innovation” more than just a word.

112

Open innovation

A NEW LANDSCAPE� e desire and need for innovation have been with us as long as human beings have walked the planet. And people have always found ways of innovating, utilizing whatever skills, resources and determination at their disposal. (Many of us today may � nd it hard to imagine a world before computers, but as far as I know, the wheel was invented without a dedicated design team, CAD so� ware or a wiki.)

But desire or need alone isn’t enough to spark new ideas and generate real change. Although innovation is an inherent part of who we are and, therefore, how we do business, we haven’t always been good at it. With the need to stay relevant and ahead of the competition only increasing, organizations can’t depend on innovation as a result of serendipity or the brainpower of a small group.

Rather, companies need to lay the groundwork so that innovation can occur on a regular, repeatable basis, involving as many minds as possible. � at’s the underlying principle of crowdsourcing—in the big picture, if enough ideas and perspectives are shared, the end result will be more innovative, more transformative, and more feasible than anything an individual or small team could come up with.

So, while the desire and need for innovation aren’t new, what is new is the landscape that grew out of the internet boom of the past 10 to 15 years. In particular, there are three components that make innovation easier and more accessible than ever before. � ese are:

1—CONNECTIVITY� ere is currently the ability for people to connect with each other (and with information of interest and important to them) via computers and mobile devices 24 hours a day from just about anywhere in the world.

2—SOFTWARE APPLICATIONS

Today’s so� ware systems bring an impressive array of features and capabilities that provide not only channels for communication and collaboration between and among employees, but also work� ows and administrative and analytic tools that make these systems both productive and cost e� ective.

3—AN OPEN AND COLLABO� TIVE MINDSET Driven by both the business and consumer worlds, people are not only more easily able to share their opinions and ideas, they are more comfortable than ever before in doing so. (In fact, they are increasingly expecting to be able to do so.)

WHAT SOCIAL TECHNOLOGY BRINGS TO THE TABLEHow do connectivity, so� ware and collaborative mindsets play out in the business world (and beyond)? � ere are � ve primary considerations:

1—SCALEYou need a crowd to crowdsource. Social technologies can connect people across the globe and support innovation e� orts between dozens, hundreds, thousands or millions of people.

Steve Adler, Director of Information Governance Solutions at IBM, sees all this as a game changer. He says: “Social media is probably one of the most important inventions in mankind. It is the � rst type of technology—and there will be others—that allows people to communicate with content directly, and without knowing each other.

“If you think about other technologies—fax, email, the World Wide Web—you have to know something about the other people (such as their fax number or email address) or you are broadcasting to everyone, hoping that some small portion is interested in what you’re saying.

“But social networking provides people who don’t know each other very well the opportunity to interact around things they’re interested in, that they care about, and that they need to make decisions around. In that way it’s an innovation accelerator. People can share ideas regardless of race, age, gender, ethnicity or geographical border. And that’s really profound.”

And IBM should know, because for many years it has run programs to foster innovation among its nearly 400,000 employees. Adler goes on to say, “Within the enterprise, it’s the same principle. At IBM, we’re doing business in 170-plus countries around the world. We’ve been using social technologies for many years. We innovated 10 years ago with the World Jam, a crowdsourcing program that empowered innovation through technology.”

2—GE� ING THE WORD OUTGreg Ma� hews is a social media director with global communications � rm WCG. He just completed a six-year stint with insurance giant Humana, most recently as Director of Consumer Innovation. In recognizing the importance of innovation as a core value, he says: “� e big step for us at Humana was forming the Innovation Center, a department dedicated speci� cally to foster innovation. But it wasn’t supposed to be the only place for innovation. We wanted innovation to be a part of our DNA as a company.”

Many organizations have taken similar routes, creating special groups to spearhead innovation e� orts. However, these groups may or may not look to leverage social technology. Humana did, particularly because, as Ma� hews adds: “� e greatest ideas in the world are of no use if nobody hears about them. It was always harder when you couldn’t communicate easily and e� ectively on what was going on within the Innovation Center. So number one for us

SOCIAL TECHNOLOGY ■ ANALYST FEATURE

113

“Concentrate!” my high school tennis coach would yell from behind the fence. Repeatedly. Every time I placed a bad shot or lost a point: “You’re not concentrating!”

