Analysts Define Growing Requirements List for Governance in Any Move to Cloud Computing

Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 42 on need for governance as more enterprises look to cloud computing services from inside and outside the firewall.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Charter Sponsor: Active Endpoints. Also sponsored by TIBCO Software.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Dana Gardner: Hello, and welcome to the latest BriefingsDirect Analyst Insights Edition, Volume 42. I'm your host and moderator, Dana Gardner, principal analyst at Interarbor Solutions.

This periodic discussion and dissection of IT infrastructure related news and events, with a panel of industry analysts and guests, comes to you with the help of our charter sponsor, Active Endpoints, maker of the ActiveVOS visual orchestration system, and through the support of TIBCO Software.

Gardner: Our topic this week on BriefingsDirect Analyst Insights Edition, and it is the week of May 18, 2009, centers on governance as a requirement and an enabler for cloud computing. We're going to talk not just about IT governance, or service-oriented architecture (SOA) governance. It's really more about extended enterprise processes, resource consumption, and resource-allocation governance.

It amounts to "total services governance," and it seems to me that any meaningful move to cloud-computing adoption, certainly that which aligns and coexists with existing enterprise IT, will need to have such total governance in place.

So, today we'll go round robin with our IT analyst panelists on their top five reasons why service governance is critical and mandatory for enterprises to properly and safely modernize and prosper vis-à-vis cloud computing.

We see a lot of evidence that the IT vendor community and the cloud providers themselves recognize the need for this pending market need and requirement for additional governance.

For example, IBM recently announced a virtualization configuration management appliance called CloudBurst. It not only helps companies set up and manage virtualized infrastructure, but it can just as well provision and manage instances of stacks of applications, as well as data services support across any number of cloud scenarios.

Easier provisioning

We also recently saw Amazon Web Services move with a burgeoning offering to ease provisioning, a reliability control, via automated load balancing and scaling features and services.

Akamai Technologies this spring announced advanced network-based cloud performance support, in addition to content and application's optimization services. [Disclosure: Akamai is a sponsor of BriefingsDirect podcasts.]

HP, also this spring, released Cloud Assure to help drive security, performance, and availability services for software-as-a-service (SaaS) applications, as well as cloud-based services. So, the road to cloud computing is increasingly paved with, or perhaps is going to be held up by, a lack of governance. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here to help us understand the need for governance as an enabler or a roadblock to wider cloud adoption are our analyst guests this week. We're here with David A. Kelly, president of Upside Research. Hey, Dave.

David A. Kelly: Hey, Dana. Happy to be here. This should be a fun topic.

Gardner: Ron Schmelzer, senior analyst from ZapThink. Hey, Ron.

Ron Schmelzer1: Hey, great to be here.

Gardner: And, Joe McKendrick, independent analyst and ZDNet blogger. Hey, Joe.

Joe McKendrick: Hey, Dana, nice to be here as well.

Gardner: Let's start with you Ron. You've been involved with SOA best practices and methodologies for several years. Before that, you were a thought leader in the Web services space, and governance has been part and parcel of these advances. Now, we're taking it to an extended environment, a larger, more complex environment. Tell me, if you would, your top five reasons why you think services governance is critical or not for this move to a larger services environment.

Schmelzer: You're making me count on a Friday before a long weekend. Let me see if I can do that. I'm glad you brought up this topic. It's really interesting. We just did a survey of the various topics that people are interested in for education, training, and stuff like that. The number one thing that people came back with was governance. That's indicative and telling at a few levels.

The first thing people realize is that simply building and putting out services -- whether they're on the local network or in the cloud or consuming services from the cloud -- don't provide the benefit, unless there's some control. As people always say, nobody really wants to be ungoverned, but nobody wants to have a government. The thing that prevents freedom from going into chaos is governance.

I can list the top five reasons why that is. You want the benefit of loose coupling. That is, you want the benefit of being able to take any service and compose it with any other service without necessarily having to get the service provider involved. That's the whole theory of loose coupling. The consumer and the provider don't have to directly communicate.

But the problem is how to prevent people from combining these services in ways that provide unpredictable or undesirable results. A lot of the efforts in governance from the runtime prevents that unpredictability. So one, preventing chaos.

Two. Then there is the design time thing. How do you make sure services are provided

How do you make sure that the various services comply with the various corporate policies, runtime policies, IT policies, whatever those policies are?

in a reliable predictable way? People want to create services. Just because you can build a service doesn't mean that your service looks like somebody else's service. How do you prevent issues of incompatibility? How do you prevent issues of different levels of compliance?

Of course, the third one is around policy. How do you make sure that the various services comply with the various corporate policies, runtime policies, IT policies, whatever those policies are?

Those are the top three. To add a fourth and a fifth, people are starting to think more and more about governance, because we see the penalty for what happens when IT fails. People don't want to be consuming stuff from the cloud or putting stuff into a cloud and risking the fact that the cloud may not be available or the service of the cloud may not be available. They need to have contingency plans, but IT contingency plans are a form of governance. Those are the top four, and it's a weekend, so I'll take the fifth off.

Gardner: Very good. Now, we go to David Kelly next. David, you've been following the cloud evolution through the lens of business process management (BPM) and business process modeling. I'm interested in your thoughts as to how governance can assist in how organizations can provide a better management and better modeling around processes.

Kelly: Yeah, absolutely. At one level, what we're going to see in cloud computing and governance is a pretty straightforward extension of what you've seen in terms of SOA governance and the bottom-up from the services governance area. As you said, it gets interesting when you start to up-level it from individual services into the business processes and start talking about how those are going to be deployed in the cloud. That brings me to my first point. One of the key areas where governance is critical for the cloud is ensuring that you're connecting the business goals with those cloud services.

It's like the connection between IT and business in conventional organizations. Now, as those services move out to the cloud, it's the same problem but in a larger perspective, and with the potential for greater disruption. Ron just mentioned that in terms of the IT contingency planning and the risk issues that you need to bring up. So, one issue is connecting the business goals with the cloud services.

Another aspect that's important here is ensuring compliance. We've seen that for years. That's going to be the initial driver that you're going to see in the cloud in terms of compliance for data security, privacy, and those types of things. It's real easy to get your head around, and when you're looking at cloud services that are provided to consumers, that's going to be a critical point.

Can the consumers trust the services that they're interacting with, and can the providers provide some kind of assurance in terms of governance for the data, the processes, and an overall compliance of the services they're delivering?

Then, when you step back and look, the next issue in terms of governance

It's like saying we have Web server governance. You need it. It's there and its important, but its such a small slice of the overall solution that we're going to have to see a much broader expansion over the next four or five years.

and cloud governance comes down to ensuring consistent change management. You've got a very different environment than most IT organizations are used to. You've got a completely different set of change-management issues, although they are consistent to some extent with what we've seen in SOA and the direction organizations are taking in that area. You need to both maintain the services and make sure they don't cause problems when you're doing change management.

The fourth point is making sure that the governance can increase or help monitor quality of services, both design quality, as Ron mentioned, and runtime quality. That could also include performance.

Dana, when you mentioned some of your examples, most of those are about the performance and availability of these services. So, they're very limited. What we've seen so far is a very limited approach to governance. It's like saying we have Web server governance. You need it. It's there and its important, but its such a small slice of the overall solution that we're going to have to see a much broader expansion over the next four or five years.

The last thing, looking at this from a macro perspective, is managing the cloud-computing life cycle. From the definitions of the services, through the deployment of the services, to the management of the services, to the performance of the services, to the retirement of the services, it's everything that's going on in the cloud. As those services get aggregated into larger business processes, that's going to require different set of governance characteristics. So, those are my top five.

Gardner: Joe McKendrick, we've heard from David and Ron. David made an interesting point that we're probably scratching the surface of what's going to be required for a full-blown cloud model to prosper and thrive. We're still looking at this as basically red light-green light, keeping it working, keeping the trains running. We don't necessarily have them on time, on schedule, or carrying a business payload or profit model. So, Joe, I'm interested in your position -- five reasons why governance is important, or what, perhaps, needs to come.

McKendrick: Thanks, Dana. Actually, Ron and David really covered a lot of the ground I was going to cover, and they said it probably a lot better than I would say.

There is an issue that's looming that hasn't really been discussed or addressed yet. That is the role of governance for companies that are consuming the services versus the role of governance for companies that are providing the services.

On some level, companies are going to be both consumers and providers of cloud services. There is the private cloud concept, and we've talked about that quite a bit in these podcasts. SOA is playing a key role here of course.

Companies, IT departments will be the cloud providers internally, and there is a level of governance, the design time governance issues that we've been wrestling with SOA all these years, that come into play as providers.

There are going to be some other companies that may be more in a consume mode. There are other governance issues, another side of governance, that they have to tackle, such as service-level agreements (SLAs), which is assuring the availability of the applications they're receiving from some outside third party. So, the whole topic of governance splits in two here, because there is going to be all this activity going on outside the firewall that needs to be discussed.

