Scribe Software, a customer relationship management (CRM) data integration provider, will launch next week Scribe Online Synchronization Services (SYS), the second major service delivered on the Scribe Online cloud integration platform.

According to the Manchester, NH-based company, Scribe Online provides a cloud-based alternative to integration middleware, and simplifies the integration experience without sacrificing performance or functionality. The goal is to allow companies to reap the benefits of integrated CRM data from a variety of sources and technologies in days, rather than months.

The timing is more than pretty good because CRM as a category is expanding, driven by businesses' recognition that rich data on customers (and partners) is essential for better productivity, and for leveraging cloud-enabled business innovation outside the company.

Many companies I speak with are looking to pull appropriate and relevant data in near real-time from many internal systems of record to augment the full picture of customers. They are looking to their CRM systems as the meta data repository of such integrated views. And now they want to bring in more data from more sources, including those outside their four walls.

And, of course, the power of knowing the most about customers -- and making the analysis from such data widely available to business units and functions across the enterprise -- can make or break a company. Across the full business cycle, relevant and insightful data on customers drives success, from product development to effective marketing, to help desk and support, to entering new markets.

Scribe then, has developed its cloud offerings, built on Microsoft Azure and released last year, to make the instantiation of CRM data from as many sources as makes sense a function of the cloud, as well as on-premises. Such a hybrid approach to data integration makes even more sense than a hybrid approach to IT infrastructure services, if you ask me. Your really need to be in the cloud to leverage the hybrid data integration benefits.

Now, Scribe has made it easier to leverage that cloud by offering synchronization services for CRM data integration a drag-and-drop affair that many business users can accomplish. Furthermore, Scribe is releasing SPARK, a developer program to help foster a community effort around making more connections to more types of data available to more synchronization efforts.

“Synchronization Services builds on our commitment to deliver superior CRM integration to customers and partners in the cloud. SYS fills a void in the market for an integration tool that is affordable and easy to use,” said Lou Guercia, president and CEO of Scribe. “Until now, integration products have been either too basic or too complex.”

Developer program

Scribe, with the SPARK Solution Developer Program, is targeting software-as-a-service (SaaS) providers, channel partners, systems integrators, VARS, and other business technology consultants. This means that while enterprise IT departments are gearing up for hybrid cloud-based CRM integrations, the community of ISVs and VARs needs to move more quickly, to innovate and expand into new models.

The SPARK Solution Developer Program is designed to help solution providers quickly build data integration capabilities between their solutions and CRM, as well as any other application or endpoint on Scribe Online. This will fit very well, too, into the Salesforce.com ecosystem, and the Microsoft Dynamics one, as well.

Scribe expects that partner networks will share and extend customer data -- and value-added services on top of that joined and integrated data -- for a variety of additional business services, said Guercia. Integrated and automated marketing services providers like HubSpot, Marketo, and Eloqua, certainly come to mind, too.

“CRM is no longer just a contact management system. It’s a critical revenue enabler for the business. Companies that integrate customer data from all areas of the business benefit with increased sales and satisfied customers,” said Roger Hodskins, vice president of strategic alliances at Scribe.

Using Scribe's latest offering, SaaS independent software vendors (ISVs) who offer integration to more than one CRM vendor can extend their presence in multiple CRM markets. As customers expand the scope of CRM in their businesses, integration can readily incorporate the SaaS ISVs’ offerings with connections both to CRM and to other complementary applications, said Scribe.

For more information on Scribe SYS, sign up for live weekly webinars, or to watch a four-minute demo video at scribesoft.com/online. Scribe Online SYS is available, too, free for 15 days at scribesoft.com/Free-Trials.

You may also be interested in:

• Metadata virtualization and orchestration seen as critical new technology to improve enterprise data integration
• CRM: Account value, billings trending well, says Goldman
• CRM watchlist 2012 -- let the reviews roll: The top of the top
• Capgemini's CTO on how cloud computing exposes the duality between IT and business transformation
• MIT's Ross on how enterprise architecture and IT more than ever lead to business transformation
• Talend brings unified data integration platform to public clouds
• Kapow launches data integration platform for rapid data delivery to multiple devices
  

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

Advanced and pervasive virtualization and cloud computing trends are driving the need for a better, holistic approach to IT support and remediation.

And while the technology to support and fix virtualized environments is essential, it’s the people, skills, and knowledge to manage these systems that provide the most decisive determinants of ongoing performance success.

In a special BriefingsDirect sponsored podcast, created from a recent HP Expert Chat discussion on best practices for VMware environment support, HP experts explain how they have made the service and support of global virtualization market leader VMware a top priority.

For example, Cindy Manderson, Technical Solutions Consultant for Complex Problem Resolution and Quality for VMware Products at HP, provides case studies for how managed escalation and multi-vendor support around the globe can reduce downtime by 70 percent, with large ROI benefits as well.

Other HP experts in the discussion include Pat Lampert, Critical Service Senior Technical Account Manager and Team Leader, as well as Sumithra Reddy, HP Virtualization Engineer. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP and VMware are both sponsors of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Virtualization isn’t just server-by-server, but really impacts the entire data center. You need to think about it more holistically, particularly in regard to things like security, performance and how your brands and businesses are perceived across the globe. Many of the companies that I deal with day in and day out are up at 80 percent and even 90 percent virtualized.

When they think about virtualization, they go beyond just server virtualization. It’s really now looking at storage, applications, networks and even the end-user desktop experience, or desktop as a service (VDI).

Successful virtualization is no longer just about servers, it’s about managing complexity when you get beyond the 20 percent or 30 percent level and expand into converged infrastructure virtualization without failures.

So how to take advantage of the best things about virtualization? Part of that means allowing your IT team to have access to other experienced support teams, from HP and VMware, around the world, 24×7, to help keep systems up and running. Such support also allows your IT team to progress, to learn as they go, and to be able to take advantage of more virtualization benefits over time.

Expert panel

So how do you go about attaining such benefits? How do you keep the positive side of virtualization on track? And how do you put in place an insurance policy around service and support?

Manderson: We have several different packages. Our highest level is the mission-critical. In this particular process, you're assigned a team that are across the technology that you have in your environment. But you also get a set of folks who would actually look at not just the reactive support and even some of the proactive, but how actually your entire business is running according to the ITIL standard.

That is coupled with keeping you up and running, and we also can work with you on a type that would be best suited for your environment.

Our critical and independent support includes onsite resources from HP that also include a lot of proactive support. In addition, they're more focused on specific management, but that would be more of an ITSM technology. We can look at that for you.

... We also have the hardware and software support. One of the cool things we have with our hardware support is support automation, our Insight for remote support. That can notify HP that you're having a disk drive failure. Or we will call you and say that we know that disk drive is failing, or something on a buffer server and storage is about to.

You can even take that a step further to look inside at the Windows operating system. We're hardware agnostic on that operating system. We don't care about the vendor -- and I believe we are looking at expanding that automation to other operating systems. We have installation and startup services that we can actually go out and set up and configure the hardware and software at a site.

So we definitely integrate across all the multi-vendor services. We run the gamut between all the x86 operating systems, as well as our proprietary operating systems, our servers and storage. Again, we're no stranger to multi-vendor support and keeping the entire environment up and running.

... One of our most creative services would be Proactive Select, a core product series of credits. You can use these credits for maybe planning on migration and upgrade. You can say you need some consulting time. You can use these credits and work with upgrade and migration. You may need some performance or you may need some type of environmental assessment, and these credits can be used for that.

Gardner: When people do employ these services, how do they measure what the payoff is, the value of these services?

IDC study

Manderson: In 2010, IDC did a study. They went out and looked at the methodology, and this is out on our website. They saw that the customers who have the mission-critical services, reduce their downtime by over 70 percent, and increase their return on investment (ROI) quite high, over 400 percent. The main benefit was in problem management as well as help desk calls, because these were alleviated due to the proactive nature, a lot of looking at the entire environment, and looking at the business processes.

So take a look at the study. It shows IDC's methodology. So looking at things proactively and these support processes can certainly help you reduce that downtime.

... I've been in the multi-vendor space for many, many years -- from applications to operating systems -- all with HP.

In 2002, when VMware came on the scene, HP actually became alliance partners with them. In 2003, we became a reseller, and thus began our support partnership with them. It would only extend recent in 2005, we also became an OEM. We have thousands of trained and certified Microsoft engineers and Linux professionals, too.

But we have the largest number of VMware-certified professionals. We're also have the largest global VMware off-site training center. So HP also does education on these technologies as well. We’ve trained over 20,000 students in the VMware space alone.

And we have had this very strong collaboration with VMware for many years and have support teams around the globe. In addition, we also offer the same level of training that VMware support engineers do. We actually go to their facilities and train right alongside them, too.

We further do this training virtually. The training is then recorded and made available on demand for reference, for folks who are not able to attend a scheduled course. There's definitely a very strong partnership, and as you see from our history with the other vendors as well as VMware, we are no strangers to multi-vendor support.

With all of the VMware products that HP sells, we do provide support across them all. It runs the gamut from the vSphere operating system that will install on the x86 server, through the enterprise management to the vCenter, and virtual desktop infrastructure products like VMware ThinApp. We also support the converter product getting into vCloud Director.

In addition to that, we have the ability to access our peers on the other teams across HP hardware support. This includes servers and storage, and our networking chain. We are quickly able to collaborate with them and pull together a virtual team in to focus on the customer's whole environment, to provide a one-stop shop.

Expertise across technologies

Additionally, you saw that we’ve been in this multi-vendor support business for so many years, with many experts across the other technologies, such as Microsoft and Linux. Of course, the virtual machines (VMs) are running these operating systems. So if the contract is also with them, we can easily pull them in to help us work an end-to-end solution and support it.

Gardner: Let’s think about what happens when there are different levels of support at work. How does that shake-out?

Manderson: We're in a reactive support business. If the customer has a problem, they can either call in at their local region telephone number -- whether they are in America, Europe, or Asia Pacific. There are different phone numbers for them to call.

They can also log in via the web, and they'll get to our next developer Level 1 engineer. They're a great organization and have solved over 85 percent of their cases.

If they have issues where they have to escalate, first they will be collaborating with us. We also have an online chat tool, where we are all in a virtual room, the Level 1 engineers, Level 2 engineers, etc. So we’ll be consulting and collaborating with them before they even get to a point of escalation.

