Nimble Business Process Management Helps Enterprises Gain Rapid Productivity Returns

Transcript of a sponsored BriefingsDirect podcast on how Business Process Management can help enterprises solve productivity problems and rapidly adapt to changing economic conditions.

Listen to the podcast. Download the transcript. Find it on iTunes/iPod and Podcast.com. Learn more. Sponsor: BP Logix.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today, we present a sponsored podcast discussion on the importance of business process management (BPM), especially for use across a variety of existing systems, in complex IT landscapes, and for building flexible business processes in dynamic environments.

The current economic climate has certainly highlighted how drastically businesses need to quickly adapt. Many organizations have had to adjust internally to new requirements and new budgets. They have also watched as their markets and supplier networks have shifted and become harder to predict.

To better understand how business processes can be developed and managed nimbly to help deal with such change, we're joined by a panel of users, BPM providers, and analysts. Please join me in welcoming David A. Kelly, senior analyst at Upside Research. Welcome to the show, Dave.

David A. Kelly: Thanks Dana, glad to be here.

Gardner: We're also joined by Joby O'Brien, vice president of development at BP Logix. Hi, Joby.

Joby O'Brien: Hi, Dana, how are you doing?

Gardner: Good. We are also joined by Jason Woodruff, project manager at TLT-Babcock. Welcome Jason.

Jason Woodruff: Thank you, Dana.

Gardner: Let's start off with you, Dave. Tell us a little bit about how the business climate that we are in that has made agility and the ability to swiftly adapt not just a nice-to-have, but a must-have.

Kelly: You hit it on the head in the intro there, when you talked about dynamic business environments. That's what people are facing these days. In many cases, they have the same business processes that they have always had, but the landscape has shifted. So, some things may become more important and other things are less important.

What's important in any case is to be able to drive efficiency throughout an organization and across all these business processes. With the economic challenges that organizations are facing have had, they've had to juggle suppliers, products, customers, ways to market, and ways to sell.

As they're doing that, they're looking at their existing business processes, they are trying to increase efficiencies, and they are trying to really make things more streamlined. That's one of the challenges that organizations have had in terms of streamlining what's going on within their organization.

Gardner: Dave, just as a sort of level-check on IT, as more organizations have elevated data and applications and infrastructure even into services, IT has become a bit more nimble, but what we are really focusing on are the processes. How we can utilize these services, create workflows, apply logic and checks and balances across how things are conducted, and pull together people and process as much as it affects what IT does at its core?

Two levels

Kelly: You've got two levels. As you said, there are core IT operations and applications that are out there, but the real business value that's happening today is being able to tie those things together to be able to add on and address the business needs and the business processes.

In many cases, these processes cross applications and services. As you said, some organizations

We're seeing that it's difficult sometimes for an organization, especially right now, to look at something on a one-, two-, or three-year plan.

are even getting into cloud solutions and outside services that they need to integrate into their business processes. We've seen a real change in terms of how organizations are looking to manage these types of processes across applications, across data sources, across user populations.

That's where some of the real pressure has come from the changes in the economy in terms of being able to address those process needs more quickly and in a much more flexible and nimble approach than we have seen previously.

This is probably a good point to talk about the fact that BPM solutions have been around for quite sometime now, and a lot of organizations have really put them to good use. But, over the past three or four years, we've seen this progression of organizations that are using BPM from a task-oriented solution to one that they have migrated into this infrastructure solution.

This is great, if you can support that, but now with the changes and pressures that organizations are facing in the economy and their business cycles, we see organizations look for much more direct, shorter term payback and ways to optimize business processes.

Gardner: Let's go to Joby O'Brien at BP Logix. Joby, Dave just mentioned the fact that we have sort of an infrastructure approach to BPM, but where the rubber hits the road is how business processes get adapted, changed, implemented. This also cuts between where the business side sees value and where the IT side can provide value.

Perhaps you could tell us a little bit about where you see the BPM market now, and how things are a little different than they were a few years ago?

O'Brien: Actually, the points that Dave made were great, and I agree completely. We're seeing that it's difficult sometimes for an organization, especially right now, to look at something on a one-, two-, or three-year plan. A lot of the infrastructure products and a lot of the larger, more traditional ways that BPM vendors approach this reflect that type of plan. What we're seeing is that companies are looking for a quicker way to see a return on their investment. What that means really is getting an implementation done and into production faster.

One of the things we are also seeing is that part of that thrust is being driven heavily by the business users. Instead of being a more traditional IT-oriented approach, where it's again a longer-term implementation, this new approach is being driven by business needs.

When there are particular business needs that are critical to an organization or business, those are the ones they tend try to address first. They are looking for ways to provide a solution that can be deployed rapidly.

Same level of customization

One interesting thing is that they are also still looking for the same level of customization, the same level of flexibility, that they would have in a much larger or infrastructure-type approach, but they still want that rapid deployment of those applications or those implementations.

We're also seeing that what they are doing in a lot of cases is breaking them apart into different pieces based on priority. They take the processes that are most critical, and that are being driven by the business users and their needs, and address those with a one-at-a-time approach as they go through the organization.

It's very different than a more traditional approach, where you put all of the different requirements out there and spend six months going through discovery, design, and the different approaches. So, it's very different, but provides a rapid deployment of highly customized implementations.

Kelly: It's almost a bottom-up approach to BPM, instead of taking the top-down, large-scale infrastructure approach. Those definitely have their place and can be really powerful, but, at the same time, you can also take this bottom-up approach, where you are really focused on, as Joby said, individual processes that can be aggregated into larger business processes.

Gardner: Let's go to Jason Woodruff at TLT-Babcock. First, Jason, tell us a little bit about your company. You are in the industrial space. Then, as an IT project manager, tell us a little bit about what your business side has been looking for.

Woodruff: Sure, Dana. First of all, just to give a background of what TLT-Babcock does, we are a supplier of air handling and material handling equipment, primarily in the utility and

That requires flexibility and ultimately usability, not only from the implementation stage, but the end user stage, and to do so in the most cost-effective manner.

industrial markets. Our spectrum of products range from new product to after-market, which would include spare parts rebuilds. We rebuild our own equipment, customer equipment, and competitor equipment as well. So, we have our hands in a lot of markets and lot of places.

As a project manager, my job, before I got involved in our BPM solutions, was simply to manage those new product projects. Serving in that capacity, I realized a need for streamlining our process. Right now, we don't want to ride the wave, but we want to drive the wave. We want to be proactive and we want to be the best out there. In order to do that, we need to improve our processes and continuously monitor and change them as needed.

So, the direction was given, "Let's do this. How are we going to do it? What do we need to do? What is it going to take? Let's get moving." After quite a bit of investigation and looking at different products, we developed and used a matrix that, first and foremost, looked at functionality. We need to do what we need to do. That requires flexibility and ultimately usability, not only from the implementation stage, but the end user stage, and to do so in the most cost-effective manner. That's where we are today.

Gardner: Okay. Jason, you didn't just write down one day on a blackboard or a white board, "We need Nimble BPM." You probably started with whatever the requirements that your business side gave to you. What allowed you to get from a long-term perspective on BPM to being more proactive and agile?

Needed a change

Woodruff: As I said, the drive was that we needed to make a change. We knew we needed to make a change. TLT-Babcock wants to be the best. We looked within and said, "What can we change to achieve that? What are our weaknesses? Where can we improve?" We made a list of things, and one of the big ones that jumped out was document control.

So, we looked at that. We looked at why document control was an issue and what we could do to improve it. Then, we started looking at our processes and internal functions and realized that we needed a way to not just streamline them. One, we needed a way to define them better. Two, we needed to make sure that they are consistent and repetitive, which is basically automation.

The research drove our direction. We evaluated some of the products and ultimately selected BP Logix Workflow Director. The research really led us down that path.

Gardner: Let's go back to Dave Kelly. Dave, for this sort of requirement of faster, better, and cheaper, what is the requirement set from your perspective in the market for Nimble BPM?

Kelly: An important thing for Nimble BPM is to be able to embrace the business user. Jason just referenced being able to bring the end users into the process in a cost-effective manner and allow them to drive the business processes, because they are ultimately the beneficiaries and the people who are designing the system.

Another aspect is that you have to be able to get started relatively quickly. Jason mentioned the need for that terms of how they identified this business need to be competitive and to be able to

Another thing that's important is to be able to handle ongoing changes and to define potential solutions relatively quickly. Those are some of the key drivers.

improve the processes. You don't want to spend six months learning about a tool set and investing in it, if you can actually get functionality out of the box and get moving very quickly.

Another thing that's important is to be able to handle ongoing changes and to define potential solutions relatively quickly. Those are some of the key drivers.

O'Brien: There's one thing that Jason said that we think is particularly important. He used one phrase that's key to Nimble BPM. He used the term "monitor and change," and that is really critical. That means that I have deployed and am moving forward, but have the ability, with Workflow Director, to monitor how things are going -- and then the ability to make changes based on the business requirements. This is really key to a Nimble BPM approach.

The approach of trying to get everybody to have a consensus, a six-month discovery, to go through all the different modeling, to put it down in stone, and then implement it works well in a lot of cases. Organizations that are trying to adapt very quickly and move into a more automated phase for the business processes need the ability to start quickly.

Monitoring results

They need the ability to monitor results, see what's going on, and make those changes- without having to go through some type of infrastructural change, development process, or rebuild the or retool the application. They need to be able to provide those types of real time monitoring and resulting changes as part of the application. So, that phrase is so important -- the concept of monitor and change.

