Interview: Maria Allen on How HP and EDS Uniquely Combine to Assist Financial Markets Amid Turmoil

Transcript of BriefingsDirect podcast recorded at Oracle OpenWorld conference in San Francisco the week of Sept. 22, 2008.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

Dana Gardner: Hi, this is Dana Gardner principal analyst at Interarbor Solutions and you're listening to a BriefingsDirect Podcast recorded at the Oracle OpenWorld conference in San Francisco. We're here the week of Sept. 22, 2008. This HP Live! podcast is sponsored by Hewlett-Packard (HP) and distributed via the BriefingsDirect Network.

Today, we welcome Maria Allen, EDS vice president at leader of the Global Financial Services and Products Group at EDS, and HP company.

We 're going to be discussing the financial services sector at a very tumultuous time in its history, look at how HP and EDS together are bringing services to that market, and get a better understanding of how technology and transformation services can help these companies in the financial sector at a crucial time. Welcome to the show, Maria.

Maria Allen: Thank you very much. Glad to be here.

Gardner: The last few weeks and, I suppose, the last year and a half have been very eventful for Wall Street, the City of London and other major financial centers around the world.

The last two weeks have demonstrated some unprecedented volatility and, in some respects, a level of uncertainty not seen in 70 or more years. This is a time when financial companies, banks, investment banks, and insurance companies are finding themselves on the fly and government intervention is taking place at unprecedented levels.

Tell us what EDS and your financial services group do and set the stage about the history in the financial services sector. What has been put in place that allows some companies to weather the storm and react and be agile in this environment better than others?

Allen: Sure. EDS has been focusing on the financial industry for over 40 years. So, we have had quite a bit of exposure and experience. We have actually gone through many of the transformational activities within the industry.

In fact, back in the late 1980s when the Resolution Trust Corporation (RTC) took over a lot of the savings and loans institutions, EDS was actually a partner of the RTC and helped integrate and clean a lot of the portfolios that the RTC had taken over. What we try to do is bring our experience into the financial institutions to enable them to integrate to better manage their business, to have a better control over their cost, and prepare them for better times.

Many of the institutions back in the 1980s, as they are today, were very focused on reducing their cost, so that they would have additional funds to invest to get them to a better financial position. We have used our experience in the technology sector to reduce cost, integrate their systems, use our outsourcing services to better manage the business, and, again, prepare them for better times.

Gardner: Now, of course, these organizations aren't just dealing with today's worries. There are longer-term trends afoot. They're dealing with such issues as Sarbanes-Oxley, Basel II, and the payment card industry (PCI) data standards. Many of these involve important regulatory, security, and risk management issues, and we are probably going to see some more regulatory issues coming down the pike.

How do you work with these companies to put them in a position of dealing with tactical, short-term, and crisis-level issues, and also put in place what they need to adhere to for these longer-term issues around risk and compliance?

Allen: Because of our experience and the fact that we have worked with many financial institutions and banks around the world, we are constantly making sure that we have the right information and the right insight in terms of the regulatory issues that the banks are experiencing. We have worked with many of the banks to ensure that not only their datacenters and their infrastructure, but also their services, have the right key risk indicators that enables them to be compliant with the various regulations.

You mentioned Sarbanes-Oxley, Basel II, all the privacy acts, and MasterCard and Visa requirements to be PCI compliant. EDS is investing quite a bit to ensure that we are not only complying ourselves, but also that our clients meet the compliance requirements of the issuing companies.

There has been a lot of focus in the privacy and security areas. Data management is one of the areas that we have been focused on, but our experience in running the systems for many of the banks throughout the last 40 years has better positioned us to address the needs and the requirements of the regulators and the banks together.

Gardner: Of course, the role of technology has never been more important. Many business sectors look to the financial services arena for some guidance. In many cases, leading adopters are found in the financial sector. Also, they tend to keep their technology. So, there are legacy, integration, and modernization requirements, perhaps larger in number than in any other sector.

Tell us a little bit about how technology transit, service-oriented architecture (SOA), business intelligence (BI), complex event processing (CEP), risk management, and process management come together to help organizations deal with an unprecedented need for visibility and predictability during rough times.

Allen: Using our experience in financial services, we recognize the importance of having data transparency. That is absolutely the key to addressing the requirements that banks have around privacy and ensuring that they have the right key risk indicators to respond to the regulatory requirements.

We've done a lot of work in the area of data management, the integration aspects, and legacy modernization. We have quite a bit of focus in that area to help the financial institutions have better transparency across their silos.

There is still a lot of work to be done. So there is a big opportunity for EDS and HP together to really enable the transformation that the banks have really been focused on. It's difficult for them to stay on track, when they have all these other issues around regulatory compliance and the market turmoil in subprime mortgages and the credit pressures.

There is an opportunity for EDS and HP together to capitalize on the activities in the marketplace, and position ourselves as key players with the financial institutions and the government agencies. That's one of the key areas that we need to be focused on, looking at government agencies, because they are going to need a lot of help. The FDIC, with the banks that are going under that they are taking over, needs data management, and there is a huge opportunity for us to work together around that space.

Gardner: Now, EDS is in many of these government organizations, as well as these financial institutions, both public and privately held ones. This does put you in a unique position, when it comes to government taking over assets, but then having the managers within these organizations manage those assets for the government. Tell us at this early stage how you understand this could work and the unique role that that EDS and HP would play in that?

Allen: Well, that's going to be interesting to see, because there is actually a lot of discussion around that. For example, Freddy Mac and Fannie Mae, and what the federal government is going to do to integrate these two agencies. One of those agencies is a client of EDS. So, we're very well positioned to help the government not only do the integration, but also clean the portfolio to better position the agency to transform itself, because we see transformation going on at the same time.

Five or maybe ten years from now, the financial markets may be very different. It may look very different in the U.S. One of the key areas is going to be the real estate lending, residential lending business. We can capitalize from the relationships that we have, not only with the agencies, but also the banks and other financial institutions that are looking to enhance and position themselves to be a survivor during this transformation in the market.

Gardner: For the edification of our audience, HP purchased EDS recently. The completion went through, and now EDS is a wholly owned company within the HP family of companies. We just wanted to point that out. Given the opportunity in the financial sector, and given that HP has had a long services heritage as well, tell us how HP and EDS together can offer something different than they could have individually just a few months ago?

