May 31, 2007

SOA and its IMPACT 2007

Before the Memorial Day holiday I was fortunate enough to be able to attend the IMPACT 2007 user conference in Orlando, Florida. There were about 4000 attendees from a variety of vendors, end user organizations, analysts, and the media all present discussing with great intensity the state of Service Oriented Architecture and its impact on businesses. Overall, I am pleased to say that the high level theme of the event was not about technology but rather discussing the business value of technology and how SOA way has transformed how many organizations view IT and align it with their business processes.

On day one, there was a bit of levity given that Don McMillan, the engineer comic, was the master of ceremonies for the various keynote speeches given by a variety of IBM executives and partners. However, all of the speeches illustrated the degree of acceptance that SOA has achieved in many organizations in a very short period of time. This seems to be contrast to the state of SOA just a few years ago.

Around 1999 or 2000 we started hearing much about web services and how it would become the new way of computing in the enterprise. Not too surprisingly at the time the focus was all about the technological implementation. Yet at the same time, some of us pundit types even came up with names like Service Computing (from Zona Research lore) to describe the shift web services implied whereby business process would start to drive IT rather than the historic opposite. SOA has supplanted web services in most respects as a much broader and more strategic blueprint by which to deliver IT services within the enterprise, and happily to my way of thinking, appears to have caught the attention of many others as well.

While there were many sessions about implementing SOA in software design, it was quite notable that there was Business Leader track that targeted the C-level and other executives as well as line of business professionals. This non-technical track was focused on the business agility and competitive advantage that SOA could offer an organization. I can think of no better illustration that SOA has reached a respectable degree of maturity than the existence of this track.

It is encouraging to see that business process was such a dominate theme. While some may take this to mean BPM, I see it in a much larger context. After all, the reason organizations purchase IT products and services is to support their business. Although the late 1980s and 1990s often had many businesses wondering aloud if they in fact had started a second business, i.e. the IT datacenter business, the reality is there would be no IT market without demonstrable business results from use of IT. This clarity of mission is made much stronger by SOA, and I am pleased to say that based upon the crowds at the IMPACT 2007 event, this message seems to be well received and resonating.

May 18, 2007

Crisis Action Planning, Unlike Chicken Soup – Does Not Get Better With Age

Bad things happen to good people and unless they are prepared to deal with them bad things turn into disasters or worse. Like most aspects of running an organization, disaster planning is a mesh of people, process and technology. Most disruptions to business operations are unplanned consequently knowing what to do instinctively before something bad happens can mean the difference between success and failure and sometimes even life and death.

This week I had the opportunity to be an observer as a client went through a ‘table top’ Crisis Management Plan exercise. Key representatives came from the Executive team, finance, corporate treasury, legal, corporate communications and HR. They were run through an expanding scenario that required them to state their priorities and indicate what they would need by way of information from the various teams in the room. Issues as to which organization would be the lead for various aspects of the “crisis” were also hashed out.

As the exercise unfolded it was clear that Corporate Security and HR had worked on many of these issues before, and that there was a general spirit of teamwork and cooperation. It wasn’t until after the exercise was over that I learned that IT wasn’t involved and that the Information Security functions were spread out over several “Managers”. There was good news and bad news here. The good news was that the overall team functioned well and could work on the few areas where they needed improvement. The bad news was that the focus had shifted so far from technology that a second level exercise, one with real players and data, would very likely not be so smooth.

Disaster preparedness for organizations takes many forms. A good place to start is identifying the critical people and processes that need to continue to function regardless of interruptions. Then determine the tools they will need under a variety of circumstances to execute those functions and develop the plans and logistics needed to achieve these ends.

A couple of key things that may often get missed are: 1. 7x24 hour crisis management and engagement of law enforcement. In the case of 7 x 24 operations it is important to realize that a special team needs to be identified and that team removed from their day to day duties to focus on crisis management and actions.

The issue of engaging law enforcement is a bit more complex. Organizations recognize that they may need to involve law enforcement quickly in certain cases such as work place violence; however, in the case of theft of intellectual property, improper employee behavior such as ‘legal’ pornography, industry generally is in no rush to engage law enforcement. In any event, organizations need to determine their philosophy ahead of time. They need to identify: incidents that will immediately involve law enforcement; which law enforcement agency should be notified and the circumstances to do so; individuals who are the principal points of contact, etc. These decisions need to be made prior to the stress of incidents.

It should also be borne in mind that organizations do not exist in a vacuum. Natural disasters and selected manmade ones will likely involve the geographic area surrounding the organization and affect employee welfare and freedom of movement. It is prudent to work with local government and key non government organizations (NGO) such as the Red Cross to understand the total setting. Communal planning for disasters is a continuous process for many organizations - it should be for yours as well.

May 01, 2007

Of Biometrics and Privacy

At each RSA show, I’ve noticed that the emphasis on biometric security was enlarging, and that the vendors of this type of security were in deadly earnestness about the usefulness and reliability of their products. They were right. A consumer has happened along that values privacy and the security of that privacy to the extent that they put Army Intelligence, the CIA, and the NSA combined all to shame. This particular consumer would endure weeks of torture rather than reveal secrets. If the Mossad were to emulate this consumer, the security of Israel would be absolute.

I’m speaking, of course, about the recent adaptation of voice recognition biometric security devices being installed on preteen girls’ diaries. Really - I’ve seen commercials for them. If voice recognition can pass the rigorous demands and fanatical testing that is no doubt being conducted by this new class of consumers, then this is a security technology that should be incorporated in the highest levels of the Pentagon. Any person who has met a preteen girl knows that I’m not being facetious, here. The person who marketed voice recognition to this segment of the population is brilliant. True, maybe the fate of the world doesn’t depend on the diarist’s little brother not knowing about her crush on Bobby in Homeroom, but perhaps the fate of the little brother depends on his inability to read her diary. And like little brothers everywhere, he is going to be using everything short of a nuclear warhead to try and open that diary.

There is real world testing being conducted at this moment. If this technology passes the test – we’ll wait and see what the girls have to say about it – then with a little tweaking, it should be able to withstand more serious assaults. Visions of Tom Cruise being lowered by a wire into a frilly pink bedroom aside, voice recognition technology is most likely going to be taken much more seriously.

Bobby from Homeroom will be relieved.