November 18th, 2009

IBM feels cozy on sidelines as Oracle-Sun deal languishes in anti-trust purgatory

Posted by Dana Gardner @ 3:44 am

Categories: Apache, BI, Cloud computing, Eclipse, Enterprise Java, HP, Hardware Infrastructure, IBM, Intellectual Property, Java, Microsoft, Open Source, Oracle, SAP, SOA, Silicon Valley, Software Development, Software Infrastructure, Sybase, System Z, Wall Street, business intelligence, database, datacenters, mainframe

Tags: Oracle Corp., Antitrust, Sun Microsystems Inc., Steve Mills, IBM Corp., Programming Languages, Open Source, Java, Databases, Software Development

You have to know when to hold them, and when to fold them. That’s the not just slightly smug assessment by IBM executives as they reflect — with twinkles in their eyes — on the months-stalled Oracle acquisition of Sun Microsystems, a deal that IBM initially sought but then declined earlier this year.

Chatting over drinks at the end of day one of the Software Analyst Connect 2009 conference in Stamford, Conn., IBM Senior Vice President and IBM Software Group Executive Steve Mills told me last night he thinks the Oracle-Sun deal will go through, but it won’t necessarily be worth $9.50 a share to Oracle when it does.

“He (Oracle Chairman Larry Ellison) didn’t understand the hardware business. It’s a very different business from software,” said Mills.

Mills seemed very much at ease with IBM’s late-date jilt of Sun (Sun was apparently playing hard to get in order to get more than $9.40/share from Big Blue’s coffers). IBM’s stock price these days is homing in on $130, quite a nice turn of events given the global economy.

Sun is trading at $8.70, a significant discount to Oracle’s $9.50 bid, reflecting investor worries about the fate of the deal now under scrutiny by European regulators, Mill’s views notwithstanding.

IBM Software Group Vice President of Emerging Technology Rod Smith noted the irony — perhaps ancient Greek tragedy-caliber irony — that a low market share open source product is holding up the biggest commercial transaction of Sun’s history. “That open source stuff is tricky on who actually makes money and how much,” Smith chorused.

Should Mills’s prediction that Oracle successfully maintains its bid for Sun prove incorrect, it could mean bankruptcy for Sun. And that may mean many of Sun’s considerable intellectual property assets would go at fire-sale prices to … perhaps a few piecemeal bidders, including IBM. Smith just smiled, easily shrugging off the chill (socks in tact) from the towering “IBM” logo ice sculpture a few steps away.

And wouldn’t this hold up go away if Sun and/or Oracle jettisoned MySQL? Is it pride or hubris that makes a deal sour for one mere grape? Was the deal (and $7.4 billion) all about MySQL? Hardly.

Many observers think that Sun’s Java technology — and not its MySQL open source database franchise — should be of primary concern to European (and U.S.) anti-trust mandarins. I have to agree. But Mills isn’t too concerned with Oracle’s probable iron-grip on Java …, err licensing. IBM has a long-term license on the technology, the renewal of which is many years out. “We have plenty of time,” said Mills.

Yes, plenty of time to make Apache Harmony a Java doppelganger — not to mention the Java market-soothing effects of OSGi and Eclipse RCP. [Hey, IBM invented Java for the server for Sun, it can re-invent it for something else ... SAP?]

Unlike some software titans, Mills is clearly not living in a “reality distortion field” when it comes to Oracle’s situation.

“We’re in this for the long haul,” said Mills, noting that he and IBM have have been competing with Oracle since August 1993 when IBM launched its distributed DB2 product. “All of our market share comes at the expense of Oracle’s,” said Mills. “And we love to do benchmarks again Oracle.”

Even as the Fates seem to be on IBM’s side nowadays, the stakes remain high for the users of these high-end database technologies and products. It’s my contention that we’re only now entering the true data-driven decade. And all that data needs to run somewhere. And it’s not going to be in MySQL, no matter who ends up owning it.

November 4th, 2009

HP takes converged infrastructure a notch higher with new data warehouse appliance

Posted by Dana Gardner @ 10:45 am

Categories: Agile Development, BI, Cisco, Cloud computing, Government, HP, Hardware Infrastructure, IBM, IT Management, IT Service Management, Microsoft, Oracle, SOA, SOA Governance, SOA architect, Silicon Valley, Software Development, Software Infrastructure, System Z, VMware, Virtualization, business intelligence, convergence, database, datacenters, governance, mainframe

Tags: Data Warehouse, Hewlett-Packard Co., Data Centers, Storage, Roi/Tco, Databases, Hardware, Data Management, Finance, Managerial Accounting

Hewlett-Packard (HP) on Wednesday announced new products, solutions and services that leaves the technology packaging to them, so users don’t have to.

HP Neoview Advantage, HP Converged Infrastructure Architecture, and HP Converged Infrastructure Consulting Services are designed to help organizations drive business and technology innovations at lower total cost via lower total hassle. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

HP’s measured focus

HP isn’t just betting on a market whim. Recent market research it supported reveals that more than 90 percent of senior business decision makers believe business cycles will continue to be unpredictable for the next few years — and 80 percent recognize they need to be far more flexible in how they leverage technology for business.

The same old IT song and dance doesn’t seem to be what these businesses are seeking. Nearly 85 percent of those surveyed cited innovation as critical to success, and 71 percent said they would sanction more technology investments — if they could see how those investments met their organization’s time-to-market and business opportunity needs.

Cost nowadays is about a lot more than the rack and license. The fuller picture of labor, customization, integration, shared services suppport, data-use-tweaking and inevitable unforeseen gotchas need to be better managed in unison — if that desired agility can also be afforded (and sanctioned by the bean-counters).

HP said its new offerings deliver three key advantages:

• Improved competitiveness and risk mitigation through business data management, information governance, and business analytics
• Faster time to revenue for new goods and services
• The ability to return to peak form, after being compressed or stretched.

The Neoview advantage

First up, HP Neoview Advantage, the new release of the HP Neoview enterprise data warehouse platform, which aims to help organizations respond to business events more quickly by supporting real-time insight and decision-making.

HP calls the performance, capacity, footprint and manageability improvements dramatic and says the software also reduces the total cost of ownership (TCO) associated with industry-standard components and pre-built, pre-tested configurations optimized for warehousing.

HP Neoview Advantage and last year’s Exadata product (produced in partnership with Oracle) seem to be aimed at different segments. Currently, HP Neoview Advantage is a “very high end database,” whereas Exadata is designed for “medium to large enterprises,” and does not scale to the Neoview level, said Deb Nelson, senior vice president, Marketing, HP Enterprise Business.

A converged infrastructure

Next up, HP Converged Infrastructure architecture. As HP describes it, the architecture adjusts to meet changing business needs, specifically what HP calls “IT sprawl,” which it points to as the key culprit in raising technology costs for maintenance that could otherwise be used for innovation.