Another key element that's coming into play has been wrestled with, discussed, and thrown about during the development of SOA over the past few years.

A lot of companies are taking on the role of a broker or brokerage. They're picking up services from partners, distributors, and aggregators, and providing those services to specific markets.

It's the ability to know what services are available in order to be able to discover and identify the assets to build the application or complete a business process. How will we go about knowing what's out there and knowing what's been embedded and tested for the organization?

The issue of return on investment (ROI) is another hot button, and we need to be able to determine what services and processes are delivering the best ROI. How do we measure that? How do we capture those metrics?

But overall, the key thing of SOA and what we've been talking about with SOA is how do we get the business involved? How do we move it beyond something that IT is implementing and move it to the business domain? How do we ensure that business people are intimately involved with the process and are identifying their needs? Ultimately, it's all about services. We're seeing businesses evolve in this direction.

A lot of companies are taking on the role of a broker or brokerage. They're picking up services from partners, distributors, and aggregators, and providing those services to specific markets. I call it the "loosely coupled business" concept, and it's all about services -- SOA, Web services, cloud-based services. It's all rolled into one -- Enterprise 2.0. I'll bring that in there too.

So, we're just scratching the surface here.

Preparing to scale

Gardner: Thanks Joe. I'll be last and will take the position of disadvantage, because I'll be talking a lot about what you've all stated so far, but perhaps with a little different emphasis.

My first reason for governance is that we're going to need to scale beyond what we do with business to employee (B2E). In many cases we've seen SOA and Web services developed in large enterprises first for some B2E and some modest business to consumer (B2C).

For cloud computing, we're going to need to see a greater scale business to business (B2B) cloud ecology and then ultimately B2C with potentially very massive scale. New business models will demand a high scale and low margin, so the scale becomes important. In order to manage scale, you need to have governance in place. And by the way, that's not only for services, but application programming interfaces (APIs).

We're going to need to see governance on API usage, but also in what you're willing to let your APIs be used for -- not just on an on/off switch, but also at a qualitative level. Certain types of uses would be okay, but certain others might not for your APIs, and you might also want to be able to charge for them.

My second point is the need to make this work within the cloud ecology.

Standards and neutrality at some level are going to be essential for this to happen at that scale across a larger group of participants and consumers.

So, with dynamic partnering, with people coming and going in and out of an ecology of process, delivered cloud services, means federation. That means open and shared governance mechanisms of some type. Standards and neutrality at some level are going to be essential for this to happen at that scale across a larger group of participants and consumers.

One example of this we've seen at the social-network level is the open, social approach to sign-on and authentication. That's just scratching the surface of what's going to be required in terms of an automated approach to provisioning and access control at the services level, which falls back to much more robust and capable governance.

My third reason is that IT is going to need to buy into this. We've heard some talk recently about doing away with IT, going around IT, or doing all of these cloud mechanisms vis-à-vis the line of business folks. I think there is a role for that, and I think it's exploratory at that level.

Ultimately, for an enterprise to be successful with cloud models as a business, they're going to have to take advantage of what they already have in place in IT. They need to make it IT ready and acceptable, and that means compliance. As we've talked about, that's the ability to have regulatory satisfaction, where that's necessary, and to satisfy the requirements that IT has for how its going to let its resources, services, and data be used.

IT checklist

IT has, or should have, a checklist of what needs to take place in order for their resources and assets to be used vis-à-vis outside resources or even within the organization across a shared-services environment. IT needs to be satisfied, and governance is going to be super essential for that.

Number four is that the business models that we're just starting to see well up in the marketplace around cloud are also going to require governance in order to do billing, to satisfy whether the transaction has occurred, to provision people on and off based on whether they've paid properly or they're using it properly under the conditions of a license or a SLA of some kind. This needs to be done at a very granular level.

We've seen how long it took for telecommunications companies to be able to build and provision properly across a fairly limited amount of voice services. They recognized that their business model was built on the ability to provision a ring tone and charge appropriately for it. If it has a 30-day limit to use, that needs to be enforced. So, governance is going to be essential for making money at cloud types of activities.

Lastly, cloud-based data is going to be important. We talk about transactions, services, APIs, and applications, but data needs to be shared, not just at a batch level, but at a granular level across multiple partners. To govern the security, provisioning, and protection of data at a granular level falls back once again to governance. So, I come down on the side that governance is monumental and important to advancing cloud, and that we are still quite a ways away from doing that.

Where I'd like to go next with the conversation is to ask where would such

The cloud actually complicates things a little bit, because we're not really in control of the cloud infrastructure. So, we don't have full control of how a third-party cloud environment would choose to enforce a runtime policy.

governance happen? Is this something that will be internal? Will there be a third party, perhaps the equivalent of a Federal Reserve in the cloud, that would say, "This is currency, this is what the interest rates are, and this is what the standards are?" In a sense, we're talking about cloud computing as almost an abstraction, like we do when we think about an economy or a monetary system.

So, let's take up that question of where would you actually instantiate and enforce governance. Back to Ron Schmelzer at ZapThink.

Schmelzer: It's good that you mentioned all of these things. Governance just can't be a bunch of words on a piece of paper, and then you hope that people by themselves will just voluntarily make them happen. Clearly, we need some ways of enforcing them.

Some of them are automated and some of them are automatable, especially a lot of the runtime governance things you talk about -- enforcing security policies, composition policies, and privacy policies.

There are a lot of those policies that we can enforce. We can enforce them as part of the runtime environment, whether we do that as part of the infrastructure, we do it as part of the messaging, or we do that at the client side. There are a lot of different ways of distributing.

The cloud actually complicates things a little bit, because we're not really in control of the cloud infrastructure. So, we don't have full control of how a third-party cloud environment would choose to enforce a runtime policy.

But, there are other kinds of policy. We talked about design-time policy, which is how we govern the way that we create services. How do we govern the way that we consume them? How do we govern the way that we procure those services? There is a certain amount of enforceability, both at automated level with the tooling that we use to do that, the design time tooling, or even as part of the budgeting, approval, or architectural review process. There are a lot of places where we can enforce that.

Change management

Of course, we have the whole area of change management. It's a huge bugaboo in SOA, and it's going to rear its head in cloud. How do we deal with things versioning and changing, both the expected changes and the unplanned changes, things becoming available, and things not becoming available.

We may have policies to deal with that, but how do we force a policy that says, "All of a sudden the geocoding service that you're using for some core process is no longer available. You have to switch to another one." Can you truly automate that, or is there some sort of fall back? What do you do?

Fortunately, one of the great things about cloud is that it's forcing us to stop thinking about integration middleware as a solution to architectural problems, because it has absolutely nothing to do with integration middleware.

We don't even know what's running the cloud. So, when we're thinking about the cloud now, we have to be thinking in terms of the abstract service. What do I do when it's available? What do I do when it's not available? That forces us to think a lot more about governance, quality, and management.

Gardner: Let's go to you Dave Kelly. It seems to me that there is a political angle to this as well, as Ron was saying. There is a need for a trusted, neutral, but authoritative third party. Would I trust my own enterprise, my competitor, or even someone in my supply chain to be dictating the enforcement of governance?

Kelly: Well, I think there is. There is a role for a trusted,

We're going to see more of a bottom-up approach to governance. The organizations that are putting services or data out there are going to be ones demanding some type of governance or compliance capabilities.

neutral, as you said, an authoritative third party, but we're not going to see one soon. That's a longer-term evolution. That's just my take. We'll see some kind of alliance evolve over the next couple of years, as providers start to grapple with this and with how they can help ensure some sort of governance and/or compliance in the cloud services. As usual in the IT landscape, that will be politicized, at least in terms of the vendors providing services.

We're going to see more of a bottom-up approach to governance. The organizations that are putting services or data out there are going to be ones demanding some type of governance or compliance capabilities. You're going to see this push from the bottom, with some movement from the top, but I don't know that it's going to be all that effective.

Gardner: Joe McKendrick, let me run that by you, but with a hypothetical. We've seen in the past over the history of business, commerce, and the mercantile environment, starting perhaps 500-700 years ago, around shipping, sailing ships across port to port, that someone had to step up and become an arbiter. Perhaps it was a customs groups, perhaps a large influential company, like an East India Company, but eventually someone walked in to fill the vacuum of managing a marketplace.

The cloud is essentially a marketplace or many marketplaces. It's very complex compared to just moving tobacco from North America to Europe or back to the East Indies with some other cargo. Nonetheless, it seems to me that the government or governments could step into the middle here and perform this needed third-party authoritative role for governance.

Extracting revenue

Maybe it won't be necessarily providing the services, but providing the framework, the standards, and, at some level, enforcement. In doing so, it will have an ability to extract some sort of a revenue, maybe on a transaction basis, maybe on a monetary percentage basis. Lord knows, most governments that we're looking at these days need money, but we also need a cloud economy because it's so much more productive.