So I’d concentrate harder, or at least try to. But on what? Mostly I’d just say the word “concentrate” in my head, over and over like a special mantra, as if saying it was the same as performing the act, hoping that would do the trick. I don’t think it did.

In reality, many factors, both physical and mental, were at play: my own (admi� edly limited) athletic prowess, the (o� en superior) skills of my opponent and our relative levels of determination, in addition to our own abilities to concentrate. It seems a wasteful and distracting thing, then, for my coach to zero in on my supposed lack of concentration—be� er perhaps to have provided more speci� c guidance (such as: “Hit it to his backhand!”).

I am reminded of this these days as the interest in—and hype around—innovation increases. While I’m a strong proponent of business innovation the word is too o� en treated as if it has a magical property. “Here’s what we’ll do” an exec will say; “We’ll create a cross-organizational team to innovate. We’ll give the group a fashionable name, we’ll give them a charter, and we’ll send an email to tell everyone else what they’re doing. � en we’ll let them go and… well… they’ll innovate.”

When I hear things like this my mind conjures up a picture of my tennis coach in an o� ce cubicle, yelling “innovate!” to everyone who passes by, as if saying the word itself will make it so.”


ASK THE EXPERT ■ ENTERPRISE SEARCH

116

Enterprise search has long been confused with compliance and policies for

archiving. Information governance strategies reset thinking in this area by

establishing clear use cases for accessing information versus those that enable

retention. SIMON TAYLOR (COMMVAULT) takes ETM’S ALI KLAVER

through the different faces of enterprise search.

One at a time

117

ENTERPRISE SEARCH ■ ASK THE EXPERT

AK: THE TOPICS OF COMPLIANCE AND E-DISCOVERY OR E-DISCLOSURE BOTH SPEAK TO EFFECTIVE ENTERPRISE SEARCH, BUT IT’S A MUCH BROADER SUBJECT. WHAT DO YOU SEE AS THE TYPICAL REQUIREMENTS FOR ENTERPRISE SEARCH, AND WHAT TYPE OF DATA IS MORE COMMONLY ACCESSED?

ST: Firstly, let’s break the question down into some of the reasons why we hear about enterprise search and then we can go into use cases that probably make more sense.

In the context of issues like compliance we o� en hear about search as a means of auditing records that in turn have to be kept, which is of course the predominate driver around compliance, the forced retention of records and so on.

For e-discovery, or e-disclosure as it’s referred to in Europe, it’s very much around � nding evidence and unstructured information that needs to follow a particular process or a court action. � e general exercise of event-driven search is actually very similar in both of these situations in terms of e� ort, even though the process use cases are slightly di� erent.

So when we look across the enterprise, what sort of data then is focused around enterprise search? Well, it’s really everything today.

Historically, it’s always been about perhaps more structured records. Very commonly now, particularly in situations like e-discovery scenarios, we see searches in relation to unstructured content including word documents, o� ce documents, emails, assets not only on the � le system but also records in repositories, including document management systems and covering all types of assets—for example, sound bites and images that have been stored.

Medical records including images are a good example of this as they have to be kept for HIPAA/healthcare compliance including audit search requirements.

In general though, types of search do vary quite a bit and although historically driven in siloed use cases, what we’re seeing now is a lot more interest in developing enterprise search that covers the broader enterprise. � is is all types of data, including structured, semi-structured and unstructured sources, and � nding a way of bringing that together in a single approach.

Good examples of particular use cases that � t into modern enterprise search include things like FOI requests or subject access requests, as they’re o� en called in Europe, where people

query, particularly public organizations asking for information in an electronic format.

� en we have the idea of the HR department, running an internal investigation and trying to � nd information in relation to perhaps a dispute between two employees. � at obviously causes some form of enterprise search.