HP touts key benefits of this new architecture. First, the ability to deploy application environments on the fly through shared service management, followed closely by lower network costs and less complexity. The new architecture is optimized through virtual resource pools and also improves energy integration and effectiveness across the data center by tapping into data center smart grid technology.

Finally, HP is offering Converged Infrastructure Consulting Services that aim to help customers transition from isolated product-centric technologies to a more flexible converged infrastructure. The new services leverage HP’s experience in shared services, cloud computing, and data center transformation projects to let customers design, test and implement scalable infrastructures.

Overall, typical savings of 30 percent in total costs can be achieved by implementing Data Center Smart Grid technologies and solutions, said HP.

With these moves to converged infrastructure, HP is filling out where others are newly treading. Cisco and EMC this week announced packaging partnerships that seek to deliver simiar convergence benefits to the market.

“It’s about experience, not an experiment,” said Nelson.

BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post.

October 21st, 2009

Here's why Apple is doing so well -- it's the top half, stupid

Posted by Dana Gardner @ 6:09 am

Categories: Apple, Cloud computing, Enterprise 2.0, HP, Hardware Infrastructure, Internet, Microsoft, Mobile, Silicon Valley, Software Development, Software Infrastructure, Vista, Web Services, Windows, iPhone, management

Tags: Innovation, Knowledge, Information Technology, Apple Inc., Thomas Friedman, Entrepreneurship, Strategy, Productivity, Leadership, Management

I’ve been ruminating the past few days on why Apple is doing so well with it’s pricey high-end products and services during a recession. The answer came as I was reading today’s New York Times column by Thomas Friedman, whom I deeply admire and read anything and everything he puts out.

Friedman points out that the winners in today’s fast-shifting U.S. job market are the ones demonstrating “entrepreneurship, innovation and creativity.” He says, “They are the new untouchables,” in contrast to other still highly educated but less creative types.

Friedman cites Harvard University labor expert Lawrence Katz, who explains in the column that the now disadvantaged are “those engineers and programmers working on more routine tasks and not actively engaged in developing new ideas or recombining existing technologies or thinking about what new customers want. … They’ve been much more exposed to global competitors that make them easily substitutable.”

They are also more likely to be using personal computers with nine-year-old operating systems, with little choice but to take what their companies provide in terms of personal productivity IT. They are the 90 percent for whom good enough IT has made them as good as anyone anywhere.

In contrast, it’s the “top half” of the labor pool, and more specifically the apparent 10 percent that are “entrepreneurship, innovation and creativity”-focused among them, that know to succeed and win they need the very best computer and associated services, even if it costs $500 more. Nowadays there’s no better way to gain an advantage in business and life than to have the best technology.

The people who are succeeding are buying Macs, iPhones, iPod Touches and Apple’s services and applications. A flight to quality is usually spurred by disruption and uncertainty. It’s not about brand religion or pretty graphics. It’s about survival and success when the going gets tough. It works for me, it has to.

A chef doesn’t buy the cheapest knifes. A painter doesn’t buy the cheapest brushes. A carpenter doesn’t buy the cheapest hammer. And all the winners in the economy today — those that have a say in what they use to do all the digital things so critical now to almost any knowledge- and services-based job — need the best tools. And they will upgrade those tools just as fast as they can (hence the rapid adoption of Apple’s Snow Leopard OS X upgrade in recent months.)

So for all those millions of newly laid off workers who know that “entrepreneurship, innovation and creativity” is their only ticket to a new, fresh start — those that no longer have an IT department to tell them what to do (at lowest cost) — they seem to be making a new move to a Mac. I expect they won’t soon go back, once they taste the fruits of heightened knowledge productivity.

Because when failure is not an option, you have to have the best tools, especially when the going gets tough. The sad part is that Apple does so well when so many are not.

October 15th, 2009

Making the leap from virtualization to cloud computing: A roadmap and guide

Posted by Dana Gardner @ 10:48 am

Categories: Amazon, Cloud computing, Google, HP, Hardware Infrastructure, IBM, IT Management, IT Service Management, ITIL, Open Source, Podcasts, SOA, SOA Governance, SOA architect, SaaS, Silicon Valley, Software Development, Software Infrastructure, VMware, Virtualization, Web Services, business intelligence, datacenters, governance, management

Tags: Hewlett-Packard Co., Information Technology, Server, Cloud Computing, Virtualization, Storage Management, Utility Computing, Hardware, Storage, Dana Gardner

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. View a full transcript or download a copy. Learn more. Sponsor: Hewlett-Packard.

Get a free copy of Cloud for Dummies courtesy of Hewlett-Packard at www.hp.com/go/cloudpodcastoffer.

This latest BriefingsDirect podcast discussion focuses on enterprise IT architects making a leap from virtualization to cloud computing.

How should IT leaders scale virtualized environments so that they can be managed for elasticity payoffs? What should be taking place in virtualized environments now to get them ready for cloud efficiencies and capabilities later?

And how do service-oriented architecture (SOA), governance, and adaptive infrastructure approaches relate to this progression, or road map, from tactical virtualization to powerful and strategic cloud computing outcomes?

Here to help hammer out a typical road map for how to move from virtualization-enabled server, storage, and network utilization benefits to the larger class of cloud computing agility and efficiency values, we are joined by two thought leaders from HP: Rebecca Lawson, director of Worldwide Cloud Marketing, and Bob Meyer, the worldwide virtualization lead in HP’s Technology Solutions Group.

The discussion is moderated by me, BriefingsDirect’s Dana Gardner, principal analyst at Interarbor Solutions.

Here are some excerpts:

Lawson: We’re seeing an acceleration of our customers to start to get their infrastructure in order — to get it virtualized, standardized, and automated — because they want to make the leap from being a technology provider to a service provider.

Many of our customers who are running an IT shop, whether it’s enterprise or small and mid-size, are starting to realize — thanks to the cloud — that they have to be service-centric in their orientation. That means they ultimately have to get to a place, where not only is their infrastructure available as a service, but all of their applications and their offerings are going in that direction as well.

Meyer: A couple of years ago, people were talking about virtualization. The focus was all on the server and hypervisor. The real positive trend now is to focus on the service.

How do I take this infrastructure, my servers, my storage, and my network and make sure that the plumbing is right and the connectivity is right between them to be agile enough to support the business? How do I manage this in a holistic manner, so that I don’t have multiple management tools or disconnected pools of data.

What’s really positive is that the top-down service perspective that says virtualization is great, but the end point is the service. On top of that virtualization, what do I need to do to take it to the next level? And, for many people now, that next level they are looking at is the cloud, because that is the services perspective.

Lawson: A lot of people are trying to make a link between virtualization and cloud computing. We think there is a link, but it’s not just a straight-line progression. In cloud computing, everything is delivered as a service.