If the case does end up needing escalation, chances are they're already collaborating with the first person, and will then end up taking the case. That saves a lot of information transfer, as far as what type of server you have, what’s the firmware, what build level, and what’s the problem there, etc.

Once it reaches Level 2 support, as far as we can continue to collaborate, we can reach our teammates and the hardware teams, too, so we can look at the server and make sure that the environment is what we need it to be. If we can't resolve it, we can also go to Level 3 with VMware at an offline service-partner level.

We have a great relationship with the folks that we work alongside with and would escalate calls to at VMware. We’re obviously not going into Level 1 at VMware because we’ve already done all that work, and we are a service partner. They'll go right up to our peers over at VMware and then we work together, while always owning the solution that we provide back to the customer.

Another part of our infrastructure-as-a-support-organization is that we have a single customer database. I can give an example. A call came into our Level 1 French engineer. When this call came in, for the European folks, it was already the end of their day, and the French engineer could not speak English. It was a critical down, their VMs were offline.

---

Redefine the potential of your virtualization investments.

View the full Expert Chat presentation on VMware support best practices.

---

HP Virtual Room

So we worked in a virtual room and they talked to us, and brought the case to us here in America’s time zone. We worked with this case and another tool called HP Virtual Room, where we could actually all look at the customers' desktops in real time. They happened to have EVA storage, and we quickly got an EVA engineer engaged. Of course, we had to find a resource in the Americas because the European folks had already left. So we're all looking in real-time at the customer’s environment and found out that they had locked the storage.

The EVA engineer helped to get back online, while we all watched and the French engineer was translating in French for the customer in order to get it all resolved. We got it back online, and the customers were ready to home.

We gave instructions on getting log files and we placed a call for follow-up for the daytime hours in Europe the next day. So our counterparts in European support teams picked that up and worked with the customers to resolution, to analyze exactly what happened and prevent it in the future.

We have another process in HP that can actually go with top organizations, our escalation manager process. I was lead source for a particular case where we had a field team assisting a customer deploying a virtual desktop infrastructure (VDI) design. They had a third-party VDI vendor. They had HP hardware, servers, and virtual connects. They had our storage, and we didn’t quite know where the bottleneck was. They were having performance issues by trying to have this VDI at two different locations with the hardware at one site.

The escalation manager was able to get the local office to borrow equipment, and then try to get performance and network traces. They had the Engineering Problem Management Resource (EPMR) lab in Houston trying to duplicate the problems.

Our escalation manager was able to drive the issue to completion across not only the solution standards, but the local office, to owning the actual escalation with all the action items to keep this all on track. We knew where we were going to go. That was about a six-month case, but we did finally find was that the customer was on the technological edge, and the "pipe" to have that performance just did not exist.

Site visits

Pat Lampert is a technical account manager and does site visits. The technical account managers do go out on site. So we’re aware of the environment. We have the information of your environment documented into the database. When you call, we’re not saying, "Now what kind of server is this? What’s the firmware?" We know this because we already have it documented. We could be calling them to say, "Server 3 is running a little off." We already which know VMware version this is on, because we have that information.

And because we have that, we can also offer proactive advice. We can know that there's a new firmware update, or VMware just came out with a new build, and we have a place where you can go find the latest that's specific to your environment. So this helps to reduce further incidents, because we can be more proactive to help you maintain your business.

Gardner: What are some of the the most frequent questions you receive from the field?

Reddy: I'll address two questions that are frequently showing up. One is, what is the difference between the VMware ESXi image and an HP ESXi image?

Basically, HP takes the same ESXi image that VMware provides to the customers. It then adds HP thin components for hardware management, and it also adds any latest fibre channel and network drivers. Once it's tested and certified, it's available for download both from HP and VMware websites.

Major differences

And one of the major difference between the two images is that VMware image is disk installable only, whereas HP image can be installed on a disk, USB key, or a SD card.

The other question we're getting nowadays is how to upgrade from VCA4 to VCA5. As with any major upgrades, planning helps. The first thing I would do is understand the difference between ESX 4 and ESX 5, because starting with ESX 5, we have no service console. So we need to understand what the architectural differences are.

Also learn about the new licensing policies. Then, use the System Analyzer that VMware provides to evaluate the current environments, and download, check, and complete the checklist. Once this is done, hopefully the upgrade will go smoothly.

Lampert: Another question that has come up from customers has to do with the added value of getting support directly from HP. It was partly addressed during the presentation we just gave. First of all, VMware does have a fine support organization. I have a couple of friends who work in VMware Support, and they do a good job of supporting their product.

HP, in addition to a similar level of expertise in the product, also offers our expertise in HP hardware, especially if you have systems based on HP Blades. The infrastructure behind that often is tied very closely to the performance and availability of your ESX host. So when you call us, you will have not only someone who is very familiar with the VMware product, but also is familiar with the HP hardware and able to pull in the proper resourced results, problems you might encounter with running vSphere on HP hardware especially.

In addition to that, we have a partnership agreement with VMware, and when you call in for support through HP, you're getting that same level of service when we have to go to VMware to get answers to questions or fixes.

One other question that has come up is about our lab ability to reproduce problems. We have two global labs, one in India and one in the United States. We have several static vSphere cluster configurations with a number of different types of servers already in those configurations, and the ability, when needed, to add specific models, if there is a problem that’s specific to a particular Blade or rack-mounted server model, or a particular card or something like that. So we're quite able to reproduce most problems that come in. We even have some Dell and IBM equipment in our lab also.

Gardner: What other issues are users grappling with?

Reddy: One question I can answer is how to troubleshoot server crashes. When something goes wrong in ESX, we call it the "Purple Screen of Death." Often, these are results of hardware failure, but we still need to rule out the software. So we collect all the logs, and look at it to see if it's a software issue. If it's not a software issue, then we engage the hardware team to see how we can get to the root cause and fix the issue.

Lampert: To dovetail with Sumithra’s comment there, one of the questions I get frequently is what to do if you don’t have a dump. Say the host hangs, and that seems to be almost more common than the Purple Screen of Death. Some customers are't aware that through HP’s Integrated Lights-Out Management, there is the ability to generate a non-maskable interrupt (NMI) just by pressing a button, and by saving a certain environment variable ahead of time in your ESX host.

KB article

There is a KB article on this, by the way, if you just search on NMI and core dumping in VMware. But with that setup, you can force a dump while a system is in a hung state, and that will assist us usually in troubleshooting and isolating what caused the hang, whether it be hardware or a problem with the ESX host software.

One question that came up ahead of time is what HP suggests as far as getting a handle on our inventory of VMs? I happened to be involved in field testing some new tools from HP that will be available in January and February regarding vSphere.

One of them is a Holistic Blade and Firmware Analysis that takes into account the VMware environment on our Blade systems which we are working on having ready soon. We have just completed field tests.

And the second is a really nifty Inventory Report HP has just put together. We're just completing field tests on that now. It will be available soon. Basically, we install a small Perl script in the customer environment on any machine that has access to the vCenter host and has a vSphere CLI installed.

This Perl Script crawls through the VMware environment and builds an XML file, which we then feed into a report generator here at HP. This can be used for us to gather information on customers, so we have ahead of time a clear picture of the environment. But also it will be sold as a service to customers.

The report is really quite nice, with all sorts of charts and showing availability of machines and availability of memory and also disk space. It's a very nice report.

---

Redefine the potential of your virtualization investments.

View the full Expert Chat presentation on VMware support best practices.

---

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP. You may also be interested in:

• Continuous Improvement and Flexibility Are Keys to Successful Data Center Transformation, Say HP Experts
• HP's Liz Roche on Why Enterprise Technology Strategy Must Move Beyond the 'Professional' and 'Consumer' Split
• Well-Planned Data Center Transformation Effort Delivers IT Efficiency Paybacks, Green IT Boost for Valero Energy
• Hastening Trends Around Cloud, Mobile Push Application Transformation as Priority, Says Research
• Data Center Transformation Includes More Than New Systems, There's Also Secure Data Removal, Recycling, Server Disposal

The Open Group has announced this week the availability of two new industry standards to integrate fundamental elements of service oriented architecture (SOA) and cloud computing into a solution for enterprise architecture (EA). The new standards are: SOA Reference Architecture (SOA RA) and the Service-Oriented Cloud Computing Infrastructure Framework (SOCCI).

The Open Group has released updates to The Open Group Service Integration Maturity Model (OSIMM), which has now been ratified as an ISO and IEC (ISO/IEC 166880) International Standard. OSIMM gives organizations a common model for developing a roadmap for achieving the right level of service adoption to meet business objectives. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

ROA RA is a blueprint for creating and evaluating SOA solutions, while SOCCI is the first Open Group cloud standard that outlines the concepts and architectural building blocks necessary for infrastructures to support SOA and cloud initiatives.

"In today's global competitive marketplace it is imperative that business and IT drivers are aligned," said Chris Harding, Director for Interoperability, The Open Group. "Each of the three standards is vendor-neutral and helps an organization of any size to design and implement the proper SOA and cloud solutions for its business objectives."

SOA RA is an industry standard reference architecture for the development of SOA solutions. Utilizing the SOA RA Standard, enterprise architects will have a common language and approach for creating SOA solutions that meet different organizational needs and bridge the gap between business and IT.

SOCCI is the industry's first cloud standard for enterprises that wish to provide infrastructure as a service in the cloud and SOA. Developed by The Open Group SOA and Cloud Work Groups, SOCCI is the realization of an enabling framework of service-oriented components for infrastructure to be provided as a service in SOA solutions and the cloud.

The standard details a set of common SOCCI elements and management building blocks for organizations to consider and identifies the synergies that can be realized through cohesive application of SOA and cloud-based principles. Using SOCCI, organizations can incorporate cloud-based resources and services into their infrastructure for increased agility and scale, and lower maintenance costs.

Proven best practices

OSIMM leverages proven best practices to allow consultants and IT practitioners to assess an organization's readiness and maturity level for adopting services in SOA solutions. By aligning business goals and assessing associated SOA services IT practitioners can create a detailed roadmap for integrating services for SOA and cloud computing solutions into enterprises. With the recent ratification of OSIMM 2.0 by ISO and IEC, organizations worldwide have an extensible framework for understanding the value of implementing a service model, as well as a comprehensive guide for achieving their desired level of service maturity.