Allen: It's a big opportunity for EDS to capitalize on the relationships that HP has across the global financial industry marketplace. HP brings a set of customers that is potentially much broader than what EDS has. There are a few very large financial institutions where we both have relationships, but there is a lot of opportunity for us to work together and enable that transformation that's going on in the marketplace for financial services.

I can't wait to get started working with the HP Financial Industry Group. We have some activities scheduled in the next couple weeks to assess and determine how we address some of the activities and opportunities that we see in the market. We are already working together on a very large opportunity in the statement print area. We see a lot of more of that type of large opportunities coming to both of us.

Gardner: In addition to how the two companies come together in terms of their services, offerings, and value, there are also some adjustments in terms of channel and sales. Is there a philosophy of how to approach this market that may differ from some of your competitors, perhaps becoming more of a partner with many of the global systems integrators? How does that shake out in terms of how you actually go to market now that you are together?

Allen: We have an opportunity to definitely integrate some of our business in our channel strategy. However, there is also an opportunity to keep a very open mind as to how we go about the market, because there are some key agility alliance partners that we have who have enabled the growth in our business.

Oracle is one of them. We work very closely with Oracle in the financial industry, because of their breadth of solutions in our industry. HP also has a very strong relationship with Oracle. So, there is a lot of opportunity for us to explore different channel partnerships and different ways to address certain markets.

Gardner: I wonder if you have any sense -- and again, it's a little early -- of how IT spending in the financial services sector will pan out. There are, on one hand, the services and opportunities that you have discussed, but with consolidation, perhaps there is also some slackening in growth in some other areas. Do you have a sense at this point, given the turmoil in the financial services market, of how market growth might be impacted across a variety of the major services and product segments?

Allen: IT spending is an interesting subject that financial institutions always look at. The average spent on IT in the financial industry is about seven percent of revenue.

I have a very different approach to looking at what a financial institution spends across the board. I was look at non-interest expense, because I think it's important to look at the total cost of doing business. If you have a financial institution that's really focused on improving operations and their services, integrating the silos that they have today, and bringing some automation to SOA, then that means that their overall cost is going to be impacted positively.

Their overall non-interest expense hopefully is going to shrink, as they work with companies like EDS and HP together. I see IT cost growing, but for a total benefit, if you will. So, there is an opportunity for us to work together and see how we can impact the total spend within a financial institution.

Gardner: The pie grows, but perhaps as a percentage of revenues for individual companies it decreases.

Allen: Exactly.

Gardner: I wonder if you can share with us any case studies. If you can mention a company, that's great. If not, perhaps you can describe the type of company and project and relationship and give some examples of how EDS Financial Services has created this benefit of employing technology in such a way as that you can get more bang for the buck.

Allen: I can't mention the name of the bank, but it is a European bank, a very large mortgage lender in the U.K. EDS started working with this bank about five years ago. They had the desire to reduce their total cost of mortgage processing. So, EDS took over their operations, both their systems and their back office servicing operations to bring automation and enhance the way they approach the market.

It was very, very successful. We integrated their systems, took over their back office, reduced their total cost of mortgage processing, and were very successful within three years of taking that business over. So, we have had a lot of experience. The back-office processing does have a huge impact in a financial institution's total cost of doing business. Our experience can be applied to many different institutions and many different business operations across the financial institution.

Gardner: Well, great. We've been talking about the financial services sector, and we've been trying to understand in these tumultuous times the benefit of increasing value and lowering cost, but also increasing the need for transformation, integration, and agility, particularly as we are seeing the reformation of companies under different types of ownership, unprecedented types of ownership. And, we've been talking about how EDS and HP have come together as companies, and are going to be going out to this market with a variety of services and support.

We've been discussing this with Maria Allen. She is a vice president at EDS and leads the Global Financial Services and Products Group. We certainly appreciate your time, and your interesting comments on these subjects.

Allen: Thank you, very much.

Gardner: Our conversation today comes to you through a sponsored Hewlett-Packard Live! podcast from the Oracle Open World Conference in San Francisco. Look for other podcast from this HP Live! event series at www.hp.com, as well as via the BriefingsDirect Network.

I like to thank our producers on today's show, Fred Bals and Kate Whalen. I'm Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening, and come back next time for more in-depth podcasts on enterprise IT topics. Bye for now.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: Hewlett-Packard.

Transcript of BriefingsDirect podcast recorded at the Oracle OpenWorld Conference in San Francisco. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.

Integration Infrastructure Approaches Must Adjust to New World of SaaS and Shared Services

Edited transcript of BriefingsDirect[TM] podcast with Cape Clear's Annrai O'Toole and analyst Phil Wainewright, recorded Sept. 13, 2007.

Listen to the podcast here. Sponsor: Cape Clear Software.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect. Today, a sponsored podcast discussion on integration infrastructure for modern software-as-a-service (SaaS), and on-demand applications providers.

The support and requirements for integration among these organizations, these hosters of many different types of services and applications, require a different integration approach. They're dealing with complexity, massive scale, and a cost structure that’s very lean. They have a business model that’s often based on ongoing subscriptions, and, therefore, they have a margin issue to maintain. They also have a wide variability of users and service-level agreements (SLA) to meet.

Reuse is becoming an important issue, as are patterns of automation. We're going to take a look at the market for integration in these modern service provider organizations. We’re going to look at the characteristics of the IT infrastructure support that meets these new requirements. And, we’re going to offer some solutions and approaches that satisfy these needs provided by Cape Clear Software.

Here to help us weed through this issue, we have Phil Wainewright. He's an independent consultant, director of Procullux Ventures, and also a fellow ZDNet blogger, primarily on this SaaS environment. We're also joined by Annrai O’Toole, CEO of Cape Clear Software. Welcome to you both.

Phil Wainewright: Thanks.

Annrai O'Toole: Great to be here.

Gardner: Phil, let’s start with you. It seems that SaaS and the new ecology of providers that are welling up around it require a different approach to integration, and this amounts to supporting the shared-services capability. Not only are these service providers going to require this capability, but also enterprises, as they become hosts themselves. Can you describe the different approaches to integration that we're now going to need in order for this business model to prosper?

