8/9/2019 ETM Q3 2010 Issue

1/44

8/9/2019 ETM Q3 2010 Issue

2/44

8/9/2019 ETM Q3 2010 Issue

3/44

TM CONTENTS PAGE

11Editor andcontributors page

13Industry snapshot

15Professional prole

122Events and features

16 GRCStep by step

In the last few years, GRC has emerged as the

meeting point of eorts to ensure not only

compliance with regulatory requirements, but

a responsible approach to the management of

the enterprise risk that underlies regulatory

demands. SCO CWFORD(ENTERPRISE MANAGEMENT

ASSOCIATES) talks with LUCIO DERISI (MEGA INTERNATIONAL)and LUC BNDTS (BWISE), twoexperts directly involved in helping organizations

shape their GRC strategy.

26 e back o ce means

businessNDY BSCHE (GENESYS)and ETMS ALI KLAVER explore how

companies are applying best practices from the

contact center to the back o ce to improve

e ciencies and meet service levels, all while

reducing cost.

28Pure logic

How can businesses beer operate by

identifying and capturing dened logic and

repeatable rules? DANA GARDNER(INTERBOR SOLUTIONS)discusses business rules management (BRM),

and explores the value of businesses being agile

in a safe way. He is joined byDON GRIEST(FICO), RIK CHOMKO (INRULE

TECHNOLOGY) and BRESTINEMAN (IBM).

38 e key to success

As cloud computing takes a stronger hold on

the IT industry, organizations must realize

that there is a another factor that will ensure

its success. MARTIN KUPPINGER(KUPPINGER COLE)writes about theimportance of serv ice management.

40 Smooth transition

Public versus private cloud computing is one of

the hoest topics in IT at the moment, but theres

still a lot of confusion around its adoption

which has been higher than anyone expected.

STEVE BSEN (ENTERPRISEMANAGEMENT ASSOCIATES)talks with DENIS MARTIN andBROOKS BORCHERDING(NAVISITE) about the scope and transitionof cloud computing.

46 Transforming business

ETMS ALI KLAVER interviews DEEPAK

JAIN (WIPRO) about enabling business growth

through IT infrastructure transformation.

50Actionable IntelligenceDR. ANTON A. CHUVAKIN talksabout the usability and integration of security

information and event management (SIEM)

and touches on log management with the added

benet of three industry experts; MICHAELLELAND (NITROSECURITY),

A.N. ANANTH (PRISMMICROSYSTEMS)and DEBBIEUMBACH (RSA, THE SECURITYDIVISION OF EMC).

62 Create your own app

factoryETMS ALI KLAVER chats toEDDY PAUWELS (SERENASOFTWARE) about business process-driven application lifecycle management and

how they link to each other, as well as how

businesses can benet from such a strategy.

Contents

8/9/2019 ETM Q3 2010 Issue

4/44

116One at a time

Enterprise search and subsequent workow ha

long been confused with compliance and polic

for archiving. Information governance strategie

reset thinking in this area by establishing clear

use cases for accessing information versus thos

that enable retention. SIMON TAYLOR(COMMVAULT) takes ETMS ALIKLAVER through the dierent faces of

enterprise search.

CONTENTS PAGE

Contents

68 e pros and cons of

cloudLAU DIDIO (ITIC) describes

what to watch for if youre considering making

the jump to cloud computing. She suggests its

denitely a benet, as long as youve done your

research and its done right.

72 A marriage of sorts

MIKE ATWOOD (HORSES FORSOURCES) moderates a panel discussionon IT outsourcing touching on transformation,

the cloud and some fantastic case studies with

the help ofCHUCK VERMILLION(ONENECK IT SERVICES) andRINE BRUNET (STERIA).

84 SIEM satisfaction

One of the most ignored benets of security

information and event management technology

is using SIEM technology to improve overall

IT operations.A. N. ANANTH andSTEVE LAFFERTY (PRISMMICROSYSTEMS) talk to ETMS ALIKLAVER about how improved operations is

seldom given much aention but might well

provide the most tangible cost justication.

88 A question of semantics

ETMS ALI KLAVER talks with DR. THY

DAHLGREN (COGNITIONTECHNOLOGIES)about an innovativeapproach to meaning-based text processing

technology. Among a discussion on market trends

and the boom line, its clear that Cognition is at the

forefront of searchnow and into the future.

92 Seven reasons

PAUL BURNS (NEOVISE) shareswith ETM why every CIO must embrace Service

Level Management as a way to transform the IT

organization.

94 Moving with the times

ETMS ALI KLAVER talks to

PSHANTH SHEY(METRICSTREAM) aboutmanaging enterprise GRC programs in global

organizations, and how to realize the benets that

can stem from successful implementation.

100Business and ITside by side

DANA GARDNER(INTERBOR SOLUTIONS)moderates a discussion on the productivity

benets and future of business process

management with the help ofMARKTABER (ACTIVE ENDPOINTS),DR. ANGEL DIAZ (IBM) andSAMIR GULATI (APPIANCORPOTION). is expert panelexamines BPM and explores what it delivers to

enterprises in terms of productivity and agility.

110Archiving on demand

MARTIN KUPPINGER(KUPPINGER COLE) talks to AstarosERIC BEGOC about mail archiving, how its

changing, and what to expect in the future.

112Open innovation

With the rise and embrace of social networking

and soware you could be forgiven for

thinking that were at the height of innovation.

MAHEW LEES (PATRICIASEYBOLD GROUP) tells us how socialtechnology can make innovation more than

just a word.

8/9/2019 ETM Q3 2010 Issue

5/44

EDITORS PAGE ETM CONTRIBU

C o n t r i b u t o r s

P a u l B u r n sP r e s i d e n t a n d F o u n d e r

Ne o v i se

L a u r a D i D i oP r i n c i p a l A n a l y s t

I n f o r m a t i o n T e c h n o l o g y I n t e l l i g e n c e C o r p ( I T I

M a r t i n K u p p i n g e r

Senior Partner and Founder Kuppinger Cole

M a t t h e w L e e sSenior Contributing Editor

Patricia Seybold Group

HeadquartersInformed Market Intelligence (IMI) Ltd

Farringdon House, 105-107 Farringdon Road

London, EC1R 3BU, United Kingdom

+44 207 148 4444

New York68 Jay Street, Suite #201, Brooklyn, NY 11201, USA

+1 718 710 4876

Head in the cloudsIt appears the IT world is slowly but surely opening up a realm of possibilities forbusinesses globally. While we in the IT sphere have known this for a while, its just

coming to the attention of businesses looking at their SIEM solutions, their business

process management, and especially ROI.

An IT department stuck in the bowels of the building is quickly becoming a thing

of the past as business decision-makers realize that creative collaboration is the way to

go. Now, IT and management are rubbing shouldersliterallyand working across the

gamut of business applications to find ways to grow, collaborate and innovate.

Our Q3 issue is a breath of fresh air and packed full of the answers to your questions.

Why not start with our business rules management and business process management

podcasts (pages 28 and 100 respectively), as one of our favourite moderators, Dana

Gardner, guides you through the essentials with the help of

industry leaders.

Matthew Lees from the Patricia Seybold Group tells us how social technology can

make innovation more than just a word (page 112), while I have an interesting chat

with Dr. Kathy Dahlgren from Cognition Technologies about semantic searchcertainly

one to get the brain working (see page 88).

There is plenty more to read in this issue of ETM, and hopefully in these pages youll

find the perfect solution to your IT problems. And dont forget, there are a wide range of

podcasts to enjoy onwww.globaletm.com

Thank you for reading, and if you would like to contribute to any future issues of

ETM, please feel free to contact me via email at editor@enterpriseimi.com

Ali Klaver

Managing Editor

F o u n d e r / P u b l i s h e rA m i r N i k a e i n

M a n a g i n g E d i t o r A l i K lav e r

C r e a t i v e D i r e c t o rA r i e l L i u

I n t e r n D e s i g n e rJ e f f C e r i e l l o

We b D e v e l op e rV i n c e n z o G a m b i n o

P o d c a s t / S o u n d E d i t o rM a r k K e n d r i c k

A s s o c i a t e E d i t o r s M a r y W r i g h t

H e l e n a S t a w i c k iL e e L i a n L o n g

A c c o u n t E x e c u t i v e s J o e M i r a n da

S a n d i n o S u r e s hA i c h a G u l t e k i n

N o r t h A m e r i c a n A c c o u n t E x e c u t i v e sF a r r a h T u t t l e

Y e s s i t A r o c h o

M a r k e t i n g E x e c u t i v eA l e x a n d r o s T h e m i s t o s

Enterprise Technology Managementis published by Informed Market Intelligence

How to contact the editorWe welcome your letters, questions, comments, co mplaints and compliments.