Gardner: Joby, to Dave's point about getting the tool in a position that the end user, the business driver and the analyst, can use, are we talking about compressing the hand off and the translation between the business side requirements and necessities, especially in a dynamic environment and then implement and refer back? How do we compress this back-and-forth business, so that it becomes a bit more automated, perhaps Web-based and streamlined?

O'Brien: That's a really good question. One of the things we see is that, especially for somebody who's just moving a manual process or a paper-oriented process to an electronic process or an automated one -- people who haven't actually done that yet and this is new to them -- it's difficult sometimes for them to be able to lay out all of the different requirements and have them be exact.

Once they actually see something running, they see it as Web-based, they see their paper-based forms turn into electronic forms, they see their printed documents stored electronically, and

The idea or the approach with the Nimble BPM is to allow folks like Jason -- and those within IT -- to be able to start quickly.

they have different ways of getting reports and searching data inevitably there are changes.

The idea or the approach with the Nimble BPM is to allow folks like Jason -- and those within IT -- to be able to start quickly. They can put one together based on what the business users are indicating they need. They can then give them the tools and the ability to monitor things and make those changes, as they learn more.

In that approach, you can significantly compress that initial discovery phase. In a lot of the cases, you can actually turn that discovery phase into an automation phase, where, as part of that, you're going through the monitoring and the change, but you have already started at that point.

Kelly: Dana, I'd just add that what you are saying here is what you've seen in the development of agile development methodologies over the past 10 years in the software arena, where organizations are really trying to develop applications more quickly and then iterate them.

I think that's what Joby's talking about here in terms of the Nimble BPM is being able to get out of the starting block much more quickly. The thing can then be adjusted dynamically over time, as the business really discovers more about that process.

User expectation

O'Brien: I completely agree. The other is the expectation of the users, even if it is nimble, for something faster, Just getting out of the block quicker is not sufficient. There is usually still an expectation about a relatively high degree of sophistication, even with doing something quickly. In most of these cases, we will still hear that the customer wants integration, for example, into their back-end systems.

They've got applications. They've got data that's stored in a lot of different systems. In a lot of cases, even when they're trying to go do something very quickly, what they are doing is still looking to have some type of an integration into existing systems, so that the BPM product now becomes that coordinator or a way of consolidating a lot of that information for the business users.

Gardner: l'd like to drill down a little bit on how this affects process. Jason, at your organization, when you started using BPM, did you notice that there was a shift in people and their process? That is to say, was there actual compression from what the business side needed and what the IT side could provide?

Woodruff: Yeah, that comes with the territory. We saw this as an opportunity not just to implement a new product like Workflow Director, but to really reevaluate our processes and, in

We'll sit down, find out what they need, create a form, model the workflow, and, within a couple of days, they're off and running. The feedback has been overwhelmingly positive.

many cases, redefine them, sometimes gradually, other times quite drastically.

Our project cycle, from when we get an order to when our equipment is up and operating, can be two, three, sometimes four years. During that time there are many different processes from many different departments happening in parallel and serially as well. You name it -- it's all over the place. So, we started with that six-month discovery process, where we are trying to really get our hands around what do we do, why do we do it that way and what we should be doing.

As a result, we've defined some pretty complex business models and have begun developing. It’s been interesting that during that development of these longer-term, far-reaching implementations, the sort of spur-of-the-moment things have come up, been addressed, and been released, almost without realizing it.

A user will come and say they have a problem with this particular process. We can help. We'll sit down, find out what they need, create a form, model the workflow, and, within a couple of days, they're off and running. The feedback has been overwhelmingly positive.

Gardner: It strikes me that when you demonstrate that you can do that, you open up this whole new opportunity for people to think about making iterative and constant improvement to their jobs. Before, they may not have even tried, because they figured IT would never be able to take it and run with it.

A lot more work for IT

Woodruff: It's interesting that you say that, because that's exactly what's happened. It's created a lot more work for us. One of the things we just implemented -- and this was one of those couple-of-day things -- involved a lot of issues where there was some employee frustration. Things weren't getting done as quickly as we thought they could be. People were carrying some ideas internally that they hadn't shared or shared through the existing channels, and results weren't being presented.

Sort of at the spur of the moment, we said, "We can address this. We can create an online suggestion box, where people can submit their problems and submit their ideas, and we can act on it." We got that turned around in a week, and it’s been a hit. Within the first couple of days, there were well over a dozen suggestions. They're being addressed. They're going to be resolved, and people will see the results. It just sort of builds on itself.

Gardner: Now, in some circles they call that Web 2.0, social networking, or Wikis. Collaboration, I suppose, is the age-old term. I want to go back to Joby at BP Logix. Do you see that the Nimble BPM approach, and this invigorated collaboration, is what gets us to that level of productivity that, as Jason pointed out, lets them push the wave rather than have to ride on someone else's?

O'Brien: Actually, we do. It's funny that Jason had mentioned that particular process. We see that also with many of the other customers we are working with. They are focused on the initial project or the business area that they are trying to address. They will take care of that, but then, as people see the different types of things that can be done, these small offshoots will occur.

A lot of these are very simple processes, but they still require some type of a structure. In some cases, some degree of compliance is also associated with them, and they need the ability to be

With everything somebody is doing, having some degree of management, some degree of control, visibility, auditing, tracking, is important

able to put those together very quickly. Some are simple things, the things that are one-off type of workflows or processes that have originated within an organization. It just happens to be the way they do business.

It's not something traditional, like an IT provisioning or some type of sales-order processing. There are those one-off and unique ways that they do business, which now can provide a degree of collaboration.

Gardner: So, we need to marry the best of ad hoc in innovation, but keep it within this confines of "managed," or it could spin out of control and become a detriment.

O'Brien: That's probably one of the key pieces to almost all of these. With everything somebody is doing, having some degree of management, some degree of control, visibility, auditing, tracking, is important. Inside an organization, there can be hundreds of different processes, little ad-hoc processes that people have created over the years on how they do business.

Some of those are going to stay that way, but with others there needs to be more of a management, automation, auditing, or tracking type of approach. Those are the types of processes, where people don't initially look at them and say, "These are the types of things that I want to automate, so let me bring a BPM tool in."

Getting control

They walk into that area because they realize that a Nimble BPM tool can address those very quickly. Then they start getting some degree of control almost instantaneously, and eventually work their way into full compliance within their industry -- tracking, auditing, automation, and all of the goodness associated with the traditional BPM tool.

Gardner: Jason, this all sounds great in theory, but when you put it into practice, are these small improvements, or what are the metrics? What is the payback? How can you rationalize and justify doing this in terms of a steadfast, predictable, even measurable business result?

Woodruff: I don't know if anybody can really answer that question in black and white, but there are several paybacks. We haven't spent a lot of time doing a calculation of our return on investment (ROI) financially. It's so obvious that the number doesn't really matter as far as we are concerned at this point.

We save a lot of time. To put a figure on it is tough to do, but we save a considerable amount of time. More importantly it allows us to reduce errors and reduce duplication of work, which

. . . It allows us to reduce errors and reduce duplication of work, which improves our lead-time and competitiveness. It's just a win-win. So, it doesn't really matter what the number is.

improves our lead-time and competitiveness. It's just a win-win. So, it doesn't really matter what the number is.

Gardner: Well, how about your relationships with the rest of the organization? When the folks at TLT-Babcock think of IT, do they perhaps perceive you a little differently than they may have in the past?

Woodruff: While I do have a background in IT, that wasn't my role at TLT-Babcock, and still isn't. As a project manager working on customer-driven projects, I am the end user. This current situation came about when I expressed not just my and several other people's comments that we could improve here.

Because I had that background from a previous life, so to speak, I became the natural choice to head this charge. Now, I don't spend as much time in project management. I spend very little time doing that and focus, primarily, on troubleshooting and improving processes.

I've got this role that Joby talked about -- management of these ad hoc things. Bring me your ideas and bring me your problems and we will be the umbrella over all of this and coordinate these efforts, so that we're implementing solutions that make sense for everybody, not just on a narrow focus.

Gardner: Perhaps, I oversimplified in referring to this as business versus IT, but a better way to phrase the question might be how has this changed your culture at your organization from where you sit?

In the early stages

Woodruff: It's interesting, because we're in the early stages here of implementation. We have a couple of processes out and a couple in testing. In the last couple of weeks, just for the first time, we gave a company-wide demonstration of Workflow Director, what it does, how we're going to use it, and, looking down the road, how the processes we have known and grown to love, so to speak, will be changing using this new tool.

That really was a spark that gave each of the users a new look at this and an idea of how this tool is going to affect the tasks that they do each day, their own processes. That's when these ideas started flowing in, "Can you use it to do this? Can you use it to do that?" When they see that, they say, "Oh, that's cool. That's slick. That's so easy." So, we're right at that turning point.

Gardner: Well, we'll have to come back in a while and see how that cultural shift has panned out. Meanwhile, let's go to Joby. For those organizations like Jason's that want to take a Nimble BPM tool and make themselves nimble as a result, how do they get started? Where do you begin to look to implement this sort of a benefit?

O'Brien: Let me make sure I understand the question. How do they typically get started or what organization brings us in?

Gardner: How do you get started in saying, "We like the idea of Nimble BPM that then enables as a catalyst nimble business processes. Where do we begin? How do we get started?"

O'Brien: Almost always, that request will be initiated or driven from some business need, a lot of times from a business unit, and occasionally from IT. So, it's going to be driven from a lot of

That really was a spark that gave each of the users a new look at this and an idea of how this tool is going to affect the tasks that they do each day, their own processes.

different places, but it's almost always going to be geared around the idea of the ability to respond quickly to some type of automation and control around a particular process.

