Tuesday, July 31, 2012

For Steria, cloud not so much a technology as catalyst to responsive and agile business

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

The next edition of the HP Discover Performance podcast series brings together a top HP cloud evangelist and a leading-edge adopter of improved IT service delivery for a major European business services provider, Steria.

We're joined by our co-host, Chief Evangelist at HP, Paul Muller, and Jean-Michel Gatelais, IT Service Management (ITSM) Solution Manager at Steria, based near Paris.

In this series, we're focusing on how IT leaders are improving performance of their services to deliver better experiences and payoffs for businesses and end-users alike. The discussion is co-hosted and moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:
Gardner: We have a fascinating show today, because we are going to learn about how a prominent European IT-enabled business services provider, Steria, is leveraging cloud services to manage complexity and deliver better services to customers.

Paul, is that what you are finding -- that the cloud model is starting to impact this whole notion of effective performance across services in total?

Muller: This is a conversation I've been having a lot lately. The word "cloud" gets thrown around a lot, but when I drill into the topic, I find that customers are really talking about services and integrating different services, whether they are on-premises, in the public cloud arena, or even that gray land, which is called outsourcing. [Follow Paul on Twitter.]

It's the ability to integrate those different supply models -- internal, external, publicly sourced cloud services -- that really differentiate some of the more forward-leaning organizations from those who are still trying to come to grips with what it means to adopt a cloud service.

Business opportunity

W
e've all come to realize that cloud isn’t so much a technology issue, as it is a business opportunity. It’s an opportunity to improve agility and responsiveness, while also increasing flexibility of cost models, which is incredibly important, especially given the uncertain economic outlook that not only different countries have, but even different segments within different countries.

Take something like the minerals and resources areas within my own country, which are booming right now. Whereas, if you look at other areas of business, perhaps media, or particularly print media, right now, they're going through the opposite type of revolution. They're trying to work out how to adjust their cost to declining demand.

Gardner: With that, let’s move on to our guest. He's been a leading edge adopter for improving IT service delivery for many years, most recently as the IT Service Management (ITSM) Solution Manager at Steria, based near Paris. Please join me in welcoming Jean-Michel Gatelais.

Gatelais: Thank you very much. At Steria, I'm in charge of the Central ITSM Solution we provide for our customers, and I am in-charge of the Global ITSM Program Roadmap, including the ongoing integration from ServiceCenter 6 to Service Manager 9. I'm also responsible for the quality of service that we deliver with this solution, and of the transition of new customers on this platform.

Steria is an IT service provider. We are about a little more than 40 years old. Our business is mainly in system integration, application management, business process outsourcing, and infrastructure management services.

We have big customers in all sectors of industry and services, such as public sector, banking, industry, telecom, and so on. We have customers both in France and UK mainly, but in the whole of Europe also. For example, we have British Telecom, Orange, and the public sector in the UK, with police, etc.

Gardner: What’s different now about IT service delivery than just say few years ago?

Gatelais: It has changed a lot. In fact, few years ago it was something that was very atomic, with different processes and with people running the service with different tools. About three to five years ago, people began to homogenize the processes to run the service, and we saw that in Steria.

In Steria, we bought some companies and we grew. We needed to establish common processes to proceed by a common platform, and that what’s what we did with Service Manager. Now, the way we deliver service is much more mature for all the processes and for the ITSM processes.

Muller: The desire to standardize processes is a really big driver for organizations as they look to improve efficiency and effectiveness. So it's very similar what we're seeing. In fact, I was going to ask Jean-Michel a question. When you talk about homogenizing processes or improving consistently, how does that help the organization? How does that help Steria and its customers perform better?

IT provider

Gatelais: This allows us to deliver the service, whatever the location or organization, because we're an IT provider. We provide services for our customers that can be offshore, nearshore, in Steria local premises, and even in the plant premises. All the common processes and the solution allow us to do to this independently of the customer. Today with this process, we're able to run services for more than 200 customers.

Gardner: I see among your services that you are delivering cloud Workplace on Command, for example, Infrastructure On Command. Is this a bigger part of your business now? Do you find that servicing your cloud customers is dominating some of your strategic thinking?

We have an industrialized solution, allowing our customers to order infrastructure in a couple of minutes.



Gatelais: Yes. Actually, it’s growing day after day. We launched our cloud offering about 18 months ago. Now we can say that we have an industrialized solution, allowing our customers to order infrastructure in a couple of minutes. And this is really integrated with the whole service management solution and the underlying infrastructure.

Gardner: I suppose this gets to this self-service mentality that we are seeing, Paul. End users are seeking a self-service type of approach. They know that they can get services quite easily through a variety of consumer-based means. They're looking for similar choice and enablement in their business dealings.

It seems that an organization like Steria is at the forefront of attracting that sense of enablement and empowerment and then delivering it through a cloud infrastructure. They're interesting on two levels: one, they're delivering cloud and enablement, but they are also using cloud to power their own ability to do so.

Muller: We see almost a contradiction within enterprise users of cloud. We see groups that will quite readily go out and adopt cloud services. The so-called consumerization trend is quite prevalent, especially with what I would describe as simple services. For example, office automation tools, collaboration tools, etc.

Yet, simultaneously, we see reluctance sometimes, particularly for the IT organization, to let go and cloud source services and applications. I sometimes refer to them as "application huggers" or "server huggers."

Relinquish control

In other words, if they can’t see it or touch it, they're reluctant to relinquish control. The most fascinating part for me is that you can often find those two behaviors inside the very same organization. Sometimes, the same person can have diametrically opposed views about the respective merits of those two approaches.

Gardner: Are you selling and delivering cloud services to the IT department or others? Maybe we could call that shadow IT, Jean-Michel?

Gatelais: We do both. In fact, the cloud today is used both for internal organizations and also for our customers. Then, the cloud offering set-up asks to study a business model to study the way we will sell such service. For us, at the central level at Steria, there is no difference between internal delivery and delivery for our customers.