Wainewright: Part of the issue that people face is that integration has crept up on them. In the early days of SaaS, it was very much about adopting point solutions. One of the reasons Salesforce.com has been so successful in the CRM space is that what Salesforce.com did with automation software didn’t have to affect the rest of the business, because they could just do it in isolation. IT wasn't really worried about it. So, they said, "Okay, we’ll just go to do that and it won’t affect the rest of the IT infrastructure" Now, we're getting more sophisticated about SaaS, because it's being taken on board in a whole range of areas within the enterprise, and people want to do integration.

There are two forms of integration coming to the fore. The first is where data needs to be exchanged with legacy applications within the enterprise. The second form of integration that we see -- not at the moment, but it’s increasingly going to be an issue -- is where people want to integrate between different services coming in from the cloud. It’s a topic that’s familiar when we talk about mashups, fairly simple integrations of services that are done at the browser level. In the enterprise space, people tend to talk about composite applications, and it seems to be more difficult when you are dealing with a range of data sources that have to be combined.

Gardner: It seems to me that now we are elevating to an integration of integration types. Does that make sense?

Wainewright: People have realized that if you're doing integration to each separate service that's out there, then you're creating the same point-to-point spaghetti that people were trying to get away from by moving to this new IT paradigm. People are starting to think that there's a better way of doing this. If there's a better way of delivering the software, then there ought to be a better way of integrating it together as well.

Therefore, they realize that if we share the integration, rather than building it from scratch each time, we can bring into the integration field some of the benefits that we see with the shared-services architecture or SaaS.

Gardner: How is this different from the way that application service providers (ASPs) of an earlier era went? It seems that they had a stack underneath each and every application. Now, we're hearing more about virtualization and the efficient use of infrastructure and platform elements. Help us compare and contrast the ASP model to where SaaS providers are headed now.

Wainewright: In the ASP model, you took existing conventional applications -- I like to call them unreconstructed applications -- and just hosted them in a datacenter. I've always said that it’s more than just a relocation exercise. You need to change the way the software is architected to take advantage of the fact that it's now in the Web and is in a shared-services environment.

In 1999 or 2000, one company came out with hosted webMethods integration as an offering. The problem was that it wasn't scalable. This is the problem with the ASP model. You were hosting a customized infrastructure for each individual customer.

Although there was some sharing of the infrastructure that you could do with virtualization -- and Oracle’s On-Demand is an example that’s done a lot of work with virtualization -- you still end up with every individual customer having an individual application tailored to his or her specific requirements. You get no economies of scale from doing that.

So, the new generation of SaaS providers, are really talking about a shared infrastructure, where the application is configured and tailored to the needs of individual customers. In a way, they’re segmented off from the way the infrastructure works underneath.

Gardner: Annrai, at Cape Clear Software, you’re targeting these providers and recognizing that they’re going to be moving to service-oriented architecture (SOA) relatively quickly, based on their requirements of their business and demands of complexity. How are you seeing these providers, as you are encountering them in the field, managing this discrepancy between commonality on the infrastructure, but high variability on the application and delivery to the end-users?

O'Toole: As Phil just said, taking unique integrations and hosting them isn’t very useful, because the person who is doing the work just ends up doing tons and tons of different customizations for every single customer. In the integration world, the solutions to these problems are reasonably well understood. The difficulty has always been about delivering them.

So, we’ve been working pretty closely with a number of prominent SaaS companies, most publicly Workday and some of our large enterprise customers, in figuring out how to solve integration problems for these on-demand and hosted providers.

What come out of it are two issues. First, Salesforce.com, really pioneered multi-tenanting as a concept to reduce the cost of hosting an application for lots of different users. We've got to do the same thing with integration, and we’ve been working with our customers and updating our enterprise service bus (ESB) to support multi-tenanting at the ESB level. You can have integration and have it segmented, so that it can be utilized by different customers at the same time.

In a large enterprise, this allows you have a shared-service model as well. You can build integrations in a datacenter and then segment them, so that different people can use them simultaneously.

There is also another aspect to the problem that needs to be solved. When you build an integration, you always end up having to customize it in some way for different customers. Customers will have different data formats. They’ll want to access it slightly differently. Some people will want to talk to it over SOAP. Some won't, and they’ll want to use something like REST. Or they might be going backwards and are only able to send it FTP drops, or something like that.

Multi-tenanting is one solution to the problem. The other is what we call multi-channel, which is the ability to have an integration, and make it available with different security policies, different transports, and different transformations going in and out.

A combination of multi-tenanting and multi-channeling allows you to build integrations once, make them accessible to different users, and make them accessible in different ways for each of those different customers. It gives you the scalability and reuse you need to make this model viable.

Gardner: Phil, it sounds as if we're really redefining integration and that we’re putting a higher abstraction, infrastructure-as-a-service, integration-as-a-service approach and model around it. Is this unprecedented, or is there anything in the past that we can look to, within even a closed environment, or a siloed environment, that relates to this. Or, are we into something entirely new when it comes to integration?

Wainewright: We're trying something that hasn’t really been tried with conviction in the past. In fairness, there’s still a lot of skepticism out there about whether we can really share integrations in the way that Annrai has just described. There’s a certain amount of agreement that we need to reuse integrations, but people haven’t necessarily brought into the whole shared services model.

People are particularly doubtful whether you can do all of the nuances of integration that you need to do in a purely declarative model, whereby you can simply have a description of the integrations that are required and have a need to work, and then that gets abstracted by the architecture into operation.

Annrai could probably elaborate on how it’s become possible to get the level of detail into this more loosely coupled architecture to enable people to share integrations, without giving up the individual requirements that they each have.

O'Toole: To pick up on that, I would be the first to share Phil’s skepticism and to offer that we may not have all the answers. However, one point worth bearing in mind here is that this problem is going to get solved, because the economic reality of it suggests that we must solve this. One, the payoff for getting it right is huge. Second, the whole model of SaaS won’t be successful, unless we skin the integration problem. We don’t want the world to be limited to just having Salesforce.com with its siloed application.

We want SaaS to be the generic solution for everybody. That’s the way the industry is going, and that can only happen by solving this problem. So, we’re having a good stab at it, and I'll just briefly address some of the things that I think enable us to do it now, as opposed to in the past.

First, there is a standardization that’s taken place. A set of standards has been created around SOA, giving us the interoperability platform that makes it possible in a way that was never possible before. Second is an acceptance of this shared-services, hosted model.