In most cases, at least in our experience, there is usually a primary factor that causes the organization to bring in the product and start the implementation, and that's what they are focused on addressing. From there it grows into other areas, very much like Jason just described. When people start gaining visibility into the types of things that can be done and what that actually means, we generally see the tool growing into other areas.

Gardner: Now, David Kelly, that gets back to your earlier statements, if you are going to start from a tactical pain point and then realize benefits that can then be presented perhaps more horizontally and strategically across the organization, you can't do that sort of crawl-walk-run approach, if you've got to do a two-year multi-million dollar infrastructure approach, better to have something you can do at that more iterative level.

Kelly: Exactly. I think Jason highlighted that in terms of what he just said, in terms of getting these workflows and processes out there showing them to the rest of the company then watching as, all of a sudden, the idea started exploding in terms of how those could be applied. It's the same kind of thing.

From what I have seen, a lot of organizations -- Joby has mentioned this -- start with any process in the organization that needs automation. There are probably multiple processes that need automation, monitoring, or some kind of control.

Just look around

You don't have to think big-picture BPM solution. Just look around. It could be a request management. It could be tracking something. It could be sharing documents or controlling access to the documents. It could be something that adds on to an enterprise resource planning (ERP) system that you need to have additional control over.

There are multiple processes, even in highly automated organizations, that still need automation. You can start in an area like that with a task and with a specific kind of scenario, automate that, use a Nimble BPM product tool like this, start down that road, and then expand beyond there. Jason provides a really good example of that.

Woodruff: If I can jump in again here to expand on that point, something comes to mind here. The question was asked, how does this process start, how do you get started on this path? The two years prior to even looking at BP Logix, we had brought in two, maybe three, different subject matter experts to develop our current in-house system. This was to do just what you said David, do a little something here, a little something there, not necessarily as a global approach to streamlining everything, not workflow software but just something to get results.

Well, we weren't getting anything done. We would get one little thing that wasn't very useful to somebody and something else that wasn't useful to somebody else, and we were just sort of spinning our wheels. Within a few months of getting BP Logix products in our hand, we are off and running. It’s pulling us through in some ways.

So it was just the lack of results that said, "We've got to find something better." So we went out and did that research I talked about earlier, and here we are a few months down the road, and I can say that we are now driving that wave.

Gardner: Okay. Well, I'm afraid we are about out of time, but we have been discussing how in dynamic business environments a nimble approach to BPM can start at the tactical level and even lead to cultural change and swift paybacks. Helping us understand the ability to draw down processes into something that can be measured and used in a managed environment, we have been joined by Joby O'Brien, development manager at BP Logix. Thanks Joby.

O'Brien: Thank you.

Gardner: David A. Kelly, senior analyst at Upside Research. Thanks again, Dave.

Kelly: You're welcome, Dana. Great to be here.

Gardner: We also appreciate Jason Woodruff joining us. He is the project manager at TLT-Babcock. Thanks for your insights and sharing, Jason.

Woodruff: Thank you. It's my pleasure.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You've been listening to a sponsored BriefingsDirect podcast. Thanks for listening and come back next time.

Listen to the podcast. Download the transcript. Find it on iTunes/iPod and Podcast.com. Learn more. Sponsor: BP Logix.

Transcript of a sponsored BriefingsDirect podcast on how Business Process Management can help enterprises solve productivity problems and rapidly adapt to changing economic conditions. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

Portfolio Management Techniques Help Rationalize IT Budgets in Tough Economy

Transcript of a BriefingsDirect podcast on managing IT departments in the face of an economic downturn and an infusion of stimulus cash.

Listen to the podcast. Download the transcript. Find it on iTunes/iPod and Podcast.com. Learn more. Sponsor: Compuware.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today, we present a sponsored podcast discussion on the importance of managing IT departments in dynamic business environments. The current economic downturn has certainly highlighted how drastically businesses and, of course, the IT operations within them need to change, whether in growth, in terms of cutting out business units, functions, or processes, and then also setting themselves up for either a change in market direction or renewed growth in existing businesses.

For the past year or so, organizations may have watched their revenues decrease, their customers slide, and their supply chains change drastically right before their eyes. So, as budgets in the IT department have reacted to this reality, they've been managing change, but they also need to manage the horizon, keep their eye on what's coming next in terms of growth. For many industries, that includes a large amount of stimulus money being driven into certain activities.

We're here to talk to an executive from Compuware about how IT organizations can better understand managing change, how they can employ IT portfolio management techniques and products and processes, and better manage their short-term shrinkage or reduction needs, while maintaining an opportunity to be flexible when the tide turns.

So please join me in welcoming Lori Ellsworth, Vice President of Changepoint Solutions at Compuware. Hi, Lori.

Lori Ellsworth: Hello.

Gardner: We're also joined by David A. Kelly, Senior Analyst at Upside Research. Hello, Dave.

David A. Kelly: Hey, Dana, great to be here with you.

Gardner: Dave, let me start with you. We have seen over the years, complexity increasing in IT organizations. They've taken on more activities that IT departments are responsible for and that includes people, process, products, and technologies. Tell me, if you will, about the lay of the land when it comes to IT portfolio management, perhaps a little historical context, and then we can get more into the problems that we are facing nowadays.

Kelly: Sure, Dana. The place to start with IT portfolio management is the idea that it's really hard to improve, if you don't have a way to measure how you're doing or a way to set goals for where you want to be. That's the idea behind IT portfolio management, as well as project and portfolio management (PPM), which is an early nomenclature for a similar type of goal. That was to take the same type of metrics and measurements that organizations have had in the financial area around their financial processes and try to apply that in the IT area and around the projects they have going on.

It measures the projects, as well as helps try to define a way to communicate between the business side of an organization that's setting the goals for what these projects or applications are going to be used for, and the IT side of the organization, which is trying to implement these. And, it makes sure that there are some metrics, measurements, and ways to correlate between the business and IT side.

What we've also seen recently is this move toward IT portfolio management, where the focus is not just upon the projects themselves that are going on in the IT organization, but also on the applications and the resources that the IT group has deployed and measuring how well those are meeting the business needs.

Gardner: Now, correct me if I'm wrong, but it seems that for the last several years, managing growth and complexity has been paramount for these technologies and approaches.

Sea change in IT

Kelly: Absolutely. That's where the economy was and that's where a lot of organizations have been over the past three or four years in terms of ramping up new services and deploying new things. As you said in your intro, there has pretty much been a sea change over the past nine months or so in terms of the economy as well as how organizations need to react to it.

Now, there's an opportunity for organizations to step back, take the same type of tools, and begin to apply them to tougher economic times. They can make sure they're making the right decisions for today, as well as to lay the groundwork for future growth.

Things are going to turn around maybe later this year or next year. When that happens, resources are going to be tight and constrained. So, organizations are going to have to have the right information to be making the best decisions to capitalize upon that growth when it comes, as well as to get them through this tough period, where they have to optimize the limited resources they have to deal with the current business situation.

Gardner: Lori Ellsworth, perhaps you could share with us what you're hearing from your customers. It seems the keyword here is "change." How does this change management relate to IT portfolio management from where your customers are sitting now?

Ellsworth: It ties into the business environment that David was just talking about. IT organizations now are moving towards acting in a more strategic role. As we've just talked about, things are changing rapidly in the business environment, which means the organizations that they're serving need to change quickly and they are depending on, or insisting on, IT changing and being responsive with them.

It's essential that IT needs to watch what's going on, participate in the business, and move quickly to respond to competitive opportunities or economic challenges. They need to understand everything that's underway in their organization to serve the business and what they have available to them in terms of resources and they need to be able to collaborate and interact with the business on a regular basis to adjust and make change and continue to serve the business.

I can contrast that historically to different times, where IT played a different role, and there were different economic conditions, where it was much easier to make decisions and work on a project and go off and work on that project for a year. That's not the world we live in today, and IT needs to be as responsive as the rest of the business.

Gardner: I'm sure IT is not alone in needing to very firmly rationalize their spending, both operationally and on new spending. It also appears to me that you have to be able to have the actual data in hand. You can't go to a budget-minded executive -- a COO, for example, or a CFO -- and rationalize your budget with estimates or soft approaches to this. What is it about IT portfolio management that puts data into the process?

Ellsworth: First of all, we have to think about it as a company. Those COO's

. . . they need to understand who are the people, what is the cost, and where can we make changes to respond to the business.

who you've just referred to, are investing money in IT. It may be coming from the business units, but they're making an investment in technology to serve the business. IT needs to understand how they, in collaboration with the business, are making decisions to use that money, what they're investing it in, and where they have an opportunity to make changes to better serve the business.

If IT wants to engage in a conversation about moving investments, about stopping something they're working on so they can respond to a market opportunity, for example, they need to understand who are the people, what is the cost, and where can we make changes to respond to the business.

Gardner: Making those priorities requires a comparison. So, a cost-benefit analysis might be one approach. Again, if you don't have the details about what it is that IT is doing and what it's capable of, you're not able to bring a true cost benefit analysis into this discussion.

Cost-benefit analysis

Ellsworth: Absolutely. And, this approach as you suggested, the cost-benefit analysis, that's about a business approach. In other words, this isn't about IT deciding on different projects they could work on and what benefit it might deliver to the business. The business is at the table, collaborating, looking at all the potential opportunities for investment, and reaching agreement as a business on what are the top priorities.