Please send them toInformed Market Intelligence, marked to the Editor,Farringdon House, 105-107 Farringdon Road, Lo ndon, EC1R 3BU, United Kingdomor email editor@enterpriseimi.com

PR submissionsAll submissions for editorial consideration should be emailed to editor@enterpriseimi.com

ReprintsFor reprints of articles published in ETM magazine, contact sales@enterpriseimi.comAll material copyright Informed Market Intelligence

This publication may not be reproduced or transmitted in any form in whole or part without the written express consent ofthe publisher.

8/9/2019 ETM Q3 2010 Issue

6/44

INDUSTRY NEWS

GROWTH IN

RUSSIA

Industry snapshot

Groteck Business Media reports that the

information security market in Russia wasable to develop during the economic crisis.

Almost all segments grew in 2008, kept growing

in 2009, and they anticipate growth in the

2010-2011 period. e main drivers were

requirements towards protecting personal data

and information in public authorities. In the

next two years they expect the implementation

of electronic document management and the

protection of mobile devices to be big growth

areas.

www.groteck.com

Kenya is registering all mobile phone numbers

in a bit to cut crime. Kidnappers oen useunregistered mobile numbers to text ransom

demands and its expected most people will

support the move to make life more di cult

for criminals. Users must supply ID and proof

of address before they get a number, and any

numbers still unregistered as of the end of July

will be disconnected. Tanzania is also involved in

a similar process.

CALLING KENYA

IBM PROBED

e European Commission has launched two

separate competition inquiries to discover

whether IBM has abused its position in the

mainframe market following complaints by two

soware makers. e inquiries will examine

whether IBM prevented competitors from

operating freely and will look at their relations

with maintenance suppliers. IBM says the

inquiries have no merit.

NEW LICENSING

OPTIONS

It looks like the Microso O ce license

per device concept has had a rethink. Withthe increasingly mobile workforce, and as

virtualization comes to the fore, Microso has

had to clarify its SA policies. Since July, users o

a PC with an O ce license have rights to O c

2010 Web Apps from PCs or external devices,

but companies will need to host the O ce

Web Apps on either SharePoint Server 2010 or

SharePoint Foundation Server 2010.

www.microso.com

Google has trumped Bing in a deal to providesearch results and related advertising to Yahoo

Japan. e deal will see Google provide search

capabilities to 90% of the PC market and roughly

half of the mobile web market. is is a further

boost for Googles Japanese operation. On

another note, the China/Google row continues...

JAPAN EMBRACESGOOGLE

PENTAGON HUNTSWIKILEAKS

e Pentagon is still on the hunt for the source

who leaked more than 90,000 classied US

military documents. Bradley Manning, the

22-year-old Army intelligence o cer currently

under arrest for leaking a variety of classied

documents, databases and videos to Wikileaks,

has not been ruled out as a suspect. Although

the leaks reveal past actions, the details are

considered nonetheless damaging.

VIRUS TARGETSINDUSTRY

Siemens is tackling a virus that specically targ

computers used to manage large-scale industria

control systems used by manufacturing and

utility companies. Although this could be one

the biggest malicious soware threats in recent

years in the form of industrial espionage, Sieme

is actively looking to counteract it. eyve

already discovered that its best to leave current

passwords unchanged and to refrain from using

USB keys.

8/9/2019 ETM Q3 2010 Issue

7/44

hp://www.GlobalETM.com

XECUTIVE PANEL GOVERNANCE, RISK AND COMPLIANCE

6

In the last few years, GRC has emerged as the meeting point of efforts to ensure not only

compliance with regulatory requirements, but a responsible approach to the management

of the enterprise risk that underlies regulatory demands. SCOTT CRAWFORD

(ENTERPRISEMANAGEMENT ASSOCIATES) talks with LUCIO DE RISI

(MEGA INTERNATIONAL) and LUC BRANDTS (BWISE), two expertsdirectly involved in helping organizations shape their GRC strategy.

GRCStep by step

8/9/2019 ETM Q3 2010 Issue

8/44

GOVERNANCE, RISK AND COMPLIANCE EXECUTIVE P

SC: THERE HAS BEEN A LOT OF TALK

ABOUT GRC OVER THE PAST FEW

YEARS, AND TO MANY IT SOUNDS

QUITE BROAD AND UNDERSTANDABLY

SO, CONSIDERING THE BREADTH OF

WHAT IS INCLUDED TYPICALLY IN A

GRC PROGM. LUC, HOW DO YOU

AND BWISE DEFINE GRC?

LB:We feel that there is a need tointegrate all the dierent levels of defence in

the organization. So with the rst level we want

to help businesses to responsibly implement

policies and procedures, report incidents,

implement controls and so on.

is is supported by a second level

of defence, whether its risk management

compliance or quality management

departments, and thats where a big

convergence eort is taking placetrying to

integrate all the dierent risk languages into

one. We see GRC as oen being mistaken for

just that second level of defence.

eres also more to it, a third level of

defence, where internal audit does their

independent review of that information, trying

to leverage the data thats out there as much as

possible.

Finally, theres a fourth level of defence, the

external auditor and regulators, who hopefully

also take that information into account.

What were trying to establish, and what

organizations are trying to get across, is that all

these dierent entities, departments and views

within an organization need to be speaking a

single risk language. eres a strong element

of risk and a very important component of

compliance that is being governed by the

processes that help these four levels of defence

to cooperate.

LD:Based on customer experience, Ithink that GRC doesnt mean the same thing for

everybodyjust the initiatives today cover a

large spectrum of requirements.

An analysts denition would call GRC a

set of policies, processes, methodologies andtools that a company implements to phase the

increasing pressure of internal and external

regulation, and to guarantee that all conditions

are met to achieve business goals.

In the beginning, GRC was formed to

basically put together siloed initiatives within

one global approach, then the acronym of GRC

was born. Today, that model of GRC is more

about implementing a holistic approach to

target rst business performance, and then x

the technical problems within each department.

SC: THAT LINES UP VERY WELL

WITH WHAT WEVE SEEN AT EMA.

THERES DEFINITELY A VERY LARGE

ELEMENT OF RISK, AND LUCIO, THE

ISSUE YOU BRING UP DOES REVOLVE

TO A CERTAIN EXTENT AROUND

GOVERNANCE.

ORGANIZATIONS THAT WE WOULD

QUALIFY AS HIGH PERFORMERS H AVEPLACED A GREAT DEAL OF EMPHASIS

ON SEING THE TONE AT THE TOP,

IF YOU WILL, AND THE SUPPORT OF

SENIOR MANAGEMENT IN TERMS OF

DEFINING PRIORITIES, STTEGY AND

A TRULY RESPONSIBLE APPROACH TO

ENTERPRISE GOVERNANCE.

ONE OF THE THINGS EVIDENT

FROM OUR RESEARCH HAS BEEN NOT

JUST SEING THE TONE AT THE TOP

BUT SENIOR MA NAGEMENT SUPPORT

FOR GRC EFFORTS. ITS CRITICAL, NOT

JUST FOR LEADING GOVERNANCE

INITIATIVES, BUT FOR IMPLEMENTING

RISK MANAGEMENT TACTICSAND

THAT INCLUDES MEASURES SUCH AS

ENFORCEMENT, FOR EXAMPLE.

LUCIO, WHAT ARE SOME OF THE

THINGS THAT YOU THINK HELPS

ORGANIZATIONS SUCCEED IN

DEFINING EFFECTIVE GOVERNANCE?

LD:First, Id like to enhance the kindof dichotomy in how to approach GRC in

initiatives, and then position the sponsorship

from top managers with respect to these two

dierent approaches. ese two approaches are

not opposed, but complementary.

One is what you would call approach based

on controls, and the second is based on business

improvement. e role of senior management is

dierent in these two dierent cases.

Let me clarify what I mean. In some cases,

the companies need to apply what I call the

control-based approach. For example, you

need to respect US law about not exporting to

some countries, or you have to guarantee that

you provide the appropriate data to the stockexchange. If youre in Europe you know that you

cannot provide any advertising, or you must be

sure that youre not referring to smoking, for

instance.

In all these cases, which are basically

maers of respecting the law and other strict

rules, I think that the control-based approach is

the one that companies must apply, even if its

not the only one.

e second one that I mentioned, which I

call the business improvement-based approach,

8/9/2019 ETM Q3 2010 Issue

9/44

RandyBrasche(Genesys)and ETMS ALI K LAVER explohow companies are applying be

practices from the contact centeto the back o ce to improvee ciencies and meet service levall while reducing cost.

Usually a piece of work goes into a queue,

just like a telephone call would go into a

queue, then the contact center, usually the

back office person, has to pull that piece

of work out of the queue and they have to

validate it in terms of actually doing the work.

Then they have to go one step further and

execute the work.

What weve found is that the process of

nding the piece of work and pulling it out of

the queue usually takes about three minutes or

so, and thats tremendously ine cient when

youre talking about thousands and thousands

of work items in the back o ce every year.

Imagine, for example in the same contact

center, if someone were to go ahead and call in,

and an agent looked at all the calls in the queue

and saw that a person wanted to change theiraccount information. ey could then pull it

out and take care of that customer very quickly

and easily.