Years ago, people would have laughed at you and said, "I’m going to trust all my customer data to a provider in the cloud?" But, they’re doing it happily because of the economics of it. The whole trend towards trusting people with outsourced offerings means that the people will be more likely to trust integrations out there, because a lot of the technology to do this has been around for quite sometime.

Gardner: To Phil’s point, Annrai, how do you begin to accomplish this? Is this a matter of creating forms, templates, and models and then applying that to the ESB, where the ESB executes on that model and then they can be reused? If not, please explain? Then second, how much automation are we talking about? Are we going from 5 percent or 10 percent reuse, and then working up more -- or can we actually bite off more of a total integration as a pattern?

O'Toole: That’s a very good question. It's a movement to a more declarative style of integration. Certainly, what we’re doing is saying that a lot of the issues in integration are very common across different types of integration. For example, a lot of the issues currently in integration revolve around data transformation. Other issues revolve around the complexities of dealing with transports. For example, information can come in on email, but I need to be able to send it out to someone else on FTP.

The third set of issues is around handling errors in a meaningful way, so that when things go wrong, you’ve got a nice model of propagating errors back to people. The next set of things is security policies. Again, in integration you’re touching different things with different security models. With what we’ve done, you can visualize a whole bunch of pre-build security policies, transports, and transformations, and you’ve got this palette of things that you can then assemble together.

Someone still has to write the core business logic of the integration. That fact hasn’t changed. You still need that. Once I have the core business logic of the integration built, then all of the things around it I can put on in a visual and declarative manner around that integration, such as, "I want that integration to be accessed with this security policy, over this transport and with this transformation to get the data in and out of it."

I can take a single integration and create hundreds of different access routes into it, all with different security policies, different transformations, etc., and can segment them so that none of those things interferes with another during that multi-tenanted mode.

That technique allows people to reuse that integration for hundreds, if not thousands, of different customers and users in a totally segmented way. So, that’s at the core of what we are doing.

Gardner: What’s a ballpark figure for percentage of reuse, versus project-by-project or instance-by-instance customization?

O'Toole: There is no hard and fast data, so we rely on heuristics and rule of thumb. If we look at what our own consultants and systems engineers would do for customers, 70 or 80 percent of our time is spent around configuring different transports, and working at security. These are the things that are totally unglamorous, but really nasty gotchas in integration. For a long time, as people focused on making the core creation of the integration easier, they missed those other issues around this, and they’ve always been left to one side.

You might say, "It’s not hard to write a few lines of Java code to handle a different security policy." Well, it isn’t, but it is, if you've got to do a thousand different times for a thousand different people. It becomes tedious, and then you've got to manage all those things. So, it really is attacking some of the kind of nasty little gotchas on which people spend the vast majority of their time.

Gardner: Phil, you mentioned declarative, and Annrai mentioned graphical and visual approaches to this. Is it too farfetched to consider that non-programmers and non-technicians will be getting involved with this? Are we elevating an integration function to folks that are architects and/or business process analyst types?

Wainewright: A lot of the integration that people need to do is for business reason. Therefore, it should be in the hands of business people. For a long time, the answer back from the technologists has been, "Well, sorry guys, we can’t let you go there, because it’s too complicated." If a lot of the infrastructure can be automated and done in a way that, as Annrai says, takes care of the complexity, then it becomes easier to offer out certain aspects of the integration to business people, but I think the technology guys are still going to have to be there.

It’s a good idea for business people to be able to link up different business processes, or to say, "I want to aggregate this data with that data, so I can analyze it, as well as have a dashboard that tells me what’s actually going on in my business," but that has to operate within the constraints provided by the technology guys who actually make it all happen reliably.

I was listening to what Annrai was saying. He made a couple of very interesting statements, which are worth going back to, because a lot of people who approach integrations in terms of SaaS, are really talking about on-premises integration that links into the SaaS stuff in the cloud.

Annrai is talking about taking the integration off premises, putting it in the cloud as well, and then sharing a lot of the capability. In the SaaS market space, large amounts of integration reuse is happening at the moment. It's simply a matter of installing the same data connector in different customers, and perhaps reusing the expertise, but it’s not in any sense a shared service.

You're basically duplicating all of that infrastructure. If you can put the integration infrastructure in the cloud, then you start to get the benefits of shared services and you can get above the 50 percent level of sharing. But, if you’re going to do that, you’ve got to have the confidence that the architecture, can actually support all of that and isn’t going to fall over with certainly a thousand integrations happening all at once, and mustn’t conflict with each other. Cape Clear has actually managed to package that into a product that people can buy and install. I think that’s pretty impressive.

Gardner: Annrai, it still brings up these issues about integration on the hosting organization side, where they’re going to be integrating across resources, infrastructure components, application types, and data streams. They’re going to need to do that to manage the complexity and scale of their endeavor and their business, but is there a certain level of integration where there is more permeability between the enterprise, the on-premises, and what’s available through the cloud or the provider?

Are you talking about both, or either/or? Does one to have to come first, and how do you see this shaking out in terms of integration and these different directions?

O'Toole: The way I’d phrase this is that we’re seeing a little bit of both. We’re not wildly being drawn into one end of the spectrum or the other at this time. What we're seeing from companies like Workday is a requirement for them to more or less exclusively host integrations for all their customers, and all the various back ends that they talk to.

For example, they talk to things like ADP and benefits providers and so on, and they are hosting those integrations on their sites, because they don’t want to go to ADP -- well, they can’t go to ADP -- and make ADP to change and so on.

Gardner: And, ADP is a payroll service provider.

O'Toole: It's the largest payroll service provider in the world, I believe.

We’re seeing things like that, but in enterprises you’re seeing this big move to virtualization and shared services. They’re saying, "Why are we having development teams build integration in all these branch offices at all these locations around the world? It’s extremely wasteful. It's a lot of skill that we've got to push out, and there are a lot of things that go wrong with these. Can't we consolidate all of those into a centralized data center? We’ll host those integrations for those individual business units or those at departments, but we'll do it here. We’ve got all the expertise in one place."

