CATALYST

Last week provided a rare opportunity to hear the collected thoughts on operational security from some of the county’s leading Chief Information Security Officers (CISOs). The Eskenzi CISO roundtable in London on 2 July was the vehicle for a frank exchange of views between security vendors, industry analysts, and CISOs from 14 major organisations. Some of the key subjects discussed were: the effects of current trading climate on IT security; current and future operational priorities; the value, or otherwise, of cloud and virtualised operations; and the need for more, or indeed less, outsourcing arrangements.

IMPACT

As a general rule, the more experts you bring together to discuss a particular subject, the wider the range of views and opinions become – it was particularly interesting to find that there were a number of common themes that ran through the CISO responses to analyst and vendor questioning. For example, there was agreement that the current downturn had not stopped new and existing security projects from going ahead; however, it was generally accepted to be putting a real strain on existing resources. Projects were being restrained, resources and costs were being squeezed, the actioning of decisions was slower, senior management scrutiny was more intense and, as a result, there is now a significant need to be able to prove real cost and business benefits before projects are allowed to progress. As an aside, one CISO made the very telling observation that, where recruitment was necessary, there was now a significantly increased number of quality candidates available. That notwithstanding, the general trend was for headcount reductions, lower budgets, and a focus on delivering fit-for-purpose solutions rather than selecting premium-rate, best-of-breed security offerings.

The discussion around the use of outsourcing and managed security services provided something of a mixed response. It ranged from the perhaps unexpected “never again” and “we are actually bringing operations back in house”, through to the very positive “looking to outsource security entirely”. The general consensus was that most CIO’s had already looked at the issues and had either already taken security outsourcing as far as was practical for their own operations, or there were just a few specific subject areas, such as Identity and Access Management (IAM), that were being considered. As for the issues surrounding cloud computing and the effects around virtual computer operations, the CISOs were somewhat scathing about the current hype that surrounds the whole subject area. It was felt that better definition was required – the point was made that while some elements of cloud computing were new, much involved the recycling of technologies that have been in use for a number of years. However, all in attendance did see a positive role for internal cloud usage, but shortfalls in standards and in service assurance levels (in areas such as data protection and identity management) were highlighted as significant deterrents.

ANALYSIS

The current pervasive trading downturn is certainly having an impact on the technology budgets of a significant number of leading organisations, hence the strong CISO preference for value-for-money, fit-for-purpose, integrated security rather than so-called best-of-breed alternatives. From a CISO perspective, what had not changed was a continuing focus on security improvement and a determination to see their way through to better times. There was a common commitment to improving data protection and with it the security of customer support services. However, there was one essentially negative black dog in the room, apart that is from the Labrador that came along to assist David Blunkett who was acting as roundtable summariser. This was a general and continued lack of progress on IAM projects, with the common theme that IAM continues to be over complex and, as was the case at last year’s event, satisfactory deployments remained thin on the ground.

> Back to top

CATALYST

The benefits of reuse is one tag that tends to be added to Service Oriented Architecture (SOA), perhaps too unquestioningly, for surely it is obvious that re-building wheels is not a productive activity? One of the SOA promises is the nimbleness to create new processes from existing building blocks. The reality is that there are different types of reuse, some of which do lead to benefits and others which do not.

IMPACT

There are many who remember the days when object orientation swept the IT industry and the promise of creating software applications by reusing a variety of business and component objects available from libraries. I recall one vendor start-up launching a business objects library and saying that all future applications would be created from libraries of pre-built objects. This never happened, at least not in the way imagined. These business object libraries were never at the granularity required, had high maintenance overheads, and quickly fell out of date. Unfortunately software does become stale – every software object or service begins to deteriorate as soon as it is created: ‘more like lettuce, less like gold’ is one apt description I’ve heard.

Fast forward to services and SOA and the same issues arise again. An interesting twist to this is that adopting an agile development methodology places an emphasis on the Pareto principle of focusing on building for the 20% of features that will be used 80% of the time. Building-in for future possible uses is precluded in this agile approach, which leaves the reuse argument hanging.