I know this is a big question, a big hypothetical, but don't you think that it's possible that this need for governance that we've uncovered will provide an opportunity for a government agency or some sort of a quasi-public entity to step in and derive quite a bit of revenue themselves from it?

McKendrick: Wow! I don't know about that. You mentioned earlier the possibility of a hypothetical Federal Reserve in the cloud, I'm just trying to picture Ben Bernanke or Alan Greenspan taking the reins of our cloud economy and making obtuse statements, and everybody trying to read the tea leaves on what they just said.

I don't know, Dana. I can't see a government agency stepping in to administer or pluck revenue out of the cloud beyond maybe state agencies looking for ways to leverage sales taxes. They already have that underway.

You mentioned marketplaces taking over. I think we're going to see the formation of marketplaces of services. Dave Linthicum isn't on the call with us. He was with StrikeIron for a while, and StrikeIron was a great example from the get-go of how this would be structured.

They formed this private marketplace. Web service providers would

I think it will be a private-sector initiative. We'll see these marketplaces gel around services.

provide these services and make them accessible to StrikeIron. They would certify to StrikeIron that the services were tested and viable. StrikeIron also would conduct its own testing and ensure the viability of the services.

Gardner: I believe there's another company in Europe called Zimory that's attempting a similar approach, right?

McKendrick: Exactly. In fact, a company called 3tera just announced this past week that they'll be providing a similar type of marketplace for cloud-based services.

Gardner: So, the need is clearly there, don't you agree?

McKendrick: Absolutely! I think it will be a private-sector initiative. We'll see these marketplaces gel around services. I'm not sure how StrikeIron is doing these days, but the business model was that the providers of the services were to receive these micro payments every time a service was used by a consumer tapping into the marketplace. It might be just a few pennies per instance, but these things add up. Sooner or later, you have some good money to be made for service providers.

Gardner: Ron, do you think that this is strictly a private-sector activity or can no one private-sector entity be put into the position of a hub within a spoke of cloud commerce? Would anyone be willing to trust one company with such power, or does this really open up an opportunity for more of a public entity of some kind?

Let it evolve

Schmelzer: For now, we need to let this evolve. We're still not quite sure what this means economically. We don't know how long lived this is going to be. We don't know what the implications are entirely. We do trust a lot of private companies.

To a certain extent, Google is one, big unregulated information hub, as it is. There's a lot of kvetching about that, and Google has made some noise about getting into electronic health records. Right now, there's really no regulation. It's like, "Well, let Google spend their money innovating in that area, and if something good comes out of it, maybe the government can learn."

But, the government is a little bit overwhelmed at the moment just trying to keep the basics of "Ye Old 1.0 Brick-and-Mortar Economy" running, and can't get their fingers into the 2.0 and 3.0 stuff that a lot of us in the market don't have entire visibility into. I'm going to plead SOA libertarianism on this one.

McKendrick: The government could play a role of a catalyst. Look at the Internet, the way the Internet evolved from ARPANET.

But, the government is a little bit overwhelmed at the moment just trying to keep the basics of "Ye Old 1.0 Brick-and-Mortar Economy" running.

The government funded the ARPANET and eventually the Internet, funding the universities and the military establishments involved in the network. Eventually, they niched them into the private sector. So, they could play a catalyst role.

Gardner: There is a catalyst, but there is also a long-term role of playing regulator. If you look at how other markets have evolved. Right now, we're looking at the derivatives market that has evolved over the past 10 or 15 years in financial market.

Some government agencies are coming and saying, "Listen, this thing blew up in our face. We need now to allow for a regulatory overview with some rules and policies that we can enforce. We're not going to run the market, we're not going to take over the market, but we're going to apply some governance to the market."

McKendrick: Does the government regulate software now? I don't see a lot of government regulation of software -- Oracle or Siebel.

Gardner: We're not talking about software. We're talking about services across a public network.

McKendrick: Right, but the cloud is essentially a delivery mechanism. Its not CDs. It's an over-the-wire delivery of a software.

Gardner: That's why I argue that it's a market, just like a NASDAQ is a market, the New York Stock Exchange, or a derivatives trading environment is a market. Why wouldn't the government's role apply to this just as it has to these marketplaces? Dave Kelly?

Not at the moment

Kelly: Eventually, it will, but, as you said, the derivatives market went unregulated for a long number of years, and the cloud market is certainly not well-defined. It's not a good place for regulation at the moment. Come back in three or four years, and you've got a point to make, but until we get to some point where there is some consistency, standards, and generally accepted business principles, I don't think we're there yet.

Gardner: Should we wait for it to be broken before we try to fix it?

Kelly: That's the typical strategy of government, so yeah. Or we can wait for someone like Microsoft to step in.

Gardner: Would that be amenable to somebody like Amazon and Google?

Kelly: I don't know.

McKendrick: I think we may see an association step in. Maybe we'll see an Open Group, or an OASIS-type

The only other alternative from a political standpoint is to have one big cloud provider that makes all the rules that everyone has to line up around.

industry association step in and take the lead.

Gardner: I see -- the neutral consortium approach.

Kelly: The neutral ineffective consortium.

Schmelzer: Ooh, this is getting rapidly political. We need this weekend, where is the weekend?

Gardner: But that is the point. This is ultimately going to be a political issue. Even if we come up with the technical means to conduct governance, that doesn't mean that we can have governance be effective in this large, complex marketplace that we envision around cloud.

The only other alternative from a political standpoint is to have one big cloud provider that makes all the rules that everyone has to line up around. I believe on the political side of things that's called fascism. Sometimes, it's worked out, but not very often.

Kelly: Or Colossus: The Forbin Project.

Schmelzer: Utilitarianism is the best form of government, as long as everybody cooperates. But, it's hard having the governments involved. To a certain extent, it's true that governance only works as long as there is trust. If you can't trust the providers, then you're just not going to go for it. The best case in point was when Microsoft introduced Passport [aka Hailstorm]. Remember that?

Microsoft said, "We'll serve as a central point. You don't like logging into all these websites and providing all your personal information. No problem. Store that with us, and we will be basically be your trusted intermediary. You log into the Passport system and enter your password into Passport."

Lack of trust

What happened to it? It failed. Why did it fail? Because nobody trusted Microsoft. I think that was really the biggest reason. Technologically it had some issues too, and there were a bunch of other problems with .NET. Also, they were just using Passport as a way of getting their tentacles into all the enterprise software and things. That's neither here nor there, but the biggest reason was, "Why would I want to store all this information with Passport?"

Look at the response to that, this whole Liberty Alliance shindig. I can't say that Liberty Alliance was really that much more successful. What ended up becoming more successful, the whole single sign-on on the Web, was stuff around OpenID and OpenSocial, and all that sort of stuff. That was the social network guys, Facebook and Google, saying, "We're really the people who are in control of this information, and they've already shared this information with us as it is."

Gardner: And what happened was we had a standardized approach to sharing authentication certificates across multiple vendors. That seems to be working fairly well.

Schmelzer: Yeah, without any real intervention. So, I would argue that there is probably a lot more private information in Facebook than people would ever want shared, and there is really no regulation there, but it's pretty well self-regulated at the current moment.

The question is, will all this service cloud stuff go in the direction of what Microsoft tried to do, the single-vendor imposed thing Liberty Alliance tried to do, sort of like the consortium thing, or the OpenID thing, which is a couple of people that already own a very large portion of the environment realizing that they just need to work together amongst themselves.

Gardner: In the meantime, because we all seem to agree that there is a great need for this,

I'd argue that 90 percent-plus of the people who are doing governance really don't know how to do governance at all, regardless of whether they have a great tool or not.

those individual organizations that create the picks and shovels to support governance, regardless of how it's ultimately enforced or what standards, policies, or rules of engagement are ultimately adopted, probably stand to inherit a very large market.

Does anybody want to take a guess as to what the potential market dimensions of a governance picks and shovels, that is the underlying technology and services to support such a governance play might be? Again, we'll start with you, Ron. How big is the market opportunity for those companies that can provide the technical means to conduct governance, even if we don't yet know how it might be overseen?

Schmelzer: I'm very satisfied to see that people are talking about governance as much as they are. This is not a sexy topic at all. I'd much rather be talking about mashups and stuff like that. Given all this interest, the interest in education and training, and what's going on in this market, the market opportunity is significantly growing. It's a little hard to quantify, whether you're quantifying the tools market or the runtime market, or you're quantifying services for setting up governance stuff. I don't think there is enough activity on the services side.

Companies are getting into governance and they think the way to get into governance is to buy a tool or registry or something and put a bunch of repositories together. How do they know what they're doing? I'd argue that 90 percent-plus of the people who are doing governance really don't know how to do governance at all, regardless of whether they have a great tool or not.

It's a big untapped opportunity for companies to get in with some real, world-class governance expertise and best practices and help companies implement those, independent of the tooling that they're using.

Gardner: Dave Kelly, do you agree that the market opportunity is for the methodologies, the professional services, the expertise, as much or more than perhaps say a pure technology sell?