Those guys are delighted, because at the individual local level they don’t maintain all the costs and all the complexity of dealing with all the issues. It’s hosted out in their internal cloud. We haven't seen enough data points on that, but this hosted integration model can work. We’ve got it working for pure entities in SaaS companies like Workday, and we’ve got it working for a number of large enterprises. There is enough evidence for us to believe that this is really going to be the way forward for everybody in the industry.

Gardner: At Cape Clear Software you're not just dealing with this as an abstraction. You have product ties. I understand that you’re going to be introducing a new iteration to the Cape Clear platform, Version 7.5, in late September. Can you tell us a little bit about how you’ve taken on the need in the market, what you foresee as possible and doable, and what you’re actually delivering?

O'Toole: The generic need we've seen in the market is what we like to call on-demand integration. Before the advent of all the things we’ve just talked about -- shared services and SaaS -- the only way people did integration was with big patches, what became known as enterprise application integration (EAI), and they were essentially hand customized, on-premises integrations that were different for every customer.

We think that the demand we’ve seen in the market is a move away from on-premises integration into on-demand integration, because, for the reasons we spoke of, people want to be able to integrate with SaaS. They want to run shared-services models in their own organizations.

We think there is a new movement from EAI into on-demand integration and we have been targeting several features in our ESB, specifically around this multi-tenanting and multi-channel stuff, and that’s all getting rolled up into a release called Cape Clear 7.5 that goes out on September 25. We're pretty pleased with this. All our guys worked hard, and I think it’s the best product we’ve ever done.

Gardner: Give us the short list of the new functionality?

O'Toole: Essentially I think it boils down into three major buckets. There’s a new graphical editor that we're calling the SOA Assembly Editor, and this is an Eclipse-based editor that allows you to graphically clip together the type of things I was describing: transports, security and so on. That’s a whole new editor that no one has ever seen in our product before, except the people who have been involved in our tech preview.

Gardner: Let me pause you there. Is this something that you foresee being useful and applicable to non-techies or at least folks that can cross the chasm between the business issues and the technologies? Who’s going to typical author with this tool?

O'Toole: It’s not an either/or. It’s certainly not something that the business users can use exclusively by themselves, but it's not a tool exclusively for developers. Our grand vision around this business/technical user thing is that you start to create sets of tools that can be shared across people. You can have high-level business folks describing business process and BPMN, and they can be imported into other sets of tools that the technologists use.

Then, there are some issues around how this thing is going to be accessed? Our business analysts do care about that, because they say, "These sets of customers must be able to access it this way." They might not know the details of the technology involved, but they do know how those people want to be able to use the service. So, as I say, it’s a little bit of both. Ultimately, people are really going to get value out of it, but, at the end of day, they’re going to be more on the technology side, because it’s really going to smooth up their job of automating what was an incredibly laborious process.

Gardner: Okay. That was bucket one.

O'Toole: The second bucket of the features is all around multi-tenanting. These are core additions into the ESB to allow segmentation of integrations, data, and reporting. You can set how you want to identify inbound customers, clients, or businesses and then segment use of those integrations on the reporting and management of those integrations, based on those identities.

The third bucket is all of the stuff we’ve seen customers need in terms of running and maintaining large enterprise class Business Process Execution Language (BPEL) deployments. Obviously a lot of our product has been built around the notion of BPEL, as a kind of core metaphor for how people build integrations and manage business possesses. So, we are totally committed to BPEL.

In working with our customers on that, in terms of very large-scale deployments, there's a whole set of issues around how people maintain and manage. So, as our products are evolving, they're evolving away from just being a kind of BPEL engine into a full BPEL management system, where we are giving people all the tools to monitor transactions, and repair transactions when they fail. This is largely for business reasons, because if something goes wrong in the business information, they've got to be able to rebuild that last business information and get that business transaction back on track.

Gardner: It occurred to me earlier, when you were talking, that we are really not only recasting integration, but we are moving beyond implementation of integration into management of integration, and then a step further beyond that into the management of change and integration. Does that sound fair?

O'Toole: One of the nice thing about BPEL is they are long running processes, but the challenge that presents is how do I manage the change in long running processes. I can’t go in and wipe the database and say, "I didn’t like that schema that I had underlying that business process." You need to be able to evolve that. So there's initial support for some of those concepts in this version as well.

Gardner: I like to bounce it off of Phil. Do you think that we're well into integration management and that the execution is important, but it’s the higher value to a shared services environment that's in this change-management capability?

Wainewright: Well, yes. This is part of a big movement that we are seeing in the way that we approach IT from a batch process of having a requirement, building to it, delivering it, and then bringing it into operation, to a much more iterative, ongoing, continuous process of delivering something that is constantly adjusting to the business needs of the organization.

So yes, IT is really catching up with reality. We’re now reaching the level of sophistication in IT infrastructure that actually allows us to manage change as a continuous succession of events, rather than having to wait for an upgrade to Windows or new version rolled out, or whatever it is, to actually move to the next stage in our business automation.

I think it should be welcomed and it’s inevitable. Perhaps it’s frustrating that it always seems to take so long to make it happen. The vision always seems to be several years ahead of the reality, but it's definitely the transformation that we are seeing.

Gardner: Great! I think we’ll leave it there. We’ve been discussing redefining integration as a reusable function for providers of services and hosted applications, and the notion of a shared services environment, which applies to both large enterprises as well as hosted.

We’ve also been discussing the marketplace and this movement towards management and agility in a SOA environment. We’ve talked about how Cape Clear Software is delivering Cape Clear 7.5 to help grease the skids towards this integration functionality. Phil Wainewright, an independent consultant, director of Procullux Ventures and ZDNet SaaS blogger, has joined us in this discussion. Thank you, Phil.

Wainewright: It’s been a pleasure.

Gardner: Also we have been joined by Annrai O'Toole, the CEO of Cape Clear Software. Thank you Annrai.

O'Toole: Thank you guys, it’s been very interesting.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You’ve been listening to a sponsored BriefingsDirect Podcast. Thanks for listening.

Listen to the podcast here. Sponsor: Cape Clear Software.

Transcript of BriefingsDirect Podcast on SaaS with Cape Clear's Annrai O'Toole and analyst Phil Wainewright. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.

Transcript of BriefingsDirect Podcast on ITIL v3 and IT Service Management

Edited transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Jan. 22, 2007.

Listen to the podcast here. Podcast sponsor: Hewlett-Packard.