The evidence from the ground also suggests reuse is not a key factor in SOA: a recent user survey published in Computing magazine stated reuse at the bottom of the benefits realised from SOA. SOA does have many benefits and most organisations are incrementally moving towards some variation of SOA.

ANALYSIS

I think the first step in clarifying this issue is to understand the different types of reuse. Let’s start by defining the ‘use’ part: typically Web services built to access applications and services falling into the Application Programming Interface (API) and integration types of use – in order to access these applications/services one has to invoke the appropriate Web services.

The most successful type of reuse is the platform library concept, for example the extensive libraries of components that are provided by the programming language platforms such as Java and .NET. These are highly granular for very specific tasks.

The more questionable type of reuse is dealing with a higher level, business-oriented service ‘library’ (the quotes meaning that this may not be a formal library). This is taking a service built in one context or business process and re-using it in a different context/process. If the maintenance burden is on the customer, i.e. this is an in-house service/component, then the benefits rapidly decline: keeping active an in-house library service of services/components for some unknown future reuse is never going to win points when measured against value to the customer.

Of course, there will always be exceptions where forward planning shows clear benefits in maintaining custom built services/components. Perhaps planning is the real answer to reuse – if planning shows the merit of the maintenance burden then reuse makes sense, otherwise only build for what is needed today: it is both easier and cheaper.

> Back to top

CATALYST

At the end of the last quarter I wrote an OpinionWire article on the biggest IT services deals that had taken place since the beginning of the year. Butler Group’s parent company, Datamonitor, tracks IT services deals: have there been significant changes over the last quarter? Are there small signs of modifications to IT services deals? Or, have things remained relatively unchanged since my update at the beginning of April?

IMPACT

The biggest deal of Q2 was between Alcatel-Lucent’s Chinese subsidiary, Alcatel-Lucent Shanghai Bell, and China Mobile, valued at US$1 billion for a period of just eight months, to provide network upgrades, integration, and maintenance services in 2009. The contract covers maintenance and support, network integration, network management, and systems integration specifically within China.

The second largest deal of the quarter also involved Alcatel-Lucent – this time as the customer – with HP the provider, securing a ten-year contract estimated to be worth US$920 million to provide IT infrastructure management services. The contract has been awarded alongside the announcement of a ten-year global alliance between Alcatel-Lucent and HP, to help customers transform communication networks by providing communication and customer solutions.

There are then a series of 20 deals worth an estimated US$850 million each over a period of ten years. There is one customer – US General Services Administration (government sector) – and a range of providers again including Alcatel-Lucent, HP, EDS, Harris Corporation, and others. This range of contracts, known as the Alliant IT services contract, is a ten-year, multiple-award, indefinite delivery/indefinite quantity series of contracts awarded by US General Services Administration, allowing the contract winners to negotiate with US government agencies to serve as detailed under their specific contracts.

The highest contract value that includes Europe in its delivery is between Capita Group and AXA Sun Life, with a 15-year deal worth US$843.5 million (UK£523 million) to provide customer servicing, policy administration, claims activity, and IT support. This deal will involve offshore delivery, and the winning factor on the deal was reported as being the proven track record of Capita in terms of service and IT delivery.

Australia was the location for the next-largest deal, worth up to AUD$100 million (US$70.1 million), with an agreement between Telstra and Commonwealth Bank of Australia for ten years. This contract requires Telstra to provide a range of next generation telecommunications capabilities and fully managed services to the bank’s branches, contact centres, EFTPOS network, and non-branch ATMs.

A further large UK-based deal was agreed between CSC and the UK Identity and Passport Service to upgrade the IPS application and enrolment system. The value of the contract is UK£385 million (US$570 million) over a period of ten years. As part of the deal CSC will upgrade the existing application and enrolment system with new capabilities to process applications for passports and ID cards.

ANALYSIS

The total contract value for all deals tracked by Datamonitor for the second quarter of the year comes to just under US$41 billion, with an average contract length of 52 months (4.3 years). Taking the top ten deals for the quarter (not including the 20 contracts awarded by the US General Services Administration) the average contract length is almost 93 months (7.75 years); and for the top ten deals of June, the average contract length is almost 74 months (just over six years) – down from 81 months for the month of March.