What’s really useful about cloud services like those is that they’re not necessarily used inside the enterprise, but what they are doing is they are causing IT to focus on the end-game. Very specifically, what are those business services that we need to have and that business owners need to use in order to move our company forward?

… We’re learning lesson from the big cloud service providers on how to standardize, where to standardize, how to automate, how to virtualize, and we’re using the lessons that we are seeing from the big-cloud service providers and apply them back into the enterprise IT shop.

Meyer: The cloud discussion is important, because it looks at the way that you consume and deliver services. It really does have broader implications to say that now as a service provider to the business, you have options.

Your option is not just that you buy all the infrastructure components. You plumb them together, monitor them, manage them, make sure they’re compliant, and deliver them. It really opens up the conversation to ask, “What’s the most efficient way to deliver the mix of services I have?”

The end result really is that there will be some that you build, manage, and manage the compliance on your own in the traditional way. Some of them might be outsourced to manage service providers. For some, you might source the infrastructure or the applications from the third-party provider.

… Then you start to understand the implications of shifting workloads, not losing specialty tools, and really getting to a point when you standardize. You could start to get to the point of managing a single infrastructure, understanding the costs better, and really be more effective at servicing and provisioning that. Standardizing has to happen in order to get there.

I’m not just talking about the server and hypervisor itself. You have to really look across your infrastructure, at the network, server, and storage, and get to that level of convergence. How do I get those things to work together when I have to provision a new service or provide a service?

… You’re looking to source something for a service or you’re looking to pull assets together. Everybody will have some combination of physical and virtual infrastructure. So how do I take action when I need a compute resource, be it physical or virtual?

Automation makes the transition possible

How do I know what’s available? How do I know how to provision it? How do I know to de-provision it? How do I see it if that’s in compliance?” All those things really only come through automation. From a bottom-up perspective, we look at the converged infrastructure, the automation capabilities, and the ability to standardize across that.

… When it’s gone beyond a server and hypervisor approach, and they’ve looked at the bigger picture, where the costs are actually being saved and pushed — then the light goes on, and they say, “Okay, there is more to it than just virtualization and the server.” You really do have to look, from an infrastructure perspective, at how you manage it, using holistic management, and how you connect them together.

Hopefully, at HP we can help make that progression faster, because we’ve worked with so many companies through this progression. But really it takes moving beyond the hypervisor approach, understanding what it needs to do in the context of the service, and then looking at the bigger picture.

Lawson: … Most IT organizations want to be aware and help govern what actually gets consumed. That’s hard to do, because it’s easy to have rogue activity going on. It’s easy to have app developers, testers, or even business people go out and just start using cloud services.

… [But] if IT is willing and able to step back and provide a catalog of all services that the business can access, that might include some cloud services. We try to encourage our customers to use the tools, techniques, and the approach that says, “Let’s embrace all these different kinds of services, understand what they are, and help our lines of business and our constituents make the right choice, so that they’re using services that are secure, governed, that perform to their expectations, and that don’t get them into trouble.”

We encourage our customers to start immediately working on a service catalog. Because when you have a service catalog, you’re forced into the right cultural and political behaviors that allow IT and lines of business to kind of sync up, because you sync up around what’s in the catalog.

There’s no excuse not to do that these days, because the tools and technologies exist to allow you to do that. At HP, we’ve been doing that for many years. It’s not really brand new stuff. It’s new to a lot of organization that haven’t used it.

You can start to control, manage, and measure across that hybrid ecosystem with standard IT management tools. … The organizing principle is the technology-enabled service. Then you can be consistent. You can say, “This external email service that we’re using is really performing well. Maybe we should look at some other productivity services from that same vendor.” You can start to make good decisions based on quantitative information about performance availability and security.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. View a full transcript or download a copy. Learn more. Sponsor: Hewlett-Packard.

Get a free copy of Cloud for Dummies courtesy of Hewlett-Packard at www.hp.com/go/cloudpodcastoffer.

October 15th, 2009

Oracle's Fusion Apps finally come out from behind the OpenWorld curtain

Posted by Dana Gardner @ 9:13 am

Categories: Developer Tools, Enterprise Java, HP, Hardware Infrastructure, IBM, Linux, Open Source, Oracle, SOA, SOA Governance, SOA architect, Silicon Valley, Software Development, Software Infrastructure, Sybase, VMware, Virtualization, business intelligence, database, governance, management

Tags: Oracle Corp., Tony, Fusion Apps, Ellison, Service-Oriented Architecture (SOA), Social Networking, Web Services, Middleware, Enterprise Software, Software

This guest post comes courtesy of Tony Baer’s OnStrategies blog. Tony is a senior analyst at Ovum.

By Tony Baer

Like almost every attendee at just-concluded Oracle OpenWorld, the suspense on when Oracle would finally lift the wraps on Fusion Apps was palpable. Staying cool with minimizing our carbon footprint, we weren’t physically at Moscone, but instead watching the webcasts and monitoring the Twitter stream from our home office.

The level of anticipation over Fusion apps was palpable. But it was hardly suspense as it seemed that a good cross-section of Twitterati were either analysts, reference customers, consultants or other business partners who have had their NDA sneak peaks (we had ours back in June), but had to keep our lips sealed until last night.

There was also plenty of impatience for Oracle to finally get on with a message that was being drowned out by its sudden obsession with hardware. Ellison spent most of his keynote time pumping up its Exadata cache memory database storage appliance and issuing a $10 million challenge to IBM that it can’t match Oracle’s database benchmarks on Sun.

Yup, if the Sun acquisition goes trough, Oracle’s no longer strictly a software company, and although the Twiterati counted its share of big iron groupies, the predominant mood was that hardware was a distraction.

“This conference has been hardware heavy from the start. Odd for a software conference,” tweeted Forrester analyst Paul Hamerman. “90 minutes into the keynote, nothing yet on Fusion apps.”

“Larry clearly stalling with all this compression mumbo jumbo,” “Larry please hurry up and tell the world about Fusion Apps, fed up of saying YES it does exist to your skeptics,” and so on read the Twitter stream.

There was fear that Oracle would simply tease us in a manner akin to Jon Stewart’s we’ll have to leave it there dig at CNN: “I am afraid that Larry soon will tell that as time has run out he will tell about Fusion applications in next OOW.” A 20-minute rousing speech from Calif. Gov. Arnold Schwarzenegger served as a welcome relief from Ellison’s newly found affection for big iron toys.

Ellison came back after the Governator pleaded with the audience to stick around awhile and drop some change around California as the state is broke. The break gave him the chance to drift over to Oracle Enterprise Manager, which at least got the conversation off hardware.

Ellison described some evolutionary enhancements where Oracle can track your configurations trough Enterprise Manager and automatically manage patching. As we’ve noted previously, Oracle has compelling solutions for all-Oracle environments, among them being a declarative framework for developing apps and specifying what to monitor and auto-patch.