Dana Gardner: Hi, this Dana Gardner, principal analyst at Interarbor Solutions and you’re listening to BriefingsDirect. Today, a sponsored podcast discussion about Information Technology Service Management (ITSM) and a related area, the evolving Information Technology Infrastructure Library (ITIL). These are complementary trends that are helping to mature IT as a customer-focused quality-of-service activity.

We’re not so much focused on how technology is deployed and actually used, on a product-by-product basis, but really how IT is delivered to an enterprise for its internal consumers of IT. ITSM and ITIL are following longer term trends that we’ve seen in manufacturing, such as Six Sigma and the quality initiatives that we saw in the post-World War II period. So, this is really an indication of how IT is maturing and how to take it to a further, higher plane of a customer focus and quality of service.

Joining us to look into these subjects and learn more about them as they’re now maturing and coming into some milestones -- particularly ITIL with the next version arriving in the spring of 2007 -- are executives from Hewlett-Packard's Services Consulting and Integration group. Joining us is Klaus Schmelzeisen, director of the global ITSM and security practices at HP’s Services Consulting and Integration group. Klaus is managing the solution portfolio that helps customers manage their applications and infrastructure environment. Welcome to the show, Klaus.

Klaus Schmelzeisen: Hello, everyone.

Gardner: Also joining us is Jeroen Bronkhorst, ITSM program manager within the Services Consulting and Integration group at HP and also an active participant in the ITIL version 3 editorial core team, as well as an author of the integrated ITIL process maps. At HP, he is a consulting coordinator and is helping to develop the core deliverables, as well as an ITSM reference model. Welcome to the show, Jeroen.

Jeroen Bronkhorst: Thank you, Dana. Hello, everyone.

Gardner: As I mentioned, this is part of a longer-term trend. ITIL has been around for quite some time, and ITSM services for management is a bit newer. Perhaps you could help us understand the history. How did the demand for these services come about, and what are some of the current drivers that are bringing this into the fore for an increasing number of enterprises?

Schmelzeisen: Let me take this one on. I've been observing the area of ITSM since the early '90s, and, interestingly enough, it really started with the infrastructure piece. At that point in time, corporations were introducing lots of new technologies, especially in the networking environment. This was a change from the X.25 networks into TCP/IP environments, but it was also a time when a lot of the mainframe environments were superseded and replaced by open-system environments.

Client-server infrastructures came into place. So, there was a big need for infrastructure monitoring that, once this was in place, were followed by IT services, which brought a completely different spin. That was to deliver the output of an IT organization as a service to the business. That's where ITSM started big time, and that was a couple of years later.

So, really, around the mid-'90s and since then, standards and best practices have evolved. HP has had its reference model since 1996 as a trademarked approach. Even before that, there were pre-versions of it. So, ITSM came along really in the early to mid '90s, and ITIL started around the same time.

Gardner: Do you think this is just a response to complexity? Is that what the underlying thrust was for this? Were there just more types of systems to deal with, and therefore they needed more structure, more of a best practices approach?

Schmelzeisen: Definitely. The complexity drove a lot of new and different technologies, but there were also more people in IT organizations. With more people, complexity went up, and then quickly the realization came that processes are really a key part of it. That brings you right to the heart of ITSM and then ITIL.

Gardner: So, it’s really about the complexity of the IT department itself, not necessary the technology?

Schmelzeisen: Definitely.

Gardner: Is there anything in particular about what’s going on now that makes this more relevant? Do you think the expectations for what IT provides are growing? Or is it the fact that IT is becoming much more strategic, the companies need to succeed at IT for the entire company to succeed?

Schmelzeisen: It’s actually multifold. On one side, the old challenges are still here. We see new technologies. We see the need for new services coming up. But there are also a lot of drivers that are putting pressure on the IT department. One is the ongoing topic of cost reduction. The competitiveness of an IT department is related to the efficiency and the quality of processes in place.

There is also the big theme of regulatory compliance. That is permanently on the CIO agenda and that of all C-level management. To achieve this you need to have all the processes very well under control. There is also the ongoing demand to provide more value to the business, to be more agile in your responses, how quickly can you can implement new environments and respond to the needs of the business. Those are really the challenges of today.

Bronkhorst: May I add to that as well, Dana?

Gardner: Please, yes.

Bronkhorst: What I also see is that there are organizations that have an increasing need to demonstrate the level of quality that they are providing to their customers. We now have an industry standard called ISO/IEC 20000 for IT Service Management. There is an opportunity here to become certified, which might be useful in the case, for example, an IT organization wants to go to the outside world and provide services in the open market or as a protection mechanism for the internal IT organization to prevent themselves from become outsourced. This is another driver for organizations to show the value and the quality they provide.

Gardner: So, demonstrating their role and their certification helps to establish them internally against a competing approach, but also gives them more credibility if they want to take these services to an extended enterprise approach.

Bronkhorst: Yes, that’s correct.

Gardner: Now, could you help us understand ITIL, this library of best practices? We’ve got a new refresh coming up with Version 3 this coming spring. What is the impact of ITIL and how does it relate to ITSM?

Bronkhorst: Let me speak to that a little bit. ITIL originated in the '80s actually. It was created by the British Government, which still owns ITIL. It's a set of books that describes best practice guidance in the area of, "How do I organize the operational processes that help me manage my infrastructure and he help me manage my IT services?"

When it was created in the '80s, it initially consisted of more than 30 books. They were condensed in the '90s down to eight books, and that’s basically the set that exists today. However, as we’ve seen the technology and the needs evolve, the British Government is driving a project to further condense ITIL down to five books. This will better link it to the needs of businesses today, which will then help customers to get themselves organized around the lifecycle of IT services, being able to create new services, define them, build them, test them, bring them into production, and take them out of production again once they’re no longer needed.

If I look at the traditional impact of ITIL, I would say that it is typically targeted at the operations department within an IT organization, the area where all the infrastructure and applications are maintained, and where, as a user, you would interact most on a daily basis.

What’s happening with the new ITIL is that the scope of these best practices will be significantly improved, and ITIL Version 3 will be more focused on how you organize an IT organization as a whole. In other words, taking an integral view of how to manage an IT service that consists of applications, infrastructure components, hardware, etc. This means it will be a much bigger scope of best practices compared to what is it today.