Best practices are critical

Kelly: It's about equal. When you're talking governance, the processes, policies, and best practices are a critical part of it. It's not just about the technology, as it is in some other cases. It's really about how you're applying the policies and principles, both at the IT level and the business level, that are going to form your combined governance and compliance strategy. So, there is definitely a role for that.

At the same time, you're going to see an extension of the existing governance and technology solutions and perhaps some new ones to deal with -- as you said, the scalability, virtualization aspects, and perhaps even geopolitical aspects. As the services and clouds get dispersed around the world, you may have new aspects to deal with in terms of governance that we haven't really confronted yet.

There will be probably a combination of market sizes. I'm not going to put a number on it. It's going to be larger than the existing governance market, but probably I'd say by 10, 15, or 20 percent.

Gardner: Joe McKendrick, let's perhaps try a different way of quantifying the market opportunity. On a scale of 1-10, with 1 being lunch money and 10 being a trillion dollar market, what's your rough estimate of where this governance market might fall?

McKendrick: Let's put it this way. Without Excel or spreadsheets, probably 1 or 2. If you count Excel and spreadsheet sales, it's probably 7 or 8. Most governance efforts are very informal and involve plotting things on spreadsheets and passing them around, maybe in Word documents.

Gardner: That's not going to scale in the cloud. That can't even scale at a department level.

McKendrick: I know, but that's how companies do it.

Gardner: That's why they need a third-party entity to step in.

McKendrick: That's the prime governance tool that's out there these days.

Gardner: I'm going to say that it's probably closer to a 4 or 5. That's because the marketplace in the cloud can very swiftly become a real significant

Just as with the credit card companies, some sort of entity or process will emerge around that, and the government will probably find a way of getting a piece of it, as they usually have in the past.

portion of our general economy. I think that the cloud economy can actually start becoming an adjunct to the general economy that we know in terms of business, commerce, consumer, retail and so forth.

If that's the case, there's going to be an awful lot of money moving around, and governance will be essential. Just as with the credit card companies, some sort of entity or process will emerge around that, and the government will probably find a way of getting a piece of it, as they usually have in the past.

The opportunity here is almost commensurate with the need. There is a huge need for governance and therefore the market opportunity is great, but that's just my two cents.

Well, thanks, we've had a great discussion about governance -- some of the reasons for it being necessary, where the market is going to need to go in order for cloud computing to reach the vision that so many people are fond of these days. We're certainly going to be talking about governance a lot more.

I want to thank our panelists for today's input. We've been joined by David A. Kelly, president of Upside Research. Thanks, Dave.

Kelly: You're welcome. It was fun.

Gardner: Ron Schmelzer, senior analyst at ZapThink. Always a pleasure, Ron.

Schmelzer: Thank you, and one leg out the door to this vacation.

Gardner: And Joe McKendrick, independent analyst and ZDNet blogger. Thanks for your input as always, Joe.

McKendrick: Thanks for having me on, Dana. It was a lot of fun.

Gardner: I also want to thank the sponsors for this BriefingsDirect Analyst Insights Edition Podcast Series, and that would be Active Endpoints and TIBCO Software.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening, and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Charter Sponsor: Active Endpoints. Also sponsored by TIBCO Software.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 42 on need for governance as more enterprises look toward cloud computing and services from inside and outside the firewall. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

BriefingsDirect Analysts Take Pulse of New Era in IT: Flat Line Stasis or Next Renaissance?

Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 41 on the current state of information technology and defining the best description of the next era of computing.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Charter Sponsor: Active Endpoints. Also sponsored by TIBCO Software.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Dana Gardner: Hello, and welcome to the latest BriefingsDirect Analyst Insights Edition, Volume 41. I'm your host and moderator, Dana Gardner, principal analyst at Interarbor Solutions.

This periodic discussion and dissection of IT infrastructure related news and events, with a panel of industry analysts and guests, comes to you with the help of our charter sponsor, Active Endpoints, maker of the ActiveVOS visual orchestration system, and also through the support of TIBCO Software.

Our topic this week on BriefingsDirect Analyst Insights Edition, and it is the week of April 27, 2009, centers on the next era of information technology (IT). We seem to be in it but we don't have a name for it yet.

Suddenly, cloud computing is the dominant buzzword of the day, but the current confluence of trends includes much more. There is business process modeling (BPM), business intelligence (BI), complex event processing (CEP), service-oriented architecture (SOA), software as a service (SaaS), Web-oriented architecture (WOA), and even Enterprise 2.0.

How do all of these relate? Or if they don't relate, is there a common theme? Is there an overriding über direction for IT that we need to consider?

For me, the cloud computing moniker just doesn't include enough and doesn't bring us to the next stage. In the words of Huey Lewis, we need a "new drug." So what is the next über IT phase for next generation enterprise technology?

Here to help us understand what the new IT drug is, join me in welcoming our analysts panel this week. We are joined by Jim Kobielus, senior analyst at Forrester Research. Hey, Jim?

Jim Kobielus: Hey, Dana. Hi, everybody.

Gardner: Brad Shimmin, senior analyst, Current Analysis.

Brad Shimmin: Greetings, Dana.

Gardner: Joe McKendrick, independent analyst and prolific blogger. Welcome back, Joe.

Joe McKendrick: Hi, Dana, glad to be back.

Gardner: We also welcome Ron Schmelzer, senior analyst at ZapThink. Hey, Ron.

Ron Schmelzer: Hey, there. Glad to be here. Thanks for having me on your drug trip.

Gardner: And we also might be joined in a little while by Tony Baer, senior analyst at Ovum.

But let's start out with our über definition. Jim Kobielus, do you agree with me that we're oversimplifying what's going on in IT by just calling everything that's going on cloud computing?

Kobielus: Of course, we're oversimplifying, but that's what we, as analysts, need to do now and then. There is just too much stuff, too much complexity, too many themes, and too many paths for evolution and innovation.

I agree with you, Dana, we all get worn out by these themes, trying to jam too much into them. Half the time I'm thinking we need to move to a post-theme era in IT and have a themeless architecture.

Half the time, with all these themes, I feel like I'm in Disneyland. I'm walking in Adventureland, Tomorrowland, Fantasyland, and, after a while, I sort of lose sight of the overall big park through which I'm roaming. I want an über Walt Disney to stand above it and say, "Here is my vision for the great magical journey we're on."

I don't think that Great Uncle Walt will emerge from the sky, but I do think we need to ask ourselves what value these themes add. These are all valuable frameworks -- SOA, cloud, virtualization, Enterprise 2.0, SaaS, and so forth, but they're valid and valuable for particular uses and for particular ways of approaching and managing the technology. None of them is superfluous, but none of them will become the über theme for everything we might ever want to do with technology.

Gardner: Well, Brad Shimmin, it seems though that something has shifted in the last six months. Perhaps, it's because of the recession, the contracting economy, but it certainly feels different than it did six months ago. Do you agree?

Shimmin: It does. Even in the last few weeks, now that we have the Swine Flu economy upon us. It seems that so many of us are in the midst of knee-jerk reactions to things within the industry and within our little sphere that we live on, but something more profound has changed over the last couple of years.

Going back to what Jim was talking about, it's so hard to put a finger on it and describe it. It's almost like the art scene at the turn of the century. They really didn't know what the hell to call what people were making. So, they just said, "Oh, it's postmodern." So, the postmodern IT world is perhaps what we're living in. Maybe that's okay, where there is no really overriding sort of thematic vision to IT, but I'm an analyst so I always try to like put labels on things.

My attempt with this is to describe just the zeitgeist I've seen over the last year or so, and that is just to call things -- with a double entendre totally intended here, and it's not sexual by the way or drug related -- "transparent computing." That's is what I'd look at this as.

The double part of this is IT resources and business solutions are becoming more visible to us. We're able to better measure them. We're able to better assess their cost-to-value ratio. At the same time, the physicality of those resources and the things that we call a business are becoming much more transparent to us and much more ethereal, in terms of being sucked into Amazon EC2, for example.

Gardner: What's transparent now that wasn't before?

APIs and transparency

Shimmin: For one, application programming interfaces (APIs) have made things much more transparent than they were. We all had a great discussion a little while back about WOA. That's a great example of what that means. As an enterprise owner or an independent software vendor (ISV) creating software, you have the ability to see into software with much more active and quicker response time than you could back in the days of SQL or an API in a 400-page book that you had to memorize.

Gardner: Is that a function of open source or just that Web services need to be fully understood in order to be shared and have interoperability work?

Shimmin: Open source to me is really the cultural vision of what you're talking about. Technologically, it really was what SOA engendered in its approach with opening up a layer of abstraction. So, it's like open-source sociology, SOA technology.

Gardner: What do you think, Joe McKendrick, is it the "open the kimono" technology era?