The main topic

But the spiel on Enterprise Manager provided a useful back door to the main topic, as Ellison showed how it could automate management of the next generation of Oracle apps. Ellison got the audience’s attention with the words, “We are code complete for all of this.”

Well almost everything. Oracle has completed work on all modules except manufacturing.

Ellison then gave a demo that was quite similar to one that we saw under NDA back in the summer. While ERP emerged with and was designed for client/server architectures, Fusion has emerged with a full Java EE and SOA architecture; it is built around Oracle Fusion middleware 11g and uses Oracle BPEL Process Manager to run processes as orchestrations of processes exposed from the Fusion Apps or other legacy applications. That makes the architecture of Fusion Apps clean and flexible.

But at this point, Oracle is not being any more specific about rollout other than to say it would happen sometime next year.

It uses SOA to loosely couple, rather than tightly integrate with other Fusion processes or processes exposed by existing back end applications, which should make Fusion apps more pliant and less prone to outage.

That allows workflows in Fusion to be dynamic and flexible. If an order in the supply chain is held up, the process can be dynamically changed without bringing down order fulfillment processes for orders that are working correctly. It also allows Oracle to embed business intelligence throughout the suite, so that you don’t have to leave the application to perform analytics.

For instance, in an HR process used for locating the right person for a job, you can dig up an employee’s salary history, and instead switching to a separate dashboard, you can instead retrieve and display relevant pieces of information necessary to see comparisons and make a decision.

Fusion’s SOA architecture also allows Oracle to abstract security and access control by relying on its separate, Fusion middleware-based Identity Manager product. The same goes with communications, where instant messaging systems can be pulled in (we didn’t see any integration with Wikis or other Web 2.0 social computing mechanisms, but we assume that they can be integrated as services.). It also applies to user interfaces, where you can use different rich internet clients by taking advantage of Oracle’s ADF framework in JDeveloper.

Oracle concedes the obvious: Outside of the mid-market, there is no greenfield market for ERP, and therefore, Fusion Apps are intended to supplement what you already have, not necessarily replace it.

That includes Oracle’s existing applications, for which it currently promises at least a decade of more support. But at this point, Oracle is not being any more specific about rollouts other than to say it would happen “sometime next year.”

This guest post comes courtesy of Tony Baer’s OnStrategies blog. Tony is a senior analyst at Ovum.

September 30th, 2009

Open Mashup Alliance sets out to breed ease of apps and data access, portability

Posted by Dana Gardner @ 11:03 am

Categories: Cloud computing, Enterprise 2.0, Enterprise Java, HP, IT Management, IT Service Management, Internet, Silicon Valley, Software Development, Software Infrastructure, datacenters, management

Tags: Enterprise Mashup, Data Access, Mashup, Dana Gardner

Industry consortia often set out with lofty goals, but don’t always reach them in the face of conflicts among major players. The newly formed Open Mashup Alliance (OMA) could be quite different.

The latest consortium on the technology scene, the OMA’s mission is to foster the successful use of web data services and enterprise mashup technologies and the adoption of an open language that promotes enterprise mashup interoperability and portability. This is a high priority for more and more enterprises, which is why the OMA could gain momentum.

In fact, it already has on one level. The founding members of OMA is a diverse list of software vendors, consultants, tech service provides and other industry leaders that share a common interest: promoting the open, free-to-use Enterprise Mashup Markup Language (EMML) for the development, interoperability and compatibility of enterprise mashup offerings.

Charter members include Adobe, Bank of America, Capgemini, Hinchcliffe & Co., HP, Intel, JackBe, Kapow Technologies, ProgrammableWeb, Synteractive, and Xignite. Any organization that wants to advance EMML and enterprise mashup interoperability and compatibility can join the OMA. [Disclosure: HP and Kapow are sponsors of BriefingsDirect podcasts.]

Remove vendor lock-in

Michael Ogrinz, principal architect at Bank of America and author of the book Mashup Patterns‚ was right when he said the industry needs to remove vendor lock-in concerns raised by proprietary toolsets in order for enterprise mashups to take hold.

“We also need to inspire the innovative minds of the open-source community to start working in this space,” Ogrinz says. “By establishing an open standard for mashups, the OMA and EMML addresses both of these issues.”

Andy Mulholland, Global CTO at Capgemini and co-author of the book Mashup Corporations has a different take. As he sees it, enterprises around the world are achieving excellent results with enterprise mashup solutions. But, he adds, these enterprises also realize they could reduce their risk and increase their value with solutions built on standardized vendor products. That’s a good observation and seems to be a driving force for the OMA.

HP’s collaboration with Open Mashup Alliance members to promote the standard design of mashups will help customers advance their SOA initiatives by allowing them to provide a rich user experience on top of their web services.

But there is another driving force that resonates in a down economy: return on investment (ROI). Tim Hall, director of HP’s SOA Center, focused on the ROI aspects of enterprise mashup standards. He’s convinced enterprises can accelerate ROI, reduce the risks of mashup efforts and deliver real-time reporting of dynamic information to business users by adopting industry-wide open standards like EMML.

“HP’s collaboration with Open Mashup Alliance members to promote the standard design of mashups will help customers advance their SOA initiatives by allowing them to provide a rich user experience on top of their web services,” Hall says.

The EMML specification will be governed under the Creative Commons License and supported by a free-to-use EMML reference runtime engine. The Open Mashup Alliance will steward and enhance the EMML v1.0 specification for future contribution to a standards body.

BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached at http://www.linkedin.com/in/jleclaire and http://www.jenniferleclaire.com.

August 24th, 2009

IT and log search as SaaS gains operators fast, affordable and deep access to system behaviors

Posted by Dana Gardner @ 10:40 am

Categories: .NET, Amazon, Application Lifecycle Management, Cloud computing, Enterprise Java, Google, Hardware Infrastructure, IT Management, IT Service Management, ITIL, Linux, Microsoft, Open Source, Podcasts, Red Hat, SOA Governance, SaaS, Security, Silicon Valley, Software Development, Software Infrastructure, VMware, Virtualization, Windows, database, datacenters, governance, mainframe, management, search

Tags: Software, Software-as-a-service, Data Center, Network, Information Technology, Environment, Server, Paglo Data Center, Crawler, Data Centers

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. View a full transcript or download the transcript. Learn more. Sponsor: Paglo.

Automatically discover your IT data and make it accessible and useful. Get started for free.

Complexity of data centers escalates. Managed service providers face daunting performance obligations. And the budget to support the operations of these critical endeavors suffers downward pressure.

In this podcast, we explore how IT search and systems log management as a service provides low-cost IT analytics that harness complexity to improve performance at radically reduced costs. We’ll examine how network management, systems analytics, and log search come together, so that IT operators can gain easy access to identify and fix problems deep inside complex distributed environments.

Here to help better understand how systems log management and search work together are Dr. Chris Waters, co-founder and chief technology officer at Paglo, and Jignesh Ruparel, system engineer at Infobond, a value-added reseller (VAR). The discussion is moderated by me, BriefingsDirect’s Dana Gardner.