In fact, what we're trying to do is to standardize, as much as possible, the basic offering we propose. On top of that, we have additional requests from our customers. Then, we try to adapt our offering to the specific request.

Providing infrastructure services is not so difficult, but providing platform-as-a-service (PaaS) features can be.



Providing infrastructure services is not so difficult, but providing platform-as-a-service (PaaS) features can be. Even software as a service (SaaS) can be simpler than PaaS, because you provide some package services, startup services, instead for platform services. It’s very consumer specific.

Gardner: So you have the opportunity to go with a fairly standardized approach, but then you can customize on top of that. I'd like to hear some more about your different services. I understand that there’s something called Steria Advanced Remote Services or STARS. How does that fit into the mix, Jean-Michel?

Gatelais: STARS is the ITSM platform Steria rolled out about five years ago, and today this is a framework. It's mainly based on HP products, because it's running on HP Service Manager online, Business Service Manager (BSM), and Operations Orchestration.

We see this platform as a service-enabler, both service-support platform and the service-enabler, because we use it to manage and activate the services we propose to our customer, including cloud services, security services, and our new offering, Workplace On Command services.

STARS is the solution to manage value-added services Steria is offering to its customers.

Muller: When a customer thinks about taking services that maybe they used to run internally and moving those services to Steria, how important is it for them to maintain visibility and control, as they are thinking about moving to cloud?

Depends on the customers

Gatelais: It depends on the customers. You have some customers that are ready to use the services you provide on a common environment, but you also have customers requiring more specific solutions that we can give to them. Steria is developing some facilities to roll out and to instantiate the platforms for dedicated environments.

For example, the STARS solution, with Service Manager in the solution, we can deploy it, instantiate it, when the customer requires it.

Muller: Just following on from that, there's a perception that when you move to cloud services, people don’t really care about visibility, metrics, and service-level reports, because that’s all part of the service-level agreement (SLA). Do you find that customers actually want to see, how their service is performing -- what's the availability and level of security? Do they look for that level of reporting from you?

Gatelais: It depends on the customers. Some are really outsourcing the services. They would only complain if they met some problems on the services.

But other customers want to have the visibility on the quality of service that is delivered by Steria. That means that we need to be able to publish the SLA we have for our offering, but also to publish monthly, for example, the key performance indicators (KPIs) of this platform.

It’s the KPI discussion that is of such great interest to enterprises today.



Muller: And that is certainly a perfect question, because, Dana, it’s the KPI discussion that is of such great interest to enterprises today.

Gardner: Right, and I'm impressed that Steria can manage this variety and be able to provide to each of these customers what they want on their own terms, which is, as you point out, is really what they're calling for.

For you as a provider, that must really amount to quite a bit of complexity. How do you get a handle on that ability to maintain your own profitability while dealing with this level of variability and the different KPIs and giving the visibility to them?

Gatelais: One of the advantages of the cloud structure is that you have to ask these questions in advance. That means that when Steria is designing a new offering, we first design the business model. In fact, that will allow us either to propose some shared services, or for the client that has requested it, some visibility to the services, but based on standard platforms. We try to remain standard in what we propose, and the flexibility is in the configuration of what we propose.

We provide the KPIs that are published for the service offering. This will include such information as service availability rates, outage problems, change management, and also activity reporting.

Strategic decisions

Gardner: Do you have any examples?

Gatelais: Yes. The example I can give is the flexibility the service offering can give to the customers in the software development area.

For example, it allows you to set up some development platforms for a limited period of time, allowing product development. With the service we offer, when the project is finished and you enter into the application management mode, the plant is able to say, "I stopped the server." It's backed up, and if six months later the customer wants to develop a new release of this software, then we would restore his environment. In the meantime, he won't have the use of the platform, but he'll be able to continue his development. This is very flexible.

The notion of tying all of that capital equipment up and leaving it idle for that period of time is simply not tenable.



Muller: The interesting part is that the development and test process is such a resource-intensive process, while you are in the middle of that process. But the minute you are done with it, you go from being almost 100 percent busy and consuming 100 percent of the resources, to, in some cases, doing nothing, as Jean-Michel said, for months, possibly, even years, depending on the nature of the project.

The notion of tying all of that capital equipment up and leaving it idle for that period of time is simply not tenable. The idea of moving all of that into a flex up-flex down model is probably one of the single most commonly pursued use cases for both public and private cloud today.

The other one, as Jean-Michel has already spoken to, is that the idea of more discrete services, particularly that of helpdesk, is just going crazy in terms of adoption by customers.

Gardner: One of the things I am seeing is some of the vision in terms of cloud a few years ago was that one size would fit all, or that it’s cookie cutter, and that there won’t be a need for high variability. But I think what we are actually seeing in practice, and Jean-Michel is certainly highlighting this, is that the KPIs are going to be different for organizations.

There are going to be different requirements for public and private, large and small, jurisdiction by jurisdiction, regulation and compliance. You really need to be able to have the flexibility, not just at the level of infrastructure, but at the level of the types of services, the way that they're built, invoiced, and measured and delivered.

They're interesting for small organizations, because they don’t have to heavily invest in solutions, and we're able to propose shared solutions.



Gatelais: The way we propose the services is they're interesting for small organizations, because they don’t have to heavily invest in solutions, and we're able to propose shared solutions. This is SaaS, this is cloud, and for them it’s very interesting, because it is much more cheaper.

Gardner: What do you advise others who would be pursuing a similar objective?

Gatelais: With such offerings you have to design and think much more than before, to think before running out your solution. You need to be clear on what you want to propose to what kind of customers, where is the market, and then to design your offering according to this. Then, build your business model according to those assumptions.

KPIs that matter

Muller: Right now, I've got a couple of metrics, a couple of KPIs, that matter to me really deeply. From your perspective, are there one or two KPIs that you're looking at at the moment that either make you really happy or that are a cause for concern for you, as you think about business and delivering your services. What are the KPIs that matter to you?

Gatelais: What is very difficult for new services is to evaluate the actual return on investment (ROI). You can establish a business model, a business plan to see if what you will do, you will make some profit with it, but it's much more difficult is to evaluate the ROI.