Gardner: You mentioned that this began in a government orientation. Is this being embraced by governments, or by certain geographies or regions? Globally, is ITIL something that a certain vertical industry is more likely to adapt? I guess I'm looking for where is this in place and where does it make the most sense?

Bronkhorst: ITIL is not particularly focused on a specific industry segment. ITIL is generic in the sense that it provides best practices to any type of IT organization. It’s also not restricted geographically, although the British Government created it initially. Over the past few years, we could almost say it has conquered the world. This is evidenced by the fact that there are local IT service management forum organizations, which some people call ITIL users groups, but it’s a little bit more than that.

These IT groups focus on best practices in the area of IT service management of which ITIL is a component. And so, across the globe, many of these user groups have started. Actually, HP was a founding member of many of those user groups, because it is important for people who use these best practices to share their experiences and bring it to a higher level.

Gardner: This new version, Version 3, is this a major change? Is this a modest change? I guess I'm looking for the impact. Is this is a point release or a major SKU? How different will Version 3 be from some of the past approaches for these best practices?

Bronkhorst: I would classify ITIL Version 3 as a major release. I say that not because it is changing things from ITIL as it exists today. One of the basic underlying designs is that it builds on the principles that exist in ITIL today. The reason I'm saying it’s a major release, is because it's adding so much more to the scope of what ITIL covers, plus it completely restructures the way in which the information is organized.

What do I mean by that? In the past when you looked at the ITIL books, they were focused on topics that made sense to the people who work within the IT organization. Application Management, Infrastructure Management, Software Asset Management are all topics that make sense from an IT internal view. But, few people who look at IT from the outside care about how you do it, as long as they get the service that they have agreed on with you.

The new ITIL will be organized around five phases of the service lifecycle, starting with strategy. How do you handle strategies around services, followed by how do you design a service, and how do you then transition that service into operations? Service operation is the fourth phase, and then the last phase is all about how to continuously or continually improve service delivery? That will be a major change, especially for people who are familiar with the current ITIL in the way in which it is structured.

Gardner: Now, this isn’t happening in a vacuum. There are many other large trends taking place and affecting IT and businesses, and these are very dependent on IT. I'm thinking of application modernization, services-oriented architecture, consolidation and unification, adoption of new approaches with an emphasis on agile or rapid development. Does ITIL help reduce the risk of embracing some of these new trends? How should companies view this in terms of some of the other activities that they are involved with in their IT department?

Bronkhorst: ITIL basically helps you to set the context for these trends in an IT organization. In other words, if you organize yourself according to ITIL best practices, you have a solid foundation for being able to more quickly adopt new trends in the marketplace or new, evolving technologies, as you are organizing yourself to be much more agile than you have been before.

Gardner: Are there hard numbers to apply here. Perhaps, Klaus, you have some indication? When companies look at this, it seems like it makes great sense. It’s progressive. It’s maturing -- something that is fairly recent and fast-moving in organizations. But, are there hard business metrics, ROI, reduced total cost of IT, or higher productivity? When it comes time to sell this, to convince the business to invest in such things as ITSM, and they say, “Well, what’s the pay-back,” what has been the experience?

Schmelzeisen: We definitely have a lot of numbers. The usual metrics are cost reduction. For example, one of our big customers, DHL, reports 20 percent cost reduction since it implemented their IT processes. We have other cases where they are looking at a total return on investment that includes efficiency gains, as well as staff reduction, improved quality. That showed a breakeven for one of our clients, Queensland Transport, the government agency in Australia, in the second year, and an ROI of 400 percent in five years.

There are other measurements, like decreased amount of rework, decreased response time, how many calls you can solve on the first call. All these measurements are coming together. Alcatel-Lucent, for example, is showing very good returns in terms of quality improvements, as well as things that are much less tangible, like facilitated consolidation of all systems and their subsequent decommissioning.

So, there are very tangible measurements, like cost reduction, the number of call resolutions, and things like that -- quality improvements. And, there are less tangible ones, like how quickly you can get rid of older environments, how quickly you can consolidate, etc.

Gardner: What about the impact on users? Have there been surveys? You mention some of the software paybacks around reduced the time for resolution and better call center performance. Has anyone that you're aware of done user focus surveys after ITSM approaches have been adopted. Have they gauged the satisfaction of the people who are the ones actually using IT?

Schmelzeisen: Basically, the response to the quality of service provided by the IT department?

Gardner: That’s right -- the perception and the sense of confidence in IT.

Schmelzeisen: I don’t have a precise number at hand right now, but you can easily deduce it. If you call a help desk and you get put on hold, or you have to call again and your call is continuously routed to another person, and eventually you get an answer in a couple of days, how is your satisfaction rate based on that? It’s probably going to be very low.

However, if you call, and the person at the other end has all the information available about your case, he knows what type of system you have, he knows how it’s configured, he knows what changes have be done within the last couple of weeks or months, and he knows what environment you’re working in -- and he can help you right away -- I think it does great things for customer satisfaction.

Gardner: Sure, if customers can call in and get resolution and a sense of confidence, they're less likely to go off and start doing IT things on their own, on the department and lower-division level, which then requires that to be brought into a more centralized approach. Then, you lose any of the efficiencies of central procurement, managing licenses, and reducing redundancies.

It seems as if taking this life-cycle approach has a great opportunity to improve on efficiency from a procurement, licensing, and cost basis.

Schmelzeisen: Absolutely.

Bronkhorst: May I add one more thing, Dana? I think what we also see is that it’s not only important to measure, monitor, and manage customer satisfaction. It’s also key for a lot IT organizations to manage and monitor employee satisfaction. This is something that we also do as an integral part of the way that we handle projects where we implement ITSM processes and technologies with our customer.

Gardner: As far as United States market goes -- the one that I am most similar with -- it has been a long-term trend that it’s difficult to get qualified IT people and hold them. They often jump from company to company. I suppose that’s part of the dissatisfaction, but places enterprises in a fire-fighting mode much of the time, rather than in a more coordinated and straightforward productivity approach.

Bronkhorst: It’s also key that if you implement an ITSM solution or an ITSM environment, then what you do is structure the activities within an IT organization. Those activities are performed by a piece of technology, in other words automated, or performed by people. The challenge with many of these implementations is how to configure people in a way that they execute the processes the way they were designed. Technology, you can control, but people, sometimes you can’t, and you need to do something extra in order to make that work.