Imagine how inefficient and frustrating

it would be for the c ustomer on the telephone

to wait for an extended period of time, or get

put through to the wrong department, when

all they wanted was the change their account

informationthese are the exact same

things that are happening in the back office

today.

AK: THATS A GREAT EXAMPLECAN

YOU PERHAPS TAKE US THROUGH A

FEW MORE?

RB:I have a few other great examples.

Typically, when you think of the back

o ce, there are usual ly some penalties or

costs associated with it. If you think about

provisioning a service like your telephone, or

doing a credit card dispute, theres usually a

service level associated with that.

Say that we took, for example, one of our

customers who is a large telecommunications

company. When they dont provision a

telephone serv ice from the back o ce, they

have to pay nes to the front o ce, the contact

center and to the customer.

Imagine if all this work is siing thereand they might have two pilesone might

be something as simple as just changing

account information, and the other pile is for

provisioning a new serviceobviously you

want to go in and prioritize the provisions on

your services to ensure that you dont have to

pay a ne.

Similarly, one of our customers tries to

move ahead quickly and set up new credit card

account that they receive from the web, but

they get stuck in the back o ce and they dont

get prioritized. ese prospects actually end

EAD TO HEAD BUSINESS PROCESS MANAGEMENT

The

Back Office

means Business

AK: NDY, WHY DOES THE BACK

OFFICE WANT TO EMULATE THE

CONTACT CENTER OR FRONT OFFICE?

RB:Well, if you think of the contact

centre, they ve had years to become e cient. e

calls that go into a contact centre get prioritized,

routed, sent to the right agent, and so on.

When you look at the back o ce, they

sometimes have six times the amount of

workers, three to ve times the costs, and a lot

of the time theyre very ine cient.

Perhaps you had to submit an insurance

claim and normally you might be very happy

with your experience of the contact center

submiing that request, but when it came to

actually being processed it gets delayed.

And in terms of cost, especially since itsthree to ve times the cost in the back o ce,

thats a lot of money companies are spending

mostly on individuals in the back o ce, cherry

picking work, not taking the right items, or the

work not being aligned to the right person.

AK: WHAT ARE YOU FINDING IS THE

SOURCE OF THESE INEFFICIENCIES?

RB: ere are usually a couple of stepsthat are taken in the back o ce when a work

item is processed.

6

8/9/2019 ETM Q3 2010 Issue

10/44

up geing credit cards from other companies

because they werent processed appropriately

or quickly enough in the back o ce. So thats a

case of lost revenue.

Both cases are from a service level

agreement perspective, and at times you may

have to pay nes for not meeting them. From

the other credit card example, this is lost

revenue and lost customers that you could have

had because you were very ine cient in theback o ce.

AK: WHAT ARE SOME OF THE EXISTING

TECHNOLOGIES IN THE BACK OFFICE

THAT COULD BENEFIT FROM THESE

NEW EFFICIENCIES?

RB: ere are a lot of new technologiesthat, if you think about it, any process or work

based item can use to their advantage.

e simplest might be a fax server, and

Ill give you an example in a second. Another

one might be a service request system, such as

a Remedy, trouble ticketing system, a Siebel

system or SAP system, and all the way up to

the more complex systems such as a business

process management system.

e simplest example I could give is that

most people can relate to a fax service. I was

using an airline several years ago and they

missed crediting me for 5000 miles .ey said to

fax my request in and that it would be rectied.

So I did that and nothing happened, even when

I faxed it again. I ended up geing so frustrated

that I switched airlines.

Had they actually known my status as a gold

customer, looked at the fax, and aached a high

priority tag to it and sent it to the right agent,

along with an SLA associated with it saying that

I needed to be responded to within 24 hours,

then I might not have ended up leaving and

going to another airline.

Im now a happy customer at the airline

I switched to, so thats a great example of a

technology that could actually benet from this

type of a process.

AK: THE BOOM LINE IS STILL SUCHAN IMPORTANT ASPECT OF DAILY

BUSINESS LIFE NDY, SO CAN YOU

TELL ME WHAT THE TYPICAL ROI AND

SAVINGS ARE?

RB: Its prey dramatic, when you thinkabout it, if you prioritize the work items based

upon value and send them to the right person

in the back o ce just like you would with a

telephone call in the front o ce and the contact

center. Weve seen a dramatic improvement of

about 15-25% e ciencies in the back o ce.

Ill use another real-time

example. We did a pilot with

a customer in Australia and

they typically had a problem

with their nine to ve work

day and the fact that, at

ve oclock when work was

done, they still had a lot of

unnished work and items

that werent processed thatwere high priority.

Once we worked with them, implementing

this process, their nine to ve work day went

from nine oclock until two oclock, so they had

three extra hours to re-provision these workers

to do other items that could actually benet

from the next days worth of work.

AK: THATS ANOTHER FANTASTIC

EXAMPLE NDY. WHAT TYPES OF

COMPANIES WOULD BENEFIT?

RB: e logical ones are obviously themost paper process-intensive companies suchas insurance companies that have to deal with

claims, nancial services and so forth. But there

are a lot of other companies that you might not

even think about.

ese are companies that have to process

leads that they get from their websites, or other

companies that have some sort of government

regulation and service levels associated with

themto use the credit card example, when

you have to go ahead and issue your credit card

disputethen that has to be fullled within a

certain period of time.

So if you think about any company across

the board and any vertical industry, theres

always some sort of business process associated

in the back o ce, so any company could really

benet from this.

AK: YOURE TALKING ABOUT

CATERING ACROSS A WIDE NGE OF

INDUSTRIES HERE, AND ESPECIALLY

IN THIS ECONOMIC CLIMATE ITS

ESSENTIAL TO REALLY JUMP ON THES

BACK OFFICE BUSINESS PROCESSES T

ENSURE THAT YOURE GEING THE

BEST POSSIBLE RESULT YOU CAN.

NOW FOR OUR LAST QUESTION, WHA

CAN THOSE COMPANIES LISTENING

TODAY DO TO GET STARTED?

RB: It really requires self assessment asome internal thinking in terms of: What are m

processes? How are they being done? How are

my workers being utilized? What are their ski

sets? How do I determine which items are the

higher business priority? e list can be endle

A lot of companies are doing this back

o ce transformation today and I think it

really becomes an issue of self assessment. You

need to take a close look at what you do in the

back o ce and re-prioritize your resources,

your processes, and also implement new

technologies to ensure that youre becoming

more e cient.

At the end of the day, when youre talking

about six t imes the amount of back o ce

workers at three to ve times the cost, that

translates into a lot of money.

Also, these back o ce processes are being

relied on by the front o ce and the contact

centre, and youre also talking about customer

satisfaction which can result in customer

defection. But if you can keep those customer

happy, then these happy customers are going t

spend more money.

So it really requires self assessment and

looking internally to see where you can

improve.

BUSINESS PROCESS MANAGEMENTHEAD TO

Randy is responsible for driving adoption of Genesys market-

leading customer service and sales solutions. Prior to Genesys, he

was a founding member and director of product marketing at Active

Reasoning, and held marketing and product strategy positions at Cable

and Wireless, Exodus, Oracle, Informix and Liberate Technologies.

Randy is the author of the popularIT Compliance for Dummies

andDynamic Contact Center for Dummiesbooks.

Randy Brasche DIRECTOR OF PRODUCT MARKETING

GENESYS

... these backofficeprocesses are being relieon by the front officeand the contact centre...

8/9/2019 ETM Q3 2010 Issue

11/44

8/9/2019 ETM Q3 2010 Issue

12/44

BUSINESS RULES MANAGEMENT EXECUTIVE P

DGARDNER: DON, TELL ME A LILE

BIT ABOUT YOUR HISTORY. HOW IS IT

THAT BUSINESS RULES MANAGEMENT

PLAYS AN IMPORTANT ROLE AT YOUR

COMPANY?

DGriest:FICO is probably best

known for FICO score which is used in credit

decisions, when you get a credit card or apply

for a loan for a house. Its been around 50 years

now and started with a couple of statisticians,

Bill Fair and Earl Isaac.

ey came up with a way of using data

analytics to improve decisions. ey quickly

found out that giving people a good credit score

wasnt enough and that they needed to apply

those decisions in making oers on products

and making decisions about the credit risk.

So they started building applications for

banking and then eventually insurance, retail,

healthcare and other industries to help them

make decisions informed both by the best

practices that were in the policies, but and by

analytics including predictive analytics, predictive

modelling, simulation and optimization.

Today, we sell both applications and then

tools underneath that help us build those

applicationsbusiness roles management being

a critical one of those.

DGARDNER: WHATS CHANGING?

WHAT MAKES BUSINESS RULES

MANAGEMENT SO IMPORTANT TODAY?DO YOU AGREE THAT COMPLEXITY IS

SPINNING OUT OF CONTROL?

DGriest:I agree that therehave been a number of changes in the market.