Here are some excerpts:

Waters: [Today] there’s just more information flowing, and more information about the IT environment. Search is a great technology for quickly drilling through a lot of noise to get to the exact piece of data that you want, as more and more data flows at you as an IT professional.

One of the other challenges is the distribution of these applications across increasingly distributed companies and applications that are now running out of remote data centers and out of the cloud as well.

When you’re trying to monitor applications outside of a data center, you can no longer use software systems that you have installed on your local premises. You have to have something that can reach into that data center. That’s where being able to deliver your IT solution as software-as-a-service (SaaS) or a cloud-based application itself is really important.

You’ve got this heterogeneity in your IT environments, where you want to bring together solutions from traditional software vendors like Microsoft and cloud providers like Amazon, with their EC2, and it allows you to run things out of the cloud, along with software from open-source providers.

All of the software in these systems and this hardware is generating completely disparate types of information. Being able to pull all that together and use an engine that can suck up all that data in there and help you quickly get to answers is really the only way to be able to have a single system that gives you visibility across every aspect of your IT environment.

And “inventory” here means not just the computers connected to the network, but the structure of the network itself — the users, the groups that they belong to, and, of course, all of the software and systems that are running on all those machines.

Search allows us to take information from every aspect of IT, from the log files that you have mentioned, but also from information about the structure of the network, the operation of the machines on the network, information about all the users, and every aspect of IT.

We put that into a search index, and then use a familiar paradigm, just as you’d search with Google. You can search in Paglo to find information about the particular error messages, or information about particular machines, or find which machines have certain software installed on them.

We deliver the solution as a SaaS offering. This means that you get to take advantage of our expertise in running our software on our service, and you get to leverage the power of our data centers for the storage and constant monitoring of the IT system itself.

The [open source] Paglo Crawler is a small piece of software that you download and install onto one server in your network. From that one server, the Paglo Crawler then discovers the structure of the rest of the network and all the other computers connected to that network. It logs onto those computers and gathers rich information about the software and operating environment.

That information is then securely sent to the Paglo data center, where it’s indexed and stored on the search index. You can then log in to the Paglo service with your Web browser from anywhere in your office, from your iPhone, or from your home and gain visibility into what’s happening in real time in the IT environment.

This allows people who are responsible for networks, servers, and workstations to focus on their expertise, which is not maintaining the IT management system, but maintaining those networks, servers, and workstations.

The Crawler needs some access to what’s going on in the network, but any credentials that you provide to the Crawler to log in never leaves the network itself. That’s why we have a piece of software that sits inside the network. So, there are no special firewall holes that need to be opened or compromised in the security with that.

There is another aspect, which is very counterintuitive, and that people don’t expect when they think about SaaS. Here at Paglo, we are focused on one thing, which is securely and reliably operating the Paglo service. So, the expertise that we put into those two things is much more focused than you would expect within an IT department, where you are focused on solving many, many different challenges.

Ruparel: For 15 years, we [at Infobond] have been primarily a break-fix organization, moving into managed services, monitoring services. We needed visibility into the networks of the customers we service. For that we needed a tool that would be compatible with the various protocols that are out there to manage the networks — namely SNMP, WMI, Syslog. We needed to have all of them go into a tool and be able to quickly search for various things.

We found that the technology that Paglo is using is very, very advanced. They aggregate the information and make it very easy for you to search.

You can very quickly create customized dashboards and customized reports based on that data for the end customer, thus providing more of a personal and customized approach to the monitoring for the customers.

Some of the dashboards are a common denominator to various sorts of customers. An example would be a Microsoft Exchange dashboard. Customers would love to have a dashboard that they have on the screen. At the end of the day, I look at it very simply as collecting information in one place, and then being able to extract that easily for various situations and environments.

These are some things that are a common denominator to almost all customers that are moving with the technology, implementing new technologies, such as VMware, the latest Exchange versions, Linux environments for development, and Windows for their end users.

The number of pieces of software and the number of technologies that IT implements is far more than it used to be, and it’s going to get more and more complex as time progresses. With that, you need something like Paglo, where it pulls all the information in one place, and then you can create customized uses for the end customers.

If I go and set things up without Paglo, it would require me to place a server at the customer site. We would have to worry about not only maintenance of the hardware, but the maintenance of the software at the customer site as well, and we would have to do all of this effort.

We would then have to make sure that our systems that those servers communicate to are also maintained and steady 24/7. We would have multiple data centers, where we can get support. In case one data center dies, we have another one that takes over. All of that infrastructure cost would be used as an MSP.

At the end of the day, I look at it very simply as collecting information in one place, and then being able to extract that easily for various situations and environments.

Now, if you were to look at it from a customer’s perspective, it’s the same situation. You have a software piece that you install on a server. You would probably need a person dedicated for approximately two to three months to get the information into the system and presentable to the point where its useful. With Paglo, I can do that within four hours.

Waters: We have a lot of users who are from small and medium-sized businesses. We also see departments within some very large enterprises, as well, using Paglo, and often that’s for managing not just on-premise equipment, but also managing equipment out of their own data centers.

Paglo is ideal for managing data-center environments, because, in that case, the IT people and the hardware are already remote from each other. So, the benefits of SaaS are double there. We also see a lot of MSPs and IT consultants who use Paglo to deliver their own service to their users.

Ruparel: As far as cost is concerned, right now Paglo charges a $1.00 a device. That is unheard of in the industry right now. The cheapest that I have gotten from other vendors, where you would install a big piece of hardware and the software that goes along with it, and the cost associated with that per device is approximately $4-5, and not delivering a central source of information that is accessible from anywhere.

As far as cost, infrastructure cost wise, we save a ton of money. Manpower wise, the number of hours that I have to have engineers working on it, we save tons of time. Number three, after all of that, what I pay to Paglo is still a lot less than it would cost me.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. View a full transcript or download the transcript. Learn more. Sponsor: Paglo.

Automatically discover your IT data and make it accessible and useful. Get started for free.

August 12th, 2009

Cloud Security Panel: Is cloud computing more or less secure than on-premises IT?

Posted by Dana Gardner @ 2:08 pm

Categories: .NET, Akamai, Amazon, Cisco, Cloud computing, Google, Oracle, SOA, SOA Governance, SOA architect, SaaS, Silicon Valley, Software Development, Software Infrastructure, Virtualization, datacenters, governance, management

Tags: Podcast, Cloud Computing, Audit, Information Technology, Standards, Service, Security, Dana Gardner

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download or view the transcript. Sponsor: The Open Group.

Welcome to a special sponsored podcast discussion coming from The Open Group’s 23rd Enterprise Architecture Practitioners Conference in Toronto. This podcast, part of a series from the July 2009 event, centers on cloud computing security.