McKendrick: I think so. I don't think there's a name we can give it. Perhaps computing has become so ubiquitous to our everyday lives and our everyday work that it no longer needs to carry a name. We don't call this era the "telephone era" or the "television era." For that matter, we don't call it the "space age" anymore. The novelty and the newness of all this is worn off.

Looking back over at the past six months or even five or six years, a big thing that's been happening is that business users really understand computing. Computing is such an everyday thing that folks understand. At the same time, the IT folks are beginning to understand the business a little bit better and we're seeing those two worlds being brought together and blending.

Gardner: This is a George Costanza moment: worlds are colliding.

McKendrick: Worlds are colliding.

Kobielus: Dana, I just noticed something. This decade that we're currently ending has no name. Last decade it was the '90s, the one before that was the '80s, we've never given this decade a real name that's stuck chronologically. Likewise, this era that we are now entering doesn't have a name and maybe it shouldn't have a name, it's the "double-0 era."

Gardner: You're right, we don't have a name. Ron Schmelzer, do you think we need a name for this? It seems that now we're talking about a post-IT era, because IT is so pervasive that we don't even need to break it out anymore, that its just part of everything?

Schmelzer: We could say that we're still floating through the information era, but I like what Jim was talking about, the floating from one theme park to the other theme park in Disneyland, as we've been doing here in IT, to a certain extent.

I'm going to bring back the drug theme here. I might as well. We like to self-medicate in IT. We have these chronic problems that we seem to be continuously trying to solve. They're the same problems: getting systems to talk to each other, to extract information, and to make it all work. We try one drug after the other and they provide these short-term fixes. Then, there's the inevitable crash afterward, and we just never seem to solve the underlying problem.

If we had to get back to that Disney theme, there actually was one that tied them all together. What was the theme at Disneyland? "It's a small world after all." Isn't it? I like to bring it all back to IT. All these things we do, they're all looking very similar. Tying in the recent presidential campaign, maybe we are the change we are looking for. So maybe it's not really about the technology. Maybe it's the way that we're sitting here using the stuff, and it's more a change to process than it is to technology.

Kobielus: And, taking that theme just a little further, it's amazing what you can do with a mouse.

Psychological shift

Gardner: Well, in an era when we're always on, where there is ubiquity of at least network reach, now we all have smartphones and we can sync the phone to our PCs and into the cloud. We're all carrying our same configuration, private and public, as well as personal and work, all around with us. We never seem to break free of our IT identities. Our IT identity, our personal identity, and our work identity are the same.

Is this really a psychological shift then? Do we need to stop thinking about how technology is shifting and think about how people are shifting? I think that people are acting differently than they used to.

Schmelzer: I found out one thing though. From our personal life, our IT experience is becoming very rich. It's not just the Web and the phone experience or the television experience. Everything, the whole IT experience, is becoming remarkable. But, there is a digital divide, and I'm not talking about the parts of the country that have more IT than the other. I'm talking about the experience at home and the experience at work.

When I step into work, I'm turning the clock back 10 years. I have this wonderful, rich IT environment on my own at home and on my phone. Then, I see these enterprise IT systems that had very little in the way of influence from any of these movements from the last 10 years. It's like the enterprise IT environment is starting to stagnate quite a bit from the personal IT environment.

McKendrick: You aren't talking about the ZapThink workplace, are you?

Schmelzer: I work at home, so I've got the best of both worlds,

But, there is a digital divide, and I'm not talking about the parts of the country that have more IT than the other. I'm talking about the experience at home and the experience at work.

but I'm talking about walking into some of customer environments.

McKendrick: Some companies have stepped back 20-30 years in time.

Gardner: Hold on that thought. Ron, it sounds to me like a generation gap. We're back to 1972. Our dads are still locked into the World War II generation, and we're already well into the "Me Generation." Is that what's going on in technology now between business and consumer technologies?

Schmelzer: Yeah. Look at the IT environment. The question is, if we had to do it all over again, would we really be building enterprise IT systems or would we be doing it the way Google is doing it? Google would just be laughing at us and saying, "What are you doing putting in these mainframes and these large enterprise applications that take X millions of dollars and multiple years and you only achieve 10 percent of your goals and only use 5 percent of the system you just built? That's just hilarious."

Gardner: Jim Kobielus, is this whole cloud thing, in fact, forcing businesses and enterprise to catch up with what's been going on in the consumer circles?

Kobielus: Is the cloud phenomenon causing businesses to catch up with what's going on the consumer circles? Can you give me an example, Dana, so I know where you're coming from with that one?

Gardner: It's sort of playing off of what Ron was talking about. If I go to Gmail, I can get a free account. Suddenly, I can do chat and coordinate with my mobile phone. Google knows my identity a little bit and offers me the ability to do word processing, and on top of that I can do better searches. Then, in addition to that, I've got my own profile now at the bottom, when people search on my name. Now, I have an AdWords account. I can coordinate and integrate into cloud, but I can't in my own business.

Highly empowered

Kobielus: Exactly. Most of us, as Ron indicated, in our personal lives are highly empowered now with all sorts of media, gadgets, and services that it's just amazing what we have already integrated into our "life" lives.

When we go out to the workplace, assuming that we work somewhere other than our home and we're not self-employed, we see what our employer provides for us. What the employer provides may be technology, services, or capabilities that are 10 years behind the times.

We get frustrated. We think, first of all, "I'm spending eight or more hours of my day here with less capability, less connectivity, and less ability to be productive than if I simply stayed at home. Well, why don't I simply telecommute? More to the point, why don't I move to another company that provides me with better tools that are up-to-date, up to 2009?"

What you're hitting on is that there is this disconnect between what we can get on our own for ourselves and what our employer provisions for us. That causes frustration. That causes us to want to bolt, defect from an employer who doesn't empower us up to the level that we absolutely demand and expect.

Who has the highest expectations? It's the younger generation. It's my kids' generation, who are in college. When they go out to the working world,

What you're hitting on is that there is this disconnect between what we can get on our own for ourselves and what our employer provisions for us. That causes frustration.

they're going to think, "Oh, look at this. I'm not going to work for these people whose heads are stuck in the '70s or '80s."

Gardner: I don't know about the young people thing. I think the gap isn't really based on age. I think it's a gap based on people who see IT as empowering versus those that see IT as debilitating.

I was at the ballet last night in Boston, and during intermission, between some great dancing, people were breaking out their smartphones, and these weren't young people. Here's a whole group of folks that you really wouldn't have expected to be doing that. Brad Shimmin, what's going on?

Shimmin: I've got a great example of that from a vendor. I don't think I can name them, because they haven't made it live yet, but this is representative of what I'm seeing in my area of research, which is in collaboration, social computing, that stuff.

Most of the vendors have got the traditional, on-premise software, and they're all putting it in the cloud. They're also saying to me, in their go-to market schemes, "We're trying to take IT out of the picture, at least at the outset." They're seeing IT as a roadblock to getting these technologies -- like the ones you're talking about with Google Apps -- into the enterprise.

The people in the enterprise realize they want it. The worker bees in IT realize it, but IT's hands are strapped. They can't do anything about it, like Jim said. So, these companies are literally working around IT in some ways to bring these technologies into the enterprise.

Half empty - half full

Gardner: I'd like to get more into this psychology of what makes people rabid IT consumers versus somebody who avoids it. I think it has to do with the glass being either half empty or half full. Some people see IT as actually benefiting them across the board -- personal lives, communications, applications and services.

You go into a lot of cities now and there are people driving Zipcars, ordering groceries over the Internet, and finding their directions on their iPhones or a smartphone. It's really embedded deeply into their lives. There are other people who just don't see IT as helping them, but it actually frustrates or inhibits them.

Does anybody else have some thoughts as to whether we're crossing a cultural gap here or a threshold? Should we call it the "age of always on or always off," and how do we decide who gets to do what?

McKendrick: Dana, even those folks who think they're avoiding IT, actually do deal with it. Anytime they go to an ATM, they're using the client, the front-end of a network of an IT system. If they go to a phone and use voicemail or a voice prompt, they're accessing an IT system. It's unavoidable now.

I'm going to bring up Google up here. Even 10 or 20 years ago in any science fiction movie, nobody could have imagined that we'd have a resource where we could ask any question and get an answer back from any point in the globe. Nobody ever thought that, that would be possible.

Gardner: It really strikes me that between Wikipedia and Google, I can find just about anything I want, and I do. It's very enriching.

McKendrick: Anything, all the information in the world, everything is

Even 10 or 20 years ago in any science fiction movie, nobody could have imagined that we'd have a resource where we could ask any question and get an answer back from any point in the globe. Nobody ever thought that, that would be possible.

available.

Shimmin: Excuse me guys. With Wolfram Alpha, if any of you have heard of that, that's coming out, it's going to be not just content, but also the data itself. You can get answers to questions like, "What's the statistical probability that I'm going to get in a car accident next year?" It's amazing. For me, it's not so much even a cultural shift or a threshold. It's a functional threshold.