If I don’t buy this service, it would cost me an amount; if I buy this service, okay, it will cost the service fee, but what would I spend next to that. This is very difficult to measure.

It may be basic, but you should take the configuration management process. That is very important, even in cloud offerings. It's very difficult to make evident that if you do some configuration management, you will have higher a ROI than if you don’t do it.

It's very difficult to make evident that if you do some configuration management, you will have higher a ROI than if you don’t do it.



Today, even internally in Steria, it's much more difficult to get approval to develop and to improve configuration management, because people don’t see the interest, as you don’t sell it directly. It's just a medium to improve your service.

Muller: That’s such a good point. And Dana, it's one of the great benefits. This is going to sound a little bit like an infomercial, but it's worth stating. One of the reasons we've been moving so much of our own management software to the cloud is because it's behind the scenes. It's often seen as plumbing, and people are reluctant to invest often in infrastructure and plumbing, until it has proven its benefit.

It's one of the reasons we've moved to a more variable cost model, or at least have made it available for organizations who might want to dip their toe in the water and show some benefits before they invest more heavily over time.

Distinct line


Gardner: You're really starting to put in place the mechanisms for determining quite distinctly what the payoffs are from investments in IT at that critical business payoff level. So I think that’s a very interesting development in the market.

Muller: The transparency improves, and because you have a variable cost model, it lowers the pain threshold in terms of people being willing to experiment with an idea, see if it works, see if it has that payoff, that ROI. If it doesn’t, stop doing it, and if it does, do more of it. It's really, really very simple.

Gardner: Our audience can carry on this dialogue with Paul Muller through the Discover Performance Group on LinkedIn.

You can also gain more insights and gather more information on the best of IT performance management at www.hp.com/go/discoverperformance.
Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

You may also be interested in:

Tuesday, July 24, 2012

Summer in the Capital -– Looking back at The Open Group Conference in Washington, D.C.

This guest post comes courtesy of Jim Hietala, Vice President of Security at The Open Group.

By Jim Hietala

This past week in Washington D.C., The Open Group held our Q3 conference. The theme for the event was "Cybersecurity – Defend Critical Assets and Secure the Global Supply Chain," and the conference featured a number of thought-provoking speakers and presentations.

Cybersecurity is at a critical juncture, and conference speakers highlighted the threat and attack reality and described industry efforts to move forward in important areas. The conference also featured a new capability, as several of the events were livestreamed to the Internet.

For those who did not make the event, here's a summary of a few of the key presentations, as well as what The Open Group is doing in these areas. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Joel Brenner, attorney with Cooley, was our first keynote. Joel's presentation was titled, “Turning Us Inside-Out: Crime and Economic Espionage on our Networks.” The talk mirrored his recent book, “America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare,” and Joel talked about current threats to critical infrastructure, attack trends, and challenges in securing information.

Joel's presentation was a wakeup call to the very real issues of IP theft and identity theft. Beyond describing the threat and attack landscape, Joel discussed some of the management challenges related to ownership of the problem, namely that the different stakeholders in addressing cybersecurity in companies, including legal, technical, management, and HR, all tend to think that this is someone else's problem. Joel stated the need for policy spanning the entire organization to fully address the problem.

The DoD now requires the creation of a program protection plan, which is the single focal point for security activities on the program.



Kristin Baldwin
, principal deputy, systems engineering, Office of the Assistant Secretary of Defense, Research and Engineering, described the U.S. Department of Defense (DoD) Trusted Defense Systems Strategy and challenges, including requirements to secure their multi-tiered supply chain. She also talked about how the acquisition landscape has changed over the past few years.

In addition, for all programs, the DoD now requires the creation of a program protection plan, which is the single focal point for security activities on the program. Kristin's takeaways included needing a holistic approach to security, focusing attention on the threat, and avoiding risk exposure from gaps and seams.

Overarching framework

DoD’s Trusted Defense Systems Strategy provides an overarching framework for trusted systems. Stakeholder integration with acquisition, intelligence, engineering, industry, and research communities is key to success. Systems engineering brings these stakeholders, risk trades, policy, and design decisions together. Kristin also stressed the importance of informing leadership early and providing programs with risk-based options.

Dr. Don Ross of NIST presented a perfect storm of proliferation of information systems and networks and an increasing sophistication of threat, resulting in an increasing number of penetrations of information systems in the public and private sectors potentially affecting security and privacy. He proposed a need for an integrated project team approach to information security.

Dr. Ross also provided an overview of the changes coming in NIST SP 800-53, version 4, which is presently available in draft form. He also advocated a dual protection strategy approach involving traditional controls at network perimeters that assumes attackers outside of organizational networks, as well as agile defenses, are already inside the perimeter.

The objective of agile defenses is to enable operation while under attack and to minimize response times to ongoing attacks.

The objective of agile defenses is to enable operation while under attack and to minimize response times to ongoing attacks. This new approach mirrors thinking from the Jericho Forum and others on de-perimeterization and security and is very welcome.

The Open Group Trusted Technology Forum provided a panel discussion on supply chain security issues and the approach that the forum is taking towards addressing issues relating to taint and counterfeit in products.

The panel included Andras Szakal of IBM, Edna Conway of Cisco and Dan Reddy of EMC, as well as Dave Lounsbury, CTO of The Open Group. OTTF continues to make great progress in the area of supply chain security, having published a snapshot of the Open Trusted Technology Provider Framework, working to create a conformance program, and in working to harmonize with other standards activities.

Dave Hornford, partner at Conexiam and chair of The Open Group Architecture Forum, provided a thought provoking presentation titled, "Secure Business Architecture, or just Security Architecture?" Dave's talk described the problems in approaches that are purely focused on securing against threats and brought forth the idea that focusing on secure business architecture was a better methodology for ensuring that stakeholders had visibility into risks and benefits.

Positive and negative

Geoff Besko, CEO of Seccuris and co-leader of the security integration project for the next version of TOGAF, delivered a presentation that looked at risk from a positive and negative view. He recognized that senior management frequently have a view of risk embracing as taking risk with am eye on business gains if revenue/market share/profitability, while security practitioners tend to focus on risk as something that is to be mitigated. Finding common ground is key here.