We’ve already talked about the example in the legal environment, but then of course there’s corporate productivity and the idea that maybe at an end user level, individuals need to � nd things more quickly and don’t want to spend lots of time looking for email, for example.

Also, in a more general sense, corporates may be doing something like a corporate social responsibility report that can o� en take up to nine months to complete. � ey’ll o� en have to search local information stores and lots of di� erent sites and geographies to check for things like green credentials or social reporting considerations in countries, and bring all that together into a report they release with their � nancial results. So that’s another driver.

� ere are more speci� c things like looking for data privacy breaches, or use of things like credit card information or social security or national insurance numbers in structured content that shouldn’t be there, and exposing those as potential risks.

In the � nancial world the use cases around compliance, including conforming to legislation like Basel III, � nancial services Acts per country and also in the US, SEC 17-a, from the security exchange commission, force the retention of local broker-deal related transaction records, but more importantly the audit of those records.

In this context enterprise search is speci� cally about the audit and supervision requirements.

AK: SO YOU’RE SAYING THAT ENTERPRISE SEARCHES ARE A LOT BROADER THAN JUST DELVING INTO RECORDS. AND SOME ORGANIZATIONS OBVIOUSLY HAVE MORE REQUIREMENTS THAN OTHERS TO PERFORM ACTUAL SEARCHES. CAN YOU HIGHLIGHT THE MORE PROMINENT INDUSTRIES AND EXPLAIN WHAT THEY NEED AND WHY?

ST: I think enterprise search does occur in some speci� c industries more than others.

If you look at things like corporate social responsibility and more of the internal type of enterprise search, you � nd the retail industry as being a very good example of organizations that produce a lot of corporate social responsibility

reporting and therefore have a lot of internal needs for searching that start o� on a yearly basis.

But then, of course, the institutions that tend to perform search on a regular basis typically tend to be more government organizations, including US Federal, American state and local, and outside the US, European governments where all have some form of FOI or Data Protection Act requirement, to search and disclose information based on subject access requests made by the public.

Government institutions particularly also have the pressure of having to do multiple searches for particular requests, with a very limited amount of time to do them. � ey can vary between 20 to 40 days, and when you’re ge� ing multiple requests per week it’s quite a lot of e� ort to ful� l these requirements.

But there are also very speci� c industries like pharmaceutical and healthcare that have forced retention of medical requirements and compliance legislation, but at the same time have to audit activity requests against them and perform very speci� c searches for individual medical records.

In the pharmaceutical industry, they might � nd themselves in repeated litigation and therefore have to perform frequent searches against de� ned custodian-based criteria in order to manage legal holds or preservations against expected electronic evidence.

� e telecommunications industry is another good example in relation to legislation, including the Data Retention Directive in Europe where they are forced to retain electronic records for two years and then, on request, go and discover records for perhaps criminal investigation and all sorts of things.

AK: AT ETM WE’VE BEEN HEARING A LOT ABOUT THE MINING OF UNSTRUCTURED INFORMATION IN CONNECTION WITH SEARCH. HOW DOES THIS DIFFER FROM T� DITIONAL BUSINESS INTELLIGENCE, AND WHAT DO YOU SEE AS THE MAIN DRIVERS?

ST: � is is actually a very important question because a lot of people get quite confused about business intelligence and how it relates to unstructured information.

Business intelligence started from the premise of bringing together structured data in a particular repository or a data warehouse for a speci� c reporting need, organized in a particular hierarchy so that you can easily report and mine into it. � is is how business intelligence tools evolved.