Gardner: Dave Kelly, what else do you see in terms of the problem set here, when it comes to this dynamic environment and managing change, whether it's growth or whether it's contraction across people and process? We seem to have, of course, the need for the data, for the information, but then, once we get to the point of execution, it seems to me that this insight into the portfolio can also be important.

Kelly: Yes, it is important. I'm going to key on a couple of words that Lori mentioned in responding to your question. The other thing that's needed is consistency. When you're making these kinds of decisions, for a lot of IT organizations and organizations in general, if times are good, you can make a lot of decisions in an ad hoc fashion and still be pretty successful.

But, in dynamic and more challenging economic times, you want the decisions that you or other people on the IT team, as well as the business, are making to be consistent. You want them to have some basis in reality and in an accepted process. You talked about metrics here and what kind of metrics can you provide to the COO.

You need consistency in these dynamic times and also you need a way to collaborate, as Lori brought up. That's a really good point, in terms of being able to collaborate between the business and IT, because you are always making these trade-offs.

Unless you have all the money in the world, for these decisions about applications or projects within the IT organization you need to collaborate within the IT organization and have a consistent view on what's going on, as well as collaborating with the business stakeholders and making sure that you are making the right decisions there. Those are couple of key points to think about in these turbulent and dynamic times.

Gardner: I think you're also pointing to the need for automating those labor-intensive

So, the moment we rely on individual efforts or on people who have to go out and sit through meetings and collect data, we're not getting data that we can necessarily trust.

manual processes. Perhaps you're using spreadsheets or perhaps using a siloed approach of just looking at certain elements of the IT environment, rather than a comprehensive view that doesn't scale in terms of complexity or time. We need to reevaluate a budget now in two months, rather than on a yearly or six-month cycle. Let me take it back to Lori. To what degree do manual processes break down in terms of how IT manages its portfolio?

Ellsworth: There are a couple of problems with manual processes. As you suggested, they're very labor-intensive. We've talked about responsiveness. We need information to drive decision-making. So, the moment we rely on individual efforts or on people who have to go out and sit through meetings and collect data, we're not getting data that we can necessarily trust. We're not getting data that is timely to your point and we're not able to make those decisions to be responsive.

You end up with a situation where very definitely your resources are busy and fully deployed, but they're not necessarily doing the right things that matter the most to the business. That data needs to be real-time, so that, at multiple levels in the organization, we can be constantly assessing the health and the alignment in terms of what IT is doing to deliver to the business, and we have the information to make a change.

Kelly: Dana, if I could interject here. To me, it's a little bit analogous to what we saw maybe 10 years or a little longer ago in software development, when a whole bunch of automated testing tools became available, and organizations started to put a lot of emphasis in that area.

As you're developing an application, you can certainly test it manually and have people sitting there testing it, but when you can automate those processes they become more consistent. They become thorough, and they become something that can be done automatically in the background.

Fewer resources, higher quality

It takes fewer resources and less money to get much higher quality and a better result. We're seeing the same thing when it comes to managing IT applications and projects, and the whole situation that's going on in the IT area.

When you start looking at IT portfolio management, that provides the same kind of automation, controls, and structure by which you can not only increase the quality of the decisions that are being made, but you can also do it in a way that almost results in less overhead and less manual work from an organization.

You are always making a trade-off between the amount of investment required to effect a change like this and manage it on an ongoing basis and the benefit that it's going to pay back to you. So, you do want something that's going to be able to be automated and yet help deliver good results for you.

Gardner: Dave, to go further on your points, it seems that IT has been very busy for 10 or 15 years helping other aspects of the business do precisely this, which is to mature to gain access to data across different aspects of a process, a part of the supply chain, or manufacturing or transportation activity. Then, they allow that to be centralized and analyzed and then they implement what changes seem appropriate back into what's going on within those applications. So, IT is basically now at a point where it needs to start drinking its own tea, if you will. Lori does that make sense?

Ellsworth: Oh, absolutely. In the last several years, would we be running a business without visibility into the finance organization or the finance side of the business or into the sales forecast? The technology organization is now becoming more and more strategic to the success of the company. We need to understand what we're investing and what return we're getting for that investment.

Gardner: So, we're back to the economic environment and this need to mature more rapidly. Perhaps, like an adolescent, IT needs to have a growth spurt, rather than go through a long pleasant trip.

Now that we've recognized the dimension of the problem, how does one get started?

Choosing a tool is not going to be the answer to any of your challenges, unless you understand the business problem and the level of maturity, and you can embark on a combined people, process, and technology solution.

How does one begin to look at this as a solution and a maturation process for IT and not just, "Oh, let's pick out a product and drop it in?" It's really not a technology solution, is it Lori?

Ellsworth: Correct. What the IT organization has to start with is looking at that investment lifecycle that they're managing, from the demand coming into the business, through execution, managing what they're delivering back to the business, in this case, the application or the business service. They need to look across that entire lifecycle that they are managing and they need to do a couple of things.

They need to understand where their greatest pain points are. Many organizations, once they start a project, are quite comfortable and efficient in delivering effectively. Their pain point is collecting, managing and driving decision-making around the demand. So, it's important to understand the biggest pain points and to understand the organization's maturity. Choosing a tool is not going to be the answer to any of your challenges, unless you understand the business problem and the level of maturity, and you can embark on a combined people, process, and technology solution.

Gardner: Dave Kelly, just to keep the bean counters happy, I think it's important for us to look at a fairly short horizon for payback of some sort from any investments in IT portfolio management. Can you think of what might be low-hanging fruit in terms of where you could apply IT and portfolio management. Perhaps, it would be a consolidation or modernization factor, and we'd then say, "Aha, we've recovered the cost of this and now we can apply it to these other more strategic and transformative types of activity?"

Legacy transformation

Kelly: That's an excellent point. Areas such as legacy transformation or modernization are good for this, because you do have to make a lot of decisions, and Lori may have some other perspectives here as well. Any situation, where there are a number of stakeholders driving that decision-making may be difficult for some organizations, where you need to gain consensus. It's a good application for this type of solution.

It applies to any opportunity for managing new projects -- whether it's a legacy transformation or modernization, a new application or project that may have high dynamic components. It may be something that's not going to be a one hit wonder that you are just applying once, but is going to require some level of ongoing change. If you can justify the maintenance of that change and future changes through the use of the solutions like this, it can certainly help deliver that return on investment (ROI) much faster.

Gardner: How about that, Lori? Do you have any sense of where initial and speedy paybacks are available, perhaps even in regards to energy use?

Ellsworth: One of the things I see with customers is that some of the low-hanging fruit, as you described, is really in the area of redundancy.

It's an opportunity first of all to reduce the total number of applications, and the follow-on is an approach to being more efficient or investing in the applications that are strategic to the business.

It sounds pretty basic, but the moment an organization starts to inventory all of the projects that are under way and all of the applications that are deployed in production serving the business, even just that simple exercise of putting them in a single view and maybe categorizing them very simply with one or two criteria, quite quickly allows organizations to identify those rogue projects that were underway. They are investing resources. There is just no logical reason to keep them going.

Similarly, on the application side, they will quickly learn, "We thought we had 100 applications, and we've now discovered there are 300." They'll also quickly identify those applications that no one is using. There is some opportunity to start pulling back the effort or the cost they're investing in those activities and either reducing the cost out of the business or reinvesting in something that's more important to the business.

Gardner: So, employing IT portfolio management quickly will allow you to discover what application inefficiencies you have, which then, of course, translate back to infrastructure inefficiencies around utilization. Perhaps, you start deploying virtualization and taking the required or remaining applications in, and then deploying them with the most bang for the buck.

Ellsworth: Yes. It's an opportunity first of all to reduce the total number of applications, and the follow-on is an approach to being more efficient or investing in the applications that are strategic to the business.

Gardner: I guess I just wanted to affirm that the savings don't always just come from what you would get from reducing the number of applications. A secondary benefit would be in the way in which you produce these applications in production environment. Therefore, there could be savings on the infrastructure side as well.

Ellsworth: Absolutely.

Consolidation opens doors

Kelly: You could go through consolidation. As you said, it opens up new opportunities for cloud computing or other potential deployment opportunities.

Gardner: There is, of course, a lot of talk about more dynamic sourcing options, but if you want to take advantage of what you might perceive in that regard, you need to know what you have in place and what is required in terms of mission critical versus perhaps expendable.

Kelly: Exactly.

Gardner: Let's look at this again from another perspective for some industries. They may have seen a decrease very rapidly, but federal governments, both in the US and in other countries, have been injecting quite a bit of stimulus money into the environment for public sector and certain industries.

That should give these decision makers in IT and their counterparts on the business side some opportunities to say, "How should we take the stimulus money and most effectively invest it in our organization?" To me IT portfolio management should be in the top tier. Would you agree with that Lori?

Ellsworth: I absolutely would. There is no time where the investment being given to an organization, and in particular to IT, has been more visible. In addition to the money that's being invested as an ongoing course of doing business, there's an additional investment.

Organizations need to make timely and intelligent decisions about how to invest that money. They need to understand the different possibilities, create different potential views of what the future might look like, and really agree as a business, how to invest and keep the visibility in terms of how you are using those investments as well.

Gardner: Dave Kelly, the payback here, as we discussed, can be short-term, medium-term and then long-term, if we look towards that cloud or mixed sourcing future. What necessary steps are there for organizations, whether it's the reaction to stimulus money or just a renewed interested in investment for productivity sense? Where does the decision process for IT portfolio management need to come from? Is it just a CIO-level decision or an engineering VP decision? Where does this really become a purchase?