The SOA RA technical standard, SOCCI framework, and OSIMM 2.0 International standard are available for download from The Open Group Bookstore. These new standards can also be viewed online at: SOA Reference Architecture, Service-oriented Cloud Computing Infrastructure, Open Group Service Integration Maturity Model.

In addition to the standards news, The Open Group on Jan. 30 will begin its San Francisco conference to focus on the role played by IT and EA within enterprise transformation. Among the topics to be explored:

• The differences between EA and enterprise transformation, and how they relate to one another
• The use of EA to facilitate enterprise transformation
• How EA can be used to create a foundation for enterprise transformation that the board and business-line managers can understand and use to their advantage
• How EA facilitates transformation within IT, and how does such transformation support the transformation of the enterprise as whole
• How EA can help the enterprise successfully adapt to "disruptive technologies" like cloud computing and ubiquitous mobile access.

Among the speakers at the conference will be Andy Mulholland, the Global Chief Technology Officer and Corporate Vice President at Capgemini. In 2009, Andy was voted one of the top 25 most influential CTOs in the world by InfoWorld. And in 2010, his CTO Blog was voted best blog for business managers and CIOs for the third year running by Computer Weekly.

Andy recently participated in a BriefingsDirect podcast, in which he spoke about an upcoming Capgemini whitepaper, which draws distinctions between what cloud means to IT, and what it means to business -- while examining the complex dual relationship between the two.

Also, Jeanne Ross, Director and Principal Research Scientist at the MIT Center for Information Systems Research. Jeanne studies how firms develop competitive advantage through the implementation and reuse of digitized platforms.

Jeanne recently spoke with me about how adoption of EA leads to greater efficiencies and better business agility and explained how enterprise architects have helped lead the way to successful business transformations.

Also speaking is Joseph Menn, Cyber Security Correspondent for the Financial Times and author of Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet.

Joe has covered security since 1999 for both the Financial Times and then before that, for the Los Angeles Times. Fatal System Error is his third book, he also wrote All the Rave: The Rise and Fall of Shawn Fanning's Napster.

As a lead-in to his Open Group presentation, entitled "What You're Up Against: Mobsters, Nation-States, and Blurry Lines," Joe recently joined BriefingsDirect to explore the current cyber-crime landscape, the underground cyber-gang movement, and the motive behind governments collaborating with organized crime in cyber space.

Registration remains open for The Open Group Conference in San Francisco, beginning Jan. 30.

You may also be interested in:

• Capgemini's CTO on how cloud computing exposes the guality between IT and business transformation
• MIT's Ross on how enterprise architecture and IT more than ever lead to business transformation
• Overlapping criminal and state threats pose growing cyber security threat to global Internet commerce, says Open Group speaker
• Exploring Business-IT Alignment: A 20-Year Struggle Culminating in the Role and Impact of Business Architecture
• The Open Group's Cloud Work Group Advances Understanding of Cloud-Use Benefits for Enterprises

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: The Open Group.

This BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference this month in San Francisco.

The conference will focus on how IT and enterprise architecture support enterprise transformation. Speakers in conference events will also explore the latest in service oriented architecture (SOA), cloud computing, and security.

We’re now joined by one of the main speakers, Andy Mulholland, the Global Chief Technology Officer and Corporate Vice President at Capgemini. In 2009, Andy was voted one of the top 25 most influential CTOs in the world by InfoWorld. And in 2010, his CTO Blog was voted best blog for business managers and CIOs for the third year running by Computer Weekly.

Capgemini is about to publish a white paper on cloud computing. It draws distinctions between what cloud means to IT, and what it means to business -- while examining the complex dual relationship between the two.

As a lead-in to his Open Group conference presentation on the transformed enterprise, Andy draws on the paper and further drills down on one of the decade’s hottest technology and business trends, cloud computing, and how it impacts business and IT. The interview is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Why do business people think they have a revolution on their hands, while IT people look cloud computing as an evolution of infrastructure efficiency?

Mulholland: We define the role of IT and give it the responsibility and the accountability in the business in a way that is quite strongly related to internal practice. It’s all about how we manage the company’s transactions, how we reduce the cost, how we automate business process, and generally try to make our company a more efficient internal operator.

When you look at cloud computing through that set of lenses, you’re going to see ... the technologies from cloud computing, principally virtualization, [as] ways to improve how you deliver the current server-centric, application-centric environment.

However, business people ... reflect on it in terms of the change in society and the business world, which we all ought to recognize because that is our world, around the way we choose what we buy, how we choose to do business with people, how we search more, and how we’ve even changed that attitude.

Changed our ways

There's a whole list of things that we simply just don’t do anymore because we’ve changed the way we choose to buy a book, the way we choose and listen to music and lots of other things.

So we see this as a revolution in the market or, more particularly, a revolution in how cloud can serve in the market, because everybody uses some form of technology.

So then the question is not the role of the IT department and the enterprise -- it’s the role technology should be playing in their extended enterprise in doing business.

Gardner: What do we need to start doing differently?

Mulholland: Let’s go to a conversation this morning with a client. It’s always interesting to touch reality. This particular client is looking at the front end of a complex ecosystem around travel, and was asked this standard question by our account director: Do you have a business case for the work we’re discussing?

The reply from the CEO is very interesting. He fixed him with a very cold glare and he said, "If you were able to have 20 percent more billable hours without increasing your cost structure, would you be bothered to even think about the business case?"

The answer in that particular case was they were talking about 10,000 more travel instances or more a year -- with no increase in their cost structure. In other words, their whole idea was there was nothing to do with cost in it. Their argument was in revenue increase, market share increase, and they thought that they would make better margins, because it would actually decrease their cost base or spread it more widely.

That's the whole purpose of this revolution and that's the purpose the business schools are always pushing, when they talk about innovative business models. It means innovate your business model to look at the market again from the perspective of getting into new markets, getting increased revenue, and maybe designing things that make more money.

Using technology externally

We're always hooked on this idea that we’ve used technology very successfully internally, but now we should be asking the question about how we’re using technology externally when the population as a whole uses that as their primary method of deciding what they’re going to buy, how they’re going to buy it, when they’re going to buy it, and lots of other questions.

... A popular book recently has been The Power of Pull, and the idea is that we’re really seeing a decentralization of the front office in order to respond to and follow the market and the opportunities and the events in very different ways.

The Power of Pull says that I do what my market is asking me and I design business process or capabilities to be rapidly orchestrated through the front office around where things want to go, and I have linkage points, application programming interface (API) points, where I take anything significant and transfer it back.

But the real challenge is -- and it was put to me today in the client discussion -- that their business was designed around 1970 computer systems, augmented slowly around that, and they still felt that. Today, their market and their expectations of the industry that they're in were that they would be designed around the way people were using their products and services and the events and that they had to make that change.

To do that, they're transformed in the organization, and that's where we start to spot the difference. We start to spot the idea that your own staff, your customers, and other suppliers are all working externally in information, process, and services accessible to all on an Internet market or architecture.

So when we talk about business architecture, it’s as relevant today as it ever was in terms of interpreting a business.

Set of methodologies

But when we start talking about architecture, The Open Group Architectural Framework (TOGAF) is a set of methodologies on the IT side -- the closed-coupled state for a designed set of principles to client-server type systems. In this new model, when we talk about clouds, mobility, and people traveling around and connecting by wireless, etc., we have a stateless loosely coupled environment.

The whole purpose of The Open Group is, in fact, to help devise new ways for being able to architect methods to deliver that. That's what stands behind the phrase, "a transformed enterprise."

... If we go back to the basic mission of The Open Group, which is boundarylessness of this information flow, the boundary has previously been defined by a computer system updating another computer system in another company around traditional IT type procedural business flow.

Now, we’re talking about the idea that the information flow is around an ecosystem in an unstructured way. Not a structured file-to-file type transfer, not a structured architecture of who does what, when, and how, but the whole change model in this is unstructured.

Gardner: It's important to point out here, Andy, that the stakes are relatively high. Who in the organization can be the change agent that can make that leap between the duality view of cloud that IT has, and these business opportunists?

Mulholland: The CEOs are quite noticeably reading the right articles, hearing the right information from business schools, etc., and they're getting this picture that they're going to have new business models and new capabilities.

So the drive end is not hard. The problem that is usually encountered is that the IT department’s definition and role interferes with them being able to play the role they want.

What we're actually looking for is the idea that IT, as we define it today, is some place else. You have to accept that it exists, it will exist, and it’s hugely important. So please don’t take those principles and try to apply them outside.

The real question here is when you find those people who are doing the work outside -- and I've yet to find any company where it hasn’t been the case -- and the question should be how can we actually encourage and manage that innovation sensibly and successfully?

What I mean by that is that if everybody goes off and does their own thing, once again, we'll end up with a broken company. Why? Because their whole purpose as an enterprises is to leverage success rapidly. If someone is very successful over there, you really need to know, and you need to leverage that again as rapidly as you can to run the rest of the organization. If it doesn’t work, you need to stop it quickly.

Changing roles

In models of the capabilities of that, the question is where is the government structure? So we hear titles like Chief Innovation Officer, again, slightly surprising how it may come up. But we see the model coming both ways. There are reforming CIOs for sure, who have recognized this and are changing their role and position accordingly, sometimes formally, sometimes informally.

The other way around, there are people coming from other parts of the business, taking the title and driving them. I’ve seen Chief Strategy Officers taking the role. I’ve seen the head of sales and marketing taking the role.

Certainly, recognizing the technology possibilities should be coming from the direction of the technology capabilities within the current IT department. The capability of what that means might be coming differently. So it’s a very interesting balance at the moment, and we don’t know quite the right answer.

What I do know is that it’s happening, and the quick-witted CIOs are understanding that it’s a huge opportunity for them to fix their role and embrace a new area, and a new sense of value that they can bring to their organization.

Gardner: Returning to the upcoming Capgemini white paper, it adds a sense of urgency at the end on how to get started. It suggests that you appoint a leader, but a leader first for the inside-out element of cloud and transformation and then a second leader, a separate leader perhaps, for that outside-in or reflecting the business transformation and the opportunity for what’s going on in the external business and markets. It also suggests a strategic road map that involves both business and technology, and then it suggests getting a pilot going.