122

Events and features 2010ETM is focusing on:

BI, Security and Virtualization

EVENTS AND FEATURES ■ 2010

ICCCN 2010DATES: 2 – 5 August 2010 LOCATION: Zurich, Switzerland URL: h� p://icccn.org/icccn10

TDWI WORLD CONFERENCE DATES: 15 – 20 August 2010LOCATION: San Diego, CAURL: www.tdwi.org/Education/Conferences/index.aspx

GIL 2010: INDIA DATE: 1 September 2010LOCATION: Bangalore, IndiaURL: www.gil-global.com/india

GARTNER OUTSOURCING AND VENDOR MANAGEMENT SUMMITDATES: 14 – 16 September 2010 LOCATION: Orlando, FLURL: www.gartner.com/technology/summits/na/outsourcing/index.jsp

GARTNER SYMPOSIUM/ITXPO B� ZIL 2010DATES: 14 – 16 September 2010LOCATION: Sao Paulo, BrazilURL: www.gartner.com/technology/symposium/brazil/index.jsp

GARTNER SECURITY AND RISK MANAGEMENT SUMMITDATES: 22 – 23 September 2010 LOCATION: London, UKURL: www.gartner.com/technology/summits/emea/security/index.jsp

BUSINESS ANALYSIS CONFERENCE EUROPE 2010DATES: 27 – 29 September 2010 LOCATION: London, UKURL: www.irmuk.co.uk/ba2010

INTEROP MUMBAI DATES: 28 – 30 September 2010LOCATION: Mumbai, IndiaURL: www.interop.in/index/htm

GIL 2010: MIDDLE EAST DATES: 5 – 6 October 2010LOCATION: Abu Dhabi, UAEURL: www.gil-global.com/middleeast

RSA CONFERENCE EUROPEDATES: 12 – 14 October 2010LOCATION: London, UKURL: www.rsaconference.com/2010/europe/index.htm

GARTNER SYMPOSIUM/ITEXPO ORLANDO 2010 DATES: 17 – 21 October 2010 LOCATION: Orlando, FLURL: www.gartner.com/technology/symposium/orlando/index.jsp

INTEROP NEW YORKDATES: 18 – 22 October 2010LOCATION: New York, NYURL: www.interop.com/newyork

GIL 2010: ASIA PACIFIC DATES: 19 October 2010LOCATION: SingaporeURL: www.gil-global.com/asia

VIRTUALIZATION WORLD, DATACENTRE TECHNOLOGIES 2010 + SNW EUROPEDATES: 26 – 27 October 2010 LOCATION: Frankfurt, GermanyURL: www.virtualizationworld.net

ENERGY DATA STO� GE 2010DATES: 3 – 4 November 2010 LOCATION: London, UK URL: www.smi-online.co.uk/events/overview.asp?is=5&ref=3543

DATA MANAGEMENT AND INFORMATION QUALITY CONFERENCE + DATA WAREHOUSING AND BUSINESS INTELLIGENCE CONFERENCE EUROPE 2010 DATES: 3 – 5 November 2010LOCATION: London, UKURL: www.irmuk.co.uk/dm2010

TDWI WORLD CONFERENCE – FALL 2010DATES: 7 – 12 November 2010LOCATION: Orlando, FLURL: h� p://tdwi.org/pages/education/conferences.aspx

GIL 2010: CHINADATE: 9 November 2010LOCATION: Shanghai, ChinaURL: www.gil-global.com/china

GARTNER 23RD ANNUAL APPLICATION ARCHITECTURE, DEVELOPMENT AND INTEG� TION SUMMIT DATES: 15 – 17 November 2010LOCATION: Los Angeles, CAURL: www.gartner.com/technology/summits/na/applications/index.jsp

INFOSECURITY RUSSIA 2010DATES: 17 – 19 November 2010 LOCATION: Moscow, RussiaURL: www.infosecurityrussia.ru/#googtrans/ru/en-EN

Interested in contributing?

If you’re an analyst, consultant or an independent and would like to contribute a vendor-neutral piece to future issues of ETM, please contact the managing editor:

Ali Klaver: [email protected].

“www.globalETM.com”“www.globalETM.com”

TBC TBC

ETM Q3 ISSUE ■ 2010

To read the

full version of the Q3 issue,

please go to

“www.globalETM.com”

To read the

full version of the Q2 issue,

please go to

“www.globalETM.com”“www.globalETM.com”“www.globalETM.com”“www.globalETM.com”“www.globalETM.com”“www.globalETM.com”

Documents

Head in The Clous