I recently caught up with Nicholas Crown, Product Line Manager of Sun’s Identity Business Unit, to talk about Sun’s new strategy to address the growing IT Governance, Risk Management and Compliance (GRC) market. The cornerstones of Sun’s strategy are its current identity portfolio along with the Vaau acquisition, which provided enterprise role-based access management.

Sun is planning to create an IT GRC eco-system which includes ISV partnerships, SI solutions, acquisitions and other Sun product offerings. You should expect to hear more announcements starting next quarter. Below is a graphic of how Sun views a GRC eco-system.

In Sun’s view identity and access management are big components of a compliance solution, and a good place to start. Companies then can build out the rest of the capabilities through partner solutions.

Today Sun does not have anything for the management layer, but they’re working on that. I asked Nicolas where ITIL would fit, as it is becoming popular for IT Governance, and was told it would be considered one of the frameworks in the eco-system and there could be others. He stated that customers often develop their own frameworks, or begin with a standard and then customize it, and the logical view will accommodate that.

However, I was left with the question as to how SOA Governance, also a very big topic these days, fits into the IT GRC eco-system defined by Sun. SOA is changing the very nature of what we call an IT application. The monolithic applications of the past are giving way to mash-ups and composite applications. Many of the same policies that pertain to IT applications, including access control and identity management, also pertain to services. It would seem to me to be a natural conclusion that SOA Governance is a part of the overall IT GRC. How can you provide end-to-end security, risk management and compliance if the policies are not equally applied to the fast growing part of the IT portfolio represented by services? Can they really be separate disciplines, technologies and solutions? Does SOA Governance belong on the GRC roadmap? How are you handling it you your organization?

Posted by bethgb in Vendor Briefings | Permalink | Comments (0) | TrackBacks (0)

One of the things that swamped me in the past month was setting up a new computer. Never fun. This one was interesting as I was forced to migrate to Vista. There has been a lot of talk about Vista in the industry, especially it's failure to succeed. InfoWorld is spearheading a petition to keep XP, and I even signed the petition knowing I would be buying a new computer soon. This week InfoWorld published an interesting article "Was Vista DOA?" The article talks about the early bugs with drivers that did not work and compatibility issues. But this paragraph summed it up for me:

"Here was an OS that, from an enterprise IT standpoint, had almost nothing going for it: No major new technologies; no paradigm-shifting architectural changes; nothing to whet a system administrator's appetite. What it did have was layers and layers of consumer-focused baggage: Pervasive DRM plumbing; dubious multimedia prioritization tweaks; OS X-envy driven eye candy. Basically, it was an OS designed to secure Microsoft's seat at the RIAA/MPAA roundtable, and little else."

Here was the eye opener. Vista represents little more than an expense for IT departments - it has nothing else to offer. But I must admit, even after having to spend more than I would have liked to upgrade software which was admittedly old but still did the job I needed it to do, I like Vista. The user experience is a big improvement over XP. Eye candy is part of the appeal. But it all seems to work more smoothly. It's easier to use. There's less arm wrestling with MS Word and Powerpoint. Things are more integrated. It feels more productive. Now from an IT enterprise point of view I have to admit it's probably not enough to justify the expense. But it made me understand the appeal of the Mac. My son-in-law asked for the new Mac OS for his birthday. Can you imagine any PC user wanting the gift of an operating system for their birthday? Usually I'm squarely on the side of enterprise IT, but I'm starting to change my tune a bit. The end user experience should not be discounted as unimportant eye candy. IT needs to enable a smooth and seamless user experience. It cannot be a mere secondary afterthought to other IT requirements.

Which brings me to my musings on Web 2.0. On Mar. 19th ebizQ held it's first Web 2.0 virtual event, a live Roundtable Discussion on Web 2.0 and SOA (you can view the archive). We had an all-star panel including Dion Hinchcliffe, Ron Schmelzer and Doug Wilson, and they were all great at explaining the role and benefits of Web 2.0 in the enterprise. But the audience questions were equally interesting. One attendee stated that while blogging was successful in the enterprise, they experienced problems with viruses from social networking sites such as Facebook, even after deploying all the virus, adware and malware protection, and wondered what the ROI was for the organization. Another attendee wondered if spending time on social networking sites meant lost productivity of employees. Dion Hinchcliffe said they have reviewed all the case study data and there is definitely an ROI for Web 2.0. Doug Wilson of IBM stated that internally deployed social networking software has lead to increased productivity across the organization. He made that case that many business services are executed by humans who need to interface with other humans as well as systems to do their job. Web 2.0 provides the support to carry out human based business services which in turn rely on back end system services.

So the whole idea of how humans interact with computers is becoming more important in the enterprise. Interestingly, a poll of attendees showed that 50% of the live online audience were investigating Web 2.0 solutions, 13% were piloting them, 38% had Web 2.0 solution(s) in production, but 0% said that Web 2.0 was prevalent throughout the organization. However, Doug Wilson indicated that the social networking solution internal to IBM is largely responsible for enabling the the highly matrixed reporting structure and enabling people to connect more easily.

Bottom line - Web 2.0, while difficult to precisely define, is here, growing, and likely to change our expectations of the way we work. In the future, we are going to expect a seamless experience. We are going to be less tolerant of being forced to do things the way IT works, we are going to expect IT to enable the way we want to work. So shame on you Microsoft for creating an OS that enterprise IT doesn't need but end users do. And shame on all the IT folks dismissing Vista as DOA and not considering for a moment the benefits of the human interface advancements as being valid. There's a lesson to be learned on both sides.

Now I think I'll go tag something.

Posted by bethgb in Industry Trends | Permalink | Comments (0) | TrackBacks (0)

BACK TO THE BLOG!!! Please excuse my long absence. Setting up a new computer, a new office, starting a new venture in addition to everything else I am continuing to do has left me with little sleep and little time to do anything that was not totally essential in that moment. Blog just never made it to the list.

However, I absolutely could not fail to tell you about a great virtual event that will happen on Wednesday, March 19th. As part of the ebizQ In Action Virtual Conference Series there will be a LIVE Roundtable discussion on Web 2.0 and SOA. We have an amazing panel which includes: Dion Hinchcliffe, Founder and Chief Technology Officer for the Enterprise Web 2.0 advisory and consulting firm Hinchcliffe & Company, creator of Web 2.0 University, and co-author of "Web 2.0 Patterns: What entrepreneurs and information architects need to know"; Ronald Schmelzer, Managing Partner at ZapThink, well-known SOA expert, lead author of "XML And Web Services Unleashed", and co-author of "Service-Orient or Be Doomed"; and Doug Wilson is an IBM Distinguished Engineer, Chief Technology Officer for Portal & Collaboration Products, and the Vice Chairman of the Software Group Architecture Board for IBM Software Group.

With this group of esteemed panelists I can guarantee you a lively and thoughtful discussion. If you miss the live broadcast, it will be available in the archive. However, you must attend the live session to win any of the giveaways. ZapThink is giving away one free pass to it's Practical SOA course March 25, 2008, Newark, N.J. ZapThink is also offering ebizQ members $100 of the regular $295 price. Use this link for ebizQ members and enter the promo code EBIZQPSOA.

Hinchcliffe & Company is offering a free course in their Web 2.0 University designed to teach Web 2.0 and Enterprise 2.0 techniques on May 6-7, New York, NY. They are also offering $300 discount of the regular $995 price. ebizQ members can use this link for the discount.

But wait, there's more (about now I feel like Ellen DeGeneres who gives all her audience members gifts), but you've got to attend the live broadcast for this one. ebizQ will award 10 copies of "Web 2.0 Heroes" by Bradley L. Jones. Due out next month, the book profiles innovators at companies like eBay, Microsoft, Sun Microsystems, Adobe/ Macromedia, YouSendIt, IBM,Bloglines, Ning, Technorati, Zoho and many others to show where Web 2.0-based business is going in the future.

I kid you not. This LIVE event is not to be missed. Register now.

Posted by bethgb in Events | Permalink | Comments (0) | TrackBacks (0)