Katie Lewin, who is responsible for the GSA FedRAMP program, provided an overview of the program, and how it is helping raise the bar for federal agency use of secure cloud computing.

The conference also featured a workshop on security automation, which featured presentations on a number of standards efforts in this area, including on SCAP, O-ACEML from The Open Group, MILE, NEA, AVOS and SACM. One conclusion from the workshop was that there's presently a gap and a need for a higher level security automation architecture encompassing the many lower level protocols and standards that exist in the security automation area.

There's presently a gap and a need for a higher level security automation architecture encompassing the many lower level protocols and standards that exist in the security automation area.



In addition to the public conference, a number of forums of The Open Group met in working sessions to advance their work in the Capitol. These included:
All in all, the conference clarified the magnitude of the cybersecurity threat, and the importance of initiatives from The Open Group and elsewhere to make progress on real solutions.

Join us at our next conference in Barcelona on October 22-25!

This guest post comes courtesy of Jim Hietala, Vice President of Security at The Open Group. Copyright The Open Group and Interarbor Solutions, LLC, 2005-2012. All rights reserved.

You may also be interested in:

Monday, July 23, 2012

With CMS 10, HP puts workload configuration data newly in hands of those who can best use it to manage services delivery

HP today introduced HP Configuration Management System (CMS) 10, a broad update designed to give more types of IT leaders better insight and control over everything from discrete IT devices to complete services-enabled business processes.

Especially important for the operational control of hybrid services delivery and converged cloud implementations, CMS 10 gathers and shares the configuration patterns and characteristics of highly virtualized workloads. The update helps manage dynamic virtualized applications both inside enterprise data centers as well as leading clouds.

"CMS 10 improves control of converged clouds," said Jimmy Augustine, product marketing manager at HP Software. "It sees the virtual machines and updates the Universal Configuration Management Data Base (UCMDB) with the dynamic information from public and private clouds."

With the new software, HP says clients can reduce costs and risks associated with service disruptions while reducing the time spent on manual discovery by more than 50 percent thanks to automated discovery capabilities. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

With the growing adoption of cloud computing, organizations are under increased pressure to deliver new services and scale existing ones. The complexities of cloud-based infrastructures coupled with a lack of visibility have hampered organizations’ ability to efficiently and predictably manage IT performance.

“Service disruptions within complex cloud and virtualized environments are difficult to identify and resolve,” said Shane Pearson, vice president, Product Marketing, Operations, Software, HP. “With the new enhancements to HP Configuration Management System, IT executives now have the configuration intelligence they need at their fingertips to make rapid decisions to ensure consistent business service availability.”

CMS 10 also introduces new capabilities specifically for service lifecycle design and operations, notably within both business service management (BSM) and IT service management (ITSM).

CMS 10 also introduces new capabilities specifically for service lifecycle design and operations.



I was especially impressed by the ability of CMS 10 users to extend the view of operations to business process analysts, enterprise architects and DevOps managers -- all provided by a new browser-based access and query capability. These business-function-focused leaders can seek out the information they need to cut through the complexity of systems data to measure and react to how an entire application or processes are behaving systemically.

What's more, CMS 10 level insights can be extended to security professionals and business architects to gather data on compliance, performance, and even for better architecting the next process or hybrid services mix. The fact that CMS 10 already supports across many VMs and cloud types shows the importance of ensuring configuration conformity as a baseline capability for hybrid cloud uses.

The CMS update broadly supports virtual machines better, has multi-tenancy support to appeal to service providers, and delivers its outputs via web browsers and search interfaces. "You can see the full applications support infrastructure, and discover out of the box the whole workload support," says Augustine.

More specifically, the new HP CMS 10 includes HP Universal Discovery with Content Pack 11, HP Universal Configuration Management Data Base (UCMDB), HP UCMDB Configuration Manager, and HP UCMDB Browser. With the new solution, enterprises, governments and managed service providers (MSPs) can now:
  • Quickly discover software and hardware inventory, as well as associated dependencies in a single unified discovery solution

    You can see the full applications support infrastructure, and discover out of the box.


  • Speed time to value with the product’s simplified user interface and enhanced scalability, allowing all IT teams to consume as well as use rich intelligence hosted in the HP CMS
  • More easily manage multiple client environments within a single UCMDB with improved security, automation and scalability
  • Automatically locate and catalog new technologies related to network hardware, open source middleware, storage, ERP, and infrastructure software providers
  • Introduce new server compliance thresholds.
HP CMS 10 is a key component of the HP IT Performance Suite, an enterprise performance software platform designed to improve performance with operational intelligence for many types of users and uses.

HP CMS, currently available worldwide in 10 languages, is also available through HP channel partners. More information about CMS 10 is available at www.hp.com/go/CMS.

You may also be interested in:

Wednesday, July 18, 2012

User behavior data open to misuse without privacy and identification standards, says Open Group tweet jam community

The uncharted territory of user behavior data based on what users do in such web walled gardens as Facebook was the focus of a "tweet jam" last week organized by The Open Group.

Some of the many notable participants in the tweet jam around the hash tag #ogChat on July 11 worried about the prospect of misuse of the user identity and behavior data, but were more mixed about what to do about it. I was the moderator of the tweet jam. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

With hundreds of tweets flying at break-neck pace, yesterday's #ogChat saw a very spirited discussion on the Internet's movement toward a walled garden model. In case you missed the conversation, you're now in luck! Here's a re-cap of yesterday's #ogChat:

The full list of participants included:
Here is a high-level a snapshot of yesterday's #ogChat:

Shift from open Internet

Q1 In the context of #WWW, why has there been a shift from the open Internet to portals, apps and walled environs? #ogChat

Participants generally agreed that the impetus behind the walled garden trend was led by two factors: companies and developers wanting more control, and a desire by users to feel "safer."