Schmelzeisen: I think that’s an interesting term that’s been introduced, "configuration of people," which means training and education. As a proof point to that, in all of the big projects -- Alcatel-Lucent, DHL, and Queensland Transport -- we had actually trained and retrained a significant number of people. With DHL, we trained about 4,000 IT professionals from a number of companies. With Alcatel-Lucent, it was training for about 1,000 employees. So, it’s a significant number of people need to be "reconfigured," as you called it.

Gardner: In another economic efficiency area, companies and enterprises have been looking to outsource or offshore. They're, looking to have better choices and more options in terms of how they acquire IT. If they have the certification process, as is being described here, in place, they can go and say, "Well, are your people certified? Are they trained? I am not going to outsource to anyone that isn’t."

It seems like this could make for more professionalism and less guessing, or risk, when it comes to outsourcing. Is that a trend you are seeing as well?

Schmelzeisen: Absolutely. It is important for organizations that want to show that they can achieve a certain level of quality to consider certification. What we did in our approach was to make sure that we use methodologies that have proven themselves in reality for customers to become certified in ITSM.

Gardner: All right. Let’s look to the future a little bit. It seems that there is a life-cycle approach to ITSM itself, and its successes can build upon one another toward a whole greater than the sum of the parts. But on the other hand, with this commoditization, if all companies are certified and all IT departments are operating in the same fashion, some companies that have depended on IT for a competitive edge might lose that. Is there any risk of reducing IT to a commodity set of services that prevents companies from somehow differentiating themselves?

Schmelzeisen: In some respects that’s a valid question, because a lot of IT services will be commoditized over time. On the other side, there is an ongoing wave of new things coming in, and there will always be leaders and followers. So, we will see more and different services being deployed. In the future, you won’t be able to differentiate just through an email service, to give you one example of an IT service.

However, it's different when it comes to other things: the way you manage your environment, integrate things like SOA or deploy SOA in your environment, embrace new technologies, drive mergers and acquisition from an IT integration point of view, how you select whether you are outsourcing, out-tasking or keeping things in-house.

Those are really differentiating points for the future, and I'll elaborate a little bit on the latter one. We are moving to a full IT service provider environment. A lot of these service provider ideas really come down to what you keep in-house, where you compete with others, and where your capabilities complement others. So, they are really looking at a whole supply chain in the sense of looking at complementors and competitors. It’s becoming a value net that IT organizations will have to look at and will have to manage. That is where the differentiation will be in the future.

Gardner: Anything else for us on that subject, Jeroen, about the competitive issues and commoditization? On one hand, we're saying that commoditization happens, but it is good in that it levels the playing field for you to be innovative.

Bronkhorst: I agree with what Klaus said, especially in the area that new technologies keep coming up. You can find new things in the stores almost every day, and the more new technology that’s introduced the more complex the world becomes, especially for IT organizations that have to keep it all up and running.

The challenge for a lot these IT departments is to make the right choices about which technologies to standardize on at what moment in time, and how to balance the cost associated with that with the quality you provide to your customer base. The real challenge is in doing that in a way that you distinguish yourself from the world surrounding you and being aware of the role you play in relation to your competitors and your complementors, as Klaus indicated.

Gardner: On a more pragmatic level, for those companies that are not quite into this yet, but want to be, how do you get started? How do you say, "I want to have a professional approach to ITSM? I also want to learn more about ITIL and how that could be useful tools for me?" Should you do one before the other? Are they something you can do on a simultaneous track? How do you get started?

Schmelzeisen: You always have to look at three main components, and we have mentioned them a couple of times before. It's people, process and technology. As people are driving most of the changes it’s definitely a good idea to have at least a certain number of people trained and certified, so that they can make educated decisions on technologies and processes later on.

When it comes to the process work, this can start in parallel, but definitely requires trained people. Technology is something that is definitely very important, but technology alone will not solve the problem. What's your view on this, Jeroen?

Bronkhorst: I agree with that. For those organizations that do not know yet whether a process-oriented approach is right for them we have a very interesting simulation game from our education department. We simulate processes in a non-IT environment, and make people aware of the value that can bring to their daily job.

We don't go into any of the ITIL or ITSM specifics right away, although there is some theory in the training. It’s really a simulation, and that is what a number of organizations start with. There are others who are more knowledgeable in this area already, and they typically want to go straight into a discussion as to how to compare themselves to industry best practices and what areas to address to improve. Then, we get more into a project simulation and assessment type approach, where you basically have a discussion with each other as to where we are today and where we want to be in the near future.

Gardner: I've been thinking about this as something for very large organizations, but perhaps that’s not the right way to look at it. How does this scale down? Does it fit well with small- to medium-sized businesses, or even smaller divisions within larger corporations? What’s the shakeout in terms of the size of the organization?

Schmelzeisen: You can deploy it to very small organizations as well. There might be one significant change: the need for automation. My experience is that this grows with the size of the organization. So, if you are a 170,000-person company with a huge IT department, you ought to have automated processes. This obviously means the processes need to be standardized and well understood, and people need to be trained on it.

If you are a 10-person IT department, you still have to have processes, but probably if you are such a small group, and you might even be located in one place, you can still do this without automation, using more basic tools, even on paper. Nevertheless, the need to understand your processes and have them well defined is independent of the size of the company.

Bronkhorst: There is actually a book from one of the ITSM’s chapters around how to apply ITIL in a small-size business environment, though I think that underlines the point that Klaus is making.

Gardner: Great. Well, thanks very much. This has been an interesting discussion about IT Service Management, making IT a professional organization with customer-focused quality of service as goals, and how to go about that on step-by-step basis.

Discussing this with us today have been two executives from Hewlett-Packard -- Klaus Schmelzeisen, the global director of the Global ITSM and Security Practices at HP Services Consulting and Integration group, and also Jeroen Bronkhorst, the ITSM program manager with HP Services Consulting and Integration group. I want to thank you gentlemen both for joining us.

Schmelzeisen: Well, thanks, Dana.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions, and you have been listening to a sponsored BriefingsDirect podcast. Thank you.

Listen to the podcast here.

Podcast sponsor: Hewlett-Packard.

Transcript of Dana Gardner’s BriefingsDirect podcast on ITIL v3 and IT Service Management. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.