Obviously, the recent economy changes have

put a lot of pressure on e ciency and doing

more with less. is means you need to make

faster, cheaper decisions, and you need to be

able to make changes to those decisions faster.

At the same time, weve got more regulatory

pressures coming in not just in banking but also

in healthcare as well. at is increasing the need

for decision-making with great transparency

and also being able to minimize the impact to

the overall return on the company.

If you look at retail, its exploding in

terms of what the web has done and in terms

of consumer expectations about how many

combinations of dierent products are available

and greater competitive pressure to get the

right price point and the right oer to the right

customerand actually still make money

doing it.

DGARDNER: IM G OING TO GUESS

THAT AT FICO YOU OFFER SERVICES

THAT AMOUNT TO BUSINESS RULES

MANAGEMENT, BUT I BET YOU

ALSO EMPLOY IT WITHIN YOUR

ORGANIZATION. SO YOURE A

BUSINESS RULES CONSUMER AS WELL

AS USER?

DGriest:Denitely. FICOis known for its scores, so that uses rules

management to implement those scores. ey

create formulas that take information at the

credit bureaus and apply scoring techniques to

create a score. We then have applications that

our customers use in origination.

So when you ll out the loan it actually

helps to walk that through the process

a culmination of normal business process ow

but also business rules being at the centre ofthat. So, yes, its used throughout the company.

DGARDNER: RIK AT INRULE

TECHNOLOGY, TELL US A LILE

BIT ABOUT WHAT YOU DO, WHAT

YOU PROVIDE, AND HOW YOU SEE

THE LANDSCAPE FOR BUSINESS

RULES MANAGEMENT SHIFTING OR

ADVANCING?

RC:InRule was started about eightyears ago and we decided, at the time the .NET

framework was almost brand new, to focus on

rule technology for that particular framework

and platform.

Weve been doing that ever since and

really pushing harder to be a solution for the

.NET platform that provides the authoring,

management, storage and execution of the rul

applied on that platform.

I think what Ive seen over the last few

years has been changing a lile bit more than

what was there before. ere are always the to

three industries that you would apply busines

rules toinsurance, nancial services and

healthcareand while those are still going

strong today there seems to be an uptake in a l

of other industry sectors that might be lookin

to use rules, outside those top three.

For example, take the entertainment

industry. One of our clients is actually using

rules to manage their project plans to enforce

consistency and promote realistic planning fo

large scale video production.

So its kind of interesting where were seei

this use of rules grow out from perhaps what

people would traditionally apply rules to, and

trying to branch into other industries.

DGARDNER: BRE STINEMAN AT IBM

HOW DO YOU SEE YOUR BRM MARKET

SHIFTING OR PERHAPS GROWING IN

THE NEXT FEW YEARS?

BS: Im sure most people have a fairlygood idea of who IBM is in terms of the variosoware, hardware and services that we provi

In terms of business rules management, our

oering came from an acquisition of a compan

called ILOG that occurred in 2009.

ILOG has a long history, going back

20 years, in a variety of dierent types of

decision technologiesboth from a business

rules standpoint as well as optimization

and visualization technologies, all of which

were used to help organizations make beer

decisions for various parts of their businesses.

How can business better operate by identifying and capturing defined logic and

repeatable rules? DANA GARDNER (INTERARBOR SOLUTIONS)

discusses business rules management (BRM) and explores the value of businesses

being agile in a safe way. He is joined byDON GRIEST (FICO), RIK

CHOMKO (INRULE TECHNOLOGY) and BRETT STINEMAN(IBM).

8/9/2019 ETM Q3 2010 Issue

13/44

ITS NOT ABOUT IAM FOR THE CLOUD

Given that, we have to redene our IAM

strategies. We have to think about how to

manage everything consistently. at excludes

approaches that run externally and only manage

the external services. IAM in the cloud only

for the cloud is contradictory to the target of

managing everything consistently. us, we need

to expand what we have (or should have) in IAM,

and access governance to support our future IT

infrastructure.

Approaches that arent focused on supporting

a hybrid cloud environment can only be tactical

approaches, if at all. On the other hand, internally

focused tools have to expand their reach to

external services.

ONE ITONE MANAGEMENT

It obviously doesnt make any sense to deal with

external services that dier with internal services.

at will make management inconsistent,

redundant and error-prone, plus, it will inhibit

the exible change from internal to external

services and back.

Consuming external services is one element

of the overall IT service provisioning. And it is, by

the way, an element which is in place in virtually

any organization. ink about web hosting,

web conferencing and many other applications

which are frequently provided by external service

providers.

e quintessence of cloud computing is that

it standardizes the service management across

NALYST FEATURE SERVICE MANAGEMENT IN THE CLOUD

As cloud computing takes a stronger hold on the IT industry, organizationsmust realize that there is a another factor that will ensure its success.MARTIN KUPPINGER (KUPPINGER COLE)writes about the importance of service management.

Thekeytosuccess

Cloud computing is the hype topic in IT. And without a doubt, cloud computing is about a fundamental paradigm shi in IT.

However, it is not so much about procuring external services. It is about the way IT services are produced, procured and managed

internally as well as externally. at is where service management comes into play.

Service management, from the Kuppinger Cole perspective, is the key success factor for cloud computing. When talking about cloud

computing, it s something dierent than the cloud.

First of all, there are several clouds, in the sense of environments which deliver IT services. ese might be internal or external; they might be private or

public; but all of them provide IT services at dierent levels of granularity. ese levels range from granular web services to coarse-grain services like complete

application environments and many SaaS (Soware as a Service) approaches.

Cloud computing, on the other hand, is about selecting, purchasing/requesting, orchestrating and managing these services. e management spans the

entire range from technical aspects to auditing and accounting.

While the services might be delivered by many clouds, there has to be one consistent management approach. is approach has to cover internal and

external IT services. It is about one view on the IT, regardless of the service provider (or cloud, to use that term).

8

8/9/2019 ETM Q3 2010 Issue

14/44

all types of services and thus allows you the

exibility to choose services from dierent

providers. Another eect is that internal

IT services have to become standardized

and (from a cost perspective) produced

e cientlyinternal IT ser vice production

should signicantly benet from that approach

by becoming more industrialized and

automated.

FOCUS BEYOND SERVICE

FUNCTIONALITY

To fulll the security and governance

requirements, service management has to

focus not only on the functional aspects (and,

like frequently seen today when looking at the

cloud, costs).

For each service there has to be

governance requirements, including aspects

like encryption of data, requirements for

privileged access management, allowed

locations for processing and storing the data,

and many more.

When describing services and dening

the service requirements, there has to be a

standardized set of such requirements to ensure

that these aspects are considered when selecting

the (internal or external) service provider.

e most appropriate provider isnt the one

with the most advanced functionality or the

lowest costas long as he doesnt meet the

governance requirements.

BUSINESS SERVICE MANAGEMENT

When talking about service management in thecontext of cloud computing, it becomes obvious

that there are multiple layers of services. Within

IT services there is a range from single web

services at the application level to complex SaaS

applications. However, that can be managed

with a consistent approach because the

fundamental principles of service management

apply to any level of service.

Beyond the IT perspective, there has to be

business service management as well. Business

service management is, in contrast to todays

vendor marketing, about having descriptions

from the business perspective of their

requirements to IT.

It is not about availability management

for business processes or something similar, it

is about mapping the required IT services to a

business requirementfor example, mapping

storage and archiving services, information

rights management and other services to therequirement, that contracts are handled in a

dened way.

One element within such a business

service management is providing the input for

the governance requirements of IT services.

ese requirements typically are derived from

business requirements, including regulatory

compliance.

ERP FOR IT

An interesting opportunity within this approach

of consequently using service management

paradigms at all levels is that the ability for

accounting will signicantly increase. Once

everything is understood as a well-dened

service, it is relatively easy to have a price tag on

these services.

at, in consequence, will allow you to

do much beer resource planning and to

predict costs of new business services (eg. new

requirements to the IT) much more reliably

than before.

In other words: service management

is the foundation for an ERP for IT, the

ERP application which is still missing today.

However, todays service management

applications arent an ERP for IT, even while

some vendors tend to start telling this to their

customers.

FOCUS ON SERVICE MANAGEMEN TAND SUCCEED WITH CLOUD

COMPUTING

Looking at cloud computing and service

management, it is obvious that these two thin

cant be separated. Service management is the

foundation for successful cloud computing.

And cloud computing will drive the service

management initiatives in organizations and

will require the internal IT to standardize

their services.

e most important reason for this is that

otherwise the internal IT cant prove that they

are providing the most appropriate servicesbecause they cant directly compare with

cloud services. Only with complete service

requirements, including the governance aspec

can internal IT can validate that their service

procurement suits the needs of the business

beer than the (sometimes) cheaper external

service.

It will absolutely change the way the

internal IT is workingbut it is the only

opportunity the internal IT has: standardize

services, optimize the service production,

and be beer in meeting all the service

requirements.