Back to just talking about Google and how pervasive it is, and the ATM example. If you're a two-year old baby and you're picking up an iPhone -- which I think I saw on YouTube at some point -- and you're able to actually make the damn thing work, that says to me that we've crossed the functional threshold. We have the technology in a form factor that people can understand and make use of, without it being a barrier to their adoption, regardless of age or any of those other factors.

Schmelzer: This wonderful idea of technology and technologists and IT and stuff -- we've been trying to figure out what is the real issue with business and IT. Is it just that there are people who don't like technology and people who do? It's more than just a cultural thing? It's personal preference. What we found is that most people, if not almost everybody, actually loved technology. So it's not an anti-technology thing.

You ask people, "Well, do you want a 42-inch plasma television in your house? Do you want TiVo? Do you want the latest MacBook and the latest iPhone?" Something like 90 percent of the people are going to say yes. They want the GPS. They want all that stuff.

So what is it about enterprise IT? It's not the technology that they're blocking. It's this complexity. And it's not just the complexity. It's this perception that enterprise IT is nonconstructive hassle. So they look at Google and they think, "Ah, constructive, productive." They look at enterprise IT, and they think, "Barrier, bottleneck."

Shimmin: You're absolutely right. Any of us here -- because most of us work remotely -- who has to get on a VPN before we're allowed access into the corporate facilities that we connect with knows that hassle and knows just what you're talking about.

Resisting bottlenecks

Kobielus: We on this call are atypical, because we're highly autonomous analysts who are quite used to self-provisioning. We're either running our own business or, if we 're employed by a larger company, have a remote, completely self-contained office where we basically have to do everything.

We're chief cook and bottle washer and we fix our own systems issues. We resist these IT bottlenecks, because bottlenecks just keep us from continuing to self-service and self-provision, as we've always preferred to do and as we want to keep on doing.

Really, this is an age of self-service, mashups, fending for ourselves, and resisting bottlenecks, or organizations, such as corporate IT, that essentially are bottlenecks, keeping us from getting the resources and services that we need right now.

Gardner: We're also in the era of mass bankruptcies, with Chrysler now declaring bankruptcy. We're looking at large banks, some of which may have not passed the stress test. We're looking at, in some senses, an implosion of a financial order, at least on Wall Street.

Is there any connection? Is there any connection between a big car company that can't seem to change itself over a 30-year period and individuals, enabled with technology

We have a corporation gap. The corporations have a huge burden of trying to move and do anything, whereas individuals or small companies or people that are aligned by their social network can move swiftly.

as it is today, can change their career, change their direction, and get virtually any information instantly.

Is there something going on here between the fact that a big company can't shift and move and change, but individuals can? Any comments?

McKendrick: A few months ago, when it first became apparent that GM and Chrysler were on the skids, Andrew McAfee of Harvard posted this proposal to help these companies. If he were given the option to rebuild one of these companies from the ground-up, he would go in with a very strong social networking system, enabling the folks that are working on the front lines, assembly, production, sales, marketing, and so forth to communicate with each other real time, on a regular basis, to find out what everybody is doing, and to build the base of knowledge to move the company forward.

Gardner: So, we don't have a generation gap. We have a corporation gap. The corporations have a huge burden of trying to move and do anything, whereas individuals or small companies or people that are aligned by their social networks can move swiftly. Perhaps we need to destroy the dinosaurs and become small furry mammals in the undergrowth. Is that it?

Kobielus: Yeah, take the auto analogy. I'm from Detroit originally and I know that culture. Auto companies of necessity are chained to platforms. It's the basic chassis and design and the internal guts in terms of the transmission and engines and so forth for a wide range of models. When they make a commitment to a given platform, they're stuck with it. They put up millions upon millions of dollars.

Gardner: Well, the same can be said for your enterprise IT department, right?

Chained to a platform

Kobielus: Exactly. Being chained to a fixed and fairly static platform, there are great scale economies. That's how the GMs got to be GMs, but it really limits your ability to turn on a dime. In other words, when some hotshot auto company from -- let's just name a country we don't even think has an auto industry -- Zimbabwe comes along and gives the customer something that they like more, they just build fairly quickly and get out to market.

I don't know of any Zimbabwean automaker, but regardless, if you think about corporate IT, they're chained to these huge platforms that they've made a significant investment in. So, when some cheaper, more lightweight solution, maybe in the cloud, comes along, the users can get it quickly and more cheaply. It's essentially mocking the investments that this company has made. You spent millions of dollars on something that you could have gotten in the cloud for pennies per hour. That's a disruptive force in IT.

Gardner: Let's hold that thought. I think Tony Baer just joined us. Is that right?

Tony Baer: Yeah, I'm here.

Gardner: Welcome to the show, Tony. We've been talking about needing a new drug in IT. I think we've stumbled into something interesting. Individuals in their lives, corporations, governments, maybe even entire industries, some of which are encumbered by technology or held back if it's a "platform-based technology," can't move with the times.

Other organizations, individuals, or networks of people embracing what we now are calling loosely "cloud computing" are able to be fleet agile, move on a dime, change their business, and not be encumbered by their own data centers or their own platforms. There seems to be a gulf between the two.

One group is able to be productive and perhaps redefine business and even culture and society relationships. The other is suffering terribly with massive layoffs, restructuring, mergers and acquisitions, in a sense a meltdown, even bankruptcies at a scale never expected.

How do you see it, Tony? Is the gap here between technologies? Is it between platforms? How can we reconcile these two?

Baer: Well, there are a couple of things. There is always the advantage of the late starter, and there is always a disadvantage of the first starter. One of the things that came to my mind this week is the imminent demise of Cassatt, which was onto the idea of private clouds before its time.

On the other hand, if you're a late starter and the technology or the market has already proven itself, you can then start to innovate with the latest methodologies or technologies, whatever, without being burdened by all the baggage.

Gardner: Are we talking about more than just the innovator's dilemma here? Aren't we really moving into a new era, because everyone is always an innovator, if you look at the cloud model?

In a new era

Baer: Right. I'm coming a little bit out of context here, but I do think that we're into a new era, where you need to shave your cost structure and all your baggage that keeps you stuck in one place.

On the other hand, what I was about to lead up to is that you can start nice and fast, but then as you start to get into the scale up and scale out, in other words, when you start to become a victim of your own success, there are some lessons that some veterans have learned. Veterans who haven't been bogged down by legacy infrastructure learn that if you've just come into this race, you might think this doesn't apply to you, but it does.

So, on one hand, yes, I do think we are at a point where there are some basic structural changes that are happening, but at the same time, the old rule still applies. Once you get to a certain scale, you need to know how to manage it, whether it be technology, people, communications, process, or whatever.

Gardner: Brad Shimmin, let's take this back to the IT department and the large enterprise. They might be seeing this going on. They might have an inkling. But, they know that they can't do much with their existing culture and their existing organization. Isn't it time for a skunkworks or some sort of a parallel IT department, even if it's not sanctioned? It's going to happen whether you want it to or not, and isn't it time to start looking at that as perhaps the future?

Shimmin: That's already happened, Dana. Otherwise, how can you explain the preponderance of SharePoint servers running around? That stuff is not being bought top-down.

As I was saying a little bit ago with some of the vendors I'm talking to, trying to go around IT, they're realizing that this culture exists within the enterprise of wanting

I do think we are at a point where there are some basic structural changes that are happening, but at the same time, the old rule still applies.

to make use of the self-starting tool that Jim talked about. So that age is already upon us.

IT's challenge is to be able to allow those to happen and to encourage them to happen without locking them down, controlling them, and destroying their ability to make people in the enterprise more productive and flexible. As we've been talking about here, it's really a two-fold thing we're after in this age that we're talking about.

One is, the lightweightness of the infrastructure, getting rid of the Ford iron underneath the car. The second is to make the people on the line more valuable to us. It's no longer the Nubians pulling stones up to make the pyramids, it's the, Nubians are the stones and the pyramids for our companies. We are the companies.

The people in them are the ones that drive their potentiality. As an IT person, working in IT, you really have to sort of say, "I know that I have people that have the ability to do start their own software. And, I know that top-down I'm really not getting any support for this. So, I've got to find a way to stay relevant to those people, make their lives easier, and allow them to adopt the software and to make a go.

How that happens, I really couldn't tell you. It depends on how the software that the folks are using is built.

Gardner: Ron Schmelzer, is it fair to say that a company that can't transform its IT is doomed to fail?

Dooming the company

Schmelzer: We're not taking from any recent book titles, are we now? Service-oriented IT technology is a core to every company. So, not managing information, which is one of the four primary resources of the company, is effectively dooming the company to fail.

Bringing it back to the automotive and banking industry companies, clearly what brought the automotive companies to the current state is the fact that they just weren't selling a lot of cars. And, the fact that they weren't selling a lot of cars has to do with the economic situations -- if people can't borrow money, they can't buy cars -- and also, they weren't producing cars people wanted. So the question is, how would IT have helped there?