Kelly: It's generally the higher level, the CIO level. The senior management can drive it,

. . . it's a great time, if there's economic stimulus money coming into an organization. You want to make sure that it's well spent and used efficiently and effectively. . .

as well, and maybe an enlightened engineer also has some good ideas, wants to optimize things, and may be able to bring this process forward. But, It's clearly someone that you want to be able to drive this kind of change across different processes, projects, and applications and make it part of the foundation for an organization.

That doesn't mean it has to spread across the complete organization or complete IT system all at once. You can start in very tactical ways, but the vision is how you make these kinds of consistent decisions in a timely, intelligent, and reliable manner.

So, someone more senior is going to help drive a solution like this. As Lori said, it's a great time, if there's economic stimulus money coming into an organization. You want to make sure that it's well spent and used efficiently and effectively to set the foundation for the organization to deliver on what they are supposed to deliver on, as well as lay the foundation for going forward.

Gardner: And, the visibility that IT portfolio management provides, in my thinking, gets comprehensive in nature. That’s almost to think about an architecture-level decision. Lori, have you seen architecture getting involved with the requirements set around IT portfolio management or are the frameworks like ITIL, TOGAF, and DoDAF spurring on interest in getting this comprehensive view?

Benefiting from visibility

Ellsworth: I'll make a couple of comments. From an architecture perspective, I'm not necessarily seeing that area of the business driving this exercise, but they are participating. They're participating, because they are going to benefit from the visibility. They're driving initiatives across the IT organization. Certainly, the IT portfolio management solution plays a role in an ITIL initiative.

The other comment I would like to add may further David's comment. I'm also seeing an increased interest in participation, from a finance perspective, outside the IT organization. Often, the CIO and the executive in the finance area are working together.

The line of business executives -- the customers, if you will, the CIO -- are starting to be more mature, if I can use that expression in terms of their understanding of technology and of how they should be working with technology and driving that collaboration. So, there is some increased executive involvement even from outside IT, from the CIO's peers.

Gardner: Even at a general level, we're hearing the mentality that no crisis should go wasted, and, if you agree with me that the economic downturn provides an opportunity for transformation and not just for retrenchment, does IT portfolio management allow for a conversion within IT in terms of how it relates to its customers and perhaps even charges them?

That is to say, is this utilization of IT portfolio management a necessary step towards getting into an IT shared-services environment or a discrete charge back, where IT services are defined in business terms and charged accordingly. I'll direct this at Lori.

Ellsworth: It does provide another catalyst to IT behaving more like a business and,

Certainly, there are job-security issues for senior IT people, if they're not able to respond adequately to the CFO or COO or the business need changes.

as you've described, really managing the relationship with their customers, understanding their customers’ priorities, and the customer understanding the cost of what they need. Together, they're starting to work in that customer-supplier -- with a financial aspect -- type relationship.

That's something that IT has been moving towards for several years. Maybe they've been getting a little more push back from their internal customers, but the current economic conditions and the scrutiny on investment are more of a catalyst to get that customer-vendor type relationship going.

Gardner: David, we talked about what IT portfolio management can do. What are the penalties if you don't, if you continue to have manual and even paper-based or spreadsheet-based approaches to keeping track of your assets and resources? It seems to me that the complexity, those choices around sourcing, has been out of control. Furthermore, if I'm on the financial side of the house and I see that IT is floundering in its ability to run itself, I might be tempted to outsource significant portions of it. Right?

Kelly: Absolutely. I think you've highlighted some of the risks there for organizations that don't have good control in terms of the IT decision-making processes. Certainly, there are job-security issues for senior IT people, if they're not able to respond adequately to the CFO or COO or the business need changes.

The answer to your question of what happens if organizations don't move towards IT portfolio management depends upon the organization. If you have a slow-moving organization that doesn't have to make a lot of decisions and doesn't have a lot of investments, maybe they are just fine doing what they're doing, doing it ad hoc or doing it with the spreadsheets.

Consistent rational approach

But, as we've talked about throughout this podcast, any organization that is facing dynamic business conditions, that is investing in new applications or projects, that wants to be able to increase the efficiency in its IT organization, as well as increase the effectiveness of the application solutions it’s bringing to the business, absolutely needs to have some kind of consistent rational approach to gathering information, collecting metrics, being able to collaborate with the business and being able to make decisions in a consistent and rational way.

That really points very strongly towards IT and IT portfolio management or some similar type of solution. There is a little bit of investment required for any solution like this -- time, resources, and money -- but for organizations that have those conditions, it's a really strategic investment.

Gardner: Lori, did we miss anything? Is there a risk here that we didn't bring up yet about resisting a comprehensive view of assets in IT or perhaps even a downward spiral at some kind of that could ensue?

Ellsworth: No. The answer was comprehensive. You are absolutely correct that IT needs to recognize that there are competitive alternatives, and certainly, if IT isn't delivering, the business will go and look elsewhere. In some simple examples, you can see line-of-business customers going out and engaging with a software-as-a-service (SaaS) solution in a particular area, because they can do that and bypass IT.

The other side of that as well is when IT is executing.

. . . IT needs to recognize that there are competitive alternatives, and certainly, if IT isn't delivering, the business will go and look elsewhere.

If they're not making the right decisions and doing the things that have the highest return to the business or if they are delivering poorly, it's really about missed opportunity and lower ROI. So, while IT might be engaged and they might be delivering, they are minimizing the impact or the value they could be delivering to the business.

Kelly: Dana, let me just add one other thing in here. I really see these kinds of things as an opportunity for IT. We've talked about some of the challenges they may face and some of the problems that there could be going on, but, if you are able to implement a solution like this, it really frees up IT to be able to consider new opportunities.

As you noted, if you can do some application consolidation, you may be able to consider new deployment opportunities and cloud-based solutions. It will make the decision-making process within IT more nimble and more flexible, as well as enable them to respond more quickly to the line of business owners and be able to almost empower them with the right information and a structured decision-making process.

That enables them to take greater risks and take advantage of new opportunities that they might not have been able to, if they just proceed with whatever solutions they have in hand.

Moving toward strategies

Ellsworth: That's a really good point, because the one metric, if I can use that word, that is understood by executives outside of the IT organization is how much of our investment is just going towards keeping things running or of keeping the lights on and how much is towards strategic work. Certainly the lower amount is strategic today. Anytime the CIO can show progress towards moving from keeping the lights on toward more investment strategies, that's something that's easy to understand outside of IT.

Gardner: And on that same topic of metrics, Lori do you have examples perhaps even used cases where the proper deployment of IT portfolio management has the demonstrated tangible result?

Ellsworth: Sure. To just speak generally, we have customers who are seeing improvement, first of all, on the execution side, and those improvements are in the area of being able to deliver projects. So, let's assume for a moment, that we're doing the right things. You're starting to see a 30 percent improvement in delivering a project on time, on budget, and meeting the business need.

If you start to back up, just thinking about that project as strategic, it will have an impact on the business, maybe even a revenue-generating impact. I can increase the probability of delivering it, when it's needed for the cost and meeting the business need, and you can start to translate that into the value back to the business.

Something a little less tangible is making better business decisions. Now, we're not wasting our resources. We're investing them in the right things and looking for a higher return to the business. Most of our customers will start to see what I'll call the supply and demand side of the business, and start to see some tangible returns in that area for certain.

The other area is in your utilization or productivity of resources. Customers are seeing significant increases in that area.

Gardner: Well, we're almost out of time. We've been digging into the need for better-managed processes in IT for how IT operates itself. We're looking at contraction and the requirements to reduce cost at an operating level, but at the same time, needing to prepare for a transformation of IT into perhaps more of a mature business unit to be able to ramp up for growth and take advantage of what stimulus money might be available.

We've been joined by Lori Ellsworth the vice-president of Changepoint Solutions at Compuware. Thank you, Lori.

Ellsworth: Thank you very much.

Gardner: We've also been joined by David A. Kelly, senior analyst at Upside Research. Great to have you with us, David.

Kelly: Great to be here, Dana. Thanks for inviting me.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You have been listening to a sponsored BriefingsDirect podcast. Thanks for listening and come back next time.

Listen to the podcast. Download the transcript. Find it on iTunes/iPod and Podcast.com. Learn more. Sponsor: Compuware.

Transcript of a BriefingsDirect podcast on managing IT departments in the face of an economic downturn and an infusion of stimulus cash. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

Analysts Define Growing Requirements List for Governance in Any Move to Cloud Computing

Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 42 on need for governance as more enterprises look to cloud computing services from inside and outside the firewall.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Charter Sponsor: Active Endpoints. Also sponsored by TIBCO Software.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Dana Gardner: Hello, and welcome to the latest BriefingsDirect Analyst Insights Edition, Volume 42. I'm your host and moderator, Dana Gardner, principal analyst at Interarbor Solutions.

This periodic discussion and dissection of IT infrastructure related news and events, with a panel of industry analysts and guests, comes to you with the help of our charter sponsor, Active Endpoints, maker of the ActiveVOS visual orchestration system, and through the support of TIBCO Software.

Gardner: Our topic this week on BriefingsDirect Analyst Insights Edition, and it is the week of May 18, 2009, centers on governance as a requirement and an enabler for cloud computing. We're going to talk not just about IT governance, or service-oriented architecture (SOA) governance. It's really more about extended enterprise processes, resource consumption, and resource-allocation governance.

It amounts to "total services governance," and it seems to me that any meaningful move to cloud-computing adoption, certainly that which aligns and coexists with existing enterprise IT, will need to have such total governance in place.

So, today we'll go round robin with our IT analyst panelists on their top five reasons why service governance is critical and mandatory for enterprises to properly and safely modernize and prosper vis-à-vis cloud computing.