How does this transition become something that you can manage?

Mulholland: The question is do you know who is responsible. If you don’t, you'd better figure out how you're going to make someone responsible, because in any situation, someone has to be deciding what we're going to do and how we're going to do it.

Having defined that, there are very different business drivers, as well as different technology drivers, between the two. Clearly, whoever takes those roles will reflect a very different way that they will have to run that element. So a duality is recognized in that comment.

On the other hand, no business can survive by going off in half-a-dozen directions at once. You won't have the money. You won't have the brand. You won't have anything you’d like. It's simply not feasible.

So, the object of the strategic roadmap is to reaffirm the idea of what kind of business we're trying to be and do. That’s the glimpse of what we want to achieve.

There has to be a strategy. Otherwise, you’ll end up with way too much decentralization and people making up their own version of the strategy, which they can fairly easily do and fairly easily mount from someone else’s cloud to go and do it today.

So the purpose of the duality is to make sure that the two roles, the two different groups of technology, the two different capabilities they reflect to the organization, are properly addressed, properly managed, and properly have a key authority figure in charge of them.

Enablement model

The business strategy is to make sure that the business knows how the enablement model that these two offer them is capable of being directed to where the shareholders will make money out of the business, because that is ultimately that success factor they're looking for to drive them forward.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: The Open Group.

You may also be interested in:

• MIT's Ross on how enterprise architecture and IT more than ever lead to business transformation
• Overlapping criminal and state threats pose growing cyber security threat to global Internet commerce, says Open Group speaker
• Exploring Business-IT Alignment: A 20-Year Struggle Culminating in the Role and Impact of Business Architecture
• The Open Group's Cloud Work Group Advances Understanding of Cloud-Use Benefits for Enterprises
• Exploring the Role and Impact of the Open Trusted Technology Forum to Ensure Secure IT Products in Global Supply Chains

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

The latest BriefingsDirect case study podcast discussion centers on how Nottingham Trent University gained strategic operational efficiency and improved IT management.

A combination of professional services and portfolio management technologies allowed the 25,000-student university -- one of the U.K.’s largest -- to improve end-user satisfaction while freeing up IT resources to pursue additional technology innovation.

To learn more, BriefingsDirect brought together Ian Griffiths, Director of Strategic Partnerships at Nottingham Trent University, and Michael Garrett, Vice President of Professional Services for HP EMEA. The discussion was moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: What was the one glaring thing that needed to be changed when you began to think about improving how you did IT?

Griffiths: We were very, very good at moving forward and doing lots and lots of things, but delivering products at the end of that period was more difficult. We seemed to be running around in circles, and didn’t quite meet customers’ expectations. So we were doing a lot, working really hard, but not really delivering the last mile.

Gardner: Why did something like professional services become a priority for you?

Griffiths: We found that our processes were not really defined well enough. We really weren’t getting sign-off from the business, and the expectations were never really met. So it was clear that we were not doing something well, and we didn’t quite know what that was. And our teams within the department weren’t gelling that well together either.

Gardner: So perhaps having some outside additional authority and experience seemed to work for you?

Earlier attempt

Griffiths: Yes. That worked really well. We had had another attempt about 18 months before, and had some consultants in, but it didn’t really gel. We were aware that we had a partnership with HP, and HP Professional Services seemed a sensible way to go. But we were still doubtful as a management team within the university's Information Services (IS) Department whether it was really going to work. And we are very pleased with the outcome.

Gardner: Let’s learn about Nottingham Trent University. You’re in Nottinghamshire and you have 25,000 students. Tell us a bit more.

Griffiths: We’ve been a higher education establishment for about 160 years. We’re one of the biggest providers of "sandwich education," which means that students have two years at the university, a year in industry, and then a year at the university.

We're seen as a popular university that has good reputation for placing students at the end of their courses, and we got top of The Green Agenda twice in the last three years within the U.K. We have about 150 people working in the IS Department on three campuses and nine academic schools.

I have responsibility for the strategic partnership we have with companies and with firms. I have responsibility for the regional network within the East Midlands of the U.K., which is connecting all the universities in that region and all the further education colleges. And I also manage relationships with key suppliers, such as HP.

Gardner: Ian had a relationship with HP, but looked for something bigger.

Garrett: It’s often imagined that these organizations look to pure-play consulting organizations for that advisory activity. In Nottingham Trent’s situation they were willing to listen to a different type of vendor or organization in that space as to what they could offer in their approach. What’s different for HP Professional Services is that it forms part of HP’s Software organization. Our consulting capability is very focused on IT transformation, operations, organizations, and applications.

But it’s about bringing that into real practical use quickly with the support of technology. That's the real differentiator we wanted to bring to customers like Nottingham Trent, and hopefully that’s true with what we've seen in the practical implementation and the work we've done with them.

Gardner: Ian, how has this worked out for you?

Initial workshops

Griffiths: We had some initial workshops where all the senior management team of the IS Department worked with HP and looked at what we wanted to achieve, and looked at what the journey might look like to get there. I have to congratulate HP. They were able to get that team to gel together within IS in a way that we hadn’t before.

We spent a lot of time working together and working through the structure, the plan of the department, and what we called the "tube map" of the department. Everything, in a sense, was allowed. HP was very good at giving us a straw man to look at. In other words, giving those examples of what other companies have done, but forcing us to discuss them in detail and change them into what was right for Nottingham Trent.

They weren’t trying to sell the straw man, but were using the straw man as an example to move us forward, and it worked extremely well. Although there were some heated discussions amongst IS staff, HP was very good at facilitating those discussions.

We had to go back to the rest of the department to try not to force something new on people that, as far as they could see, had no relevance to the situations they were in. We had to find a way as well of getting the business to buy into our new methodology, getting the business to feel some ownership, and getting the business to make some decisions during the planning of projects and the ending of projects.

Garrett: It’s that level of being able to bring the input, the straw man, and then guide organizations around that model. To customize from scratch takes a great deal of time and can take too much energy and cost. What we’re trying to do is bring our method and models at the start point and then work in a very collaborative, but directed, way to get clients to a point, although, a configured approach rather than a completely dispersed approach.

Therefore, we get to things more quickly, but absolutely meet the requirement of the individual organization. We’ve got to appreciate they are different across different industries and different areas, and strong cultural alignment is critically important. We certainly saw that in this program.

Griffiths: The important thing again was that we were producing our outline, and that outline allowed us to go away and do a lot more detail later. In other words, we got the big picture agreed upon and then all the details were passed back to teams within the department to build up details in the areas where they had real knowledge of what happened.

Gardner: Was there a point at some time where you needed to get an understanding of where and what’s going on in order to know how to measure any improvement?

Define projects

Griffiths: An important step early on in this was beginning to define how many projects we were running as a department and to categorize work into projects that were developmental and projects that were more of the business-as-usual type.

We found in the end that we had over 100 projects running simultaneously. Some of those projects had been running for more than a year, some had no real defined endpoint, and the customer requirements weren’t documented in a thorough way.

It’s important to measure how many projects you’ve actually got, and actually have a start date and a planned finish date for them. One thing we learned was that 100 was too many for us to run, and we were able to cut down by finishing some off, to less than 50 that we have now.

Gardner: And what has that done now? What are some of the metrics of success by getting more of a handle over your portfolio and managing it?

Griffiths: Probably the biggest one is that projects are getting completed and the project didn’t become the be-all and end-all, and continue running forever. We were actually delivering something that the customer was expecting. And the customer, the student or the staff department, had a glow that they have had something delivered to them.

The student satisfaction with IS has gone up over the last two to three years. They're very happy with our technology and technology moving forward. But again, we found that people were happier with the delivery of an item, rather than as IS was before, striving for technical perfection.

Aiming at 50/50

Before, we had the figures of 80 percent [of IT projects] being used in the areas of business-as-usual, and only 20 percent in project and development work. We quickly moved to a 70/30 split and our target is to move towards 50 percent. We're not quite there yet, but we’re a lot more like 60 percent business as usual, 40 percent new development work.

It’s a virtuous cycle, and the other thing that is gained from that is appreciation amongst other departments within the university and with senior management with what IS was delivering, and getting them to prioritize what we did.

There was a problem, if we look back two or three years. IS very much decided what the priorities were. Now, the business is deciding and even deciding in the case that a project that was a favorite of a senior member of staff, he or she may decide that it no longer is a top priority, compared with other projects that needed to be delivered.

Gardner: Is there something about the products themselves, the portfolio management approach, that now allows the business side of the organization, the leadership in this case, to have more visibility or input? How were you able to get it?

Griffiths: More visibility and more input. The example we always give is of a jam jar. You can keep putting rocks into a jam jar, but in the end, it becomes full. Unless you allow something to come out of that, nothing happens. So you’ve got to be able to allow things to finish and give you some capacity.

The other thing that I talked about was looking at the business benefits of everything we were doing and deciding the nice-to-haves probably weren't going to get prioritized at this stage.

We're using [the tube map] outside the department to make people realize that we are working to an operational framework. As such, we have them stuck up round the department. And in the rooms where we have project meetings, they exist as well. As to vocabulary, we have senior staff using the phrase "the gate," where approval has to be given. The business has to be involved in the approval and deciding what priorities it has at that stage.

Gardner: Ian is describing being able to double their innovation budget, cut their project numbers in half, get buy-in from leadership, a sense of cooperation across the organizational boundaries. Is this typical? How would you describe this in terms of the industry at large?

Typical situation

Garrett: It's a typical situation that we see in a lot of organizations, even in very mature, even global and enterprise organizations that struggle with these challenges of organizational alignment and processes to support that. Project selection identification and transitioning to survey is the common problem we see.

With Nottingham Trent, we regulated it very quickly through that organizational design, then into the process to support that, and then working out what are the catalog and services that they offer. How do we then build that into projects and programs and then manage that into service transition?

It's very common. We see it in a lot of places. More mature organizations believe they do this very effectively. Nottingham Trent acknowledged that they needed help. It probably put them ahead of a lot of other organizations, especially in university space, which is a fast moving sector in the U.K., to be able to do something that many other large organizations just can't do.