Much of the cloud security debate revolves around perceptions. … For some cloud security is seeing the risk glass as half-full or half empty. Yet security in general takes on a different emphasis as services are mixed and matched from a variety of internal and external sources.

So will applying conventional security approaches and best practices be enough for low-risk, high-reward, cloud computing adoption? Most importantly, how do companies know when they are prepared to begin adopting cloud practices without undo security risks?

Here to help better understand the perils and promises of adopting cloud approaches securely, we welcome our panel: Glenn Brunette, distinguished engineer and chief security architect at Sun Microsystems and founding member of the Cloud Security Alliance (CSA); Doug Howard, chief strategy officer of Perimeter eSecurity and president of USA.NET; Chris Hoff, technical adviser at CSA and director of Cloud and Virtualization Solutions at Cisco Systems; Dr. Richard Reiner, CEO of Enomaly; and Tim Grance, program manager for cyber and network security at the National Institute of Standards and Technology (NIST).

The discussion is moderated by me, BriefingsDirect’s Dana Gardner.

Here are some excerpts:

Reiner: There are security concerns to cloud computing. Relative to the security concerns in the ideal enterprise mode of operation, there is some good systematic risk analysis to model the threats that might impinge upon this particular application and the data it processes, and then to assess the suitability of different environments for potential deployment of that stuff.

There are a lot more question marks around today’s generation of public-cloud services, generally speaking, than there are around the internal computing platforms that enterprises can use. So it’s easier to answer those questions. It’s not to say the answers are necessarily better or different, but the questions are easier to answer with respect to the internal systems, just because there are more decades of operating experience, there is more established audit practice, and there is a pretty good sense of what’s going to be acceptable in one regulatory framework or another.

Howard: The first thing that you need to know is, “Am I going to be able to deliver a service the same way I deliver it today at minimum? Is the user experience going to be, at minimum, the same that I am delivering today?”

Because if I can’t deliver, and it’s a degradation of where my starting point is, then that will be a negative experience for the customers. Then, the next question is, obviously, is it secured as a business continuity? Are all those things and where that actual application resides completely transparent to the end user?

Brunette: Is cloud computing more or less secure than client-server? I don’t think so. I don’t think it is either more or less secured. Ultimately, it comes down to the applications you want to run and the severity or criticality of these applications, whether you want to expose them in a shared virtualized infrastructure.

… When you start looking at the cloud usage patterns and the different models, you’re going to see that governance does not end at your organization’s border. You’re going to need to understand the policies, the processes, and the governance model of the cloud providers.

It’s going to be important that we have a degree of transparency and compliance out in the cloud in a way that can be easily consumed and integrated back into an organization.

Hoff: One of the interesting notions of how cloud computing alters the business case and use models really comes down to a lot of pressure combined with the economics today. Somebody, a CIO or a CEO, goes home and is able to fire up their Web browser, connect to a service we all know and love, get their email, enjoy a robust Internet experience that is pretty much seamless, and just works.

Then, they show up on Monday morning and they get the traditional, “That particular component is down. That doesn’t work. This is intrusive. I’ve got 47,000 security controls that I don’t understand. You keep asking for more money.”

Grance: Cloud has a vast potential to cause a disintermediation, just like in power and other kinds of industries. I think it may run eventually through some of these consulting companies, because you won’t be able to get as rich off of consulting for that.

In the meantime, I think you’re going to have … people simply just roll their own [security]. Here’s my magic set of controls. It may not be all of them. It may just be a few of them. I think people will shop around for those answers, but I think the marketplace will punish them.

Howard: … If you look at a lot of the cloud providers, we tend, in many cases, to fight some standards, because, in reality, we want to have competitive differentiators in the marketplace. Sometimes, standards and interoperability are key ones, sometimes standards create a lack of our ability to differentiate ourselves in the marketplace.

However, on the security side, I that’s one of the key areas that you definitely can get the cloud providers behind, because, if we have 10,000 clients, the last thing we want is to have enough people sitting around taking the individual request of all the audits that are coming in from those customers.

… So, to put standards behind those types of efforts is an absolute requirement in the industry to make it scalable, not just beyond the infrastructure, performance, availability, and all those things, but actually from a cost perspective of people supporting and delivering these services in the marketplace.

Brunette: … One of the other things I’d point out is that, it’s not just about the cloud providers and the cloud consumers, but there are also other opportunities for other vendors to get into the fray here.

One of the things that I’ve been a strong proponent of is, for example, OS vendors producing better, more secured, hardened versions of their operating systems that can be deployed and that are measurable against some standard, whether a benchmark from the Center for Internet Security, or FDCC in the commercial or in the federal space.

You may also have the opportunity of third parties to develop security-hardened stacks. So, you’d be able to have a LAMP stack, a Drupal stack, an Oracle stack, or whatever you might want to deploy, which has been really vetted by the vendor for supportability, security, performance, and all of these things. Then, everyone benefits, because you don’t all have to go out there and develop your own.

Howard: … At the end of the day, if you develop and you deliver a service … and the user experience is positive, they’re going to stay with the service.

On the flip side, if somebody tries to go the cheap way and ultimately delivers a service that has not got that high availability, has got problems, is not secure, and they have breaches, and they have outages, eventually that company is going to go out of business. Therefore, it’s your task right now to figure out who are the real players, and does it matter if it’s an Oracle database, SQL database, or MySQL database underneath, as long as it’s meeting the performance requirements that you have.

Unfortunately, right now, because everything is relatively new, you will have to ask all the questions and be comfortable that those answers are going to deliver the quality of service that you want. Over time, on the flip side, it will play out and the real players will be the real players at the end of the day.

Hoff: … It [also] depends on what you pay for it, and I think that’s a very interesting demarcation point. There is a service provider today who doesn’t charge me anything for getting things like mail and uploading my documents, and they have a favorite tag line, “Hey, it’s always in beta.” So the changes that you might get could be that the service is no longer available. Even with enterprise versions of them, what you expect could also change.

… In the construct of SaaS, can that provider do a better job than you can, Mr. Enterprise, in running that particular application?

This comes down to an issue of scale. More specifically, what I mean by that is, if you take a typical large enterprise with thousands of applications, which they have to defend, safeguard, and govern, and you compare them to a provider that manages what, in essence, equates to one application, comparing apples to elephants is a pretty unreasonable thing, but it’s done daily.

What’s funny about that is that, if you take a one-to-one comparison with that enterprise that is just running that one application with the supporting infrastructure, my argument would be that you may be able to get just as good as, perhaps even better, performance than the SaaS provider. It’s when you get to the point of where you define scale, it’s on the consumer side or number of apps you provide where that question gets interesting.

… What happens then when I end up having 50 or 60 cloud providers, each running a specific instance of these applications. Now, I’ve squeezed the balloon. Instead of managing my infrastructure, I’m managing a bunch of other guys who I hope are doing a good job managing theirs. We are transferring responsibility, but not accountability, and they are two very different things.