From an overall IT perspective, service

management is key to success in cloud

computing as well because it is the prerequisit

for being able to exibly switch between

internal and external service providers and

back.

SERVICE MANAGEMENT IN THE CLOUDANALYST FEA

Martin established Kuppinger Cole, an independent analyst company, in

2004. As founder and senior partner he provides thought leadership on

topics such as identity and access management, cloud computing and IT

service management.

Martin is the author of more than 50 IT-related books, as well as

being a widely-read columnist and author of technical articles and reviews

in some of the most prestigious IT magazines in Germany, Austria and

Switzerland. He is also a well-known speaker and moderator at seminars

and congresses.

Martin Kuppinger |FOUNDER AND SENIOR PARTNER

KUPPINGER COLE

While the services might bedelivered by many clouds,there has to be one consistentmanagement approach.

8/9/2019 ETM Q3 2010 Issue

15/44

EAD TO HEAD CLOUD COMPUTING

0

Public versus private cloud computing

is one of the hottest topics in IT at the

moment, but theres still a lot of confu-

sion around its adoptionwhich has

been higher than anyone expected.

STEVE BRASEN(ENTERPRISE MANAGE-MENT ASSOCIATES) talks

with DENIS MARTIN and

BROOKS BORCHERDING(NAVISITE) about the scope ofcloud computing and its transition.

Smoothtransition

hp://www.GlobalETM.com

8/9/2019 ETM Q3 2010 Issue

16/44

CLOUD COMPUTING HEAD TO

SB: TODAY WELL BE TALKING ABOUT PUBLIC VERSUS

PRIVATE CLOUD COMPUTING, CERTAINLY A HOT TOPIC

AND ONE AROUND WHICH THERE IS A LOT OF CONFUSION.

I DONT SEEM TO BE ABLE TO PICK UP A TDE MAGAZINE

THESE DAYS WITHOUT SEEING RE PEATED REFERENCES TO

CLOUD.

ACCORDING TO EMA PRIMARY RESEARCH, IN FACT, 11%

OF ALL BUSINESSES HAVE ALREADY ADOPTED SOME FORM

OF CLOUD SERVICES IN ORDER TO ACHIEVE THEIR BUSINESSOBJECTIVES. THIS IS VERY FAST ADOPTION WERE SEEING,

FOR WHAT IS REASONABLY CONSIDERED A FAIRLY NEW

TECHNOLOGY. WEVE PROJECTED THIS TO BE SOMEWHERE

BETWEEN A $4050 BILLION DOLLAR INDUSTRY BY THE END

OF 2011, AND GROWING ROUGHLY TO $160 BILLION BY 2015.

YET WITH ALL THIS PROMISE AND HYPE, ITS SURPRISING

THAT THERE DOESNT SEEM TO BE MUCH CONSENSUS

ON EXACTLY WHAT CLOUD IS AND WHERE THE SCOPE IS,

WHICH LEADS ME TO MY FIRST QUESTIONHOW WOULD

YOU DEFINE THE SCOPE OF CLOUD COMPUTING, AND HOW

DO YOU DIFFERENTIATE PUBLIC AND PRIVATE CLOUD

COMPUTING?

DM:Youre right Steve, there is a lot of confusion in themarket today around cloud. Today well talk about it primarily from an

infrastructure perspective, but even then theres a lot of confusion about

what a public cloud is compared to a private cloud.

In that spectrum from private to public, the consensus dening factor

thats emerging is how many customers are on the cloud. If there is more

than one, its typically dened or put in the bucket of being a public cloud.

If its only one, then its eligible to be qualied as a private cloud.

Even then there are a number of options or gradients along that

spectrum where its not so black and white. For example, NaviSite

offers private hardware where we can put one customer on a piece

of hardware, yet theyre sharing other components of the underlying

infrastructure.

Is that private, or is that public? We think of it as quasi-private and

we think we provide all the benets of a private cloud without any of

the downsides. Its not so cut and dry that there is a single dierentiator

between public and private.

BB:Id like to add to what Denis said and to your initial points,Steve, around rapid adoption.

If you take a step back and consider why cloud has become so

interesting and gathered so much hype, its because it is a true revolution

and a true transformation of the way that companies are consuming IT

resources.

So be it public, private or a hybrid of anywhere in between, I thinkat least in our generation, that weve very rarely seen something of this

magnitude that is changing the fundamental consumption paradigm of IT.

We certainly have experienced that where were based here, in

the enterprise space, but you can see this very rapid consideration of

alternatives to the way that companies are consuming IT resources from

consumers across the enterprise spectrum.

SB: WHAT ARE THE PRIMARY BENEFITS AND CHALLENGES OF

PUBLIC AND PRIVATE CLOUD IMPLEMENTATIONS?

DM:From the public cloud perspective, the biggest benet is theease of access and the ease of on-boarding.

Typically you can get on a public cloud, whether its for compute

and storage or a combination of them, usually within minutes by simply

providing a credit card number and commitment to pay and then your

access is immediately available. So its a very simple on-boarding process.

e challenge on the public cloud, because it is geared for larger grou

of users and for a general usage case and not for specic usage cases, is tha

its geared typically for non-production services with very low service leve

agreement guarantees, and in some cases almost to the point of best eor

type performance.You really dont rely on them for services other than things like

development or some sloppy bursting that you might need, but for today

at least, theyre not geared for the rigors required for producing and

supporting production applications.

Private clouds, on the other hand, inherently have all of the features

required for not only doing high level SLAs, but also providing the

complete infrastructure lifecycle management.

So in the case of public cloud, you might only have the ability to

manage your CPU and the amount of memory, but you dont have contro

over rewalls and load balancers and the other components that are

required to provide the use of the machine that you created, the rewall

rules that you apply to it, the load balancing and so on.

On the private side, since it is fully controlled, you do have the ability

to create and work on the machines, apply rewall rules to them, apply

load balancing as needed, and then expose them from either the back end

network or expose them on the public network space automatically.

Its a much more robust environment for providing a range of services

whether its simply for development and testing, and all the way to the leve

of providing production services with four nines or ve nines availability.

BB:I think a couple of the general benets, be it public or private,the fact that cloud services do have a promise of mitigating the complexity

of IT. So, from a consumer perspective, it is easer to look at this as an

alternative to acquire these resources, be they compute resources, or bethey application on demand or SaaS-type capabilities.

So from both, there is this promise that we can make it much simpler

to consume IT. And on both, I think theres also a promise, be it public or

private, consumer or enterprise, that there will be a reduction in capital

expenditure and an increase in operational e ciency across the spectrum

Where the dierentiation comes between public and private, as Deni

mentioned, is that theyre built to deliver enterprise-type class services

at least, thats the approach that weve taken at NaviSite.

So its taking everything from the quality of the underlying

infrastructure and technology through to everything else that would be

required such as the security standards, the wraparound services that you

would expect, and then the ongoing support.

... a quasi-private

cloud, as an extensionof yourIT environment, is really awin-win onboth sides.

8/9/2019 ETM Q3 2010 Issue

17/44

SK THE EXPERT IT INFRASTRUCTURE TRANSFORMATION

AK: CAN YOU GIVE US A BRIEF SUMMARY OF WIPROS

INFSTRUCTURE SERVICES BACKGROUND AND HOW YOU

HELP BUSINESSES SUCCEED?

DJ: Wipro has been oering IT Infrastructure services to its customersfor over 25 years. Our customers are spread across North America, Europe,

Asia Pacic and Middle East geographies. Wipros IT infrastructure business

is US$926 million and contributes 21% of our IT services revenues globally.

Were seeing robust growth in this business and have been ahead of

company growth at 40% CAGR for the last three years. We have seven

datacenters and 17 global command centers including 14 security operations

centers globally. Over 16,000 associates work for this division.

Our growth strategy is to keep on expanding our portfolio and, today,

in our infrastructure services business, we oer end-to-end IT outsourcing

solutions from design and implementation services, managed services, DCoutsourcing including technology transformation, and audits to continually

improve the performance of IT systems.

We also have comprehensive oerings to cater to complete IT security

management services (consult deploy manageaudit). We also have a

strong oering on the Core Telecom networks.

AK: HOW DO YOU HELP BUSINESSES SUCCEED IN THE

CURRENT MARKET?

DJ: Our approach is to partner with our customers and look at longterm relationships. Our domain knowledge helps us understand the clients

business better, and then propose solutions more aligned to business.

Unlike many Indian IT companies focused on remote infrastructure

management and cost arbitrage, we also focus on improving the business

KPIs, for example, how IT can help in faster inventory turns or reduce

cycle time for order to cash, or how we can reduce cost to serve for our

clients end customers.

AK: LETS TACKLE THE SUBJECT OF TODAYIT

INFSTRUCTURE TNSFORMATION. HOW DO YOU DO IT?

HOW DOES IT TNSLATE INTO COST SAVINGS?