  • @charleneli: Q1 Peeps & developers like order, structure, certainty. Control can provide that. But too much and they leave. #ogChat.
  • @Technodad: User info & contributions are raw material of walled sites-"If you're not paying for the service, the product being sold is you". #ogChat
  • @Dana_Gardner: @JohnFontana What about the meta data that they can own by registering you? #ogChat

    If you're not paying for the service, the product being sold is you.



    • In response to: @JohnFontana Q1 Eyeballs proved worthless; souls can make you some real money. #ogChat

    • @charleneli: @Dana_Gardner re: Meta data -- once you join a community, there has to be a level of trust. If they respect data, people will trust. #ogChat
  • @AlanWebber #ogChat Q1 - People feel safer inside the "Walls" but don't realize what they are losing
Privacy/control

Q2 How has this trend affected privacy/control? Do users have enough control over their IDs/content within #walledgarden networks? #ogChat


This was a hot topic as participants debated the tradeoffs between great content and privacy controls. Questions of where data was used and leaked to also emerged, as walled gardens are known to have backdoors.
  • @AlanWebber: But do people understand what they are giving up inside the walls? #ogChat
  • @TheTonyBradley: Q2 -- Yes and no. Users have more control than they're aware of, but for many its too complex and cumbersome to manage properly.#ogchat
  • @jim_hietala: #ogChat Q2 privacy and control trade offs need to be made more obvious, visible

    Users have more control than they're aware of, but for many its too complex and cumbersome to manage properly.


  • @zdFYRashid: Q2 users assume that #walledgarden means nothing leaves, so they think privacy is implied. They don't realize that isn't the case#ogchat
  • @JohnFontana: Q2 Notion is wall and gate is at the front of garden where users enter. It's the back that is open and leaking their data #ogchat
  • @subreyes94: #ogchat .@DanaGardner More walls coming down through integration. FB and Twitter are becoming de facto login credentials for other sites
Social and mobile

Q3 What has been the role of social and #mobile in developing #walledgardens? Have they accelerated this trend? #ogChat


Everyone agreed that social and mobile catalyzed the formation of walled garden networks. Many also gave a nod to location as a nascent driver.
  • @jaycross: Q3 Mobile adds your location to potential violations of privacy. It's like being under surveillance. Not very far along yet. #ogChat
  • @charleneli: Q3: Mobile apps make it easier to access, reinforcing behavior. But also enables new connections a la Zynga that can escape #ogChat

    Mobile apps make it easier to access, reinforcing behavior.


  • @subreyes94: #ogChatQ3 They have accelerated the always-inside the club. The walls have risen to keep info inside not keep people out.

    • @Technodad: @subreyes94 Humans are social, want to belong to community & be in touch with others "in the group". Will pay admission fee of info. #ogChat

Current web

Q4 Can people use the internet today without joining a walled garden network? What does this say about the current web? #ogChat


There were a lot of parallels drawn between real and virtual worlds. It was interesting to see that walled gardens provided a sense of exclusivity that human seek out by nature. It was also interesting to see a generational gap emerge as many participants cited their parents as not being a part of a walled garden network.
  • @TheTonyBradley: Q4 -- You can, the question is "would you want to?" You can still shop Amazon or get directions from Mapquest. #ogchat
  • @zdFYRashid: Q4 people can use the internet without joining a walled garden, but they don't want to play where no one is. #ogchat

    We are headed to a time when people will buy back their anonymity.


  • @JohnFontana: Q4 I believe we are headed to a time when people will buy back their anonymity. That is the next social biz. #ogchat
Owning information

Q5 Is there any way to reconcile the ideals of the early web with the need for companies to own information about users? #ogChat


While walled gardens have started to emerge, the consumerization of the Internet and social media has really driven user participation and empowered users to create content within these walled gardens.
  • @JohnFontana: Q5 - It is going to take identity, personal data lockers, etc. to reconcile the two. Wall-garden greed heads can't police themselves#ogchat
  • @charleneli:Q5: Early Web optimism was less about being open more about participation. B4 you needed to know HTML. Now it's fill in a box. #ogChat

    It is going to take identity, personal data lockers, etc. to reconcile the two.


  • @Dana_Gardner: Q5 Early web was more a one-way street, info to a user. Now it's a mix-master of social goo. No one knows what the goo is, tho. #ogChat
  • @AlanWebber: Q5, Once there are too many walls, people will begin to look on to the next (virtual) world. Happening already #ogChat
Next iteration

Q6 What #Web2.0 lessons learned should be implemented into the next iteration of the web? How to fix this? #ogChat


Identity was the most common topic with the sixth and final question. Single sign-on, personal identities on mobile phones/passports and privacy seemed to be the biggest issues facing the next iteration of the web.
  • @Technodad: Q6 Common identity is a key - need portable, mutually-recognized IDs that can be used for access control of shared info. #ogChat
  • @JohnFontana: Q6 Users want to be digital. Give them ways to do that safely and privately if so desired. #ogChat

    We need portable, mutually-recognized IDs that can be used for access control of shared info.


  • @TheTonyBradley: Q6 -- Single ID has pros and cons. Convenient to login everywhere with FB credentials, but also a security Achilles heel.#ogchat

Thank you to all the participants who made this such a great discussion!

Incidentally, the model of a tweet jam or tweet up on IT subjects of interest is a great way to gather insights and make a social splash too. This #ogChat was a top tracking subject under Twitter during and after the online event. I'd be happy to do more of these as a moderator or participant on a subject near and dear to you and your community.

You may also be interested in:

Counting the cost of cloud

This guest post comes courtesy of Chris Harding, Forum Director for SOA and Semantic Interoperability at The Open Group.

By Chris Harding

IT costs were always a worry, but only an occasional one. Cloud computing has changed that.

Here's how it used to be. The New System was proposed. Costs were estimated, more or less accurately, for computing resources, staff increases, maintenance contracts, consultants and outsourcing. The battle was fought, the New System was approved, the checks were signed, and everyone could forget about costs for a while and concentrate on other issues, such as making the New System actually work.

