May 30, 2006

The Processor Market – Confusion or Ennui?

Joyce Becknell
The processor market used to be relatively simple.  Customers mostly chose RISC or CISC and then purchased the fastest system they could get within their budgetary guidelines.  But now processors come in multiple forms – there is the underlying architecture still – CISC, RISC, and EPIC (Itanium) – but there are also issues of multithreading, mult-cores, and issues around cache sizes.  Understanding which technology to use, and how to compare vendors using variations of nomenclature has made processor decision-making a trickier undertaking.  

I believe that the vendors are not helping to simplify issues in this market, and that this confusion far from being irrelevant technical detail in the end, will have an impact on how companies purchase not only hardware, but software as well.  I’ve written a paper on this recently that delves into these issues more deeply, but I’m wondering how much IT managers really care, and whether they feel they understand the impact of changing processor architectures to their IT infrastructure.  I’d like to know if it makes a difference to customers, if they feel like they can make valid comparisons between vendors, and if it’s affecting how they purchase software.

Tony Lock
The issues raised here by Joyce do have relevance in the everyday world of CIOs, IT Managers and those charged with the procurement of business systems. The decisions taken can have profound impacts on systems performance and the cost of service delivery. Unfortunately it is fair to say that the majority of professionals making processor selection tend today not to consider chip architecture at all; most people do not have the time to consider these questions.  However, the processor architecture selected can impact directly on the quality of service delivered to the customer / user, which software architectures work effectively, the cost of software license acquisition and a number of other matters.

This is an area where confusion reigns, often instigated by the processor designers and the server manufacturers making use of the chips, but as in nearly all such cases, the confusion created helps no one, least of all the business users. Indeed, it is fair to say that the lack of understanding of the different processor characteristics does not even help the suppliers themselves.

May 23, 2006

Microsoft Updates the Search Engine for Enterprise

By Susan Dietz

Microsoft recently announced their effort to create unified enterprise information management solutions that integrate new capabilities into the software programs people already use. The new software will purportedly help people create, find, use and share information across the organization.  Enhancements in Windows Live Search and Microsoft Office SharePoint Server 2007 are aimed at increasing connectivity within an enterprise.   The reported goals of the enhancements are to give people the software tools to report about their knowledge and projects, improve productivity by quickly, seamlessly and securely connecting people to relevant information, enable people to organize and manage information so they can effectively analyze and apply the data to do something new, and allowing people to clearly communicate and quickly share information with other people.  Windows Live Search offers a single user interface (UI) to help people find and use all the information they wish from across the entire enterprise and beyond. It essentially binds together previously separate search solutions including Windows Desktop Search, Intranet search provided by Microsoft Office SharePoint Server 2007, and Internet search via Windows Live Search, among others. Information available to any of these systems can be exposed in one place.  Rich filtering and customizable control will allow people to personalize their Windows Live Search. Using natural search terms, Windows Live Search can return results in whatever way makes most sense to each information worker – inline, grouped by category, etc. Previews and visualizations of the data can then help people more quickly determine what action to take.  Office SharePoint Server 2007 adds a new dedicated Search Center tab for searching for people within the organization based on “social distance.” 

So who actually wants information across an enterprise in the first place?  Auditors, for one.  They need to audit trail all kinds of things, especially in terms of SOX and the like.  Lawyers are another group - looking for electronic evidence just got a little easier. Discovery searches across all the places where data may reside is not necessarily a good thing or a bad thing, but it is, unfortunately, a necessary thing.  But what about the possibility of information overload? Suppose someone in a large company wants to know about the sales of, say, anti-virus software, so does a search.  It’s absolutely mind-boggling how many emails that would conjure up.
A bigger question is does this new development now make Microsoft a friend or an enemy of established search engines Google and Yahoo?  Does this technology perhaps signal Microsoft's aggressive movement into the space these two occupy?  Perhaps.  However, given the dominance of Google and Yahoo, there may well not be any significant loss of market share.    