If you build the right organizational relationship and engagement model, you take the workshop approach that we have up front and take your organization through that, right through to something tangible that’s delivering the real outcome in the business that’s very visible and usable. I think that’s very different than having different organizations do different types of consulting.

Gardner: We've come back to this workshop concept several times in discussion, I think that it's called the Transformation Experience Workshop. Why is that so powerful?

Garrett: It's something we've used for a few years now, something we developed in-house and we see as a really effective mechanism. It starts off in a fairly classic way of where are we, the current state, looking at future state, and workshop of the organization through that. But it's done in a very live, interactive way.

So it's not a classic style workshop. We walk people around the room. We take them on a journey, and we bring them together through that process. As Ian said, if you didn’t attend the early workshop process, then you struggle sometimes to buy into it. It takes more time, and we end up reiterating things later on. The Transformation Experience Workshop is a way of bringing people together and bringing them around their own problems in a very active physical way.

We can do it in a small period of time, but usually people dedicate a day or so to that process. What they get out of it is that they bring themselves together around the challenges, the problems, and as Ian said, the quick wins, the things we can then go and address quickly. So it has a very different feel and a very different outcome than a classic workshop approach that many consulting firms have.

Gardner: And Ian, is this something now that you’re building on?

Griffiths: That's correct. We produced a lot of what we call Level 3 processes from this and we looked at what our customers felt. We found that we’re having regular discussions about how we can tweak the diagrams and the systems that we’ve got in place. We see it very much as a live document, a live methodology and we’re looking at ways we can improve as time goes on.

It's important that you have all your senior staff together designing the system from the start. We found that if people miss the early workshop, we tended to go back around the loop again. So I would say get your staff together and devote enough energy to it.

Feeling ownership

But don’t go into all the detail. Leave your staff on the ground, who’ve got more knowledge of the details inner workings of some elements of it, to do some work so they feel some ownership. And very quickly get an appreciation with your senior staff within your organization, not within IS, but from outside the IS department, of what you're doing and what you're trying to achieve.

But in the end, you need a few quick wins. In other words, if you can get a couple of projects working through the scheme quickly, people begin to think it's going to work.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

You may also be interested in:

• Continuous Improvement and Flexibility Are Keys to Successful Data Center Transformation, Say HP Experts
• HP's Liz Roche on Why Enterprise Technology Strategy Must Move Beyond the 'Professional' and 'Consumer' Split
• Well-Planned Data Center Transformation Effort Delivers IT Efficiency Paybacks, Green IT Boost for Valero Energy
• Hastening Trends Around Cloud, Mobile Push Application Transforation as Priority, Says Research
• Data Center Transformation Includes More Than New Systems, There's Also Secure Data Removal, Recycling, Server Disposal

This guest post comes courtesy of Tony Baer’s OnStrategies blog. Tony is a senior analyst at Ovum.

By Tony Baer

When we last left Oracle’s big data plans, there was definitely a missing piece. Oracle’s Big Data Appliance as initially disclosed at last fall’s OpenWorld was a vague plan that appeared to be positioned primarily as an appliance that would accompany and feed data to Exadata. Oracle did specify some utilities, such as an enterprise version of the open source R statistical processing program that was designed for multithreaded execution, plus a distribution of a NoSQL database based on Oracle’s BerkeleyDB as an alternative to Apache Hive. But the emphasis appeared to be extraction and transformation of data for Exadata via Oracle’s own utilities that were optimized for its platform.

As such, Oracle’s plan for Hadoop was competition, not for Cloudera (or Hortonworks), which featured a full Apache Hadoop platform, but EMC, which offered a comparable, appliance-based strategy that pairs Hadoop with an Advanced SQL data store; and IBM, which took a different approach by emphasizing Hadoop as an analytics platform destination enhanced with text and predictive analytics engines, and other features such as unique query languages and file systems.

Oracle’s initial Hadoop blueprint lacked explicit support of many pieces of the Hadoop stack such as HBase, Hive, Pig, Zookeeper, and Avro. No more. With Oracle’s announcement of general availability of the big data appliance, it is filling in the blanks by disclosing that it is OEM’ing Cloudera’s CDH Hadoop distribution, and more importantly, the management tooling that is key to its revenue stream. For Oracle, OEM’ing Cloudera’s Hadoop offering fully fleshes out its Hadoop distribution and positions it as a full-fledged analytic platform in its own right; for Cloudera, the deal is a coup that will help establish its distribution as the reference. It is fully consistent with Cloudera’s goal to become the Red Hat of Hadoop as it does not aspire to spread its footprint into applications or frameworks.

Question of acquisition

Of course, whenever you put Oracle in the same sentence as OEM deal, the question of acquisition inevitably pops up. There are several reasons why an Oracle acquisition of Cloudera is unlikely.

1. Little upside for Oracle. While Oracle likes to assert maximum control of the stack, from software to hardware, its foray into productizing its own support for Red Hat Enterprise Linux has been strictly defensive; its offering has not weakened Red Hat.

2. Scant leverage. Compare Hadoop to MySQL and you have a Tale of Two Open Source projects. One is hosted and controlled by Apache, the other is hosted and controlled by Oracle. As a result, while Oracle can change licensing terms for MySQL, which it owns, it has no such control over Hadoop. Were Oracle to buy Cloudera, another provider could easily move in to fill the vacuum. The same would happen to Cloudera if, as a prelude to such a deal, it began forking from the Apache project with its own proprietary adds-ons or substitutions.

OEMs deals are a major stage of building the market. Cloudera has used its first mover advantage with Hadoop well with deals Dell, and now Oracle. Microsoft in turn has decided to keep the “competition” honest by signing up Hortonworks to (eventually) deliver the Hadoop engine for Azure.

OEM deals are important for attaining another key goal in developing the Hadoop market: defining the core stack – as we’ve ranted about previously. Just as Linux took off once a robust kernel was defined, the script will be identical for Hadoop. With IBM and EMC/MapR forking the Apache stack at the core file system level, and with niche providers like Hadapt offering replacement for HBase and Hive, there is growing variability in the Hadoop stack. However, to develop the third party ecosystem that will be vital to the development of Hadoop, a common target (and APIs for where the forks occur) must emerge. A year from now, the outlines of the market’s decision on what makes Hadoop Hadoop will become clear.

The final piece of the trifecta will be commitments from the Accentures and Deloittes of the world to develop practices based on specific Hadoop platforms. For now they are still keeping their cards close to their vests.

This guest post comes courtesy of Tony Baer’s OnStrategies blog. Tony is a senior analyst at Ovum.

You may also be interested in:

• Game on: Oracle Joins big data market with appliance
• Oracle's big data appliance brings focus to bundled approach
• Big data consolidation race enters home stretch, as Teradata buys Aster Data
• Big data: The next frontier for innovation, competition, and productivity

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: The Open Group.

This BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference this month in San Francisco.

The conference will focus on how IT and enterprise architecture support enterprise transformation. Speakers in conference events will also explore the latest in service oriented architecture (SOA), cloud computing, and security.

We’re now joined by of the main speakers, Jeanne Ross, Director and Principal Research Scientist at the MIT Center for Information Systems Research. Jeanne studies how firms develop competitive advantage through the implementation and reuse of digitized platforms.

She is also the co-author of three books: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Enterprise Architecture As Strategy: Creating a Foundation for Business Execution, and IT Savvy: What Top Executives Must Know to Go from Pain to Gain.

As a lead-in to her Open Group presentation on how adoption of enterprise architecture (EA) leads to greater efficiencies and better business agility, Ross explains how enterprise architects have helped lead the way to successful business transformations. The interview is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: How you measure or determine that enterprise architects and their practices are intrinsic to successful business transformations?

Ross: That’s a great question. Today, there remains kind of a leap of faith in recognizing that companies that are well-architected will, in fact, perform better, partly because you can be well-architected and perform badly. Or if we look at companies that are very young and have no competitors, they can be very poorly architected and achieve quite remarkably in the marketplace.

But what we can ascribe to architecture is that when companies have competition, then they can establish any kind of performance target they want, whether it’s faster revenue growth or better profitability, and then architect themselves so they can achieve their goals. Then, we can monitor that.

We do have evidence in repeated case studies of companies that set goals, defined an architecture, started to build the capabilities associated with that architecture, and did indeed improve their performance. We have wonderful case study results that should be very reaffirming. I accept that they are not conclusive.

Architectural maturity

We also have statistical support in some of the work we've done that shows that high performers in our sample of 102 companies, in fact, had greater architecture maturity. They had deployed a number of practices associated with good architecture.

Gardner: Is there something that’s new about this, rather than just trying to reengineer something?

Ross: Yes, the thing we're learning about enterprise architecture is that there's a cultural shift that takes place in an organization, when it commits to doing business in a new way, and that cultural shift starts with abandoning a culture of heroes and accepting a culture of discipline.

Nobody wants to get rid of the heroes in their company. Heroes are people who see a problem and solve it. But we do want to get past heroes sub-optimizing. What companies traditionally did before they started thinking about what architecture would mean, is they relied on individuals to do what seemed best and that clearly can sub-optimize in an environment that increasingly is global and requires things like a single face to the customer.

What we're trying to do is adopt a culture of discipline, where there are certain things that people throughout an enterprise understand are the way things need to be done, so that we actually can operate as an enterprise, not as individuals all trying to do the best thing based on our own experience.

The fundamental difference of being an architected firm is that there is some underlying discipline. I'll caution you that what tends to happen is great architects really embrace the discipline. They love the discipline. They understand the discipline, and there is a reluctance to accept that that’s not the only thing we need in our organization. There are times when ad hoc behaviors enable us to be much more innovative and much more responsive and they are exactly what we need to be doing.

So there is a cultural shift that is critical to understanding what it is to be architected. That’s the difference between a successful firm that’s successful because it hasn’t gotten into a world of really tough competition or restrictions on spending and things like that and an organization that is trying to compete in a global economy.

Gardner: What then is the proper role of the architect?

Ross: The architect plays a really critical role in representing the need for this discipline, for some standards in the organization, and for understanding the importance of shared definitions for data. The architect should be able to create a very constructive tension in the organization, and that’s the tension between individuality, innovation, local responsiveness, and the need for enterprise thinking, standardization, and discipline.