One of the essential characteristics of cloud computing is "measured service." Resource usage is measured by the byte transmitted, the byte stored, and the millisecond of processing time. Charges are broken down by the hour, and billed by the month. This can change the way people take decisions. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

"The New System is really popular. It's being used much more than expected."

"Hey, that's great!"

One of the essential characteristics of cloud computing is "measured service."



Then, you might then have heard,

"But this means we are running out of capacity. Performance is degrading. Users are starting to complain."

"There's no budget for an upgrade. The users will have to lump it."


Now the conversation goes down a slightly different path.

"Our monthly compute costs are twice what we budgeted."

"We can't afford that. You must do something!"


Possible and necessary

And something will be done, either to tune the running of the system, or to pass the costs on to the users. Cloud computing is making professional day-to-day cost control of IT resource use both possible and necessary.

This starts at the planning stage. For a new cloud system, estimates should include models of how costs and revenue relate to usage. Approval is then based on an understanding of the returns on investment in likely usage scenarios. And the models form the basis of day-to-day cost control during the system's life.

Last year's Open Group “State of the Industry” cloud survey found that 55 percent of respondents thought that cloud return on investment (ROI) addressing business requirements in their organizations would be easy to evaluate and justify, but only 35 percent of respondents' organizations had mechanisms in place to do this. Clearly, the need for cost control based on an understanding of the return was not widely appreciated in the industry at that time.

For a new cloud system, estimates should include models of how costs and revenue relate to usage.



We are repeating the survey this year. It will be very interesting to see whether the picture has changed.

Participation in the survey is still open. To add your experience and help improve industry understanding of the use of cloud computing, visit: http://www.surveymonkey.com/s/TheOpenGroup_2012CloudROI

This guest post comes courtesy of Chris Harding, Forum Director for SOA and Semantic Interoperability at The Open Group. Copyright The Open Group and Interarbor Solutions, LLC, 2005-2012. All rights reserved.

You may also be interested in:

Tuesday, July 17, 2012

Where cloud computing takes us: Hybrid services delivery of essential information across all types of applications

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

The next edition of the HP Discover Performance podcast series brings together two top cloud evangelists from the recent HP Discover 2012 Conference to discuss the specific concepts around converged cloud, information clouds, and hybrid services delivery.

We’re joined by Paul Muller, the Chief Software Evangelist at HP, and Christian Verstraete, Chief Technologist for Cloud Strategy at HP. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:
Gardner: You’ve separated the notion of hybrid computing and hybrid delivery. Can you help me understand better why they're different, and what HP means by hybrid delivery?

Verstraete: Hybrid computing typically is combining private and public clouds. We feel that many of our customers still have a traditional environment, and that traditional environment will not go away anytime soon. However, they're actually looking at combining that traditional environment, the data that’s in that traditional environment and some of the functionality that's out there, with the public cloud and the private cloud.

The whole concept of hybrid delivery is tying that together. It goes beyond hybrid computing or hybrid cloud. It adds the whole dimension of the traditional environment. And, to our mind, the traditional environment isn't going to go away anytime soon.

Gardner: Paul, how has the traditional understanding of cloud computing as segments of infrastructure services changed?

Muller: From that perspective, the converged cloud is really about three things for us. The first is having greater levels of choice. The key point that Christian just made is that you can't afford to live in the world of, "It’s just public; it's just private; or I can ignore my traditional investments and infrastructure." Choice is critical, choice in terms of platform and application.

The second thing, though, is that in order to get great choices, you need consistency as an underlying platform to ensure that you're able to scale your people, your processes, and more importantly, your investments across those different environments.

Consistent confidence


T
he last one is probably the biggest area of passion for me -- confidence. We spoke a little bit earlier about how so many clients, as they move to cloud, are concerned about the arm’s-length relationship they have with that provider. How can I get back the confidence in security and service levels, and make sure that that confidence is consistent across both my on-premises and-off premises environments?

Verstraete: People have started looking at cloud from pure infrastructure, reuse, and putting workflows in some particular places in infrastructure. The world is moving beyond that at the moment. On one end, you have software as a service (SaaS) starting to play and getting integrated in a complete cloud environment and a complete cloud function.

We also have to realize that, in 2011, the world created about 1.8 zettabytes of data, and that data has a heck of a lot of information that enterprises actually need. And as enterprises understand what they can get out of the data, they want that data right there at their fingertips. What makes it even more interesting is that 90 percent of that data is unstructured.

We've been working for the last 30 years with structured data. We know all about databases and everything, but we have no clue about unstructured data. How do I know the sentiments that people have compared to my brand, my business, my product? That's the sort of question that's becoming important, because if you want to do warranty management or anything else, you want to understand how your users feel. Hence, the importance of all of this data.

We know all about databases and everything, but we have no clue about unstructured data.



Muller: I’d add something else. We were here with the Customer Advisory Board. We had a pre-meeting prior to the actual conference, and one of them said something I thought was kind of interesting, remarkable actually.

He said, "If I think back 30 years, my chief concern was making sure the infrastructure was functioning as we expected it to. As I moved forward, my focus was on differentiating applications." He said, "Now that I'm moving more and more of the first two into the cloud, my focus really needs to be on harnessing the information and insight. That’s got to become the core competency and priority of my team."

Verstraete: There's one element to add, and that is the end-user. When you start talking about converged clouds -- we're not there yet, but we're getting there -- it's really about having one, single user experience. Your end-user doesn't need to know that this function runs in a public cloud, that function runs in a private cloud, or that function runs in the traditional environment.

No. He just wants to get there and use whatever it is. It's up to IT to define where they put it, but he or she just wants to have to go one way, with one approach -- and that's where you get this concept of a unique user experience. In converged cloud that’s absolutely critical.

Composite hybrids

Gardner: Another term that was a bit fresh for me here was this notion of composite hybrid applications. This was brought up by Biri Singh in his discussion. It sounds as if more and more combinations of SaaS, on-premises, virtualized, physical, and applications need to come together. In addition to that, we're going to be seeing systems of record moving to some variety of cloud or combination of cloud resources.