Brunette: … In almost every case, the cloud providers can hide all of that complexity, but it gives them a lot more flexibility in terms of which technology is right for their underlying application. But, I do believe that over time they will have a very strong value proposition. It will be more on the services that they expose and provide than the underlying technology.

Hoff: … The reality is, portability and interoperability are going to be really nailed to firstly define workload, express the security requirements attached to that workload, and then be able to have providers attest in the long-term in a marketplace.

I think we called it “the Intercloud,” a way where you go through service brokers or do direct interchange with this type of standards and protocols to say, “Look I need this stuff. Can you supply these resources that meet these requirements? “No? Well, then I go somewhere else.”

Some of that is autonomic, some of it’s automated, and some of it will be manual. But, that’s all predicated, in my opinion, upon building standards that lets us exchange that information between parties.

Reiner: I don’t think anyone would disagree that learning how to apply audit standards to the cloud environment is something that takes time and will happen over time. We probably are not in a situation where we need yet another audit standard. What we need is a community of audit practices to evolve and to mature to the point where there is a good consensus of opinion about what constitutes an appropriate control in a cloud environment.

Brunette: As Chris said, it comes down to open standards. It’s important that you are able to get your data out of a cloud provider. It’s just as important that you need to have a standard representation of that data, something that can be read by your own applications, if you want to bring it back in house, and something that you can use with another provider, if you decide go that route.

Grance: I’m going to out on a limb and say that NIST is in favor of open, voluntary consensus, but data representation and APIs are early places where people can start. I do want to say important things about open standards. I want to be cautious about how much we specify too early, because there is a real ability to over specify early and do things really badly.

So it’s finding that magic spot, but I think it begins with data representation and APIs. Some of these areas will start with best practices and then evolve into these things, but again the marketplace will ultimately speak to this. We convey our requirements in clear and pristine fashion, but put the procurement forces behind that, and you will begin to get the standards that you need.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download or view the transcript. Sponsor: The Open Group.

August 12th, 2009

VMware fleshes out its cloud computing support model with SpringSource grab

Posted by Dana Gardner @ 8:25 am

Categories: .NET, Agile Development, Amazon, Apache, Application Lifecycle Management, Cloud computing, Developer Tools, Eclipse, Enterprise Java, Google, JBoss, Java, Linux, Microsoft, Open Source, Oracle, Red Hat, SOA, SOA Governance, SOA architect, Silicon Valley, Software Development, Software Infrastructure, VMware, Virtualization, Windows, datacenters

Tags: Cloud Computing, VMware Inc., SpringSource, Tony, Virtualization, Hardware, Dana Gardner

This guest post comes courtesy of Tony Baer’s OnStrategies blog. Tony is a senior analyst at Ovum. His profile is here. You can reach him here.

VMware’s proposed $362 million acquisition of SpringSource is all about getting serious in competing with Salesforce.com and Google App Engine as the Platform-as-a-Service (PaaS) cloud with the technology that everybody already uses.

This acquisition was a means to an end, pairing two companies that could not be less alike. VMware is a household name, sells software through traditional commercial licenses, and markets to IT operations. SpringSource is a grassroots, open source developer-oriented firm whose business is a cottage industry by comparison. The cloud brought both companies together that each faced complementary limitations on their growth. VMware needed to grow out beyond its hardware virtualization niche if it was to regain its groove, while SpringSource needed to grow up and find deeper pockets to become anything more than a popular niche player.

The fact is that providing a virtualization engine, even if you pad it with management utilities that act like an operating system, is still a raw cloud with little pull unless you go higher up in the stack. Raw clouds have their appeal only to vendors that resell capacity or enterprise large firms with the deep benches of infrastructure expertise to run their own virtual environments. For the rest of us, we need a player that provides a deployment environment, handles the plumbing, that is married to a development environment. That is what Salesforce’s Force.com and Google’s App Engine are all about. VMware’s gambit is in a way very similar to Microsoft’s Software + Services strategy: use the software and platforms that you are already used to, rather than some new

The most glaring omission is need for Java object distributed caching to provide yet another alternative to scalability.

environment in a cloud setting. There’s nothing less familiar to large IT environments than VMware’s ESX virtualization engine, and in the Java community, there’s nothing more familiar than the Spring framework which – according to the company – accounts for roughly half of all Java installations.

With roughly $60 million in stock options for SpringSource’s 150-person staff, VMware is intent on keeping the people as it knows nothing about the Java virtualization business. Normally, we’d question a deal like this because the company’s are so dissimilar. But the fact that they are complementary pieces to a PaaS offering gives the combination stickiness.

For instance, VMware’s vSphere’s cloud management environment (in a fit of bravado, VMware calls it a cloud OS) can understand resource consumption of VM containers; with SpringSource, it gets to peer inside the black box and understand why those containers are hogging resource. That provides more flexibility and smarts for optimizing virtualization strategies, and can help cloud customers answer the question: do we need to spin out more VMs, perform some load balancing, or re-apportion all those Spring TC (Tomcat) servlet containers?

The addition of SpringSource also complements VMware’s cloud portfolio in other ways. In his blog about the deal, SpringSource CEO Rod Johnson noted that the idea of pairing VMware’s Lab Manager (that’s the test lab automation piece that VMware picked up through the Akimbi acquisition) proved highly popular with Spring framework customers. In actuality, if you extend Lab manager from simply spinning out images of testbeds to spinning out runtime containers, you would have VMware’s answer to IBM’s recently-introduced WebSphere Cloudburst appliance.

VMware isn’t finished however. The most glaring omission is need for Java object distributed caching to provide yet another alternative to scalability. If you only rely on spinning out more VMs, you get a highly rigid one-dimensional cloud that will not provide the economies of scale and flexibility that clouds are supposed to provide. So we wouldn’t be surprised if GigaSpaces or Terracotta might be next in VMware’s acquisition plans.

This guest post comes courtesy of Tony Baer’s OnStrategies blog . Tony is a senior analyst at Ovum. His profile is here. You can reach him here.

August 7th, 2009

Information management targets e-discovery, compliance, legal risks while delivering long-term BI and governance benefits

Posted by Dana Gardner @ 11:14 am

Categories: BI, Cloud computing, Enterprise 2.0, Government, HP, Hardware Infrastructure, IT Management, IT Service Management, ITIL, Intellectual Property, Microsoft, Podcasts, SOA, SOA Governance, SOA architect, Silicon Valley, Software Development, Software Infrastructure, Wall Street, Web Services, business intelligence, database, datacenters, governance, management, search

Tags: Business Intelligence, Information Management, Compliance, Benefit, Organization, Litigation, E-mail, Data Centers, Content Management, Strategy

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download or view the transcript. Learn more. Sponsor: Hewlett Packard.