We see a lot of evidence that the IT vendor community and the cloud providers themselves recognize the need for this pending market need and requirement for additional governance.

For example, IBM recently announced a virtualization configuration management appliance called CloudBurst. It not only helps companies set up and manage virtualized infrastructure, but it can just as well provision and manage instances of stacks of applications, as well as data services support across any number of cloud scenarios.

Easier provisioning

We also recently saw Amazon Web Services move with a burgeoning offering to ease provisioning, a reliability control, via automated load balancing and scaling features and services.

Akamai Technologies this spring announced advanced network-based cloud performance support, in addition to content and application's optimization services. [Disclosure: Akamai is a sponsor of BriefingsDirect podcasts.]

HP, also this spring, released Cloud Assure to help drive security, performance, and availability services for software-as-a-service (SaaS) applications, as well as cloud-based services. So, the road to cloud computing is increasingly paved with, or perhaps is going to be held up by, a lack of governance. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here to help us understand the need for governance as an enabler or a roadblock to wider cloud adoption are our analyst guests this week. We're here with David A. Kelly, president of Upside Research. Hey, Dave.

David A. Kelly: Hey, Dana. Happy to be here. This should be a fun topic.

Gardner: Ron Schmelzer, senior analyst from ZapThink. Hey, Ron.

Ron Schmelzer1: Hey, great to be here.

Gardner: And, Joe McKendrick, independent analyst and ZDNet blogger. Hey, Joe.

Joe McKendrick: Hey, Dana, nice to be here as well.

Gardner: Let's start with you Ron. You've been involved with SOA best practices and methodologies for several years. Before that, you were a thought leader in the Web services space, and governance has been part and parcel of these advances. Now, we're taking it to an extended environment, a larger, more complex environment. Tell me, if you would, your top five reasons why you think services governance is critical or not for this move to a larger services environment.

Schmelzer: You're making me count on a Friday before a long weekend. Let me see if I can do that. I'm glad you brought up this topic. It's really interesting. We just did a survey of the various topics that people are interested in for education, training, and stuff like that. The number one thing that people came back with was governance. That's indicative and telling at a few levels.

The first thing people realize is that simply building and putting out services -- whether they're on the local network or in the cloud or consuming services from the cloud -- don't provide the benefit, unless there's some control. As people always say, nobody really wants to be ungoverned, but nobody wants to have a government. The thing that prevents freedom from going into chaos is governance.

I can list the top five reasons why that is. You want the benefit of loose coupling. That is, you want the benefit of being able to take any service and compose it with any other service without necessarily having to get the service provider involved. That's the whole theory of loose coupling. The consumer and the provider don't have to directly communicate.

But the problem is how to prevent people from combining these services in ways that provide unpredictable or undesirable results. A lot of the efforts in governance from the runtime prevents that unpredictability. So one, preventing chaos.

Two. Then there is the design time thing. How do you make sure services are provided

How do you make sure that the various services comply with the various corporate policies, runtime policies, IT policies, whatever those policies are?

in a reliable predictable way? People want to create services. Just because you can build a service doesn't mean that your service looks like somebody else's service. How do you prevent issues of incompatibility? How do you prevent issues of different levels of compliance?

Of course, the third one is around policy. How do you make sure that the various services comply with the various corporate policies, runtime policies, IT policies, whatever those policies are?

Those are the top three. To add a fourth and a fifth, people are starting to think more and more about governance, because we see the penalty for what happens when IT fails. People don't want to be consuming stuff from the cloud or putting stuff into a cloud and risking the fact that the cloud may not be available or the service of the cloud may not be available. They need to have contingency plans, but IT contingency plans are a form of governance. Those are the top four, and it's a weekend, so I'll take the fifth off.

Gardner: Very good. Now, we go to David Kelly next. David, you've been following the cloud evolution through the lens of business process management (BPM) and business process modeling. I'm interested in your thoughts as to how governance can assist in how organizations can provide a better management and better modeling around processes.

Kelly: Yeah, absolutely. At one level, what we're going to see in cloud computing and governance is a pretty straightforward extension of what you've seen in terms of SOA governance and the bottom-up from the services governance area. As you said, it gets interesting when you start to up-level it from individual services into the business processes and start talking about how those are going to be deployed in the cloud. That brings me to my first point. One of the key areas where governance is critical for the cloud is ensuring that you're connecting the business goals with those cloud services.

It's like the connection between IT and business in conventional organizations. Now, as those services move out to the cloud, it's the same problem but in a larger perspective, and with the potential for greater disruption. Ron just mentioned that in terms of the IT contingency planning and the risk issues that you need to bring up. So, one issue is connecting the business goals with the cloud services.

Another aspect that's important here is ensuring compliance. We've seen that for years. That's going to be the initial driver that you're going to see in the cloud in terms of compliance for data security, privacy, and those types of things. It's real easy to get your head around, and when you're looking at cloud services that are provided to consumers, that's going to be a critical point.

Can the consumers trust the services that they're interacting with, and can the providers provide some kind of assurance in terms of governance for the data, the processes, and an overall compliance of the services they're delivering?

Then, when you step back and look, the next issue in terms of governance

It's like saying we have Web server governance. You need it. It's there and its important, but its such a small slice of the overall solution that we're going to have to see a much broader expansion over the next four or five years.

and cloud governance comes down to ensuring consistent change management. You've got a very different environment than most IT organizations are used to. You've got a completely different set of change-management issues, although they are consistent to some extent with what we've seen in SOA and the direction organizations are taking in that area. You need to both maintain the services and make sure they don't cause problems when you're doing change management.

The fourth point is making sure that the governance can increase or help monitor quality of services, both design quality, as Ron mentioned, and runtime quality. That could also include performance.

Dana, when you mentioned some of your examples, most of those are about the performance and availability of these services. So, they're very limited. What we've seen so far is a very limited approach to governance. It's like saying we have Web server governance. You need it. It's there and its important, but its such a small slice of the overall solution that we're going to have to see a much broader expansion over the next four or five years.

The last thing, looking at this from a macro perspective, is managing the cloud-computing life cycle. From the definitions of the services, through the deployment of the services, to the management of the services, to the performance of the services, to the retirement of the services, it's everything that's going on in the cloud. As those services get aggregated into larger business processes, that's going to require different set of governance characteristics. So, those are my top five.

Gardner: Joe McKendrick, we've heard from David and Ron. David made an interesting point that we're probably scratching the surface of what's going to be required for a full-blown cloud model to prosper and thrive. We're still looking at this as basically red light-green light, keeping it working, keeping the trains running. We don't necessarily have them on time, on schedule, or carrying a business payload or profit model. So, Joe, I'm interested in your position -- five reasons why governance is important, or what, perhaps, needs to come.

McKendrick: Thanks, Dana. Actually, Ron and David really covered a lot of the ground I was going to cover, and they said it probably a lot better than I would say.

There is an issue that's looming that hasn't really been discussed or addressed yet. That is the role of governance for companies that are consuming the services versus the role of governance for companies that are providing the services.

On some level, companies are going to be both consumers and providers of cloud services. There is the private cloud concept, and we've talked about that quite a bit in these podcasts. SOA is playing a key role here of course.

Companies, IT departments will be the cloud providers internally, and there is a level of governance, the design time governance issues that we've been wrestling with SOA all these years, that come into play as providers.

There are going to be some other companies that may be more in a consume mode. There are other governance issues, another side of governance, that they have to tackle, such as service-level agreements (SLAs), which is assuring the availability of the applications they're receiving from some outside third party. So, the whole topic of governance splits in two here, because there is going to be all this activity going on outside the firewall that needs to be discussed.

Another key element that's coming into play has been wrestled with, discussed, and thrown about during the development of SOA over the past few years.

A lot of companies are taking on the role of a broker or brokerage. They're picking up services from partners, distributors, and aggregators, and providing those services to specific markets.

It's the ability to know what services are available in order to be able to discover and identify the assets to build the application or complete a business process. How will we go about knowing what's out there and knowing what's been embedded and tested for the organization?

The issue of return on investment (ROI) is another hot button, and we need to be able to determine what services and processes are delivering the best ROI. How do we measure that? How do we capture those metrics?

But overall, the key thing of SOA and what we've been talking about with SOA is how do we get the business involved? How do we move it beyond something that IT is implementing and move it to the business domain? How do we ensure that business people are intimately involved with the process and are identifying their needs? Ultimately, it's all about services. We're seeing businesses evolve in this direction.

A lot of companies are taking on the role of a broker or brokerage. They're picking up services from partners, distributors, and aggregators, and providing those services to specific markets. I call it the "loosely coupled business" concept, and it's all about services -- SOA, Web services, cloud-based services. It's all rolled into one -- Enterprise 2.0. I'll bring that in there too.

So, we're just scratching the surface here.

Preparing to scale

Gardner: Thanks Joe. I'll be last and will take the position of disadvantage, because I'll be talking a lot about what you've all stated so far, but perhaps with a little different emphasis.

My first reason for governance is that we're going to need to scale beyond what we do with business to employee (B2E). In many cases we've seen SOA and Web services developed in large enterprises first for some B2E and some modest business to consumer (B2C).

For cloud computing, we're going to need to see a greater scale business to business (B2B) cloud ecology and then ultimately B2C with potentially very massive scale. New business models will demand a high scale and low margin, so the scale becomes important. In order to manage scale, you need to have governance in place. And by the way, that's not only for services, but application programming interfaces (APIs).

We're going to need to see governance on API usage, but also in what you're willing to let your APIs be used for -- not just on an on/off switch, but also at a qualitative level. Certain types of uses would be okay, but certain others might not for your APIs, and you might also want to be able to charge for them.