May 17, 2006

How Analysts Can Help

One of the topics that come up time and again is how industry analysts should be used.  Many people think of us merely as report writers or number crunchers, although there are certainly quite a few companies who understand how to use us and do so.  Analysts often engage with vendors, channel partners, and end users in ways that generally aren’t seen publicly.  We’re involved in a lot of internal work, and a recent article by David Pogue, in his New York Times Circuits Column, that talked about Microsoft and the problems they’ve had with UMPC got me thinking that this is a really good example of where analysts can help.  

The gist of the article is that Microsoft’s UMPC is inappropriately priced, and Pogue puzzles over how this could have happened in a company full of people who ostensibly understand their market and their product.  Pogue concludes that this is a problem of human nature, and he recalls similar experiences in his work life where employees didn’t raise issues that in hindsight they should have done.  When I read this article, the first thing I thought was, well it seems they didn’t talk to the analysts.  I don’t work with the UMPC group in Microsoft, but if this group had run pricing by analysts before launch, I guarantee that flags would have been raised.  

Analysts don’t have a vested interest in a company in the way employees do.  Sure, we have companies we like better than others, and we have products and spaces we like better than others.  But if asked, we will certainly point out what we think is good and bad about a product or program without hesitation and most of us believe that if we’re going to critique, than we’d better have alternative suggestions available.  This is why we argue strongly that analysts should be brought in earlier in the product development and launch cycle than later.  The sooner we can add our insight, the easier it is to make changes and avoid bigger problems down the line.  Analysts certainly can’t know everything – our information for a new product is necessarily limited to what the vendors can tell us – but we can certainly add to the process based on our experiences.

In fairness, Microsoft does engage the analysts in many areas, as do many other companies, and if we do our jobs correctly, most customers will probably never be aware of our impact – we don’t discuss these engagements publicly nor do we write about them except for internal client reports.  But for companies or individuals who aren’t sure how to use analysts, or who think of us as just another branch of PR for outbound information only, this is a good example of how analysts can help.

May 15, 2006

How many Security systems do you need to feel safe?

Tony Lock:
Every CEO, CIO and IT Manager always puts “Security” close to the top of their long lists of IT related matters about which they are concerned. It is, however, interesting to note that in many instances “concern” does not translate into either action or investment. Why should this be so when the whole topic of security is rarely out of the news and at a time when the marketing of “security” solutions has never been more aggressive? A much more important question is ‘how many security related systems do I need to employ to make my IT infrastructure safe?’

The answer to the last question raised is two, neither of which is a technology. The secret to running secure IT systems demands firstly that people with appropriate knowledge and experience be given sufficient time and scope to understand the security requirements of the business and to determine the impact that these will place on the supporting IT Infrastructure. The second step is then to formulate appropriate work procedures, preferably based on industry best practice, to form the basis of routine operations.

If these two steps are taken, the organisation will then be in a position to decide just what technology solutions are required to support its security efforts. Security is all about doing the right things at the right time. It is not about having the latest, greatest piece of security software or appliances installed. The greatest security technology in the world will not secure anything unless it is administered well. Technology has a role in IT security and that role is to support good practice.

Joyce Becknell:
Tony has touched upon some really important points here, and I want to explore them a little more in depth. He believes that security staff needs to understand both the business requirements as well as the impact on technology – which is different than saying they need to know how to work the security into the technology. I think what’s important here, is the implication that these must be holistic, or architectural, or systemic people who are looking at the picture from a higher view and not getting caught up in the minutia. It seems to me that as an industry we understand that no one product is going to provide the consummate organizational security blanket, but the only alternative seems to be lots of point products oriented toward very specific technologies or developing a staff that understand the intricacies of encryption and legalese.

This seems to me a much easier thing to say than to do. I think there is an underlying issue here about the relationship between the business staff and the IT staff in any organization. As in all things, different organizations approach this differently, but it would be good to see some best practices emerging on how to approach this. There is a tendency to use financial institutions as an example, but I think they are not the norm that most organizations will use. However, it does segue nicely into Tony’s second point, that in addition to people who can view the overall picture, at an organizational level, processes and disciplines need to be put in place around that security. Which leads to the question- should most companies be focused more on people and processes now than on particular security products? I think most organizations are suffering security breaches now because the people and process side are not as advanced as the products they have in place.