DJ: IT Infrastructure optimization and transformation has to belooked at through four broad areas:

CONSOLIDATION: Our experience of working with customers across

industries proves that consolidation is a big lever for cost savings. As IT

assets increase so does IT infrastructure complexity, creating signicantmanagement problems. In addition, data center energy consumption

is skyrocketing, not to mention the energy prices rise. erefore, the

consolidation approach should focus on:

Consolidation of IT operations, such as a central monitoring and

command centre, IT service desk and knowledge database

Consolidation of IT Infrastructure, such as a reduced number of

datacenters and computer rooms

Consolidation of IT procurement. We believe that procurement for

global organizations gives them the scale to negotiate and manage

hardware and soware spend beer

Consolidation of services through shared model for service desks, and

factory model for application packaging.

6

ETMS ALI KLAVER interviews

DEEPAK JAIN (WIPRO)about enabling your business growth

through IT infrastructure transformation.

Transforming

businesshp://www.GlobalETM.com

8/9/2019 ETM Q3 2010 Issue

18/44

IT INFRASTRUCTURE TRANSFORMATIONASK THE EX

STANDARDIZATION: Simplication is again an important lever for

controlling costs. Over time, many customers have added complexity into

their IT environments which could be in the form of disparate applications,

operating systems, technologies, processes and tools being used.

We recommend our customers make one-time investments to

standardize the IT estate and look at ROI over ve to seven years.

TIONALIZATION:Application and infrastructure rationalization is

another key driver for cost reduction.

VIRTUALIZATION: Both on the data center side and on the end user side.e data center side is where one consolidates the servers and storage across

the enterprise. is leads to lower support costs and easier administration

without sacricing compute power and storage capacity.

On the desktop sidevirtualization of desktop or VDIthis leads to

beer control over the desktops, lower costs and increased ease of desktop

management and refresh.

AK: WHY IS IT IMPORTANT FOR A BUSINESS TO DO THIS NOW,

PARTICULARLY IN THE CURRENT ECONOMIC CLIMATE? WHAT

ARE THE MAIN BENEFITS?

DJ:e CIO/CTO organizations have realized that aer a phase of

over abundance there is a need to get to a state of equilibrium.Also, the future trends and technologies, including the disruptive

trends like cloud computing, will require organizations to seriously look at

consolidation, standardization and rationalization. erefore, its important

that organizations are ready to make the best advantage and avoid high

transition/migration costs as these trends mature.

e cost take-out initiative that companies started in 2008-09 also

continues because it was a multi-year program. First tranche of savings

came in from discounts from vendors. However, to get a sustainable cost

advantage, transformation is essential. Without this further cost take-out will

be extremely di cult.

We also believe that organizations will consolidate their business

portfolios and that the center of economic activity will shi to newer

geographiestime to market will be the key parameter to gain market share.

erefore, end users will not be bothered about the technology used

but will be more focused on the functionality it delivers. e economic

environment will move customers from being buyers of technology and

building on capacity, to looking at capacity on demand and utility models.

Companies that achieve the above will be quick in making the best use

of on-demand computing and manage exibility of infrastructure costs based

on business cycles.

AK: WHAT IS YOUR FAVORITE CASE STUDY THAT REALLY

HIGHLIGHTS WHAT WIPRO CAN DO IN THIS SPHERE?

DJ: We have multiple case studies to talk about, and there are threeimportant ones in particular.We are currently engaged with a customer in the energy and utility space

to transform their retail business, and one of the key KPIs is to bring down

their cost to serve by 10% per subscriber.

Secondly, were working with a client in the retail space to help manage

their IT cost as a function per square foot of retail space.

And thirdly, we manage IT cost as a function on the number of

subscribers for a client in the telecom space.

All of the above are large deals, not in the context of technology

transformation alone, but more importantly in terms of business

transformation. We believe that IT costs as a function of customer revenues

is important, but linking it to business parameters like the ones above ensures

that IT operations, technology adoption and spend on IT transformation i

optimal at all times and can be a function of the business growth.

AK: WHAT ARE TH E LEVERS FOR SUSTAINABLE COMPETITIVE

ADVANTAGE THROUGH INFTNSFORMATION?

DJ: IT transformation positions organizations to:BEER MANAGE COST AND RISK: Our hindsight experience of

delivering these services for close to three decades helps us to do the job wthe least possible risk, and at the most optimized cost through our Global

Delivery Model.

SUPPORT BUSINESS INNOVATION: Our domain understanding and

its trends helps us to understand our customers current and future needs.

We drive innovation in our solution to bring about business innovation for

our customers.

SCALE MORE EFFECTIVELY: We are not into product reselling on a

stand-alone basis, and were not incentivized to dump more products. We

analyze the customers current needs and the impact of their ever changing

business environment. at helps us to provide the most optimized solutio

for todays challenges while keeping scalability in mind for future growth.

REDUCE ARCHITECTUL COMPLEXITY: rough application

rationalization and infrastructure consolidation, we try to simplify IT forour customers so that it becomes easily manageable and more meaningful t

their business.

INCREASE THE VALUE OF REVENUEGENETING SERVICES

In many cases today we help our customers to increase their touch points

with their own customers, reduce their time to market, help them to delive

more e cient serv ices to their customers, and become more agile and

competitive in the market place.

ENHANCED END USER EXPERIENCE: While traditional methods

of monitoring IT services have been quite discrete in their approach, today

we measure our performance through the eyes of the business user that

experiences our services.

It is no longer enough if the servers are up 99.99% and the network is u

99.99% etc; what really maers is that the end user who is trying to comple

a transaction through an application is able to do it in the specied time.

By monitoring the performance across each layer of the chain we are able to

control the performance and deliver enhanced end user experience.

AK LETS LOOK TO THE FUTUREWHERE DO YOU SEE THE

FUTURE OF IT INFSTRUCTURE TNSFORMATION IN THE

NEXT TWO TO FIVE YEARS, AND WIPROS PART IN IT?

DJ: Wipro is very actively promoting a concept called 21st CenturyVirtual Corporation. Essentially it means organizations globally should ha

A detailed look at core and non-core processes

Lean process optimization to drive sustainable productivity improveme

Optimization of technology to enable innovation

Extended execution leveraging partners versus contractors in a whol

new way.

By virtue of three decades of experience in IT services and solutions, Wipr

is increasingly being chosen as a partner of choice by customers for IT

transformation.

Customers are increasingly looking to achieve business and IT

alignment, more meaningful reporting, beer coordination between variou

departments, a reduction of the overheads associated with managing

multiple vendors, and so on.

8/9/2019 ETM Q3 2010 Issue

19/44

hp://www.GlobalETM.com

XECUTIVE PANELSECURITY INFORMATION AND EVENT MANAGEMENT

0

ActionableIntelligence

8/9/2019 ETM Q3 2010 Issue

20/44

SECURITY INFORMATION AND EVENT MANAGEMENT EXECUTIVE P

AC: WHAT ARE YOUR CRITICAL

SUCCESS TIPS FOR USERS? HOW DO

YOU INCREASE THE CHANCE OF SIEM

DEPLOYMENT BEING SUCCESSFUL

EARLY ON AND THEN GET TO

ONGOING OPETIONAL SUCCESS?

ML:e most important thing is tomanage expectations and align the necessary

resources. Ensure that you have agreement

from every department that expects to benet

from a SIEM, and make sure the technical

resources they can apply to the planning and

implementation phases, as well as what metrics

theyre going to use, measure the success.

When working with larger organizations

and enterprises with de-centralized networking,

its likely that a SIEM vendor was probably

selected having gone through a proof of concept

deployment. e learning from these test runs

can be critical to planning and successfully

implementing production SIEMs.

Identify where the obstacles throughout the

organization might be as well as the individuals

who support the eort and can help champion

the cause, trying to nd some way that each area

of the enterprise will benet from the tool.

Also, dont assume that a SIEM that

performs well in its concept with just two

weeks worth of production data will perform

equally as well with 12 months. If you cant

generate in the kind of volume your SIEMwill be faced with in the real world, make sure

the vendor can supply sample data or provide

access to a host with commensurate volumes of

information to demonstrate what youll be faced

with a year down the road.

DU:I agree with you in terms of thePOC and production environments. A lot of

folks dont anticipate what their volume will be

and assume that its going to be able to scale.

Vendors can provide tools to inject that data

and there are other options to help you do that.

Seing expectations and geing executive

sponsorship and support is very key. e

customers that weve seen have the most succ

with implementations. It starts from the top,

assigning resources and making sure that folks

are on board.

ere are some process changes that go

along with itthe technology is not going to

work like magic. Its a tool and it needs to be

adopted by individuals and users.

I would also suggest you start with simple

use cases based on policies youve already

dened and for which you may or may not

already have processes in place, but at least

youre starting small and you can get them

in place. at helps you to validate and gain

condence in the system.

One example would be server monitoring

You want to try to identify whether someone

is compromising a server and knowing this

information can prevent insider abuse before

signicant damage is done. So geing server

user monitoring processes in place is an early

use case to start with.