Losing control over information sprawl at enterprises can cause long-term inefficiencies. But it’s the short-term legal headaches of not being prepared for E-discovery requests that have caught many firms off-guard.

Potentially massive savings can be had from thwarting legal discovery fulfillment problems in advance by governing and managing information. In a sponsored podcast, I recently examined how the well-managed — versus the haphazard — information oversight approach reduces legal risks. Yet these same management lifecycle approaches bring long-term payoffs through better analytics, and regulatory compliance, while reducing the cost of data storage and archiving.

Better understand the perils and promise around information management with guests Jonathan Martin, Vice President and General Manager for Information Management at HP, and Gaynelle Jones, Discovery Counsel at HP. The discussion is moderated by me, BriefingsDirect’s Dana Gardner.

Here are some excerpts:

Martin: Over the last five to 10 years, we’ve become increasingly addicted to information, both at home and at work. … and the size of it is beginning to really impact businesses. This trend is that information tends to either double every year in developing countries, and tends to double about every 18 months in developed organizations. Today, we’re creating more information than we have ever created before, and we tend to be using limited tools to manage that information.

We’re getting less business value from the information that we create. … Unfortunately, in the last 18 months or so, the economy has begun to slow down, so that concept of just throwing more and more capacity at the problem is causing challenges for organizations. Today, organizations aren’t looking at expanding the amount of information that’s stored. They’re actually looking at new ways to reduce the amount of information.

Coming into 2010, both in the US and in Europe, there is going to be a new wave of a regulation that organizations are going to have to take on board about how they manage their business information.

Jones: Because we have black-letter law that computerized data is discoverable if relevant, and because of the enormous amount of electronic information that we are dealing with, litigants have to be concerned with discovery, in identifying and producing it, and making sure it’s admissible.

I’m charged here [at HP] with developing and working with both the IT and the litigation teams around making sure that we are compliant, and that we respond quickly to identify our electronically stored information, and that we get it in a form that can be produced in the litigation.

There are horror stories that have been in the news in recent years around major companies such as Morgan Stanley, Enron, Qualcomm and a host of others being sanctioned for not following and complying properly with the discovery rules. … In each case, companies failed to properly implement litigation rules, directly pointing to their failure to properly manage their electronic information. So the sanctions and the penalties can be enormous if we don’t get a hold of this and comply.

We’ve seen, over the last few years, organizations move from taking a very reactive approach on these kinds of issues to a more proactive or more of a robust approach.

Martin: You have to be able to identify and manage the information and think

Over the last two to three years, organizations have begun to take a more proactive approach.

ahead about where you’re likely to have to pull it in and produce it, and make a plan for addressing these issues before you have to actually respond. When you’re managing a lot of litigation, you have to respond in a quick timeframe, by law. You don’t have time to then sit down and draw up your plan.

[Not being prepared] makes the process at least twice as expensive, than if you’ve planned ahead, strategized, and know where your information was, so that when the time comes, you could find it and preserve it and produce it.

Over the last two to three years, organizations have begun to take a more proactive approach. They’re gathering the content that’s most likely to be used in an audit, or that’s most likely to be used in a legal matter, and consolidating that into one location. They’re indexing it in the same way and setting a retention schedule for it, so that when they’re required to respond to litigation or are required to respond to an audit or a governance request, all the information is in one place. They can search it very quickly.

At first, the problem statement may look absolutely enormous. … What we’re seeing, though, is that organizations that went through this shift from reactive to proactive two to three years ago have actually generated a new asset within the organization. … They ultimately end up with a brand-new repository in the organization that can help them make better business decisions, leveraging the majority of the content that the organization creates.

If you logically think through the process, as an organization, you are taking a more proactive stance. You’re capturing all of those emails, you’re capturing content from file systems and your [Microsoft] SharePoint systems. You’re pulling sales orders. You get purchase request from your database environment. You’re consolidating maybe miles and miles of paper into a digital form and bringing all of this content into one compliance archive.

This information is in one place. If you’re able to add better classification of the content, a better way of a layer of meaning to the content, suddenly you have a tool in place that allows you to analyze the information in the organization, model information in the organization, and use this information to make better business decisions.

The final step, once you’ve got all that content in one place, is to add a layer of analytic or modeling capability to allow you to manipulate that content and respond quickly to a subpoena or an audit request.

Jones: We’re working right now on putting an evidence repository in place, so that

So we’re seeing either top-down or grassroots-up content moving into the cloud. From a regulatory perspective, a governance perspective, or a legal perspective, this has new implications for the organizations.

we can collect information that’s been identified, bring it over, and then search on it. So, you can do early electronic searches, do some of the de-duping that Jonathan has talked about, and get some early case assessment.

Our counsel can find out quickly what kind of emails we’ve got and get a sense of what the case is worth long before we have to collect it and turn it over to our outside vendors for processing. That’s where we’re moving at this point.

We think it’s going to have tremendous benefit for us in terms of getting on top of our litigation early on, reducing the cost of the data that we end up sending outside for processing, and of course, saving cost across the board, because we can do so much of it through our own management systems, when they’re in place. We’re really anxious and excited to see how this is going to help us in our overall litigation strategy and in our cost.

Martin: Increasingly, we’re seeing more and more content move into the cloud. This is may be coming from a top-down initiative, or from a cost or capability perspective. Organizations are saying, “Maybe it’s no longer cost effective for us to run an email environment internally. What we’d like to do is put that into the cloud, be able to manage email in the cloud, or have our email managed in the cloud.”

Or, it may come from the grassroots, bottom up, where employees, when they come to work, are beginning to act more and more like consumers. They bring consumer-type technology with them, something like Facebook or social networking sites. They’re coming to the organization to set up a project team and to set up a Facebook community, and they collaborate using that.

So we’re seeing either top-down or grassroots-up content moving into the cloud. From a regulatory perspective, a governance perspective, or a legal perspective, this has new implications for the organizations. A lot of organizations are struggling a little bit on how do they respond to that.

… How do you discover this content, how are you required to capture this content, or are they the same, legal obligations, the content that’s inside your data center of this various IT data centers? How do you address applications, maybe mashups, where content may be spread across 20 to 30 different data centers. It’s a whole new vista of issues that are beginning to appear as content moves into the cloud.

Jones: The courts haven’t yet addressed the cloud era, but it’s going to definitely be one for which we’re going to have to have a plan in place. The sooner you start being aware of it, asking the questions, and developing a strategy, the better. Once again, you’re not being reactive and, hopefully, you’re saving money in the process.

Martin: Probably one of the best ways to learn is from the experience of others. We’ve invested quite heavily over the last year in building a community for the uses of our products, as well as the potential use of our products, to share best practices and ideas around this concept of information and governance that we’ve been talking about today, as well as just broader information management issues.

There is a website, www.hp.com/go/imhub. If you go there, you’ll see lots of information from former users about how they’re using their technology.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download or view the transcript. Learn more. Sponsor: Hewlett Packard.