Normally, in most companies, the architect’s role will be the enforcer of discipline, standardization and enterprise thinking. ... We want to be architected enough to be efficient, to be able to reuse those things we need to reuse, to be agile, but we don’t want to start embracing architecture for architecture’s sake or discipline for discipline’s sake.

We really just need architecture to pull out unnecessary cost and to enable desirable reusability. And the architect is typically going to be the person representing that enterprise view and helping everyone understand the benefits of understanding that enterprise view, so that everybody who can easily or more easily see the local view is constantly working with architects to balance those two requirements.

Gardner: Is this a particularly good time, from your vantage point, to undertake enterprise architecture?

Ross: It’s a great time for most companies. There will be exceptions that I'll talk about in a minute. One thing we learned early on in the research is that companies who were best at adopting architecture and implementing it effectively had cost pressures. What happens when you have cost pressures is that you're forced to make tough decisions.

If you have all the money in the world, you're not forced to make tough decisions. Architecture is all about making tough decisions, understanding your tradeoffs, and recognizing that you're going to get some things that you want and you are going to sacrifice others.

If you don't see that, if you just say, "We're going to solve that by spending more money," it becomes nearly impossible to become architected. This is why investment banks are invariably very badly architected, and most people in investment banks are very aware of that. It’s just very hard to do anything other than say, "If that’s important to us, let’s spend more money and let’s get it." One thing you can't get by spending more money is discipline, and architecture is very tightly related to discipline.

Tough decisions

In a tough economy, when competition is increasingly global and marketplaces are shifting, this ability to make tough decisions is going to be essential. Opportunities to save costs are going to be really valued, and architecture invariably helps companies save money. The ability to reuse, and thus rapidly seize the next related business opportunity, is also going to be highly valued.

The thing you have to be careful of is that if you see your markets disappearing, if your product is outdated, or your whole industry is being redefined, as we have seen in things like media, you have to be ready to innovate. Architecture can restrict your innovative gene, by saying, "Wait, wait, wait. We want to slow down. We want to do things on our platform." That can be very dangerous, if you are really facing disruptive technology or market changes.

So you always have to have that eye out there that says, "When is what we built that’s stable actually constraining us too much? When is it preventing important innovation?" For a lot of architects, that’s going to be tough, because you start to love the architecture, the standards, and the discipline. You love what you've created, but if it isn’t right for the market you're facing, you have to be ready to let it go and go seize the next opportunity.

Gardner: Perhaps this environment is the best of all worlds, because we have that discipline on the costs which forces hard decisions, as you say. We also have a lot of these innovative IT trends that would almost force you to look at doing things differently. I'm thinking again of cloud, mobile, the big data issues, and even social-media types of effects.

Ross: Absolutely. We should all look at it that way and say, "What a wonderful world we live in." One of the companies that I find quite remarkable in their ability to, on the one hand, embrace discipline and architecture, and on the other hand, constantly innovate, is USAA. I'm sure I'll talk about them a little bit at the conference.

This is a company that just totally understands the importance of discipline around customer service. They're off the charts in their customer satisfaction.

They're a financial services institution. Most financial services institutions just drool over USAA’s customer satisfaction ratings, but they've done this by combining this idea of discipline around the customer. We have a single customer file. We have an enterprise view of that customer. We constantly standardize those practices and processes that will ensure that we understand the customer and we deliver the products and services they need. They have enormous discipline around these things.

Simultaneously, they have people working constantly around innovation. They were the first company to see the need for this deposit with your iPhone. Take a picture of your check and it’s automatically deposited into your account. They were nearly a year ahead of the next company that came up with that service.

The way they see it is that for any new technology that comes out, our customer will want to use it. We've got to be there the day after the technology comes out. They obviously haven't been able to achieve that, but that’s their goal. If they can make deals with R&D companies that are coming up with new technologies, they're going to make them, so that they can be ready with their product when the thing actually becomes commercial.

So it's certainly possible for a company to be both innovative and responsive to what’s going on in the technology world and disciplined and cost effective around customer service, order-to-cash, and those other underlying critical requirements in your organization. But it's not easy, and that's why USAA is quite remarkable. They've pulled it off and they are a lesson for many other companies.

Gardner: Is The Open Group a good forum for your message and your research, and if so, why?

Ross: The Open Group is great for me, because there is so much serious thinking in The Open Group about what architecture is, how it adds value, and how we do it well. For me to touch base with people in The Open Group is really valuable, and for me to touch base to share my research and hear the push back, the debate, or the value add is perfect, because these are people who are living it every day.

Major themes

Gardner: Are there any other major themes that you'll be discussing at the conference coming up that you might want to share with us?

Ross: One thing we have observed in our cases that is more and more important to architects is that the companies are struggling more than we realized with using their platforms well.

I'm not sure that architects or people in IT always see this. You build something that’s phenomenally good and appropriate for the business and then you just assume, that if you give them a little training, they'll use it well.

That’s actually been a remarkable struggle for organizations. One of our research projects right now is called "Working Smarter on Your Digitized Platform." When we go out, we find there aren't very many companies that have come anywhere close to leveraging their platforms the way they might have imagined and certainly the way an architect would have imagined.

It's harder than we thought. It requires persistent coaching. It's not about training, but persistent coaching. It requires enormous clarity of what the organization is trying to do, and organizations change fast. Clarity is a lot harder to achieve than we think it ought to be.

The message for architects would be: here you are trying to get really good at being a great architect. To add value to your organization, you actually have to understand one more thing: how effectively are people in your company adopting the capabilities and leveraging them effectively? At some point, the value add of the architecture is diminished by the fact that people don't get it. They don’t understand what they should be able to do.

We're going to see architects spending a little more time understanding what their leadership is capable of and what capabilities they'll be able to leverage in the organization, as opposed to which on a rational basis seem like a really good idea.

Getting started

Gardner: When you're an organization and you've decided that you do want to transform and take advantage of unique opportunities for either technical disruption or market discipline, how do you go about getting more structure, more of an architecture?

Ross: That's idiosyncratic to some extent, because in your dream world, what happens is that the CEO announces, "This is what we are going to be five years from now. This is how we are going to operate and I expect everyone to get on board." The vision is clear and the commitment is clear. Then the architects can just say, and most architects are totally capable of this, "Oh, well then, here are the capabilities we need to build. Let’s just go build them and then we'll live happily ever after."

The problem is that’s rarely the way you get to start. Invariably, the CEO is looking at the need for some acquisitions, some new markets, and all kinds of pressures. The last thing you're getting is some clarity around the vision of an operating model that would define your critical architectural capabilities.

What ends up happening instead is architects recognize key business leaders who understand the need for, reused standardization, process discipline, whatever it is, and they're very pragmatic about it. They say, "What do you need here to develop an enterprise view of the customer, or what’s limiting your ability to move into the next market?"

And they have to pragmatically develop what the organization can use, as opposed to defining the organizational vision and then the big picture view of the enterprise architecture.

So in practice, it's a much more pragmatic process than what we would imagine when we, for example, write books on how to do enterprise architecture. The best architects are listening very hard to who is asking for what kind of capability. When they see real demand and real leadership around certain enterprise capabilities, they focus their attention on addressing those, in the context of what they realize will be a bigger picture over time.

They can already see the unfolding bigger picture, but there’s no management commitment yet. So they stick to the capabilities that they are confident the organization will use. That’s the way they get the momentum to build. That is more art than science and it really distinguishes the most successful architects.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: The Open Group.

You may also be interested in:

• Overlapping Criminal and State Threats Pose Growing Cyber Security Threat to Global Internet Commerce, Says Open Group Conference Speaker
• Exploring Business-IT Alignment: A 20-Year Struggle Culminating in the Role and Impact of Business Architecture
• Enterprise Architects Increasingly Leverage Advanced TOGAF 9 for Innovation, Market Response, and Governance Benefits
• Open Group Cloud Panel Forecasts Cloud s Spurring Useful Transition Phase for Enterprise Architecture
• The Open Group's Cloud Work Group Advances Understanding of Cloud-Use Benefits for Enterprises
• Exploring the Role and Impact of the Open Trusted Technology Forum to Ensure Secure IT Products in Global Supply Chains

Genuitec, LLC has revamped its MobiOne development tool to allow Windows operating system users to design and build App Store-ready iOS apps -- native apps for iPhone, iPad and iPod Touch -- without using a Mac. This means there is no longer an additional expense to buy a Mac machine or learn Objective-C to design apps that operate natively on iOS devices.

Previously, the Flower Mound, Tex. company's MobiOne supported a webapp-only model that allowed design of webapps that run on iOS devices. Now, users can design native apps or webapps with the same design files, using AppCenter, a cloud technology that Genuitec engineered, that allows app designers to test their native and webapps in a private Genuitec cloud. [Disclosure: Genuitec is a sponsor of BriefingsDirect podcasts.]

“By removing the barriers to entry for iOS app design and building, MobiOne is truly at the forefront of making mobile technologies accessible to the masses," said Wayne Parrott, vice president of product development. "If a Windows users has enough skill to design a PowerPoint slide, they can design and build iPhone and iPad apps with ease. Web developers with HTML5 and CSS3 skills will see even greater productivity.”

MobiOne is designed for web developers, marketing departments, business consultants, and anyone who wants to create and build App Store-ready iOS applications and webapps. MobiOne uses drag-and-drop functionality similar to stringing together a PowerPoint presentation, but has a powerful engine that allows users to build iOS apps or webapps from the same code base.

That engine is the AppCenter technology, which allows for easy testing of apps and webapps over the air using iOS 4+ or through iTunes. Testing links can be shared via email or SMS for multiple device testing and previews.

To learn more about the MobiOne Studio, go to http://www.genuitec.com/mobile/docs/highlights/current/. A 15-day free trial is available at: http://www.genuitec.com/mobile/download.html. After the free trial, the cost is $99 per license.

You may also be interested in:

• Embarcadero brings self-service app store model to enterprises to target PCs and their universe of software
• App stores - They're not just for consumers any more, as more enterprises adopt the model to support mobile work
• Partnerpedia enables enterprise app store to build better applications marketplace for ISVs, service providers, mobile business ecosystems
• Why HTML5 enables more businesses to deliver more apps to more mobile devices with greater ease

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: VMware.