It is no particular surprise that the average contract length has reduced slightly over this period, as customer organisations don’t always want to be tied into a ten-year-plus deal when better options may well be around the corner. However, price remains a key part of any contract, and the longer the deal the better the overall price. As such, for the foreseeable future we do not expect the average contract term for the top ten deals to reduce significantly.

> Back to top

CATALYST

KANA 10, the latest release of the company’s service-centric customer management system, is not just another feature and functionality upgrade. KANA took the brave decision to rearchitect its existing suite to embrace Service Oriented Architecture (SOA), not just in the interests of technical modernity, but as the means to address the ongoing problem in the customer service sector of fragmented systems, resulting in fragmented customer service experiences.

KANA 10 has been built on the IBM SOA Foundation and with WaveMaker Software’s visual development platform. Both are embedded into the KANA 10 platform and available for end-user organisations to use. As well as speeding up the development process from KANA’s perspective, the two technologies are also core to delivering KANA 10’s major benefit – the ability for business managers to craft business processes in order to create and modify the customer experience.

IMPACT

At the start of 2008, KANA announced that it was rearchitecting its suite to embrace IBM’s SOA Foundation. Less than a year and a half later it has delivered, achieving its own goals, whilst also demonstrating the value of the SOA approach in terms of speed of development and support for transformational projects. Working together, (the new KANA platform will be co-marketed, co-sold, and co-supported), IBM and KANA have exploited SOA and the principles behind composite applications, to create a set of tools and Web services designed for customer service operations. By embedding SOA Foundation into the KANA 10 platform and providing business user friendly tools, the complexities of the SOA infrastructure have been abstracted, enabling some of the SOA benefits to be realised without the IT organisation having to fully embrace SOA (although Butler Group strongly recommends SOA governance).

KANA also made use of WaveMaker Software’s visual platform for the development of Web applications, and credits its Visual Ajax Studio for cutting UI development time by 50%. Furthermore, by embedding the browser-based studio into the platform, KANA has provided user organisations with a set of business user-friendly tools to enable application and workflow extension and customisation.

As might be hoped, the technology transformation was a means to an end. It was adopted to solve a core service industry problem of too many disparate systems (implemented to cope with the expanding number of customer interaction platforms), necessitating complex integrations that created rigidity and were out of step with the need to support rapid and cost effective business change. The technology change is designed to address several business needs in the customer service sphere – to bring together disparate customer service technologies across multiple channels, to enable change as and when it is needed, and the big one, which is to manage customer service so as to ensure that the customer has a positive and differentiated experience. In today’s environment, a poor customer experience (judged against rising customer expectations) can directly lead to loss of the customer and to the advantage of a competitor.

The ability to tap into multiple resources in order to gather the right set of information to meet a specific customer need is an essential requirement of customer service management, which demands a combination of process, knowledge, interaction, and interface management. By tackling front-end (interaction and interface management) and back-end (process and knowledge management) requirements via a platform designed to leverage and augment existing implementation, KANA has taken a holistic view.

It has also declared its commitment to a process approach to enterprise applications, and by providing tools specifically designed to enable business managers (as opposed to IT) to define, deploy, modify, and extend customer service processes, it puts control in the hands of the business/customer service managers. Once they have control over the process, the theory is that they can orchestrate the customer service process to deliver an experience that can be tailored for customers, is delivered/experienced in the way it was envisaged, and can be optimised as and when is necessary.

ANALYSIS

Obviously there is a difference between KANA’s vision and its adoption and execution within a customer environment – although there are some early adopters. Nevertheless, the KANA move is interesting on two fronts. It is a validation that SOA can be used to deliver business benefits, in this case the potential to address the long-standing problems of fragmentation and disjointed support in the customer service area; and is also an indication of the type of integrated thinking that is needed to make the most of new approaches.

> Back to top

IT organisations are under pressure to develop an effective strategy and to deliver services that meet the objectives of the enterprise. In order to meet these requirements, it is essential that IT management has a thorough understanding of what they have got, where the business is headed, and what the transformation activities are necessary to navigate the changes.