Another common use case is rewall

monitoring to meet compliance needs as well

as to make sure that you can identify activity

paerns for forensics purposes, for example.

e next thing would be to really iterate over

these use cases.

So you start with the simple use cases and

then plan for the next phase of use cases whichmaybe a lile bit more advanced. is way

youre taking baby steps as you go, validating,

making accomplishments, and then preparing

yourself for future success.

AA: You should think of it as a classic Iproject. Plan, install, tune and train. When I sa

plan, its about involving the stakeholders who

might use this and then, beer yet, the vendor

that youve selected, because quite oen they c

have useful advice for you. ink about volum

usage, what youre going to audit and so o n.

DR. ANTON A. CHUVAKIN talks about the usability and integration of

security information and event management and touches on log management

with the added benefit of three industry experts; MICHAEL LELAND

(NITROSECURITY), A.N. ANANTH (PRISM MICROSYSTEMS)and DEBBIE UMBACH (RSA, THE SECURITY DIVISION OF

EMC).

8/9/2019 ETM Q3 2010 Issue

21/44

EAD TO HEAD BUSINESS PROCESS-DRIVEN ALM

2

ETMS ALI KLAVER chats to EDDY PAUWELS(SERENA SOFTWARE) about business process-drivenapplication lifecycle management and how they link to each other, as

well as how businesses can benefit from such a strategy.

Create your own

app factory

hp://www.GlobalETM.com

8/9/2019 ETM Q3 2010 Issue

22/44

8/9/2019 ETM Q3 2010 Issue

23/44

Every year or so the high

technology industry gets a new

buzzword or experiences a

paradigm shi which is hyped as

the next big thing.

For the last 12 months or so, cloud

computing has had that distinction. Anyone

reading all the vendor-generated cloud

computing press releases and associated

news articles and blogs would conclude that

corporations are building and deploying both

private and public clouds in record breaking

numbers.

e reality is much more sobering. While

there is a great deal of interest in the cloud

infrastructure model, the majority of midsized

and enterprise organizations are not rushing to

deploy private or public clouds in 2010.

An ITIC independent web-based

survey that polled IT managers and C-level

professionals at 700 organizations worldwide

in January 2010, found that spending on cloud

adoption was not a priority for the majority of

survey participants during calendar 2010 (seeFigure 1).

However, that is not to say that

organizationsespecially mid-sized and

large enterprisesare not considering cloud

implementations. ITIC research indicates

that many businesses are more focused

on performing much needed upgrades to

such essentials as disaster recovery, desktop

and server hardware, operating systems,

applications, bandwidth and storage before

turning their aention to new technologies like

cloud computing.

Despite the many articles wrien about

public and private cloud infrastructuresover the past 18 months, many businesses

remain confused about cloud pecics such as

characteristics, costs, operational requirements,

integration and interoperability with their

existing environment or how to even get started.

DEMYSTIFYING THE CLOUD

What is cloud computing? Denitions vary. e

simplest and most straightforward denition

is that a cloud is a grid or utility style pay-as-

you-go computing model that uses the web to

deliver applications and services in real-time.

Organizations can choose to deploy a

private cloud infrastructure where they hosttheir services on-premise from behind the

safety of the corporate rewall. e advantage

here is that the IT department always knows

whats going on with all aspects of the corporate

data from bandwidth and CPU utilization to

all-important security issues.

Alternatively, organizations can opt for

a public cloud deployment in which a third

party like Amazon Web Services (a division of

Amazon.com) hosts the services at a remote

location. is laer scenario saves businesses

money and manpower hours by utilizing the

What are the organizations top IT spending priorities

for 2010 (select allthat apply*)?Disaster recovery 47%

45%

44%

41%

37%

36%

36%

35%

31%

30%27%

24%

17%

15%

13%

11%

11%

10%

9%

6%

2%

Upgrade server hardware

Deploy new apps to support the business

Server virtualization software

Replace older versions of server OS

Security

Upgrade desktop OS

Upgrade desktop hardware

Storage

Upgrade legacy server-based apps/DBs

Improve revenue and profitability

Increase bandwidth

Skills training for existing IT staffers

Desktop virtualization (VDI)

Upgrade the WAN infrastructure

Add remote access and mobility

Application virtualization

Green datacenter initiatives

Add IT staff

Build a private cloud infrastructure

Implement a public cloud infrastructure *Total may exceed 100%

Copyright 2009 ITIC All Right Reserved

NALYST FEATURE CLOUD COMPUTING

LAU DIDIO(ITIC)talks about thepartnerships, and divisions,

between the two sets of playersin the current virtual desktopinfrastructure marketCitrix/Microso and VMware/EMC.

Theprosandcons

ofcloud

8

8/9/2019 ETM Q3 2010 Issue

24/44

host providers equipment and management. All

thats needed is a web browser and a high-speed

internet connection to connect to the host to

access applications, services and data.

However, the public cloud infrastructure

is also a shared model in which corporate

customers share bandwidth and space on the

hosts servers.

Organizations that are extremely concernedabout security and privacy issues, and those that

desire more control over their data, can opt for a

private cloud infrastructure in which the hosted

services are delivered to the corporations

end users from behind the safe connes of an

internal corporate rewall.

However, a private cloud is more than just

a hosted services model that exists behind

the connes of a rewall. Any discussion of

private and/or public cloud infrastructure

must also include virtualization. While

most virtualized desktop, server, storage and

network environments are not yet part of acloud infrastructure, just about every private

and public cloud will feature a virtualized

environment.

Organizations contemplating a private

cloud also need to ensure that they feature very

high (near fault tolerant) availability with at

least ve nines (99.999%) uptime or beer.

e private cloud should also be able to

scale dynamically to accommodate the needs

and demands of the users. And unlike most

existing, traditional datacenters, the private

cloud model should also incorporate a high

degree of user-based resource provisioning.

Ideally, the IT department should also be

able to track resource usage in the private cloud

by user, department or groups of users working

on specic projects for chargeback purposes.

Private clouds will also make extensive use

of business intelligence and business process

automation to guarantee that resources are

available to the users on demand.

Given the Spartan economic conditions

of the last two years, all but the most cash-rich

organizations (and there are very few of those)

will almost certainly have to upgrade theirnetwork infrastructure in advance of migrating

to a private cloud environment.

Organizations considering outsourcing any

of their datacenter needs to a public cloud will

also have to perform due diligence to determine

the bona des of their potential cloud service

providers. ere are three basic types of cloud

computing although the rst two are the most

prevalent. ey are:

Soware as a Service (SaaS) which uses

the web to deliver soware applications

to the customer. Examples of this are

Salesforce.com, which has one of the most

popular, widely deployed, and the earliest

cloud-based CRM application; and Google

Apps, which is experiencing solid growth.

Google Apps comes in three editions

Standard, Education and Premier (the rst

two are free). It provides consumers and

corporations with customizable versions ofthe companys applications like Google Mail,

Google Docs and Calendar.

Platform as a Service (PaaS) oerings;

examples of this include the above-

mentioned Amazon Web Services and

Microsos nascent Windows Azure

Platform. e Microso Azure cloud

platform oering contains all the elements

of a traditional application stack from the

operating system up to the applications and

the development framework. It includes

the Windows Azure Platform AppFabric

(formerly .NET Services for Azure) as well asthe SQL Azure Database service. Customers

that build applications for Azure will host

it in the cloud. However, it is not a multi-

tenant architecture meant to host your entire

infrastructure. With Azure, businesses will

rent resources that will reside in Microso

datacenters. e costs are based on a per

usage model. is gives customers the

exibility to rent fewer or more resources

depending on their business needs.

Infrastructure as a Service (IaaS) is

exactly what its name implies: the entire

infrastructure becomes a multi-tiered hosted

cloud model and delivery mechanism. Both

public and private clouds should be exible

and agile. e resources should be available

on demand and should be able to scale up or

scale back as business needs dictate.

CLOUD COMPUTINGPROS AND

CONS

Cloud computing like any emerging

new technology has both advantages

and disadvantages. Before beginning

any infrastructure upgrade or migration,organizations are well advised to rst perform a

thorough inventory and review of their existing

legacy infrastructure and make the necessary

upgrades, revisions and modications.

Next, the organization should determine

its business goals for the next three to ve

years to determine when, if, and what type

of cloud infrastructure to adopt. It should

also construct an operational and capital

expenditure budget and a timeframe that

includes research, planning, testing, evaluation

and nal rollout.

PUBLIC CLOUDS ADVANTAGES AND

DISADVANTAGES

e biggest allure of a public cloud

infrastructure over traditional premises-based

network infrastructures is the abili ty to o oa

the tedious and time consuming management

chores to a third party. is in turn can help

businesses:

Shave precious capital expenditure

monies because they avoid the expensive

investment in new equipment including

hardware, soware and applications as well

as the aendant conguration planning and

provisioning that accompanies any new

technology rollout.