Maybe it was understanding better how to process the information that they had at their fingertips. Maybe some better intelligence on how to spot trends ahead of time might have allowed them a year ago to start paring back production and anticipation of the flattening demand or something like that. But, that's not information technology, that's just information.

Sometimes, we, as technologists, tend to put too much emphasis on the second half of that word information technology and say, "Well, information technology is about the technology."

Gardner: It's also how people use the information, right?

Schmelzer: I would argue that it has very little to do with the technology. Information technology has almost entirely to do with information. If all we're doing

Banks had sophisticated analytics to look at the risk, at what they were doing with the mortgages, the subprime, and so forth. But, human factors overrode that technology and those capabilities.

is putting more barriers between the business and the information by throwing technology, we're really making the problem worse.

Gardner: Joe McKendrick, what do you think? How do we emphasize process and people, but, at the same time, recognize that the business and the technology are maybe necessary cinder blocks on the feet? How do we get these all to move together in a fleet way or do we wait for the bad ones to go out of business?

McKendrick: Wow! Do I have to answer that?

Gardner: Yeah.

McKendrick: Okay.

Gardner: Well, I have another question for you if you don't want that one.

McKendrick: No, no, I'll take that one. Ron, you just hit the nail right on the head. If we look back at the chain of events that led to the financial meltdown, the problems of the auto industry, the turbulence in the global market that caused the oil prices to go up, it stems back to the real-estate crunch and the mortgage crisis, the tools were there.

Banks had sophisticated analytics to look at the risk, at what they were doing with the mortgages, the subprime, and so forth. But, human factors overrode that technology and those capabilities. I'm going to say it was greed, simple greed.

The market was booming and everybody wanted to pile on, despite what the risk management systems might have been telling them. Therefore, you have a case where the technology is there, the information technology. As Ron was saying, the emphasis on technology is there. We have great tools, but there is the human factor and those business cycles.

Gardner: Clearly, the technology needs to be there, but perhaps doesn't need to be visible. The transparent notion that Brad has makes sense, or maybe we need to be the "post-IT era." The IT has to be there, but under the covers, convenience and information become essential, along with the ability of people to act on it.

New tools and information

McKendrick: There's a lot of talk about this being Great Depression 2.0. Fortunately, that talk subsided, but we have a lot of tools and information. We were able to sidestep a major disaster, such as we saw on the 1930s, because we had more information. We're able to act on the information. We have the technology.

Gardner: I think that's true.

Schmelzer: It's very interesting. Tony, maybe you could piggyback off of this. You live in an art capital there -- New York. After the Realism movement in art, we got to the phases of the Modernism movement. We moved from over-complexity to over-simplicity. It's quite possible that we might be doing that here in IT. Our next big movement in IT might be to shed all this complexity and perhaps oversimplify for the sake of trying to solve some of the problems of our over-complex Baroque history here.

Baer: I'm almost tempted to say that we're going to go into a postmodernist era. Joe was talking just now talking about how we used information fairly effectively to, at least for now, forestall a Depression 2.0, but it also brings me back to one of the things that Dana mentioned in the invites to this podcast, talking about some of the technologies that were out there -- and one of them being CEP.

Who were the folks who were using it all these years? It was a lot of the financial services, the Wall Street houses, all the folks who were doing derivatives. Did that prevent a crash, when essentially human behavior, human greed, let us down? We had all this technology to analyze all these risks, but we didn't use common-sense risk management.

Gardner: That's right. They had their emphasis on the complex events, but they couldn't step back and see the less complex events, which is, "You've got too much leverage, pal."

Baer: Exactly, exactly. In that sense, we became a slave to the technology we had.

Kobielus: Yeah, that defines the era. I'm glad you brought CEP back into this. The era that we're living in now is an era of wild volatility. Everything is crashing around us. It feels like it. If it isn't crashing around us, we hype it in our own culture.

This morning I twittered on the Swine Flu so-called pandemic. When did they stop being epidemics and become pandemics? And, when does a disease that's only killed a little over 100 people suddenly become equivalent to an outbreak 90 years ago that killed, was it [50 to 100] million people worldwide?

Shimmin: More than World War I [with 15 million killed].

Kobielus: The financial industry has for a long time been used to volatility. That's what they're about. That's the stock market. It's a volatile bouncing of prices, trades, and whatever. That sector has been built on volatility and on

What we live in right now is an era where everything conspires to give you a massive headache, a massive migraine all the time.

volume -- just increasing volumes of transactions, data, and a broader variety of transactions. It's The Big Vs: Volatility, Velocity, and Variety of events, flowing in to the financial institutions, all the time, continuously.

In many ways that volatility now affects every aspect of our lives, likewise the sheer volume of stuff we all have to deal with in our personal and professional capacities, and the sheer variety of stuff too. What we live in right now is an era where everything conspires to give you a massive headache, a massive migraine all the time, because of the 3 Vs coming together.

Gardner: We should call it "the complex generation."

Kobielus: Call it "the migraine era."

Gardner: Let's come up with some other names for what we're trying to describe here. We've really done a nice job at defining what it is, but, just because we're analysts, we need to put some labels on this stuff.

Jim has got complex and migraine era. Brad Shimmin, any ideas? You said "transparency." That works, but I think it takes an explanation in addition to the word "transparent" in order for people to understand. Is there a word that we can come up with that people instantly get?

Flat-earth IT

Shimmin: Wow, small task. I guess I would say that everything we're talking about is horizontal economy, horizontal IT. IT is no longer tipped on its side, with everything falling off the slope. It's distributed out amongst the constituency that make up the business, which is both IT and the users, and the flat Earth sort of thing, which, I guess, is another popular book that's out right now. So, I guess I'd call it the "flat Earth IT era."

Gardner: Okay. Joe McKendrick, any buzzwords or über terms? What are we doing? What's going on around us?

McKendrick: A few years back, an author said the corporations are breaking down -- I think I talked about this on this podcast -- into confederations of entrepreneurs. The company of the future will be a confederation of entrepreneurs.

I'd like to call it "entrepreneurship," "Entrepreneur 2.0." How's that? IT is breaking down these large structures, these large institutions, into bite size pieces. Technology is making information accessible to all, for all to leverage. As I say with SOA, we're becoming both consumers and producers of services.

Gardner: The power of one.

McKendrick: The power of one. I like that.

Gardner: Ron Schmelzer, any ideas on the terms here?.

Schmelzer: I think we're moving in the right direction. I don't know if I'd use the term "entrepreneurial," but it sounds to me more like a populist movement. Really what we're doing is empowering individuals within the organization to have greater control over their use and provisioning of IT capabilities.

They're shifting it away from these central oligarchies of enterprise systems that have had way too much control and way too little flexibility,

IT is breaking down these large structures, these large institutions, into bite size pieces. Technology is making information accessible to all, for all to leverage.

that have not prevented any of the major economic problems we've had, and to some extent maybe even contributed by shifting our focus away from the information and too much toward the technology.

I like these populist movements in IT. Once again, just remember your IT experience at home and how much you would wish it would be in your work environment.

Gardner: So, perhaps technology, habits, and the cloud are shifting sovereignty away from countries, companies, and even groups based on geography, like villages or towns or cities, being sovereign. Having power is now shifting down to amorphous groups and even individuals.

Shimmin: It's a meritocracy, Dana. That's exactly what we're talking about.

Confederated self-determination

Kobielus: This reminds me of a project I was involved with in, of all places, the auto industry several years ago. I was writing with a guy who was a real futurist. He was talking about future virtual product coalitions. The idea is that there are too many plants located in the wrong places. We have different skill sets and different centers of demand and they need to be rationalized with it. You need to provide the flexibility, the information, and the resources in order to act, as well as the ability to enter into trading partnerships.

This employs the principles of loosely coupled. I'd look at this as confederated local self-determination.

Gardner: Individualism. They theorized about individualism back in the late 1800s -- guys like Kierkegaard, Nietzsche, and some of the other philosophers. They were called "existentialist," after a while, but they were basically focused on saying, "You are a universe of one."

Kobielus: But we're in a world where we work with other people and other entities. In other words, you don't make your own car. You don't grow your own food. You depend on other sources for that -- for sustenance. So, yes, we have more self-determination, but yes, but we are also confederated because we rely on other services, other people, and other entities.

Gardner: We only rely on other entities that are on the network though.

Kobielus: Yeah, we are interdependent.

Schmelzer: It's the information economy that we're talking about here specifically. The other thing that's pushing us here is that if you've been observing the trends in the IT industry moving toward massive consolidation, while there's always going to be new venture creation, that's just part of the engine that is

In order to get reuse, which is what people talk about all the time, you have to have legacy. Just think, if you're never keeping anything around long enough, you're never going to get reuse.

venture capital and the capital system. The bulk of IT spending is becoming increasingly concentrated with a smaller and smaller set of companies.