My second point is the need to make this work within the cloud ecology.

Standards and neutrality at some level are going to be essential for this to happen at that scale across a larger group of participants and consumers.

So, with dynamic partnering, with people coming and going in and out of an ecology of process, delivered cloud services, means federation. That means open and shared governance mechanisms of some type. Standards and neutrality at some level are going to be essential for this to happen at that scale across a larger group of participants and consumers.

One example of this we've seen at the social-network level is the open, social approach to sign-on and authentication. That's just scratching the surface of what's going to be required in terms of an automated approach to provisioning and access control at the services level, which falls back to much more robust and capable governance.

My third reason is that IT is going to need to buy into this. We've heard some talk recently about doing away with IT, going around IT, or doing all of these cloud mechanisms vis-à-vis the line of business folks. I think there is a role for that, and I think it's exploratory at that level.

Ultimately, for an enterprise to be successful with cloud models as a business, they're going to have to take advantage of what they already have in place in IT. They need to make it IT ready and acceptable, and that means compliance. As we've talked about, that's the ability to have regulatory satisfaction, where that's necessary, and to satisfy the requirements that IT has for how its going to let its resources, services, and data be used.

IT checklist

IT has, or should have, a checklist of what needs to take place in order for their resources and assets to be used vis-à-vis outside resources or even within the organization across a shared-services environment. IT needs to be satisfied, and governance is going to be super essential for that.

Number four is that the business models that we're just starting to see well up in the marketplace around cloud are also going to require governance in order to do billing, to satisfy whether the transaction has occurred, to provision people on and off based on whether they've paid properly or they're using it properly under the conditions of a license or a SLA of some kind. This needs to be done at a very granular level.

We've seen how long it took for telecommunications companies to be able to build and provision properly across a fairly limited amount of voice services. They recognized that their business model was built on the ability to provision a ring tone and charge appropriately for it. If it has a 30-day limit to use, that needs to be enforced. So, governance is going to be essential for making money at cloud types of activities.

Lastly, cloud-based data is going to be important. We talk about transactions, services, APIs, and applications, but data needs to be shared, not just at a batch level, but at a granular level across multiple partners. To govern the security, provisioning, and protection of data at a granular level falls back once again to governance. So, I come down on the side that governance is monumental and important to advancing cloud, and that we are still quite a ways away from doing that.

Where I'd like to go next with the conversation is to ask where would such

The cloud actually complicates things a little bit, because we're not really in control of the cloud infrastructure. So, we don't have full control of how a third-party cloud environment would choose to enforce a runtime policy.

governance happen? Is this something that will be internal? Will there be a third party, perhaps the equivalent of a Federal Reserve in the cloud, that would say, "This is currency, this is what the interest rates are, and this is what the standards are?" In a sense, we're talking about cloud computing as almost an abstraction, like we do when we think about an economy or a monetary system.

So, let's take up that question of where would you actually instantiate and enforce governance. Back to Ron Schmelzer at ZapThink.

Schmelzer: It's good that you mentioned all of these things. Governance just can't be a bunch of words on a piece of paper, and then you hope that people by themselves will just voluntarily make them happen. Clearly, we need some ways of enforcing them.

Some of them are automated and some of them are automatable, especially a lot of the runtime governance things you talk about -- enforcing security policies, composition policies, and privacy policies.

There are a lot of those policies that we can enforce. We can enforce them as part of the runtime environment, whether we do that as part of the infrastructure, we do it as part of the messaging, or we do that at the client side. There are a lot of different ways of distributing.

The cloud actually complicates things a little bit, because we're not really in control of the cloud infrastructure. So, we don't have full control of how a third-party cloud environment would choose to enforce a runtime policy.

But, there are other kinds of policy. We talked about design-time policy, which is how we govern the way that we create services. How do we govern the way that we consume them? How do we govern the way that we procure those services? There is a certain amount of enforceability, both at automated level with the tooling that we use to do that, the design time tooling, or even as part of the budgeting, approval, or architectural review process. There are a lot of places where we can enforce that.

Change management

Of course, we have the whole area of change management. It's a huge bugaboo in SOA, and it's going to rear its head in cloud. How do we deal with things versioning and changing, both the expected changes and the unplanned changes, things becoming available, and things not becoming available.

We may have policies to deal with that, but how do we force a policy that says, "All of a sudden the geocoding service that you're using for some core process is no longer available. You have to switch to another one." Can you truly automate that, or is there some sort of fall back? What do you do?

Fortunately, one of the great things about cloud is that it's forcing us to stop thinking about integration middleware as a solution to architectural problems, because it has absolutely nothing to do with integration middleware.

We don't even know what's running the cloud. So, when we're thinking about the cloud now, we have to be thinking in terms of the abstract service. What do I do when it's available? What do I do when it's not available? That forces us to think a lot more about governance, quality, and management.

Gardner: Let's go to you Dave Kelly. It seems to me that there is a political angle to this as well, as Ron was saying. There is a need for a trusted, neutral, but authoritative third party. Would I trust my own enterprise, my competitor, or even someone in my supply chain to be dictating the enforcement of governance?

Kelly: Well, I think there is. There is a role for a trusted,

We're going to see more of a bottom-up approach to governance. The organizations that are putting services or data out there are going to be ones demanding some type of governance or compliance capabilities.

neutral, as you said, an authoritative third party, but we're not going to see one soon. That's a longer-term evolution. That's just my take. We'll see some kind of alliance evolve over the next couple of years, as providers start to grapple with this and with how they can help ensure some sort of governance and/or compliance in the cloud services. As usual in the IT landscape, that will be politicized, at least in terms of the vendors providing services.

We're going to see more of a bottom-up approach to governance. The organizations that are putting services or data out there are going to be ones demanding some type of governance or compliance capabilities. You're going to see this push from the bottom, with some movement from the top, but I don't know that it's going to be all that effective.

Gardner: Joe McKendrick, let me run that by you, but with a hypothetical. We've seen in the past over the history of business, commerce, and the mercantile environment, starting perhaps 500-700 years ago, around shipping, sailing ships across port to port, that someone had to step up and become an arbiter. Perhaps it was a customs groups, perhaps a large influential company, like an East India Company, but eventually someone walked in to fill the vacuum of managing a marketplace.

The cloud is essentially a marketplace or many marketplaces. It's very complex compared to just moving tobacco from North America to Europe or back to the East Indies with some other cargo. Nonetheless, it seems to me that the government or governments could step into the middle here and perform this needed third-party authoritative role for governance.

Extracting revenue

Maybe it won't be necessarily providing the services, but providing the framework, the standards, and, at some level, enforcement. In doing so, it will have an ability to extract some sort of a revenue, maybe on a transaction basis, maybe on a monetary percentage basis. Lord knows, most governments that we're looking at these days need money, but we also need a cloud economy because it's so much more productive.

I know this is a big question, a big hypothetical, but don't you think that it's possible that this need for governance that we've uncovered will provide an opportunity for a government agency or some sort of a quasi-public entity to step in and derive quite a bit of revenue themselves from it?

McKendrick: Wow! I don't know about that. You mentioned earlier the possibility of a hypothetical Federal Reserve in the cloud, I'm just trying to picture Ben Bernanke or Alan Greenspan taking the reins of our cloud economy and making obtuse statements, and everybody trying to read the tea leaves on what they just said.

I don't know, Dana. I can't see a government agency stepping in to administer or pluck revenue out of the cloud beyond maybe state agencies looking for ways to leverage sales taxes. They already have that underway.

You mentioned marketplaces taking over. I think we're going to see the formation of marketplaces of services. Dave Linthicum isn't on the call with us. He was with StrikeIron for a while, and StrikeIron was a great example from the get-go of how this would be structured.

They formed this private marketplace. Web service providers would

I think it will be a private-sector initiative. We'll see these marketplaces gel around services.

provide these services and make them accessible to StrikeIron. They would certify to StrikeIron that the services were tested and viable. StrikeIron also would conduct its own testing and ensure the viability of the services.

Gardner: I believe there's another company in Europe called Zimory that's attempting a similar approach, right?

McKendrick: Exactly. In fact, a company called 3tera just announced this past week that they'll be providing a similar type of marketplace for cloud-based services.

Gardner: So, the need is clearly there, don't you agree?

McKendrick: Absolutely! I think it will be a private-sector initiative. We'll see these marketplaces gel around services. I'm not sure how StrikeIron is doing these days, but the business model was that the providers of the services were to receive these micro payments every time a service was used by a consumer tapping into the marketplace. It might be just a few pennies per instance, but these things add up. Sooner or later, you have some good money to be made for service providers.

Gardner: Ron, do you think that this is strictly a private-sector activity or can no one private-sector entity be put into the position of a hub within a spoke of cloud commerce? Would anyone be willing to trust one company with such power, or does this really open up an opportunity for more of a public entity of some kind?

Let it evolve

Schmelzer: For now, we need to let this evolve. We're still not quite sure what this means economically. We don't know how long lived this is going to be. We don't know what the implications are entirely. We do trust a lot of private companies.

To a certain extent, Google is one, big unregulated information hub, as it is. There's a lot of kvetching about that, and Google has made some noise about getting into electronic health records. Right now, there's really no regulation. It's like, "Well, let Google spend their money innovating in that area, and if something good comes out of it, maybe the government can learn."

But, the government is a little bit overwhelmed at the moment just trying to keep the basics of "Ye Old 1.0 Brick-and-Mortar Economy" running, and can't get their fingers into the 2.0 and 3.0 stuff that a lot of us in the market don't have entire visibility into. I'm going to plead SOA libertarianism on this one.

