As we say goodbye to 2006, the convergence of computing models appears to be overtaking distinct types of computing such as Software as a Service (SaaS) to the point where distinct models are becoming irrelevant.
Originally pioneered by the likes of ADP and later turned into a marketing phenomenon by Salesforce.com, the core principle of SaaS is that all applications can be served over the Web, thereby eliminating the need for client software.
Upon further review, it's becoming pretty clear that Microsoft is pursuing a hybrid strategy under which it envisions robust client applications being seamlessly integrated with rich sets of services delivered over the Web. This is not a new idea.
Back in the heyday of the dot-com boom, Netscape talked about using the browser as a platform for delivering applications. But instead of pursuing that strategy, the company embarked on a misguided effort to reinvent the enterprise application server wheel.
Fast-forward to 2006, and it looks like Google's game plan is to resurrect the Netscape strategy to break Microsoft's dominance over productivity applications. What's ironic is that while Microsoft continues its strategy of embedding the browser in the operating system while Google is embedding applications in the browser, both companies clearly see that having a footprint on the client is critical to their long-term success.
This is because people have become tired of using discrete applications when what they really want is an integrated set of applications that closely reflects the business process or task they are trying to accomplish.
In the corporate world, this is called business agility. To achieve it, you need the capability to employ code as you see fit on the client, on an on-premise server, inside the network and, yes, on a remote server that delivers software as a service.
Both Microsoft and Google plan to take this integrated model one step further. Their goal: to create ecosystems through which they and their software partners deliver integrated applications across a spectrum of platforms where each instance of a user's interaction with that software will be remembered, whether the user invokes applications over a cell phone, notebook, desktop computer or other device. In that scenario, on-demand software applications are a natural extension of the computing model, rather than a distinct set of silo applications that must be integrated via brute-force programming. Is it the ultimate computing model? What we're really seeing, is the long-overdue convergence of computing models into a unified architecture featuring software that customers can adapt to their business processes instead of making customers adapt to the software. |
Web 2.0 is with us, like it or not, and it's the real deal.
Corporate America's embrace of Web 2.0 technologies appears to be growing but so, too, is a feeling of increased vulnerability.
Web 2.0, broadly defined, refers to the technologies and culture behind user-driven applications such as blogs, podcasts, social networks (like MySpace), wikis and Really Simple Syndication (RSS) feeds. What makes matters worse is that the vast majority of these sites [are] considered legitimate by URL Filtering/Categorization products, and as such will not be blocked despite the fact that they contain malicious code."
Finjan, the computer security software maker
says it has discovered malware embedded in JavaScript code and images that take advantage of browser vulnerabilities. "We found them and it's real," says Yuval Ben-Itzhak, chief technology officer at Finjan, about the danger.
Corporate security personnel aren't that versed in Web 2.0 technologies, he explains, and even security companies such as his own are still developing Web 2.0 testing and countermeasures. "We're at that very early stage of really understanding these problems," he says.
But CIOs and CSOs should be taking any number of steps to better defend their Web 2.0 sites, say security experts. Granted, many of their recommendations are just good common sense, but they're worth repeating:
1. Set policies on what can and can't be uploaded. It's just like e-mail, according to Aaron Emigh, a security expert at blogging software maker Six Apart; companies need to decide what they will allow. Nail down a threat model and decide what threat level you're willing to tolerate.
2. Screen content, and employ behavior-based security analysis tools. Installing screening tools that can look at content before it is uploaded, Weider says, may seem pretty basic, but he notes that the practice is far from universal. And, he says, be aware that people may include links in their uploads that point to other sites that contain malware. Also, screening tools won't catch everything. Emigh says, so you may want to contract with a consultant that does penetration testing.
3. Employ a layered defense. Another one of those things that goes without saying these days, but it's good to remember that no one tool or policy will protect you from all threats. "As we allow more and more control from users to create their own Web content," says Watchfire's Weider, "we're going to have more and more challenges to protect the end users."
|
No. 1: A project's scope is too monolithic and gargantuan. In 2001, McDonald's planned to spend $1 billion over five years to tie all of its operations into a real-time digital network. Eventually, executives in company headquarters would have been able to see how soda dispensers and frying machines in every store were performing, at any moment. But after just two years, the fast-food giant threw in the towel.
No. 2: Processes and technology aren't synched up. BearingPoint, the consulting firm and systems integrator, failed to report earnings for almost 18 months. What happened? A "perfect storm" of external events, internal missteps and bad timing wreaked havoc as BearingPoint tried to unify its financial reporting systems. The biggest disconnect, according to former BearingPoint CIO Thomas Wilde, was that the financial processes BearingPoint had employed in moving to a new system didn't align with the software.
No. 3: Poor data quality leads to increased costs. Companies without proper information management and control spend 10% or more of their operating revenue on fixing problems that stem from bad data, says Larry English, president of Information Impact, a consulting company that specializes in data quality. Data broker ChoicePoint, which was fooled into selling private information to Nigerian criminals last year, didn't know how many of the 17 billion records it stored had inaccuracies or what it was costing.
No. 4: A project is slowed down because it requires approval across multiple divisions. More than five years ago, Nestle set out to standardize how it operates around the world with a single system to predict demand, purchase supplies, collect payments from customers and market its products. But getting more than 40 managers to buy into the global standardization project was no easy sell.
No. 5: Managers don't take advantage of information systems to make quick business decisions. Toy maker Mattel had all of the business intelligence, market research software and human procedures in place to tell it that MGA Entertainment's Bratz dolls would threaten Barbie's dominance in the doll market. But Mattel didn't act quickly or aggressively enough to cut the pouty-lipped hip-hop dolls off at the knees.
No. 6: Poor design results in data-entry errors. A new prescription-ordering system at Cincinnati Children's Hospital gave a doctor ordering a mild pain reliever the choice to order the medication in pill or liquid form. The physician mistakenly hit "tablets" instead of "milliliters" when clicking off dosage options, ignored subsequent warnings to reconsider, and ended up prescribing 325 tablets of Tylenol to be administered to a child. The amount of Tylenol ordered was a potentially harmful dose, but was so out-of-bounds that a pharmacist easily caught the error. |