Accelerated deployment timetable. Havi

an experienced third party cloud services

provider do all the work also accelerates th

deployment timetable and most likely mea

less time spent on trial and error.

Construct a exible, scalable cloud

infrastructure that is tailored to their

business needs. A company that has

performed its due diligence and is working

with an experienced cloud provider can

architect a cloud infrastructure that will sca

up or down according to the organizations

business and technical needs and budget.

e potential downside of a public cloud

that the business is essentially renting commo

space with other customers. As such, dependi

on the resources of the particular cloud mode

there exists the potential for performance,

latency and security issues as well as acceptab

response, and service and support from the

cloud provider.

Risk is another potential pitfall associated

with outsourcing any of your rms resources

and services to a third party. To mitigate

risk and lower it to an acceptable level, its

essential that organizations choose a reputabl

experienced third party cloud services provid

very carefully.

Ask for customer references and check th

nancial viability. Dont sign up with a serviceprovider whose nances are tenuous and who

might not be in business two or three years

from now.

e cloud services provider must work

closely and transparently with the corporation

to build a cloud infrastructure that best suits

the business budget, technology and business

goals.

To ensure that the expectations of both

parties are met, organizations should create a

checklist of items and issues that are of crucial

importance to their business and incorporate

CLOUD COMPUTINGANALYST FEA

8/9/2019 ETM Q3 2010 Issue

25/44

XECUTIVE PANEL IT OUTSOURCING

2

MIKE ATWOOD (HORSES FOR SOURCES) moderates

a panel discussion on IT outsourcing touching on transformation,

the cloud and some fantastic case studies with the help ofCHUCK

VERMILLION (ONENECK IT SERVICES) and KARINE

BRUNET (STERIA).

A marriage of sorts

hp://www.GlobalETM.com

8/9/2019 ETM Q3 2010 Issue

26/44

IT OUTSOURCING EXECUTIVE PA

MA: A S YOU EXPAND YOUR BUSINESS,

WHAT IS YOUR IDEAL CLIENT AND

WHAT LETS YOU RECOGNIZE THAT?

KB: A typical client is one that wants toexperience a big transformation in the coming

months or years. It can be transformation of its

IT or its entire organization, perhaps through

mergers and acquisition. I think this is where anoutsourcer can bring the best value.

Looking especially at the prole of Steria,

we work very closely with our clients to assist

them in their transformation. So for us, a very

good client is one with a transformation agenda.

MA: AND IN TERMS OF IT RESOURCES,

IS WHAT YOURE PROVIDING HOSTING,

AND HOW DOES THAT HELP WITH A

TNSFORMATION?

KB:I think were providing not

resources but services, and thats what we mean

by outsourcing.

Steria is a mid-sized player in the market

and its one of the top ten players in the

European market. One of our dierentiators is

the fact that we have very good proximity and

exibility with our clients.

Prior to migrating a client, one of our

key capabilities is to be exible enough in the

transformation phase to adapt our service

solution to whatever the client challenges are.

Another demonstration of that exibility may

lie in that one part of our service incorporates

an oshore alternative, but we may still need

people on site for certain services because the

client is not mature enough to have everything

fully outsourced.

We are able to accommodate that, and then

industrialize the service delivery and the service

mechanism to achieve an e cient deliver y.

MA: DO YOU PROVIDE ANY TNS

FORMATIONAL CONSULTING SERVICES?

KB: We provide two types oftransformation consulting services; one in thetechnical aspect which is about transforming your

IT infrastructuremeaning virtualization and

platform as a service or cloudand one which is

much more on the organizational level.

Restructuring the way you operate your

IT services can be tricky, but as a mid-sized

player, we see more and more clients deciding

on selective sourcing. is requires that they

organize the governance, processes and how

theyre going to manage multiple suppliers, as

well as the potential to mix with internal teams.

We also provide organizational consulting to

assess the maturity of the organization and their

processes, and advise on that.

MA: CHUCK, WH AT IS YOUR IDEAL

SCENARIO?

CV:For us it starts with painwe dontlike that our customers are in painbut we liketo talk to companies that are experiencing pain

because, generally speaking, theyre trying to

avoid the experience of managing their own IT

systems and have just had enough. ey want

someone else to do it for them.

Or, they recognize the pain when theyre

implementing a new system and have decided

theyre not up to the task of eectively

managing that new environment.

e second thing we look for is a

complicated environment. I think we really

dierentiate ourselves when we nd that its

not just a single application our customers

are looking to host or outsource, but rather,

theyre looking to outsource a multiple set

of applications on several dierent types of

infrastructure.

is is where were best able to dierentiate

our capabilities.

MA: AND DO YOU PROVIDE ANY SORT

OF TNSFORMATIONAL SERVICES?

CV:IT outsourcing generally createstransformation within a company because

youre signicantly changing the way they view

and access their IT services. With regards to

calling it transformational servicesno, we

dont provide any services described as such.

We know who we are as an outsource

provider of IT services. We pride ourselves

on the fact that customers would look at us

not as a vendor, but recognize us as one of

their employees.

MA: ONE OF THE ISSUES THAT

NORMALLY ARISE WHEN SOMEONE

IS THINKING ABOUT OUTSOURCINGIS: WHAT EXACTLY DO I OUTSOURCE?

WHAT IS THE SCOPE OF THE

OUTSOURCING PROJECT, AND WHAT

AM I GOING TO SEND OUT? CHUCK,

WHAT WOULD YOU ADVISE A CLIENT

THAT THEY SHOULD OUTSOURCE?

CV:We can provide a broad array ofservices and do everything for our customers;

from as low as the base infrastructure providing

the data centre services, all the way through

the application level that includes not only th

enterprise or ERP application management, b

also functional consulting on top of that.

Our support centre is one where someon

can not only call in if theyre having a technica

issue, but they can also call our support centre

theyre having functional issues, such as gein

a batch release in the ERP system, or how to

beer use the manufacturing functionality toaccomplish a particular task.

Also, with regards to the EDI or electroni

data interchange, we will host and manage

customers EDI translators. Well establish the

trading relationships with the trading partner

test those transaction sets, and then ensure th

they go forward in production.

When there are errors agged by the

translator, well research the nature of the issu

and then forward that information back to

someone in the company to help x whatever

data issue is causing the problem. Its almost

business process outsourcing in some of these

cases.

We also do outsourcing of desktop

administration. In some cases its done with o

site desktop resources, and in others its done

with the desktop resources in our location in a

depot fashion. We have a very broad capability

MA: AND WHEN YOU DO THE

OUTSOURCING, WHAT ASSETS DO

YOU OWN AND WHAT ASSETS DO

YOU ADVISE THE CLIENT THAT THEY

OUGHT TO KEEP OWNERSHIP OF?

CV:Were prey exible with regardsto asset ownership. Generally speaking, we

encourage customers to keep the assets they

started with. We move the assets from their

facilities to our facilities and provide the

services.

However, as the relationship starts to

mature and the assets come to the end of their

useful life, our customers can decide what

theyre going to do from a new equipment

acquisition perspective. Oentimes they look

to OneNecks cloud services as an alternativeto owning their own assets. However, from a

desktop perspective, they normally continue t

own their own assets.

MA: IS THERE SOME SCOPE THAT

WOULD BE TOO SMALL OR THAT YOU

WOULDNT TAKE ON?

CV:No, for us its all about makingsure our customers are satised and that were

solving a business problem.

8/9/2019 ETM Q3 2010 Issue

27/44

have everywhere is to verify that the accounts

for these departing employees have been

properly terminated.

ere is a use case which is called the

pink slip null which is essentially when HR

tells you that a person has been let go or has

chosen to resign, which to IT means that their

access and accounts must be removed from the

directory. You can put that username into your

list and start looking for any activity from those

usernames for the next few weeks.

is is a failsafe to make absolutely sure

that there is no further activity. If youre doing

Active Directory youve probably removed that

username or disabled them, but they could have

congured a service with their name, as we

SK THE EXPERT SECURITY INFORMATION AND EVENT MANAGEMENT

SIEM

satisfaction

AK: ANANTH, COULD YOU GIVE

US A FEW EXAMPLES OF SIEM IN

OPETIONAL USE CASES ?

AA: One example thats clear in theserecessionary times is that people have had

turnover in sta, particularly in North America,

as so-called pink slips. A problem that IT people

One of the most ignored benets of securityinformation and event management technologyis using SIEM technology to improve overallIT operations.A. N. ANANTH andSTEVE LAFFERTY (PRISM

MICROSYSTEMS) talk to ETMS ALIKL AVER about how improved operations is seldomgiven much aention but might well provide themost tangible cost justication.

4

8/9/2019 ETM Q3 2010 Issue

28/44

found out with one of our customer locations

some time back.

So its a good idea to do this because its

very inexpensive to run and should be coming

up empty if youve done your job right. Its a

fantastic way of assuring yourself that things

have gone according to plan.

If you look at the security vulnerabilities,

a lot of it happens because of default accounts

that have been dormant for a long time and