McKendrick: The government could play a role of a catalyst. Look at the Internet, the way the Internet evolved from ARPANET.

But, the government is a little bit overwhelmed at the moment just trying to keep the basics of "Ye Old 1.0 Brick-and-Mortar Economy" running.

The government funded the ARPANET and eventually the Internet, funding the universities and the military establishments involved in the network. Eventually, they niched them into the private sector. So, they could play a catalyst role.

Gardner: There is a catalyst, but there is also a long-term role of playing regulator. If you look at how other markets have evolved. Right now, we're looking at the derivatives market that has evolved over the past 10 or 15 years in financial market.

Some government agencies are coming and saying, "Listen, this thing blew up in our face. We need now to allow for a regulatory overview with some rules and policies that we can enforce. We're not going to run the market, we're not going to take over the market, but we're going to apply some governance to the market."

McKendrick: Does the government regulate software now? I don't see a lot of government regulation of software -- Oracle or Siebel.

Gardner: We're not talking about software. We're talking about services across a public network.

McKendrick: Right, but the cloud is essentially a delivery mechanism. Its not CDs. It's an over-the-wire delivery of a software.

Gardner: That's why I argue that it's a market, just like a NASDAQ is a market, the New York Stock Exchange, or a derivatives trading environment is a market. Why wouldn't the government's role apply to this just as it has to these marketplaces? Dave Kelly?

Not at the moment

Kelly: Eventually, it will, but, as you said, the derivatives market went unregulated for a long number of years, and the cloud market is certainly not well-defined. It's not a good place for regulation at the moment. Come back in three or four years, and you've got a point to make, but until we get to some point where there is some consistency, standards, and generally accepted business principles, I don't think we're there yet.

Gardner: Should we wait for it to be broken before we try to fix it?

Kelly: That's the typical strategy of government, so yeah. Or we can wait for someone like Microsoft to step in.

Gardner: Would that be amenable to somebody like Amazon and Google?

Kelly: I don't know.

McKendrick: I think we may see an association step in. Maybe we'll see an Open Group, or an OASIS-type

The only other alternative from a political standpoint is to have one big cloud provider that makes all the rules that everyone has to line up around.

industry association step in and take the lead.

Gardner: I see -- the neutral consortium approach.

Kelly: The neutral ineffective consortium.

Schmelzer: Ooh, this is getting rapidly political. We need this weekend, where is the weekend?

Gardner: But that is the point. This is ultimately going to be a political issue. Even if we come up with the technical means to conduct governance, that doesn't mean that we can have governance be effective in this large, complex marketplace that we envision around cloud.

The only other alternative from a political standpoint is to have one big cloud provider that makes all the rules that everyone has to line up around. I believe on the political side of things that's called fascism. Sometimes, it's worked out, but not very often.

Kelly: Or Colossus: The Forbin Project.

Schmelzer: Utilitarianism is the best form of government, as long as everybody cooperates. But, it's hard having the governments involved. To a certain extent, it's true that governance only works as long as there is trust. If you can't trust the providers, then you're just not going to go for it. The best case in point was when Microsoft introduced Passport [aka Hailstorm]. Remember that?

Microsoft said, "We'll serve as a central point. You don't like logging into all these websites and providing all your personal information. No problem. Store that with us, and we will be basically be your trusted intermediary. You log into the Passport system and enter your password into Passport."

Lack of trust

What happened to it? It failed. Why did it fail? Because nobody trusted Microsoft. I think that was really the biggest reason. Technologically it had some issues too, and there were a bunch of other problems with .NET. Also, they were just using Passport as a way of getting their tentacles into all the enterprise software and things. That's neither here nor there, but the biggest reason was, "Why would I want to store all this information with Passport?"

Look at the response to that, this whole Liberty Alliance shindig. I can't say that Liberty Alliance was really that much more successful. What ended up becoming more successful, the whole single sign-on on the Web, was stuff around OpenID and OpenSocial, and all that sort of stuff. That was the social network guys, Facebook and Google, saying, "We're really the people who are in control of this information, and they've already shared this information with us as it is."

Gardner: And what happened was we had a standardized approach to sharing authentication certificates across multiple vendors. That seems to be working fairly well.

Schmelzer: Yeah, without any real intervention. So, I would argue that there is probably a lot more private information in Facebook than people would ever want shared, and there is really no regulation there, but it's pretty well self-regulated at the current moment.

The question is, will all this service cloud stuff go in the direction of what Microsoft tried to do, the single-vendor imposed thing Liberty Alliance tried to do, sort of like the consortium thing, or the OpenID thing, which is a couple of people that already own a very large portion of the environment realizing that they just need to work together amongst themselves.

Gardner: In the meantime, because we all seem to agree that there is a great need for this,

I'd argue that 90 percent-plus of the people who are doing governance really don't know how to do governance at all, regardless of whether they have a great tool or not.

those individual organizations that create the picks and shovels to support governance, regardless of how it's ultimately enforced or what standards, policies, or rules of engagement are ultimately adopted, probably stand to inherit a very large market.

Does anybody want to take a guess as to what the potential market dimensions of a governance picks and shovels, that is the underlying technology and services to support such a governance play might be? Again, we'll start with you, Ron. How big is the market opportunity for those companies that can provide the technical means to conduct governance, even if we don't yet know how it might be overseen?

Schmelzer: I'm very satisfied to see that people are talking about governance as much as they are. This is not a sexy topic at all. I'd much rather be talking about mashups and stuff like that. Given all this interest, the interest in education and training, and what's going on in this market, the market opportunity is significantly growing. It's a little hard to quantify, whether you're quantifying the tools market or the runtime market, or you're quantifying services for setting up governance stuff. I don't think there is enough activity on the services side.

Companies are getting into governance and they think the way to get into governance is to buy a tool or registry or something and put a bunch of repositories together. How do they know what they're doing? I'd argue that 90 percent-plus of the people who are doing governance really don't know how to do governance at all, regardless of whether they have a great tool or not.

It's a big untapped opportunity for companies to get in with some real, world-class governance expertise and best practices and help companies implement those, independent of the tooling that they're using.

Gardner: Dave Kelly, do you agree that the market opportunity is for the methodologies, the professional services, the expertise, as much or more than perhaps say a pure technology sell?

Best practices are critical

Kelly: It's about equal. When you're talking governance, the processes, policies, and best practices are a critical part of it. It's not just about the technology, as it is in some other cases. It's really about how you're applying the policies and principles, both at the IT level and the business level, that are going to form your combined governance and compliance strategy. So, there is definitely a role for that.

At the same time, you're going to see an extension of the existing governance and technology solutions and perhaps some new ones to deal with -- as you said, the scalability, virtualization aspects, and perhaps even geopolitical aspects. As the services and clouds get dispersed around the world, you may have new aspects to deal with in terms of governance that we haven't really confronted yet.

There will be probably a combination of market sizes. I'm not going to put a number on it. It's going to be larger than the existing governance market, but probably I'd say by 10, 15, or 20 percent.

Gardner: Joe McKendrick, let's perhaps try a different way of quantifying the market opportunity. On a scale of 1-10, with 1 being lunch money and 10 being a trillion dollar market, what's your rough estimate of where this governance market might fall?

McKendrick: Let's put it this way. Without Excel or spreadsheets, probably 1 or 2. If you count Excel and spreadsheet sales, it's probably 7 or 8. Most governance efforts are very informal and involve plotting things on spreadsheets and passing them around, maybe in Word documents.

Gardner: That's not going to scale in the cloud. That can't even scale at a department level.

McKendrick: I know, but that's how companies do it.

Gardner: That's why they need a third-party entity to step in.

McKendrick: That's the prime governance tool that's out there these days.

Gardner: I'm going to say that it's probably closer to a 4 or 5. That's because the marketplace in the cloud can very swiftly become a real significant

Just as with the credit card companies, some sort of entity or process will emerge around that, and the government will probably find a way of getting a piece of it, as they usually have in the past.

portion of our general economy. I think that the cloud economy can actually start becoming an adjunct to the general economy that we know in terms of business, commerce, consumer, retail and so forth.

If that's the case, there's going to be an awful lot of money moving around, and governance will be essential. Just as with the credit card companies, some sort of entity or process will emerge around that, and the government will probably find a way of getting a piece of it, as they usually have in the past.

The opportunity here is almost commensurate with the need. There is a huge need for governance and therefore the market opportunity is great, but that's just my two cents.

Well, thanks, we've had a great discussion about governance -- some of the reasons for it being necessary, where the market is going to need to go in order for cloud computing to reach the vision that so many people are fond of these days. We're certainly going to be talking about governance a lot more.

I want to thank our panelists for today's input. We've been joined by David A. Kelly, president of Upside Research. Thanks, Dave.

Kelly: You're welcome. It was fun.

Gardner: Ron Schmelzer, senior analyst at ZapThink. Always a pleasure, Ron.

Schmelzer: Thank you, and one leg out the door to this vacation.

Gardner: And Joe McKendrick, independent analyst and ZDNet blogger. Thanks for your input as always, Joe.

McKendrick: Thanks for having me on, Dana. It was a lot of fun.

Gardner: I also want to thank the sponsors for this BriefingsDirect Analyst Insights Edition Podcast Series, and that would be Active Endpoints and TIBCO Software.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening, and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Charter Sponsor: Active Endpoints. Also sponsored by TIBCO Software.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 42 on need for governance as more enterprises look toward cloud computing and services from inside and outside the firewall. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.