Better managing virtualized IT workloads and private clouds is a top concern for IT leaders going into 2012. They may want to follow the lead of global travel and tourism giant TUI Group. The IT organization there, TUI InfoTec, has found ways to manage highly virtualized IT operations better, especially in mixed environments like hybrid clouds.

The critical need to better identify performance issues and outages prompted TUI InfoTec to find ways to cut time to troubleshooting, resulting in a 50 percent reduction in the time needed to identify the causes of such problems.

To learn more about better systems management in heterogeneous cloud environments and in virtualized environments, BriefingsDirect interviewed Christian Rudolph, Infrastructure Architect at TUI InfoTec in Hanover, Germany. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Rudolph: We're a very silo-based environment. We have dedicated network storage and a server team responsible for resolving issues in our infrastructure.

What we've seen in the past were a lot of problems in getting these people together. Everybody had different management tools from the different vendors and nobody had an over-all view about the infrastructure.

We're also starting to take a look at how, from a cost perspective, we can do the best for our customers.

We’re 60 percent in the Windows environment, and 20 percent in the UNIX environment, which is virtualized, and we're currently planning to go further -- to 80 percent virtualization in the total landscape. That's our current state, and we’ve driven more and more to a virtualized infrastructure for all the mission-critical systems.

Normally when we have performance issues, our responsibilities are not very clear -- this is a server problem, a network problem, an OS system problem, or this is only the end-user who has a problem. He feels that the application isn't fast enough. In the past, we had a large problem getting information all together.

This is where we evaluated VMware vCenter Operations to get an over-all overview about our infrastructure and to get a deep dive into our infrastructure to take a look at how can we solve problems faster and how this could help us in the normal process.

Now we have vCenter Operations on a single pane of glass that can roll down to the storage network and also the infrastructure CPU memory resources to have a clear overview of what could be the first root cause of an issue or performance for the end user. We've tried to figure out how can we bring it better together, and for us vCenter Operations, it’s a single pane of glass.

We currently use the vCenter Operations 1.0 Standard version, but we're in the beta program currently for 5.0. It's a new version, which comes out [in 2012] with vCenter Operations 5.0. These version give us the ability to do capacity planning and also performance analysis in one view so that we can adapt the things we have discovered in normal business hours for the system and also to do capacity planning for the future.

Gardner: Tell me a little bit about TUI, and TUI InfoTec.

Rudolph: TUI InfoTec is an external IT provider for the TUI AG Group. The TUI AG Group is a European leading company in travel and tourism. They're very large in Germany, in the UK, and also in other European countries. They’re not presently doing a lot of business in the US.

We started as an internal IT organization from TUI Germany, and moved in 2006 to an external service provider for the TUI AG and other companies. We're a joint venture company with Sonata Software Ltd., which holds about 50 percent of the company. We're responsible for all the business-critical IT for TUI AG group like the booking systems, the access planning system, and all the other systems related to the business of the TUI AG group.

If it comes to an outage of the IT systems we lose a lot of money. So we have to take care that everything is working and running in the infrastructure.

Gardner: How is your landscape for cloud?

Rudolph: We’re currently thinking about planning our private cloud for our development team. We're also starting to take a look at how, from a cost perspective, we can do the best for our customers. Maybe we can include peak trading for some of the systems. We have a great opening for producing catalogs for the customer, so that they're able to connect our internal cloud over to external clouds and have the hybrid clouds then in place.

Gardner: Okay. How has that beta with vCenter Operations 5.0 worked out? Are some of these features something that you think will be of value to you?

A good overview

Rudolph: We have two or three good cases there. This has really helped us in the normal business. We've been running with the beta for two months and what we've detected is that we have a good overview, because we have some multi-vCenter environments. We have, in total, three productive vCenters and we need to discover all of them. We had a problem, because we can't use Linked Mode for the vCenters. We had no central view for all the systems to get a performance overview of the system.

And there is a second step. We didn't have the capacity in the same view. So we weren't able to do capacity planning, until we manually got all the information from the different vCenters to have a consolidated planning view. For us, this is one of the most important things that we can do for planning in one place for all our vCenters and also know how many capacity hours are left for new machines. So we increased our time to deliver a virtual machine (VM).

Gardner: What has this better IT visibility in operations and remediation brought to you in technical and in business terms?

Rudolph: The process is very easy, because we've seen that we reduced the time until we can deliver our root cause for our known problem by nearly 50 percent. We reduced the time for doing that, and this is also the best case for our customers -- that we can deliver faster solution for a system problem.

The second thing we've seen is that we can see earlier information about how the system is feeling. Through vCenter Operations and through the health status in the vC Ops we can see how our end-users feel. We can detect some problems before they occur, and that’s the best use case we can ever have.

When we detect problems faster and can resolve them faster, they have faster usage of the product.

Gardner: How about looking toward the future? We talked a little bit about your use of improved operations, but will this become important when you move to more cloud, software-as-a-service (SaaS), and/or mobile types of activities. How important is this proactive ability in management as you innovate?

Rudolph: It's very important for us. We currently have the vCenter orchestration platform implemented, and we're starting to deliver to the end-user a service portal. Where they can request more-and-more VMs. When we didn’t have the products to monitor this system and we come to great trouble. How can we else go further, maybe to a hybrid cloud environment, if we can’t manage our private cloud like now with the vCenter Orchestrator and also with the vC Ops.

Gardner: Taking a step back and reviewing how things have gone, do you have any recommendations or advice for other companies that might be pursuing higher levels of virtualization and perhaps looking for similar reduction in meantime to solution for problems?

Two recommendations

Rudolph: I see two recommendations. Not many people know how powerful vCenter Orchestration is. This is one powerful tool as an automatic way for deployment, for maintaining, and also to do some other basic tasks in your virtual infrastructure. This is one important step for us to go to a higher virtualization ratio, because it can be delivered faster to our end-users.

The second thing is really to take a look at vCenter Operations and definitely to the new version that’s coming up. This really helps us to understand how my infrastructure is working. When I don’t know that, I may have problem with one of my disks and I/O and this reflects back to one VM especially. You have to know that, otherwise you don’t have recognition from the end-user that virtualization is really working and that you can bring mission-critical systems to the virtual infrastructure.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: VMware.

You may also be interested in:

• SAP Runs VMware to Provision Private Clouds that Support Complex and Critical Training Applications
• Case Study: How SEGA Europe Uses VMware to Standardize Cloud Environment for Globally Distributed Game Development
• Germany's Largest Travel Agency Starts a Virtual Journey to Get Branch Office IT Under Control
• Virtualized Desktops Spur Use of 'Bring You Own Device' in Schools, Allowing Always-On Access to Education Resources
• From VMworld, Cosmetics Giant Revlon Harnesses the Power of Private Cloud to Produce Impressive Savings and Cost Avoidance
• From VMworld, NYSE Euronext on Hybrid Cloud Vision and Strategy Behind the Capital Markets Community Platform Vertical Cloud

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: The Open Group.

This special BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference this January in San Francisco.

The conference will focus on how IT and enterprise architecture support enterprise transformation. Speakers in conference events will also explore the latest in service oriented architecture (SOA), cloud computing, and security.

We’re here now with one of the main speakers, Joseph Menn, Cyber Security Correspondent for the Financial Times and author of Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet.

Joe has covered security since 1999 for both the Financial Times and then before that, for the Los Angeles Times. Fatal System Error is his third book, he also wrote All the Rave: The Rise and Fall of Shawn Fanning's Napster.

As a lead-in to his Open Group presentation, entitled "What You're Up Against: Mobsters, Nation-States, and Blurry Lines," Joe explores the current cyber-crime landscape, the underground cyber-gang movement, and the motive behind governments collaborating with organized crime in cyber space. The interview is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: Have we entered a new period where just balancing risks and costs isn't a sufficient bulwark against burgeoning cyber crime?

Menn: Maybe you can make your enterprise a little trickier to get into than the other guy’s enterprise, but crime pays very, very well, and in the big picture, their ecosystem is better than ours. They do capitalism better than we do. They specialize to a great extent. They reinvest in R&D.

On our end, on the good guys’ side, it's hard if you're a chief information security officer (CISO) or a chief security officer (CSO) to convince the top brass to pay more. You don’t really know what's working and what isn't. You don’t know if you've really been had by something that we call advanced persistent threat (APT). Even the top security minds in the country can't be sure whether they’ve been had or not. So it's hard to know what to spend on.

More efficient

The other side doesn’t have that problem. They’re getting more efficient in the same way that they used to lead technical innovation. They're leading economic innovation. The freemium model is best evidenced by crimeware kits like ZeuS, where you can get versions that are pretty effective and will help you steal a bunch of money for free. Then if you like that, you have the add-on to pay extra for -- the latest and greatest that are sure to get through the antivirus systems.

Gardner: When you say "they," who you are really talking about?

Menn: They, the bad guys? It's largely Eastern European organized crime. In some countries, they can be caught. In other countries they can't be caught, and there really isn't any point in trying.

It's a geopolitical issue, which is something that is not widely understood, because in general, officials don’t talk about it. Working on my book, and in reporting for the newspapers, I've met really good cyber investigators for the Secret Service and the FBI, but I’ve yet to meet one that thinks he's going to get promoted for calling a press conference and announcing that they can’t catch anyone.

So the State Department, meanwhile, keeps hoping that the other side is going to turn a new leaf, but they’ve been hoping that for 10 or more years, and it hasn’t happened. So it's incumbent upon the rest of us to call a spade a spade here.

What's really going on is that Russian intelligence and, depending on who is in office at a given time, Ukrainian authorities, are knowingly protecting some of the worst and most effective cyber criminals on the planet.

Gardner: And what would be their motivation?

Menn: As a starting point, the level of garden-variety corruption over there is absolutely mind-blowing. More than 50 percent of Russian citizens responding to the survey say that they had paid a bribe to somebody in the past 12 months. But it's gone well beyond that.

The same resources, human and technical, that are used to rob us blind are also being used in what is fairly called cyber war. The same criminal networks that are after our bank accounts were, for example, used in denial-of-service (DOS) attacks on Georgia and Estonian websites belonging to government, major media, and Estonia banks.