The question then is how can we get to the data within all of those applications to create those business processes that need to cut across them? Is that what you're talking about with Autonomy and IDOL? Is that the capability we are really moving toward, combining data and information from a variety of sources, but in a productive and useful way?

Verstraete: Absolutely. You got it spot on, Dana. It's really about using all of the information sources that you have. It's using your own private information sources, but combining them with the public information sources. Don’t forget about those. Out of that, it's gathering the information that's relevant to the particular thing that you're trying to achieve, be it compliance, understanding how people think about you, or anything else.

The result is one piece of information, but it may come from multiple sources, and you need an environment that pulls all of that data and gets at that data in a useful form, so you can start doing the analysis and then portraying the information, as you said, in a way that is useful for you. That's what IDOL and Autonomy does for us in this environment.

Muller: This has to be not yesterday, not today, but in real-time. One of the critical elements to that is being able to access that information in real-time. All of us are active in social media, and that literally reflects your customer’s attitudes from minute to minute.

One of the critical elements to that is being able to access that information in real time.



Let me give you a use-case of how the two come together. Imagine that you have a customer on a phone call with a customer service operator. You could use Autonomy technology to detect, for example, the sound of their voice, which indicates that they're stressed or that they're not happy.

You can flag that and then very quickly go out to your real-time structured systems and ask, "How much of an investment has this client made in us? Are they are high net worth customer to us or are they a first-time transactor? Are they active in the social media environment? What are they saying about us right now?"

If the pattern is one that may be disadvantageous to the company, you can flag that very quickly and say, "We want to escalate this really quickly to a manager to take control of the situation, because maybe that particular customer service rep needs some coaching or needs some help." Again, not in a week’s time, not in a month’s time, but right there, right now. That’s a really important point.

Gardner: This is a good vision, but if I am a developer, a business analyst, or a leader in a company and I want a dashboard that gets me this information, how do we take this fire hose of information and make it manageable and actionable?

Verstraete: There are two different elements in this. The first thing is that we’re using IDOL 10, which is basically the combination, on one hand, of Autonomy and, on the other hand, of Vertica. Autonomy is for unstructured data, and Vertica for structured data, so you get the two coming together.

We’re using that as the backbone for gathering and analyzing the whole of that information. We've made available to developers a number of APIs, so that they can tap into this in real-time, as Paul said, and then start using that information and doing whatever they want with it.

Obviously, Autonomy and Vertica will give you the appropriate information, the sentiment, and the human information, as we talked about. Now, it's up to you to decide what you want to do with that, what you want to do with the signals that you receive. And that's what the developer can do in real-time, at the moment.

The great challenge is not lack of data or information, but it's the sheer volume.



Gardner: Paul, any thoughts in making this fire hose of data actionable?

Muller: Just one simple thought, which is meaning. The great challenge is not lack of data or information, but it's the sheer volume as you pointed out, when a developer thinks about taking all of the information that's available. A simple Google query or a Bing query will yield hundreds, even millions of results. Type in the words "Great Lakes," and what are you going to get back? You'll get all sorts of information about lakes.

But if you’re looking, for example, for information about depth of lakes, where the lakes are, where are lakes with holiday destinations, it's the meaning of the query that's going to help you reduce that information and help you sort the wheat from the chaff. It's meaning that's going to help developers be more effective, and that's one of the reasons why we focus so heavily on that with IDOL 10.

Gardner: And just to quickly follow up on that, who decides the meaning? Is this the end user who can take action against this data, or does it have to go through IT and a developer and a business analyst? How close can we get to those people at an individual level so that they can ascertain the meaning and then act on it?

Muller: It's a brilliant question, because meaning in the old sense of the term -- assigning meaning is a better way of putting it -- was ascribed to the developer. Think about tagging a blog, for example. What is this blog about? Well, this blog might be about something as you’re writing it, but as time goes on, it might be seen as some sort of historic record of the sentiment of the times.

So it moves from being a statement of fact to a statement of sentiment. The meaning of the information will change, depending on its time, its purpose, and its use. You can't foresee it, you can't predict it, and you certainly can't entrust a human with the task of specifically documenting the meaning for each of those elements.

Appropriate meaning

What we focus on is allowing the information itself to ascribe its own meaning and the user to find the information that has the appropriate meaning at the time that they need it. That's the big difference.

Gardner: So the power of the cloud and the power of an engine like IDOL and Vertica brought to bear is to be bale to serve up the right information to the right person at the right time -- rather than them having to find it and know what they want.

Verstraete: Exactly, that's exactly what it is. With that information they can then start doing whatever they want to do in their particular application and what they want to deliver to their end-user. You’re absolutely spot-on with that.

Gardner: Let's go to a different concept around the HP Converged Cloud. It seems as if we’re moving toward a cloud of clouds. You don’t seem to want to put other public cloud providers out of business.

You seem to say, "Let them do what they do. We want to get in front of them and add value, so that those coming in through our [HP] cloud, and accessing their services vis-à-vis other clouds, can get better data and analysis, security, and perhaps even some other value-added services." Or am I reading this wrong?

Many customers don’t have the transparency to understand what is really happening, and with transparency comes trust.



Verstraete: No, you’re actually reading this right. One of the issues that you have with public clouds today isn't a question of whether public cloud is secure or not secure or whether it's compliant or not compliant. Many customers don’t have the transparency to understand what is really happening, and with transparency comes trust.

A lot of our customers tell us, "For certain particular workloads, we don’t really trust this or that cloud, because we don’t really know what they do. So give us a cloud or something that delivers the same type of functionality, but where I can understand what is done from a security perspective, a process perspective, a compliance perspective, an SLA perspective, and so on?

They ask: "Where can I have a proper contract, not these little Ts and Cs that I tick in the box? Where can I have the real proper contract and understand what I'm getting into, so that I can analyze my potential risk and decide what security I want to have, and what risk I'm prepared to take?"

Gardner: So the way in which I would interface with the HP managed services cloud of clouds would be through SLAs and key performance indicators (KPIs), and the language of business risk, rather than an engineer’s check list.