So, from an enterprise IT experience, we're starting to drive the wedge between buying technology from an increasingly shorter list of vendors who are becoming über suppliers. This set of freely available technology just doesn't compete with that enterprise consolidation purchasing cycle. As this consolidation happens, it's going to exercise even more of the ability to say, "If we're not going to go the route of 'pick your handful of vendors here.' then you can go this plethora of other technologies that are really up to you as the individual to choose." That's what's happening in this economy.

Gardner: It's interesting. Just as we're embracing cloud, we're also seeing that, if you have a couple of mainframes, you can create a cloud. You could provide services out to a public constituency, or you could take your old mainframe inside the enterprise and put some new hubcaps on it. Then, you're able to do all sorts of application hosting and co-location services and act like an IT shared-services organization. So, it's back to the future in terms of both the ends and the means, right?

Schmelzer: Actually, both of those visions are not inconsistent with each other. That's the irony of it. In order to get reuse, which is what people talk about all the time, you have to have legacy. Just think, if you're never keeping anything around long enough, you're never going to get reuse.

The irony of it is that you have to have legacy to have reuse. But, having legacy doesn't necessarily mean also not spending a lot on new things, which is the weirdness of it. Why is it that we're soaking up so much of the IT budget on legacy, if we're not creating anything new?

There's something malfunctional in the way that we're procuring IT that's preventing us from getting the primary benefit of legacy, which is extracting additional value from an existing investment, so that we can make the old dog get new tricks and get new capabilities provisioned on a cloud, without having to invest a huge amount in infrastructure.

The biggest behavior that has to change is IT procurement. It has to fundamentally change, move away from these multi-million dollar software-provisioning cycles, and really think much more about the existing IT environment and enabling the populist economy.

Gardner: Brad Shimmin, is it possible that the cloud makes a lot of sense and even the mainframe and centralized models make a lot of sense, but client-server and distributed computing got in the middle to become the complexity roadblock?

What really matters

Shimmin: Certainly it is, but let's just go back to what we were talking about. To me, whether it's mainframe or a bunch of PCs on Google's data center doesn't matter. What matters is what it does. If we're able to make our existing mainframes do new tricks, that's really great, because it allows us to make use of investments we've already made.

That's why, when I look at things like SaaS, I see it being more beneficial to the vendors who are providing those services than to the customers using them. Instead of having something they can depreciate over time, they just have to pay it out every month like a telephone bill. You don't ever own your services -- you're just paying for them, like leasing a car versus owning a car.

Kobielus: I have a new theme. It's not the "migraine era," but rather it's the "era of seamless scavenging." All this legacy, all this functionality, on-demand access through clouds, mashups, and so forth, means each of us can immediately self-provision by scavenging all the rich functionality, all the data that's out there to be gotten in this environment for seamless scavenging.

Shimmin: Dana, back to your question to me, that's exactly what client-server does. I don't see it as a roadblock. I saw it as basically breaking down those assumptions of what the system should do. PCs had to do this. The mainframe had to

So, yes, cloud is a way of papering over all the administrative overhead. On the other hand, this isn't going to be your grandfather's timesharing mainframe.

do that. And, client-server came along and said, "Screw that. You can create your own multi-tiered environments that do different things. You can put application resources, not just in one box, but across a number of boxes."

Gardner: So that was a necessary threshold to cross?

Shimmin: Yeah.

Gardner: Okay. Tony Baer, do you think cloud computing is a response to the limitations of distributed computing?

Baer: There's no question about that, and I want to respond to what Brad was saying before about client-server being a distraction. I think it was a necessary stage to go through to get to where we are right now, to understand what we could really get out of a cloud without this being a repeat of time-sharing.

So, yes, cloud is a way of papering over all the administrative overhead. On the other hand, this isn't going to be your grandfather's time-sharing mainframe.

Gardner: We need the best of centralization, the best of distributed, but not being tied to distributed or client-server. We also need to have the ability for people to act on almost anything they can acquire very cheaply and easily through the Internet.

Baer: Client-server gave us the idea of that this is no longer a one-way conversation, from a host to a dumb slave. I want to have some capability locally.

Gardner: So, empowering was a necessary cultural shift, if not the right technological shift?

Best of both worlds

Baer: Exactly. Theoretically, if the cloud is done right, and if we use all the right enabling underlying architectures and technologies, we should theoretically be able to get the best of both worlds. I say "theoretically," because, of course, no shift to any type of architecture or technology ever goes without its own baggage.

When we thought that outsourcing was the way of dealing with staff complexities several years ago, what we realized was, if you outsource, you have to add an administrative layer. If you're going to acquire cloud or acquire cloud services, you are going to need to manage something new that you didn't have to manage before.

Gardner: I think I've come up with a word for us. If we look at what happened perhaps 500 or 600 years ago, there was a collective word that came to represent it. It was called Renaissance.

Are we perhaps at a point where there is a Renaissance in IT? Even though we thought we were enabled or empowered, we really weren't. Even though we thought that centralized and lock-down was best, it wasn't necessarily. But it wasn't until you got the best of all worlds that you were able to create an IT-enabled renaissance, which of course cut across culture and language, individuals, even the self-perception of individuals and collectively. Does anybody like the idea of "renaissance" IT or computing?

Baer: Just as long as we don't have to go through the Black Plague before it.

Gardner: All right, does that make Steve Jobs Michelangelo, what's going on?

If you're going to acquire cloud or acquire cloud services, you are going to need to manage something new that you didn't have to manage before.

Schmelzer: Well, I'm sure he is painting on the Sistine Chapel. We're definitely moving into some new arena. That's not to say that it's a generational thing, but it is true that young generation, and I'm on the cusp here myself, has been raised with information technology. A lot of the perceptions of information technology actually are different, just in general.

For example, 20 years ago, when we first put cameras up in the streets, the biggest concern was privacy, especially in the UK. People said, "Oh, they've got cameras everywhere. It's going to intrude into my privacy." Twenty years later, what do we do? We take pictures of ourselves and we post them on Facebook. So what just happened there?

In one instance, we were concerned about the cameras intruding our privacy. The next thing, we are the greatest cause of our privacy concerns, and nobody cares. What's happening in IT is that we're hung up, to a certain extent, generationally on what we expect the IT department to do and how it works, the whole budgeting process, the IT payment process, and all sorts of stuff.

But, we're raising a generation of people who can go online and within five minutes create a highly interactive website, with video, chat, forums, post documents, and do all the sort of stuff that would have taken probably a team of 20 with a few million dollars and many months to do, probably in a less efficient way. So how is this going to work?

Gardner: That was only five years ago.

Do it yourself

Schmelzer: Right. So how is it going to look when these guys go into the work stream and you tell them that some portal project is going to take six months? It's just laughable. They'll just say, "Forget it. I'm just going to go online to Google and do it myself."

Shimmin: They'll say, "There an app for that."

Gardner: Right. And, that's why it could be a new renaissance of productivity, bottoms-up, grassroots. Eventually, the big institutions of the old order will either adjust or completely crumble.

Schmelzer: Even more, I think we're looking at a renaissance of the organization of IT, of the IT department, if you will. The IT department could potentially become endangered itself, not the organization as a whole. Businesses operate on economic terms, not necessarily on technology terms.

If the IT department continues to increase the digital divide between the home IT experience and the work IT experience, then these people are going to go to work, they're going to watch the thing done, and when the IT department says no, then they're just going to do it themselves.

Gardner: And whoever does it faster, better, cheaper ends up having quite an advantage in the marketplace.

Schmelzer: So, the IT department really is at a risk at this point.

Gardner: Okay, we have to leave it there, I'm afraid. We're out of time. But, we've had an interesting discussion that has led us to perhaps the concept of a new renaissance and how IT is going to adjust, exploit, or perhaps even diminish in its role as a result.

I want to thank our panelists. We've been talking with Jim Kobielus, senior analyst at Forrester Research. Thanks Jim.

Kobielus: Yeah, always a pleasure.

Gardner: Brad Shimmin, senior analyst, Current Analysis. Thank you, Brad.

Shimmin: Thank you, Dana.

Gardner: Joe McKendrick, independent analyst and prolific blogger on software and enterprise subjects. Thank you, Joe.

McKendrick: Thanks, Dana. It was fun.

Gardner: Ron Schmelzer, senior analyst at ZapThink. Thank you, Ron.

Schmelzer: It was a pleasure being on this drug trip with you.

Gardner: And Tony Baer, senior analyst at Ovum. Thank you, Tony.

Baer: Better late than never.

Gardner: I would also like to thank our sponsors for contributing to the underwriting in support of the show. That would be Active Endpoints and TIBCO Software.

This is Dana Gardner, Principal Analyst at Interarbor Solutions. You've have been listening to BriefingsDirect Analyst Insights Edition. Thanks for listening and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod and Podcast.com. Charter Sponsor: Active Endpoints. Also sponsored by TIBCO Software.

Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at www.activevos.com/insight.

Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 41 on the current state of information technology and defining the best description of the next era of computing. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.