It's the same guy, and it's a "look-the-other-way" thing. You can do whatever crime you want, and when we call upon you to serve Mother Russia, you will do so. And that has accelerated. Just in the past couple of weeks, with the disputed elections in Russia, you've seen mass DOS attacks against opposition websites, mainstream media websites, and live journals. It's a pretty handy tool to have at your disposal. I provide all the evidence that would be needed to convince the reasonable people in my book.

Gardner: In your book you use the terms "bringing down the Internet." Is this all really a threat to the integrity of the Internet?

Menn: Well integrity is the key word there. No, I don’t think anybody is about to stop us all from the privilege of watching skateboarding dogs on YouTube. What I mean by that is the higher trust in the Internet in the way it's come to be used, not the way it was designed, but the way it is used now for online banking, ecommerce, and for increasingly storing corporate -- and heaven help us, government secrets -- in the cloud. That is in very, very great trouble.

Not a prayer

I don’t think that now you can even trust transactions not to be monitored and pilfered. The latest, greatest versions of ZeuS gets past multi-factor authentication and are not detected by any antivirus that’s out there. So consumers don’t have a prayer, in the words of Art Coviello, CEO of RSA, and corporations aren’t doing much better.

So the way the Internet is being used now is in very, very grave trouble and not reliable. That’s what I mean by it. If they turned all the botnets in the world on a given target, that target is gone. For multiple root servers and DNS, they could do some serious damage. I don’t know if they could stop the whole thing, but you're right, they don’t want to kill the golden goose. I don’t see a motivation for that.

Gardner: If we look at organized crime in historical context, we found that there is a lot of innovation over the decades. Is that playing out on the Internet as well?

Menn: Sure. The mob does well in any place where there is a market for something, and there isn’t an effective regulatory framework that sustains it -- prohibition back in the day, prostitution, gambling, and that sort of thing.

... The Russian and Ukrainian gangs went to extortion as an early model, and ironically, some of the first websites that they extorted with the threat were the offshore gambling firms. They were cash rich, they had pretty weak infrastructure, and they were wary about going to the FBI. They started by attacking those sites in 2003-04 and then they moved on to more garden-variety companies. Some of them paid off and some said, "This is going to look little awkward in our SEC filings" and they didn’t pay off.

Once the cyber gang got big enough, sooner or later, they also wanted the protection of traditional organized crime, because those people had better connections inside the intelligence agencies and the police force and could get them protection. That's the way it worked. It was sort of an organic alliance, rather than "Let’s develop this promising area."

... That is what happens. Initially it was garden-variety payoffs and protection. Then, around 2007, with the attack on Estonia, these guys started proving their worth to the Kremlin, and others saw that with the attacks that ran through their system.

This has continued to evolve very rapidly. Now the DOS attacks are routinely used as the tool for political repression all around the world --Vietnam, Iran and everywhere you’ll see critics that are silenced from DOS attacks. In most cases, it's not the spy agencies or whoever themselves, but it's their contract agents. They just go to their friends in the similar gangs and say, "Hey do this." What's interesting is that they are both in this gray area now, both Russia and China, which we haven't talked about as much.

In China, hacking really started out as an expression of patriotism. Some of the biggest attacks, Code Red being one of them, were against targets in countries that were perceived to have slighted China or had run into some sort of territorial flap with China, and, lo and behold, they got hacked.

In the past several years, with this sort of patriotic hacking, the anti-defense establishment hacking in the West that we are reading a lot about finally, those same guys have gone off and decided to enrich themselves as well. There were actually disputes in some of the major Chinese hacking groups. Some people said it was unethical to just go after money, and some of these early groups split over that.

In Russia, it went the other way. It started out with just a bunch of greedy criminals, and then they said, "Hey -- we can do even better and be protected. You have better protection if you do some hacking for the motherland." In China, it's the other way. They started out hacking for the motherland, and then added, "Hey -- we can get rich while serving our country."

So they're both sort of in the same place, and unfortunately it makes it pretty close to impossible for law enforcement in [the U.S.] to do anything about it, because it gets into political protection. What you really need is White House-level dealing with this stuff. If President Obama is going to talk to his opposite numbers about Chinese currency, Russian support of something we don’t like, or oil policy, this has got to be right up there too -- or nothing is going to happen at all.

Gardner: What about the pure capitalism side, stealing intellectual property (IP) and taking over products in markets with the aid of these nefarious means? How big a deal is this now for enterprises and commercial organizations?

Menn: It is much, much worse than anybody realizes. The U.S. counterintelligence a few weeks ago finally put out a report saying that Russia and China are deliberately stealing our IP, the IP of our companies. That's an open secret. It's been happening for years. You're right. The man in the street doesn’t realize this, because companies aren’t used to fessing up. Therefore, there is little outrage and little pressure for retaliation or diplomatic engagement on these issues.

I'm cautiously optimistic that that is going to change a little bit. This year the Securities and Exchange Commission (SEC) gave very detailed guidance about when you have to disclose when you’ve been hacked. If there is a material impact to your company, you have to disclose it here and there, even if it's unknown.

Gardner: So the old adage of shining light on this probably is in the best interest of everyone. Is the message then keeping this quiet isn’t necessarily the right way to go?

Menn: Not only is it not the right way to go, but it's safer to come out of the woods and fess up now. The stigma is almost gone. If you really blow the PR like Sony, then you're going to suffer some, but I haven’t heard a lot of people say, "Boy, Google is run by a bunch of stupid idiots. They got hacked by the Chinese."

It's the definition of an asymmetrical fight here. There is no company that's going to stand up against the might of the Chinese military, and nobody is going to fault them for getting nailed. Where we should fault them is for covering it up.

Not only is it not the right way to go, but it's safer to come out of the woods and fess up now. The stigma is almost gone.

I think you should give the American people some credit. They realize that you're not the bad guy, if you get nailed. As I said, nobody thinks that Google has a bunch of stupid engineers. It is somewhere between extremely difficult to impossible to ward off against "zero-days" and the dedicated teams working on social engineering, because the TCP/IP is fundamentally broken and it ain't your fault.

... [These threats] are an existential threat not only to your company, but to our country and to our way of life. It is that bad. One of the problems is that in the U.S., executives tend to think a quarter or two ahead. If your source code gets stolen, your blueprints get taken, nobody might know that for a few years, and heck, by then you're retired.

With the new SEC guidelines and some national plans in the U.K. and in the U.S., that’s not going to cut it anymore. Executives will be held accountable. This is some pretty drastic stuff. The things that you should be thinking about, if you’re in an IT-based business, include figuring out the absolutely critical crown jewel one, two, or three percent of your stuff, and keeping it off network machines.

Short-term price

Gardner: So we have to think differently, don’t we?

Menn: Basically, regular companies have to start thinking like banks, and banks have to start thinking like intelligence agencies. Everybody has to level up here.

Gardner: What do the intelligence agencies have to start thinking about?

Menn: The discussions that are going on now obviously include greatly increased monitoring, pushing responsibility for seeing suspicious stuff down to private enterprise, and obviously greater information sharing between private enterprise, and government officials.

But, there's some pretty outlandish stuff that’s getting kicked around, including looking the other way if you, as a company, sniff something out in another country and decide to take retaliatory action on your own. There’s some pretty sea-change stuff that’s going on.

Gardner: So that would be playing offense as well as defense?

Menn: In the Defense Authorization Act that just passed, for the first time, Congress officially blesses offensive cyber-warfare, which is something we’ve already been doing, just quietly.

We’re entering some pretty new areas here, and one of the things that’s going on is that the cyber warfare stuff, which is happening, is basically run by intelligence folks, rather by a bunch of lawyers worrying about collateral damage and the like, and there's almost no oversight because intelligence agencies in general get low oversight.

Gardner: Just quickly looking to the future, we have some major trends. We have an increased movement toward mobility, cloud, big data, social. How do these big shifts in IT impact this cyber security issue?

Menn: Well, there are some that are clearly dangerous, and there are some things that are a mixed bag. Certainly, the inroads of social networking into the workplace are bad from a security point of view. Perhaps worse is the consumerization of IT, the bring-your-own-device trend, which isn't going to go away. That’s bad, although there are obviously mitigating things you can do.

The cloud itself is a mixed bag. Certainly, in theory, it could be made more secure than what you have on premise. If you’re turning it over to the very best of the very best, they can do a lot more things than you can in terms of protecting it, particularly if you’re a smaller business.

If you look to the large-scale banks and people with health records and that sort of thing that really have to be ultra-secure, they're not going to do this yet, because the procedures are not really set up to their specs yet. That may likely come in the future. But, cloud security, in my opinion, is not there yet. So that’s a mixed blessing.

Radical steps

You need to think strategically about this, and that includes some pretty radical steps. There are those who say there are two types of companies out there -- those that have been hacked and those that don’t know that they’ve been hacked.

Everybody needs to take a look at this stuff beyond their immediate corporate needs and think about where we’re heading as a society. And to the extent that people are already expert in the stuff or can become expert in this stuff, they need to share that knowledge, and that will often mean, saying "Yes, we got hacked" publicly, but it also means educating those around them about the severity of the threat.

One of the reasons I wrote my book, and spent years doing it, is not because I felt that I could tell every senior executive what they needed to do. I wanted to educate a broader audience, because there are some pretty smart people, even in Washington, who have known about this for years and have been unable to do anything about it. We haven't really passed anything that's substantial in terms of legislation.

As a matter of political philosophy, I feel that if enough people on the street realize what's going on, then quite often leaders will get in front of them and at least attempt to do the right thing. Senior executives should be thinking about educating their customers, their peers, the general public, and Washington to make sure that the stuff that passes isn't as bad as it might otherwise be.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: The Open Group.You may also be interested in:

• Exploring Business-IT Alignment: A 20-Year Struggle Culminating in the Role and Impact of Business Architecture
• Enterprise Architects Increasingly Leverage Advanced TOGAF 9 for Innovation, Market Response, and Governance Benefits
• Open Group Cloud Panel Forecasts Cloud s Spurring Useful Transition Phase for Enterprise Architecture
• The Open Group's Cloud Work Group Advances Understanding of Cloud-Use Benefits for Enterprises
• Exploring the Role and Impact of the Open Trusted Technology Forum to Ensure Secure IT Products in Global Supply Chains