Muller: Absolutely, exactly right. That's the important point. Christian talks about this all the time. It’s not about cloud; it’s about the services, and it’s about describing those services in terms of what a businessperson can understand. What am I going to get, what cost, at what quality, at what time, at what level of risk and security? And can I find the right solution at the right time?

Wisdom of the crowds

Gardner: You've been talking with CIOs and leaders within business. Christian, first with you, does anything jump out as interesting from the marketplace that perhaps you didn’t anticipate? Where are they interested most in this notion of the HP Converged Cloud?

Verstraete: A lot of customers, at least the ones that I talk to, are interested in how they can start taking advantage of this whole brand-new way with existing applications. A number of them are not ready to say, "I'm going to ditch what I have, and I am going to do something else." They just say, "I'm confident with and comfortable with this, but can I take advantage of this new functionality, this new environment? How do I transform my applications to be in this type of a world?" That's one of the elements that I keep hearing quite a lot.

A lot of customers are interested in how they can start taking advantage of this whole brand-new way with existing applications.



Gardner: So a crawl-walk-run, a transition, a journey. This isn’t a switch you flip; this is really a progression.

Verstraete: That is why the presence of the traditional environment, as we said at the beginning, is so important. You don’t take the 3,000 applications you have, plug them around, they all work, and you forget about a traditional environment. That's not how it works. It's really that period to start moving, and to slowly but surely start taking the full advantage of what this converged cloud really delivers to you.

Gardner: Paul, what is that community here telling you about their interests in the cloud?

Muller: A number of things, but I think the primary one is just getting ahead of this consumerization trend and being able to treat the internal IT organization and almost transforming it into something that looks and feels like an external service provider.

So the simplicity, ease of consumption, transparency of cost, the choice, but also the confidence that comes from dealing with that sort of consumerized service, is there, whether it's bringing your own device or bringing your own service or combining it on- and off-premises together.

Verstraete: Chris Anderson in his HP Discover keynote said something that resonated quite a lot with me. If you, as a CIO, want to remain competitive, you'd better get quick, and you'd better start transforming and move. I very much believe that, and I think that's something that we need, that our CIOs actually need to understand.
Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

You may also be interested in:

Saturday, July 14, 2012

Here's how to better leverage TOGAF to deliver DoDAF capabilities and benefits

Register for The Open Group Conference
July 16-18 in Washington, D.C. Watch the live stream.

This guest post comes courtesy of Chris Armstrong, President of Armstrong Process Group, Inc.

By Chris Armstrong

In today’s environment of competing priorities and constrained resources, companies and government agencies are in even greater need to understand how to balance those priorities, leverage existing investments and align their critical resources to realize their business strategy. Sound appealing?

It turns out that this is the fundamental goal of establishing an Enterprise Architecture (EA) capability. In fact, we have seen some of our clients position EA as the Enterprise Decision Support capability – that is, providing an architecture-grounded, fact-based approach to making business and IT decisions.

Many government agencies and contractors have been playing the EA game for some time -- often in the context of mandatory compliance with architecture frameworks, such as the Federal Enterprise Architecture (FEA) and the Department of Defense Architecture Framework (DoDAF).

We’re seeing a new breed of organizations that are looking past contractual compliance and want to exploit the business transformation dimension of EA.



These frameworks often focus significantly on taxonomies and reference models that organizations are required to use when describing their current state and their vision of a future state. We’re seeing a new breed of organizations that are looking past contractual compliance and want to exploit the business transformation dimension of EA.

In the Department of Defense (DoD) world, this is in part due to the new “capability driven” aspect of DoDAF version 2.0, where an organization aligns its architecture to a set of capabilities that are relevant to its mission.

The addition of the Capability Viewpoint (CV) in DoDAF 2 enables organizations to describe their capability requirements and how their organization supports and delivers those capabilities. The CV also provides models for representing capability gaps and how new capabilities are going to be deployed over time and managed in the context of an overall capability portfolio.

Critical difference

Another critical difference in DoDAF 2 is the principle of “fit-for-purpose,” which allows organizations to select which architecture viewpoints and models to develop based on mission/program requirements and organizational context. One fundamental consequence of this is that an organization is no longer required to create all the models for each DoDAF viewpoint. They are to select the models and viewpoints that are relevant to developing and deploying their new, evolved capabilities.

While DoDAF 2 does provide some brief guidance on how to build architecture descriptions and subsequently leverage them for capability deployment and management, many organizations are seeking a more well-defined set of techniques and methods based on industry standard best practices.

This is where the effectiveness of DoDAF 2 can be significantly enhanced by integrating it with The Open Group Architecture Framework (TOGAF) version 9.1, in particular the TOGAF Architecture Development Method (ADM). The ADM not only describes how to develop descriptions of the baseline and target architectures, but also provides considerable guidance on how to establish an EA capability and performing architecture roadmapping and migration planning.

TOGAF ADM describes how to drive the realization of the target architecture through integration with the systems engineering and solution delivery lifecycles.



Most important, the TOGAF ADM describes how to drive the realization of the target architecture through integration with the systems engineering and solution delivery lifecycles. Lastly, TOGAF describes how to sustain an EA capability through the operation of a governance framework to manage the evolution of the architecture. In a nutshell, DoDAF 2 provides a common vocabulary for architecture content, while TOGAF provides a common vocabulary for developing and using that content.

I hope that those of you in the Washington, D.C. area will join me at The Open Group Conference beginning July 16, where we’ll continue the discussion of how to deliver DoDAF capabilities using TOGAF. For those of you who can’t make it, I’m pleased to announce that The Open Group will also be delivering a livestream of my presentation (free of charge) on Monday, July 16 at 2:45 p.m. ET.

Hope to see you there!

This guest post comes courtesy of Chris Armstrong, President of Armstrong Process Group, Inc. Copyright The Open Group and Interarbor Solutions, LLC, 2005-2012. All rights reserved.

Register for The Open Group Conference
July 16-18 in Washington, D.C. Watch the live stream.

You may also be interested in: