Friday, April 06, 2007

BriefingsDirect SOA Insights Analysts on Converged Governance and the New SOA Consortium

Edited transcript of weekly BriefingsDirect[TM] SOA Insights Edition, recorded Feb. 16, 2007.

Listen to the podcast here. If you'd like to learn more about BriefingsDirect B2B informational podcasts, or to become a sponsor of this or other B2B podcasts, contact Interarbor Solutions at 603-528-2435.

Dana Gardner: Hello, and welcome to the latest BriefingsDirect SOA Insights Edition, Volume 12, a weekly discussion and dissection of Services Oriented Architecture (SOA) related news and events with a panel of industry analysts and guests. I’m your host and moderator, Dana Gardner, principal analyst at Interarbor Solutions, ZDNet blogger, and Redmond Development News magazine columnist.

Our panel this week consists of Steve Garone, former IDC group vice president, founder of the AlignIT Group, and an independent IT industry analyst. Welcome to the show, Steve.

Steve Garone: Thank you, Dana. It’s great to be here once again.

Gardner: Also joining us is Joe McKendrick, a research consultant, columnist at Database Trends, and a blogger at ZDNet and ebizQ. Welcome back, Joe.

Joe McKendrick: Real pleasure to be here, Dana. Thank you.

Gardner: Also joining us is Neil Macehiter, a research director at Macehiter Ward-Dutton in the U.K. Welcome back, Neil.

Neil Macehiter: Thanks, Dana.

Gardner: And also here is Jim Kobielus. He is a principal analyst at Current Analysis. Welcome back, Jim.

Jim Kobielus: Hi, Dana.

Gardner: This week -- and it is the week of Feb. 12, 2007 -- we’re going to tackle two subjects. The first one is an important issue around governance, and whether governance is going to evolve into more of a converged activity. What we’re seeing is that SOA governance vendors are putting together policy-based approaches for managing the complexity of SOA. They're trying to automate the various resources within that environment and architecture, and to provide control for those managing the IT development deployment life cycle, as we get more toward a mixed environment of services, perhaps a variety of different sources.

So, we've got SOA governance that is evolving, but with its own technology, its own metadata, its own repositories, and even its own standards. Alongside that on a parallel track are Governance, Risk and Compliance (GRC) platforms, and a number of prominent vendors such as SAP, CA, OpenPages, MEGA and others are providing this as a service for regulatory compliance, principally to CFOs in large organizations.

We've also seen over the years on the management side governance platforms, dashboards, approaches, and methodologies along the lines of a Balanced Scorecard approach or process reengineering for the chief executive’s office. Also we have parallel and yet still disparate tracks for governance. I'm wondering, along with Jim Kobielus who raised this issue, where this might be going? Why don’t you tell us, Jim, what you're seeing, and some of your thoughts around this subject?

Kobielus: Thanks, Dana. I started being fairly cynical about a year ago over whether compliance was a market, I kept hearing about the compliance market, the Sarb-Ox market, and so forth. I was thinking it’s a concern in the same way that competitive advantage is a concern or a benefit from the appropriate and effective deployment of technology, but can you really regard compliance as a platform?

One of the things that I've seen over the past year is the growth of this new sector -- GRC: Governance, Risk, and Compliance Management -- not just as a big top under which many diverse product categories are being lumped, although to some degree it is. You see business intelligence, corporate performance and management, business process management, identity management, document management, all these things, all these existing technologies, being lumped under this GRC heading.

What I've also seen is that a growing group of vendors are building products or platforms into which they’re able to plug in, and are plugging in, various tools specifically geared toward GRC. In other words, a legitimate new niche of GRC vendors is growing up, and, Dana, you listed some of the chief ones that I've come across.

SAP about a year ago acquired a company called Versa Systems, which made tools for continuous controls monitoring. Around the Versa Team as a nucleus SAP has begun to roll out a GRC platform that includes a repository of policies and rules, a process modeling tool geared towards building business controls as structured workflows and also testing and monitoring those controls.

They rolled out a performance management dashboard environment under which you can roll up a unified view of your compliance and your corporate risks across all governance categories. The categories include SOA governance, IT governance, and operational business governance, and so forth. SAP is not alone in this regard.

You mentioned Computer Associates. They have their Clarity family of products, and there are some smaller but just as important like OpenPages and MEGA International, BWise, and several others that have similar product architectures and similar modular approaches to plug-ins. For example, you can plug in to most of these environments a module to do IT governance in compliance to say, CobiT, ITIL, and so forth.

One of the things I haven’t seen yet is any clear convergence between all this GRC governance, a lot of business governance and high level IT governance products, and the SOA governance world of UDDI registries and Web services management agents a la AmberPoint. I see two separate camps right now.

To some degree the GRC vendors are all pretty much SOA-enabled in the sense that they have native implementation of Web services, but I'm not yet seeing the vendors in that camp, other than SAP, with a strong SOA story or SOA partnerships. SAP has significantly SOA-enabled their entire suite of products over the last several years. So, that's the open question I wanted to bring out for group discussion: To what extent do you all see a convergence between business governance a la GRC and SOA governance?

Gardner: Let’s go to Neil Macehiter. Neil, is it necessarily a good thing for a compliance-oriented business policy engine to converge with what is running the IT operations, and increasingly in conjunction with what's going on with the business? Maybe we should check our premises and see if this necessarily a good thing before we start figuring out how to do it?

Macehiter: We’ll have to come back and think about what we mean by governance and compliance. Jim commented on it and he was somewhat cynical about that being a compliance market. I'm still quite cynical about it being a compliance market, because I think compliance and, more generally, governance is something that should be systemic. It’s not something that you sell with a particular tool or even a particular platform. It’s something that has to be systemic throughout the IT architecture, so that, for example, high-level business policies and high-level business requirements, in terms of compliance, can then cascade down through the IT solutions that actually automate and support the business processes that need to comply.

So, yes, absolutely. There is a need for this convergence to occur. For example, the services that are actually supporting your business processes are capable of enforcing the policies that allow you to monitor the controls and enforce the controls that you need to demonstrate compliance. That extends across things like identity management solutions, which have also come up with their own compliance solutions focused on their particular bit of the overall IT architectures. In their case it’s around authentication and authorization and things like separation of roles and segregation of duties. It needs to become systemic, and it’s not just SOA governance that needs to be tied into this. It’s also the work that’s going on in the IT service management market around CobiT- and ITIL-based processes.

It’s a broad issue. The challenge is that SOA, if we take SOA governance specifically, has evolved very much from a bottom-up perspective, in terms of initially addressing design time governance, and then gradually extending into the more run-time governance. Meanwhile, we’ve got things like the GRC solutions from the likes of SAP with Versa coming at it very much from the top-down perspective. The problem is they are not meeting in the middle yet.

It’s largely a semantic problem. How do you translate a high-level business policy that says, "We have to adhere to Sarbanes-Oxley," or "We need to address corporate social responsibility on regulations," or "Provide transparency to operations for customers?" How do you translate that into a set of policies that can then be enforced and actioned at the lower levels of the architecture?

The semantic issue will be enabled through standards, but until there’s some common agreement around the semantics and the translations between these different layers and different solutions, it’s going to be a challenge that does need to be overcome. So governance and compliance become something that’s systemic and continuous, as opposed to a solution you need to address every time, you've got an audit coming up.

Kobielus: I agree completely. It should be systemic. I'm still cynical about the notion of a compliance product market. Compliance is really much more of a professional-services market in terms of consultancies, large consultancies, sending teams of people out to help organizations, to reengineer their business processes, to audit their processes, and so forth. For the most part, at least two-thirds or more of the so called compliance market is purely services, and the products are the least of it. Most of the products in the market are point products for the squeaky wheel that needs the grease. These all-encompassing, omnibus compliance platforms are the least of the market currently.

Gardner: Correct me if I'm wrong, but isn’t the regulatory compliance these GRC platforms are primarily geared at gathering information in a reporting sense -- audit trails and discovery -- to demonstrate whether compliance is happening or not? On the other hand, from the bottom-up perspective as Neil mentioned, SOA governance is also involved with execution and the enforcement, taking a policy and then making it instantiated in the architecture and behavior of the processes. So, it's yet another reason why they should come together is that they actually need each other. How do you see this, Steve Garone?

Garone: I've been listening to the other guys talking. They're very insightful comments, and I agree with them in substance. I think the over-arching issue here is that GRC platforms are taking more of an enterprise architecture approach. They're still looking at business processes, monitoring business processes, and maybe even getting to some extent into the redesign of those processes to optimize the ability to meet compliance needs. SOA has, in fact, been coming from the ground up, and solving maybe a specific problem or issue within the department or organization. Because we’re in the early days of SOA, we're seeing a lot of that.

One of the interesting nuances here is that both approaches eventually need to focus on the business processes within the company, and optimize them for various reasons. SOA tends more, at least right now, to focus on making business processes work more efficiently. How those services are segmented and designed functionally ideally should reflect that; whereas, for the enterprise architectural approach and the GRC approach, we're looking more at being able to meet compliance needs. The question becomes how do you develop a services-oriented approach that meets both of those needs, optimizes compliance on one end, and optimizes customer satisfaction and performance and business agility on the other hand. Those could ultimately be in conflict, as these two worlds come together, and that’s an interesting new answer that organizations are going to have to look at.

Gardner: So, there seems to be some general consensus that there is value in bringing these so far disparate areas together -- governance risk and compliance with the SOA governance. If we were to move toward this middle ground and make them relate, it strikes me that data becomes important.

Joe McKendrick, you keep your ear to the street on data quite a bit. Do you think that this is simply a matter of yet again finding a meta level or layer that allows the data that’s being derived for one or both of these areas to be viewed, or used together, and wouldn’t that be a first necessary step?

McKendrick: Absolutely, Dana. It’s interesting that when we talk about SOA in relation to another type of corporate initiative -- in this case SOX and GRC and so forth -- we're always wrestling with how SOA fits into the picture. We've been challenged to make the pieces fit together, and I find that’s an interesting conundrum for SOA across a range of things happening in organizations. That being said, I recently conducted a survey for the Oracle application’s users group. We just released the survey last month on the very topic of GRC. These would be the folks who are working with the Oracle e-Business Suite, Oracle application server, and so forth…

Gardner: Of course, we know that anything SAP does, Oracle will be coming along, or vice versa.

McKendrick: Exactly. SAP seems to be pretty far head of the curve in this regard in GRC. What we found in the survey is that for the most part, there’s awareness. About 40 percent of the survey group from the 400 companies we interviewed was fairly aware of GRC, what's happening, and what's required for GRC. That was higher than we expected. So they’re trying to getting their heads around what needs to be done with compliance. At this point, the tools that are being used the most to accomplish the task around GRC compliance are the Excel spreadsheets or the Word-type documents that are flying back and forth. Seven out of 10 companies are moving these processes through or doing the reporting and putting out reports for the audits with these manual tools. Only about 15 percent say they have any measure of automation.

Gardner: They are using Excel spreadsheets?

McKendrick: Exactly. Excel. I think automation is going to be the key to all this, because companies are not in the business to meet SOX requirements. They are in business to make money for their shareholders. They’re in business to sell products. Compliance isn't their main line of business. They're being forced to pay attention to compliance and they are being forced to deliver these reports to auditors. Right now, they're committing staff to it. They're committing a lot of resource time, and resources that they don’t want to, and it’s happening on a quarterly basis. The folks involved in the reporting process have to generate the same reports every quarter, and we need to build in automation and repeatable processes. This is where SOA can play a pretty vital role.

Gardner: And, clearly business intelligence vendors, including SAP, have come into the fore. Reporting is the very core of business intelligence. So, first and foremost, if you want to do compliance, you have to produce reports, and if you have to produce reports on a regular basis from structured data in your operational systems, you need business intelligence (BI). That’s really the core, as it were, of any GRC platform.

One of the interesting things I'm finding in the growth of these GRC über-platforms is that there’s another important user interface, other than just the reporting and dashboarding the BI stuff. There are also structured surveys that can be delivered to stakeholders in a process on a periodic basis, asking, for example, procurement agents how well various business requirements or regulatory requirements are being met, from the procurement side to be in compliance with Sarb-Ox or whatever it might be.

So most of these platforms now have what I call a stakeholder interaction environment, involving not only the surveys, but other human workflows, not just GRC as a mean for pushing big rolled-up risk dashboards to the CFOs and the CEOs, but GRC as a way of regularly serving the troops as to how well processes are performing on various levels.

Steve asked earlier about how do you develop a GRC approach that addresses compliance, but also ensures business agility? One of the things that you can do is survey the troops, the grassroots stakeholders and process participants on a regular basis. "How well are we not only serving the Sarb-Ox requirements, but how well are we serving the customers through this retool process that you instantiate every day?"

Macehiter: As we see more of these compliance solutions emerging around identity management, business intelligence, and the stovepipes of technology, what will happen is that the problem will move away from organization struggling to find the information. We actually have too much information and we have to rationalize it. Our identity management system is telling us we're in compliance with Sarb-Ox because x-y-z, and our purchasing application is telling us, but we can’t actually rationalize the different information to provide visibility into whether we are really compliant. That’s going to be a very real problem.

Kobielus: Now, I just want to add a note here too. Hugh Taylor, vice president over at SOA Software wrote a book on this very topic called, "The Joy of SOX." I don’t know where he got that title from. Was there another book with the similar title one time?

McKendrick: "Fox in Sox" is a Dr. Seuss book.

Kobielus: The full title was, "The Joy of SOX: Why Sarbanes-Oxley and Services Oriented Architecture May Be the Best Thing That Ever Happened to You." He actually connects the dots, and it's the first real comprehensive case I've seen of someone actually tying the two together.

For his main point, he talks about the agility that SOA can deliver and the agility that is required to meet various compliance mandates and future mandates that will be coming down the road. The key thing with SOA is that, it enables you to access legacy systems. Most of large companies that are facing SOX audits also have mainframes and many legacy systems that they need to deal with.

Gardner: Well, if he can make regulatory compliance sexy, all the more power to him.

But I think we've come to a point here where hypothetically we recognize that having converged governance makes great sense. It strikes me, however, this is going to be many years before any kind of actualization. In the meantime, the larger message perhaps is that, as you’re doing BI, and as you’re creating more ability to capture data, cleanse it, and provide it in a way that gives you this GRC benefit, then when you decide whether you’re compliant or not, or you come up with an agenda of what needs to be done, that is not by choice but is mandated, how do then face back into the organization and get that into execution?

That’s where SOA can come up to the plate and say, "Well, why don’t we take your mandates and instantiate them into our policy engine that's reflected through the IT systems that has a relation to the legacy systems, as well as to the new systems?" Then SOA becomes the hammer through which something like a GRC platform can mandate and enforce. Even if these two systems remain disparate, it seems that they have a tag team in the near term. Can anyone react to that?

Macehiter: In an ideal world, the way the service-oriented approach works is that it’s much more declarative, much more policy driven. You don’t lock away, for example, the way that you authenticate a request or the way that you log a request into the application logic. You externalize that and control it through policy. That then allows you to drive though these policies from the high-level requirements to the GRC level down into the service infrastructure.

Whatever follows from SOX doesn’t mean building in a bunch of new code that ensures that you comply with SOX-plus, SOX 2.0, but rather that you define the policies that you need to, and then get them enforced through the infrastructure. So, I think you’re right that it’s a hammer, but the hammer needs to be wielded quite carefully. The key is going to be the semantics, and the language that allows you to define what most policies are, so that they can be enforced effectively.

Garone: I agree and just to carry the analogy a little bit further, it’ll be nice to able to design that hammer at the same time you’re assessing your compliance requirements and putting that infrastructure in place as well, so that the wielding of the hammer becomes more closely aligned with your goals as far as compliance is concerned.

Gardner: That would be the ultimate convergence, but even in the meantime it strikes me that there is sufficient short- to medium-term value in generating a SOA governance capability. Compliance and regulatory oversight is perhaps a major rationale for SOA, sooner rather than later.

Anybody else want to comment? Jim?

Kobielus: SOA is about sharing and reusing valuable corporate resources that are networked. The GRC platforms increasingly will differentiate based on their ability to bundle a broader range of best practices accelerator with polices and works flows and roles and metadata, and forth. So, really, GRC platforms are platforms for SIs to customize the policies to meet the needs of particular clients. The accelerators themselves are the sharable, reusable SOA resource that will speed up the implementation of compliance solutions in various markets. The accelerators themselves are the most critical resource that defines a GRC platform or GRC solution.

Macehiter: The point Jim raised about sharing and reusing is absolutely the key here. It's the one of the biggest challenges around compliance. Typically, organizations have multiple instances of processes locked away in different applications. They have 16 different versions of their customer or 14 different versions of a purchase order.

If what you can do by virtue of adopting more of a service-oriented approach is have common services to actually deliver capabilities that need to be audited, logged, and monitored, or if you can have a single shared service that increases consistency and reduces the effort you need to apply for compliance, increasingly what we will see is the rationale for the business case. What underpins an SOA initiative will be either that it improves our ability to comply in a cost-effective way and increases the consistency of what we do to comply.

Gardner: Perhaps what we should expect to see is not only the SOA vendors and service providers talking about compliance and regulation as a rationale for SOA investment and evolution, but perhaps it might be in the best interest also of these GRC platforms to say how well they play in conjunction with SOA and that there is a complimentary nature here.

McKendrick: Right. The only issue is that GRC is typically led by financial folks and, of course, SOA is coming out of the IT department. What happens is that the financial folks are saying, “We need more of this automated. We are not going to give you more budget to do it, but IT folks automate this process little bit more for us."

Gardner: Well, that issue is an excellent segue to our next topic, which is the announcement on Feb., 12 of the SOA Consortium, a group of both vendors and enterprises -- they are calling themselves Global 1000 End-user Organizations -- in order perhaps to bridge some of these gaps and promote the best interests of different constituencies within organizations, as well as within vendors and types of vendors.

The declared goal of this organization is to promote the adoption of SOA, and they’ve given themselves a deadline of 2010. So, in the next three or four years they want to get more people aware of SOA as a key enabler, as an element of any modern 21st century architecture and enterprise. They want to achieve benefits of SOA to change both IT and business, bridging the gaps and silos, both technically as well as culturally. They want to help the perception of SOA by business executives, they say, as an IT integration and productivity story, rather than a business agility story.

That sentence jumped out at me to say, "Aha!" These are some of the things we’ve been discussing for a number of weeks about the positioning of SOA for adoption and appreciation. It seems to me to be saying that the story around business agility is a system’s integrator business and organizational management topic. They want to bring it back into an integration function. Any reaction to that?

Macehiter: I read the press release and I think it’s actually a badly worded release, to be honest. What they’re actually saying is that one of the issues they're trying to address is the fact that SOA is perceived by business executives as an IT and integration productivity story, and they want to turn it into a business agility story. But it’s not clear.

McKendrick: I read it the same way and I agree with that statement, based on my experience with end-users. When I hear them talk about their experiences with SOA, it’s always around cost issues and the integration challenges, and very little about "Look at the business agility we achieved." What they are doing is citing that as a significant issue and potentially a barrier to SOA adoption, and I assume it’s their intent to address that.

Kobielus: I didn’t see a lot of specifics in this announcement. I try to boil down every press release to its absolute core, in terms of substance, and I didn’t see a whole lot here other than they are going to hold a bunch of summits in different cities, present some general mission, seek validation of that mission, and then ultimately produce a detailed report that will validate and direct the charter of the SOA Consortium.

I’m sorry, I had to put on my cynic hat. It sounds like this is an excuse for many fine lunches and dinners to be had. In terms of building awareness of SOA, it’s like -- duh. Aren't we all hyper-aware of SOA by now? Let’s think of the next step. You can sort of understand the vendor’s perspective in working in an organization like this, getting visibility and perhaps more importantly being able to leverage the successes of some of the companies who have used SOA. I’m not really sure what’s in it for the end-user organizations, and that's where I become skeptical.

Gardner: Well, if you look at the very last line of the release, it says, the SOA Consortium is managed by the Object Management Group, and we know from past history that the OMG's job has been to create a consortium generally around a set of standards, and there is no mention here of standards, because these are invitation-only summits, with both vendors and end-users. I think that the underlying agenda between the lines here is to help create a level of some standardization, perhaps around governance, perhaps around SOA interoperability. But, clearly there’s going to be a set of standards that’s going to evolve from this, not just from the perspective of the vendors, but also the end-users. And, that in itself strikes me as somewhat positive.

Macehiter: I think so. Look at what’s happened, for example, around the Liberty Alliance in a different domain involving large adopters and vendors, and that has delivered some tangible results. So, I think it holds promise because this is not the classic vendor "Let's set standards" to help customers, but without actually involving the customers in the process. So, that’s a positive sign.

My concern around this is whether the Object Management Group is going to embrace the work that’s currently on the go, taking place in OASIS around blueprints reference architectures, because there’s a lot of IT being developed there, that could be effectively exploited. I am just slightly concerned that what we are going to get is a proliferation of best practices and no common best practice. I’m also concerned that this is about global initiative, where the initial summit’s taking place just in the U.S., because the way SOA is being adopted in Europe, is very different from the way it’s being adopted in the U.S., and its relationship to things like enterprise architecture. I know this is only the initial meeting, but it sets the frame of reference for the rest of the work.

Gardner: Hold on a second. There could be some hope for this being global, if the funding sponsors are BEA Systems, Cisco Systems, IBM and SAP.

Macehiter: I think that’s global from a vendor perspective, as opposed to an adopter perspective. If I start to see the likes of HSBC or Tesco and some of the big adopters that we have over on this side of the pond involved in this process. That will stand in good stead.

Gardner: That will be critical for them. I agree.

Garone: The OMG has usually been pretty good about globalizing what they do, so I wouldn’t be too concerned about that. I also think that the point about the vendors being global is an important point, because based on the way the OMG model has evolved; I suspect this is being driven mostly by the vendor community.

Gardner: What we should do then is invite someone from this group onto the show in the next few weeks. I’ll reach out to Richard Soley, who is the chairman and CEO of the Object Management Group, and invite him to come on the show, and we can pose some of these questions to him. Is this a movement toward standards? Will they be global and inclusive? Will they be vendor-focused, or is there going to be a good balance between the end-user organizations as well? So, our listeners can look forward to a further discussion on the SOA consortium announcement with someone involved closely with this effort.

Kobielus: I like the parallel you drew with the Liberty Alliance, which is still actually a very vital organization. It started out as a standards organization or standards developer and still is to a degree, but has really moved deliberately to more of a best-practices forum in the identity management space. This is a critically important in a space such as in identity management, where there’s still a blizzard of standards and specifications, competing for market share and so forth. More than that, there is a huge variety of use cases and possible deployment scenarios, topologies and interoperability issues bedeviling that space.

Think about SOA. That’s even more confused and confusing in terms of best practices in such a global oceanic sense. SOA is literally all over the map. So if OMG, as a best practices forum, can help the industry to converge on a consensus of best practices for SOA, godspeed to them.

Gardner: Well, this has been another insightful 45 minutes. I would like to thank our panel of Steve Garone, Joe McKendrick, Neil Macehiter, and Jim Kobielus. I'm your host and moderator, Dana Gardner.

That’s it for this week's SOA Insights Edition, Volume 12. We appreciate your time and listening in. Please come back next week. Thanks, everyone.

If any of our listeners are interested in learning more about BriefingsDirect B2B informational podcasts or to become a sponsor of this or other B2B podcasts, please fill free to contact Interarbor Solutions at 603-528-2435.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect SOA Insights Edition, Vol. 12. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.

Friday, March 23, 2007

BriefingsDirect SOA Insights Analysts Explore SOA's Role Through Failure, Governance, Policy and Politics

Edited transcript of weekly BriefingsDirect[TM] SOA Insights Edition, recorded Feb. 2, 2007.

Listen to the podcast here. If you'd like to learn more about BriefingsDirect B2B informational podcasts, or to become a sponsor of this or other B2B podcasts, contact Interarbor Solutions at 603-528-2435.

Dana Gardner: Hello, and welcome to the latest BriefingsDirect SOA Insights Edition, Volume 11, a weekly dissection and discussion of Services Oriented Architecture (SOA) related news and events with a panel of industry analysts and guests. I’m your host and moderator, Dana Gardner, principal analyst at Interarbor Solutions, ZDNet blogger, and Redmond Developer News magazine columnist.

Our panel this week, and it is the week of Jan. 26, 2007, consists of Steve Garone, he is a former IDC Group vice president, founder of the AlignIT Group, and an independent IT industry analyst. Welcome, Steve.

Steve Garone: Thanks, Dana, great to be here again.

Gardner: Also joining us, Joe McKendrick, a research consultant, columnist at Database Trends, and a blogger at ZDNet and ebizQ. Welcome back, Joe.

Joe McKendrick: Hi, Dana, greetings.

Gardner: Also joining us is Jim Kobielus, a principal analyst at Current Analysis. Welcome back, Jim.

Jim Kobielus: Thanks, Dana. Hi, everybody.

Gardner: This week we’re joined by our guest Miko Matsumura, the vice president of SOA products at webMethods. Thanks for joining us, Miko.

Miko Matsumura: I appreciate being here. It's a great group.

Gardner: Now, Miko, you joined webMethods recently through the acquisition of Infravio. How is that going? Is that officially closed now, and what's the outlook for the two companies working together?

Matsumura: Well, it’s officially closed, and it’s very exciting. I tend to take an Infravio startup perspective, and from that perspective it’s almost like there are 10 times the number of sales people to talk to. It’s a little bit like The Darwin Awards guy that put a rocket engine onto his Chevy and raced it on the salt flats. Things are going a lot faster, and it’s kind of fun.

Gardner: Cool. Is this going to be a case where it’s the Infravio tail that wags the webMethod’s dog?

Matsumura: I listened to the [webMethods President and CEO] David Mitchell earnings call last night and we had a game, a virtual drinking game, we were playing by instant messenger. Every time someone said the word Infravio, we would say,"Drink." Were we actually consuming alcoholic beverages, I’m sure we would have been pretty soused by the end of the call.

Gardner: Cool. Well, it seems like so far it's a happy match up. It’s good to hear.

Matsumura: So far, so good.

Gardner: One of the topics I wanted to get into this week, and we’ll throw this out to the entire group, is looking at failure in SOA. What is the problem with those projects that are not going well these days? We talk a lot about SOA, the business value, when the maturity is coming, and where the technology and standards are going.

But I thought it might be worthwhile to take a step back and say, "Where are the warts, and why are they there? What can we learn from that?" You’ve had some experience in the field, Miko. Many of our panel speakers are working in these areas consistently. So I wanted to ask the panel, anyone at all. Have you come across SOA projects that have not been stellar successes? And, if so, are there any immediate lessons to be learned?

Matsumura: I'll answer, since you called my name out, and since it’s also a glorious introduction to have someone say, “Yes, I’d love to talk about the topic of failures and for this they have a guest expert.”

From our perspective, the thing that is really vital about this topic is that in 2007 we’re as likely to see catastrophic failures as we are limited success. There are a huge number of moving parts within SOA, and I'm going to use that almost as a handout point to this very well-considered group of folks. We need to categorize for the listener which moving parts are more dangerous than other moving parts, because those are the things that eventually cause the thing to kind of wiggle the wrong way, and send it to a tailspin. Any thoughts about that?

Garone: I’ve gotten involved in some research in the past, and it doesn’t really relate to SOA, but the results that I see from this research have tended to point out two major areas that cause or are the main factors behind these kinds of failures. One is a difficulty in nailing down and keeping a continuous eye on requirements for an application. The other has to do with corporate backing for that particular effort within the company. It's more focused on the people-oriented things and the collaborative issues associated with deciding what to build and how to build it.

What you just indicated was that, in the case of SOA, the focus in terms of failure might be more on the technology-based pieces associated with building an application. Do you see SOA being different in terms of what actually is responsible for failures?

Matsumura: I'm delighted to have you take that approach, because I’ve actually cast this net out into this group as a very neutral test to see what kind of like fish will come out of it. I used a very generic term, "moving parts," but I didn’t specify. Your inclination was to think that I was talking about technology.

Garone: Well, people do so …

Matsumura: That’s exactly what I was hoping to elicit -- the idea that, in fact, a lot of the moving parts -- and the most dangerous moving parts -- are people. From our perspective, the system is sort of cybernetic, half-human, half-machine. The human pieces of SOA are the parts that we’ve seen in failure mode.

It’s not necessarily just the human beings themselves, but, as you described, the interfaces between the human world and the machine world, whether those interfaces are the specifications used to design applications, or the mechanisms used to manifest constraints and policies. They make sure that people, when they do fight each other, fight each other in a way that's productive, as opposed to destructive.

So, thank you very much for heading in that direction. Any one else have anything about "moving parts"?

Kobielus: I think that SOA failures are a subset of IT project failures, which are of course legendary. The most common reason IT projects fail is lack of the appropriate business justification for them. Quite often, their aims are so broad and nebulous that there are over-heightened expectations built up about how it will change the business and contribute to revenues, profitability, and so forth.

There’s a "boil the ocean" element of SOA justifications, because SOA as a set of best practices, is often pitched as, "We’re going to totally clean up; we’re going to totally clean up our development practices and our integration practices. We’re going to orient them around this new grand unifying scheme called SOA."

When projects are pitched in that way, and justified in that way, you’re just setting up the SOA project for failure.

Matsumura: I want to plead guilty as charged. I don’t want to monopolize, but I do want to say that I just recorded an SOA governance podcast on my own, the theme of which was, “Reorganizing the Billion Dollar Software Project.”

Kobielus: I didn’t mean to imply that you were the kingpin of failure, and, in fact, I figured that people who are having trouble in the field look more toward the governance value in order to help solve their problems. I thought I was giving you a soft ball not a hard ball.

Matsumura: No, I appreciate that. Anyhow, I’ll cool my heels and let the others speak.

Gardner: No, you’re the guest. That’s fine. But some of our other discussions on this weekly podcast in the SOA domain come back to the notion of systems integrators (SIs) and even management consultancies getting the lion's share of business in the near term with these things, because it is about culture, people, and process. And the user companies need to shift a lot of what they are doing in order to exploit the benefits of some of the technology and standardization.

I wonder if you agree with that. Do you think that for the next two to five years vendors like yourselves are being dragged along, or do you have another relationship with the SIs that have to get in there and monkey around a little bit with the culture to get companies to transform?

Matsumura: Being dragged along might be a tall order. The reason I say that is that we’ve learned that the people who control the SOA are the people who essentially control the policies. The policies include metadata, repository, and registry -- the kind of policies that are machine-enforceable, but also involve human factors. In a way, the model is more of an equal partnership now.

On the other hand, real system integrators like to control policy as a way to permanently set up a base camp inside an account, pour people through the door, and take over. It's something that we know they're salivating about.

Gardner: Joe McKendrick, what do you think? Is this a control issue right now? Or is there some jockeying going on among the internal constituencies in an enterprise, some of the vendor’s constituencies, and also the SIs? And who’s going to win?

McKendrick: There is a lot of jockeying going on, and Steve has pointed this out in a previous podcast as well. There’s a tension between various groups in the enterprise. I guess there’s a lack of a clear definition as to who is going to be doing what, and who is going to be controlling what.

SOA, of course, is inherently cross-enterprise -- or in theory it’s cross enterprise. An SOA that’s confined to a single silo or single piece of the enterprise, by definition isn’t necessarily an SOA. It’s another proprietary system.

I was curious as well as to what the definition of failure would be in an SOA situation. Personally, I'm not familiar with situations where an SOA, or components of an SOA, had to be rolled back, such as you’ve heard about with spectacular ERP failures. It seems that there may be heightened expectations of ROI or increased business agility, which don’t happen immediately, but components of the SOA still may stay in place and just be sent off in a different direction.

Gardner: Maybe we should define failure. I was thinking of it as an instance where these new practices and methodologies were tried, but people didn’t think they were working. There weren't cohesive approaches. There wasn’t standardization in the organization.

And, so they went back to business as usual, which would have been some of the older application-development ownership and deployment practices, silo-types of affairs. So, in other words, a reversal from a movement toward holistic services, used broadly, to "I’ve got my set of apps. I'm going to maintain control over them. And, if you have any kind of changes or requirements that you wanted to address, you can get in line" mentality.

Matsumura: This strikes to me as a way of defining retreat as a "strategic advance to the rear." There are definitely potentials for failure. Since failure is an orphan, even though success has 10,000 fathers, I can’t allude to a project I know that experienced a failure condition.

For example, a project I was involved in for the insurance industry was widely touted as an early SOA poster child by the vendor. The CIO was on the speaking circuit, which was dragging him off the field, and he had essentially outsourced the entire project toward a single source. What eventually happened was that this particular individual ended up having to leave the company.

I think that the CIO had this mistaken impression that the service interface abstraction allowed him to outsource completely the operational concerns and the implementation concerns, and eventually to treat this service interface as something like a child’s car seat, where really mom is driving.

It’s important to treat the interface abstraction layer like a saddle on a horse, which means that the only people who can successfully get from Point A to Point B are the people who have the skill of riding and controlling the horse, which is the service implementation. It’s really an abstract or complicated metaphor. It’s not hard to lose control.

The whole thing we alluded to early about this integrator setting up a base camp inside a company ... we’ve had customers who deliberately, pre-webMethods, used Infravio as a wedge and basically said, “We don’t want a single vendor to come in with a product and a set of services, because we don’t want them to control everything. We want an independent to mix things up."

There is a very significant danger of the inmates running the asylum or the integrators taking over the whole account from the inside.

Kobielus: I think that the way to define SOA failure is the failure of SOA as a set of practices that a company adopts, the company’s failure to realize the grand claims made for SOA. These include such benefits as improving interoperability, simplifying your IT environment, reducing the cost of that environment, speeding up the development of applications, and enabling greater flexibility in terms of where you can source various components, portals, databases, and integration components from.

An SOA project or initiative is a failure if it increases the complexity of your environment, if it increases cost, if doesn’t make much of a dent in the incompatibilities among different platforms, or if it locks you into a given vendor.

That’s why last week I brought up the whole notion of SOA suites. This notion of an SOA suite from a single vendor who provides everything for you seems to fly in the face of, "Isn’t SOA supposed to allow me to mix and match the BEA, Oracle, webMethods, Microsoft, and everybody else’s components in my environment ?"

If, at the end of the day, you’re a CTO and you say, "Well, here’s my SOA strategy, and we standardize on Oracle or webMethods" -- are you really gaining anything over the monolithic days of yore?

Gardner: So, we can agree that something that would be opposed to failure would be less lock-in, and that could be lock-in from a vendor, lock-in from an integrator, or even internal lock-in, where there is a very strong division within IT or some other organization that’s holding the rest of the enterprise hostage.

Is SOA a democratization type of an effect, or is it really giving command-and-control through policies that you could think of as a governor or an accelerator -- a brake-pedal/dashboard type of an affair -- where suddenly those in the organization that may not have had power before gain it? Is the failure when the control doesn’t go to the right people?

Matsumura: Yes. That hits the nail on the head. I was giving the keynote of the governance track at The Open Group SOA Conference in San Diego [on Jan. 31], and one of the questions that came from the audience was about metadata. Who controls the metadata?

This question is basically The SOA Question, because the people who control the policy metadata are the people who are running the show. The thing that we’re trying to establish here is that the SOA success model is essentially a model where there are federated controls and delegated controls. The reason why this term "federation of control" is so significant is because we’re trying to achieve a balance between the central function, the IT function, and the distributed function, or the business function.

People talk about the agility and control. If you want to balance these things, you need a mechanism that enables some amount of control by the people who are on the periphery, in the business units, trying to create agility. Then, [there comes] some amounts of control by the people in the center, who are trying to create more orthodox standardization and security and orthogonal cross-cutting concerns.

Having the wrong people controlling the wrong things is exactly the pattern that causes things to go a little nuts. The old-school model -- having one single point of control for everything -- has actually proven to be undesirable. While it is not prone to failure, it’s not prone to success either.

Gardner: I suppose when we’ve seen enterprises that are in a suffering mode, when IT and the business are not aligned or not syncing up, well, that can often be due to a cultural clash. For example, if it’s a distributed company and they try to have a distributed approach to IT, that can break down.

If they’re a centralized company, but IT is decentralized among departments that are doing their own applications -- then that could break down. But what’s probably more productive is, as you say, a hybrid approach where certain functions, let’s say procurement, should be centralized. If you can take advantage of a volume approach to your procurement, if you can go to your vendors and suppliers with a larger bid, you can get a better deal. So there are lots of reasons why procurement should be centralized.

But there are other examples, perhaps around knowledge management or around innovation and collaboration, that should be very ad-hoc, very decentralized. How can you manage both of those types of cultures across the company, and then instantiate that through how the IT department behaves and reacts? Anybody have a sense or reaction of that?

Kobielus: A SOA and a SOA initiative are a success if it gives you the ability to adapt the SOA governance structure to your actual business governance structure.

As you’re saying, your business governance structure will evolve over time. All business models change. So the extent to which your SOA initiative and your SOA governance are totally centralized and totally rigid -- but your business environment and the challenges and threats and so forth are constantly changing -- then your SOA failure will ultimately become a business failure, a failure to adapt.

Garone: I’ll concur with what you just said, but also add more in the way I look at it: I don’t necessarily see a contradiction between some levels of centralized control and being able to achieve business agility. The argument for business agility really is about making sure that you make changes quickly to dynamic market conditions and relationships, and so on.

While too much centralization may make that a little bit more difficult than it would be if everything were ad-hoc, I don’t think it makes it impossible. Of course, the world is about balance. The world is about finding that midpoint, where control and governance is centralized enough to keep things safe and secure, and to be able to take advantage of business opportunities -- where consolidation makes sense -- while at the same time staying agile. That’s really the challenge, the way I see it.

Gardner: I guess we need some standard methodologies or best practices around how to approach the whole organization culturally. That brings us into a discussion around ITIL or around what The Open Group has been doing [in terms of certifying SOA architects and the move to the "Town Planner" model of enterprise architrect roles].

Miko, let’s go back to you, do you have a sense of whether there is a legitimate standardization approach that is welling up in the marketplace?

Matsumura: I’ve just been speaking with the head of The Open Group, SOA Governance Working Group and absolutely there are efforts in this area, under the banner of TOGAF, ITIL, and other types of processes. It’s still reasonably early in the game, and what people need to understand and establish are the basic patterns and best practices. A lot of the efforts that create these extremely ornate methodologies are intended to be recipe-book and all-encompassing or one-size-fits-all approaches. I think it’s early in the game to take those approaches.

What I would do is take a look to see if there’s any precedent for a model for policy-managed systems that balance the need of a central entity and the needs of distributed entities, against the desires of the whole. If you look at it from a metaphorical perspective, for example, the federal government of the United States is a very interesting model. You have essentially a bunch of business units called states, that each have their own legislation, their own competency centers called state legislatures, and even their own executives called governors.

Those look a lot like business units to me. If you look at the notion of federation and the federal government model, what you see is this whole principle of jurisdiction. Ultimately, competency centers become the legislative bodies within these organizations. All of the efforts that I’ve seen to codify methodologies around SOA tend to focus on these competency centers or centers of excellence, primarily because there needs to be an inclusive organization for adjudication and jurisdiction, as opposed to having a model, where it’s just a single iron-clad dictator that controls all policy.

If you want to go that way, let’s just go and live in the mainframe and forget about SOA. Not that this would necessarily be a problem, we just have to do it deliberately and well.

Gardner: This is great. We’re getting at the point where world political history is perhaps a guide to how to approach SOA. Do you want a Third World dictatorship? Do you want empires extending their influence? Do we want a Pax Romana approach? Or do we want a pure democracy or a federated democracy? I’m thinking more about Star Trek, when the Romulans and the Klingons get together. If you could only get that to happen in IT, would be in a lot better shape.

Matsumura: Just to extend that metaphor to the initial theme about failed SOA ... . You can actually look at the failure modes of failed states. If you look, for example, at how you establish and foment democracy, there are some models, some really good, real-world cases about how not to establish democracy. Not to get too overly abstract, but there are a lot of practices and principles around establishing policy federation. The interest in doing so is the interest in establishing a controlled paradigm that actually serves the common good in a way that enables agility, but also enables this centralized capability of control.

Gardner: Right. If your company is behaving like Zimbabwe, you need to do something different.

Matsumura: Exactly.

Kobielus: We talk about political governance in terms of the world community. There is no one right governance model within a state or among the various states of the world. But clearly, history has been marked by individual states or groups of states playing and towing with, if you can use the word, various governance models ranging from absolute dictatorships and empires down to sort of laissez-faire, no centralized government.

But governance is an abstract concept, and you don’t necessarily want to dictate one governance model that’s applicable or should be applicable to all organizations and industries. Everybody has their own pressures, market pressures and so forth. In terms of SOA governance, there are radically centralized models in a given organization. It could be a radically centralized governance model within a given industry sector in the sense that basically one monopoly company controls an entire sector of the economy and they then dictate all the SOA policies and practices for all of their tributaries, as it were.

In the world, you have 230-something countries that are sovereign states ostensibly, and they establish various bilateral treaty relationships and also participate in various multi-lateral treaty organizations like the United Nations and NATO and so forth. Any given country is probably, involved in various international governance schemes as it were -- but also internally, from generation to generation, from revolution to revolution it’s going from centralized to decentralized. One size doesn’t fit all generations of governance.

Gardner: So, maybe we should take a lesson from the United States in Iraq, where you need to look at what you’re getting into. You might not want to just take a company and inject a pure democracy or a federated approach. In fact, each company has its own history, its own culture.

You might want to do the equivalent of a Myers-Briggs test and figure our what kind of company it actually is. Then, figure out in what way to approach governance, so that we don’t try to overstep what’s possible on a linear basis. I suppose it’s also evolutionary. Some companies might need to start out as strict dictatorships, and then perhaps the government withers away and it becomes a democracy. We’ve seen the example of Eastern Europe over the last 20 years. Any thoughts on politics and geopolitics as a lesson for SOA?

Garone: I think it’s a great metaphor. I’m thinking about the model that I think makes sense in that regard, although it’s kind of obvious, which is basically, the U.S. Constitution and the federation of states. You’ve got certain things that are up to each state, and certain things that are up to the federated entity sitting on top of all of it.

Gardner: If I could just pause you. The first step, the Articles of Confederation, which gave too much power to the states, didn’t work.

Garone: Right. So, now you’ve got a dynamic situation where some of that can change and over time. Plus you can also “amend your constitution” to make changes as appropriate. But, there was not always a set of things that are controlled by the centralized entity, the federal government, in the metaphor. But there’s also a certain set of things that those individual states need to comply with in making their own rules.

Matsumura: I just want to jump in here and talk about the U.S. Constitution, which has some key design patterns in it. If you actually look at the separation of power declared in the preamble, it says that the purpose is, "... in order to form a more perfect union." So, there’s this notion of the intent of the formation of this governing entity, which is the goal of a more perfect union, which essentially means that there’s a distribution of power and that the consent of the governed essentially be the overriding principle.

The idea that comes out of that, though, is the clause "provide for the common defense." That’s really talking about the security domain, whether it’s physical security or technical policies associated with the current data. The idea is that it actually should be a federated concern. In other words, security is everybody’s business. You can’t just delegate it to one unit and say, "It’s your business."

The earlier comment about how there’s no one-size-fits-all is absolutely the case. For example, I just spoke with a bank that's highly decentralized. I also spoke with one of our customers, Johnson & Johnson, which has 200 operating companies, and is fairly decentralized. Their central IT exerts a pretty strong coordinating function. So, we’re talking about the big picture, which is, how do extremely large entities organize themselves and how do they achieve success in that organization?

Garone: It comes down to what an organization wants -- centralized or decentralized IT functions. Getting back to the whole notion of the Founding Fathers of the United States, they were not of a single mind among themselves on the proper governance structure. You have Alexander Hamilton, who wanted highly centralized. Then you have Thomas Jefferson, the fellow who wrote the Declaration Of Independence, who wanted it quite decentralized.

And they yanked back and forth until various things happened, and that got more centralized. Then, you had some of those, like in the southern states, who felt it needed to be highly decentralized, and fought a war to try to enforce that kind of order. It’s one of these things that just keeps rocking back and forth, from one generation to another, in terms of the right approach.

Kobielus: Look what’s happening in Venezuela now with this guy Hugo Chavez. He’s totally centralizing everything, establishing a new dictatorship there. Not all of his country people are happy with that. I saw in The New York Times that a lot of them are applying for asylum in places like Spain and elsewhere. This is highly political, but on the IT front, it’s the same thing. Quite often, SOA is justified on a project-by-project basis. "Oh, yeah. We’ll do this project according to the principles of SOA," without necessarily implying that they’re trying to impose SOA practices across all projects and across all systems.

Gardner: Now the corporation as an organizational definition has been around for couple of hundred years. You look back to early mercantile activities, to some of the Dutch companies that had started in 17th century, for example. The modern company is certainly at least a hundred years old.

If we look at some of the large conglomerates, there’s a history of progression around corporations as entities in a more modern sense. Perhaps what's different now, though, is that companies are of, for, and by -- if I could borrow another political statement -- technology. Technology so permeates how a company operates, particularly if you’re Internet-facing and if you’re using and exploiting the Internet for more and more of your supply chain, your distribution, your transportation, for the way in which you attract sales and customers, and so on and so forth.

So technology now is at an intersection with the corporation as an organization, and perhaps that’s what’s forcing this need for a different look at how to organize in general, and, therefore, on how to govern.

Matsumura: I wanted to respond a little bit, too. One of the themes that emerges from our conversation here is that we’re talking about SOA as more or less of a post-modern infrastructure. What I mean by that is that some of the themes that emerge in post-modernism, post-structuralism is the notion of the breakdown of the dominant narrative, which is that there isn’t a universal "thing." The resistance to the one-provider IT stack model, the suite model, is the notion that there isn’t a single system that can rule them all, over all others, and that heterogeneity, components-wise, is the law of the day. Think about that particular heterogeneity in terms of how it functions from a policy perspective.

We talk about federations and policy context, but there’s a degenerate case, where essentially what you’ve done is you’ve created a federation of two. This means that two business units come up with an agreement, or two companies come up with an agreement, which is referred to as a contract. The reason I’m alluding to this degenerate case is that a contract is treated as a completely different class of legal structure within our governmental system, and is protected by the civil law system. When disputed parties get into contention, it’s basically a civil issue.

When someone breaks a policy held by the government at-large then it is either a federal or state issue. From the perspective of creating an appropriate taxonomy, it’s important to consider that these two cases are actually pretty different. Perhaps an attempt to establish initially a sweeping universal regime of centralized federated policy may actually be subsumed by these kinds of groupings of pairs of twos or threes -- or United Nations or NATOS -- or just the kind of loosely coupled and smaller policy domains that are built on top of individual agreements between provider and consumer pairs.

Gardner: I guess we’re somewhat fortunate that there are only about 200 countries in the world, but there are thousands and thousands of companies. So, there’s a lot more opportunity for experimentation in the marketplace and for competitive forces to play out dominance. We can see some success stories, as well as failures, and we can learn from those successes on how to best organize a highly technologically advanced corporation.

McKendrick: We talk about the post-modern corporation. Where are these companies going to get their IT? Where are they going to get their technology? We’re seeing more and more instances of companies going outside, not wanting to get involved with the bits and bytes of managing a technology infrastructure.

We call it "software as a service," "managed hosting," and various types of acronyms and terminology. But I’ll bring Nick Carr into the argument here. Nick Carr said IT doesn’t matter. It’s going to be ubiquitous, available like a utility. Any company can tap into it, whether it’s internal or external, to the point where it’s not that big of a concern.

Matsumura: I can’t resist shooting at this. It’s going to require you to follow along with the metaphor that we’ve drawn. If you can’t suspend your disbelief in the metaphor, it will be hard for you. The metaphor of nations and the competition between nations has typically been along the lines of warfare in our history.

Look at the metaphor of business at war, which is essentially competition for the survival of the integrity of your company against all others. It’s not on the battlefield, but it’s for customer value, for creating services that people treasure. In the history of warfare between governments and nations, what we found is that the organizations that leverage technology to their advantage are the ones that come out ahead.

Abdicating the responsibilities of the management of technology to a commoditized provider creates an extreme vulnerability because your competitive differentiation should not be held or embodied by some generic provider. I think even Nick Carr has backpedaled from his hard-line IT commodity position.

Gardner: I’ve noticed that Nick has backpedaled a little bit, but again we’re back to where it’s not necessarily all-or-nothing. There are going to be some aspects of technology that are commoditized, that should be accessed centrally, and there are many others -- perhaps this will change over time -- that are differentiators. Control over how your organization behaves and controls your assets and resources strikes me as something that you would never want to commoditize.

Kobielus: Think of this notion of where companies in the most post-modern age are going to get their governance structures from. I think a lot of the governance risk and compliance management vendors -- it’s a new market space; companies like SAP and OpenPages and MEGA International and BWise, and others, are building up platforms that have both verticalized and horizontalized governance templates, rules and workflows, and so forth. Increasingly companies or enterprises will standardize on a dominant governance risk and compliance management vendor for their organizations, and then use whatever templates they choose. And their SIs will modify them to suit their own needs going forward.

Bringing this back to the whole notion of where nations get their governance charters. I just read a book, a really good one, called "Declarations of Independence," and it shows that the first actual declaration of independence ever created to found a nation was our Declaration of Independence in 1776. You wouldn’t believe how many other countries have actually plagiarized or borrowed language and whole concepts from it, including Vietnam. The declaration of independence for Vietnam in 1945 directly quotes from our Declaration of Independence, which I found highly ironic.

Garone: I’m going to bring back outsourcing into this discussion as well. Post World War II, the nations that have relied on the Unites States for its defense have thrived economically, because they have not had to spend so many dollars on their own defense -- Germany being the prime example. They’re under our umbrella, and their defense budgets are much lower than ours, and these nations have thrived and moved forward.

Gardner: Well, without getting too deep into what is or isn’t the right approach in world affairs, clearly we’ve defined here that a successful SOA is a lot about politics, power, and moving beyond traditional norms of organization. How you do that probably is going to involve failures. If the Unites States is a good model, it had to fail a couple of times. It failed with the Articles of Confederation. It failed in dealing with slavery up until the Civil War, and perhaps for a hundred years afterward in terms of how it was dealt with in practice, if not in law.

So the idea that we started this discussion with -- where are the SOA failures -- perhaps we should look to failures as a necessary set of learning activities, in that SOA is not going to just happen and spring up like a fungus or a mushroom after a spring rain, but it’s going to have to be something that’s hard-earned.

Matsumura: Well, the way I want to respond to is that having maturity in the way that you deal with failure is essential. If you look at the way that our policy system functions within the United States, what you have is you have a set of policy assertions about what it is people can and can’t do. But then you actually have a policy enforcement mechanism that’s heterogeneous and distributed. You have the FBI, the CIA, the state and local law enforcement, the Army and the National Guard.

You have all these different policy enforcement points everywhere, manifesting these policies. What is extremely important to understand is that there’s an entire judicial system whose function it is to take those policy enforcement actions, monitor their efficacy, and enable the whole system to readjust and adapt.

So, I think that it’s not just an accident of, "Let’s just run out there randomly, screw up badly, and then sit there and try to recover and learn." I think that having a learning engine that monitors, adapts, and revises policies, and having a competency center, an adjudication point that’s deliberately there for the purpose of making those adaptations -- that is an essential function.

Gardner: Or checks and balances ... . If you’ve got failure, that could be a very good learning experience, where you need a check and balance in place, and so the progression toward the value and benefit of SOA can be accomplished. It will be a different path for each company, but they’re going to have to have checks and balances to keep the progression going forward, rather than reverting back to the past, and in a sense giving up.

Well, this has been a very stimulating and interesting discussion, I’m glad that you all could join us. It took on a little different characterization than I was expecting, but a necessary vantage point on SOA in order to make it successful.

We’ve been joined here with our usual panel, Steve Garone, Joe McKendrick, Jim Kobielus and our guest, Miko Matsumura, vice president of SOA products at webMethods. This is your host and moderator, Dana Gardner. You've been listening to BriefingsDirect SOA Insights Edition, Volume 11. Thanks for listening and come back next week. Thank you, gentlemen.

If any of our listeners are interested in learning more about BriefingsDirect B2B informational podcasts or to become a sponsor of this or other B2B podcasts, please fill free to contact Interarbor Solutions at 603-528-2435.

Listen to the podcast here.

Transcript of Dana Gardner’s BriefingsDirect SOA Insights Edition, Vol. 11. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.

Sunday, March 18, 2007

Transcript of BriefingsDirect Podcast on Future Trends in Search and Advertising

Edited transcript of BriefingsDirect[TM] podcast with Dana Gardner, recorded Jan. 23, 2007.

Podcast sponsor: ZoomInfo.

Listen to the podcast here.

Listeners of this podcast are invited to learn more about B2B advertising opportunities with ZoomInfo. Just go to www.zoominfo.com/adpodcast to learn how Zoominfo's business search portal provides a rich online B2B advertising opportunity.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to a sponsored BriefingsDirect Podcast. Today’s discussion focuses on the future of search and search marketing; and how businesses, corporations, companies, marketers, can better avail themselves of the tools that are now available through search.

We'll discuss the incredible power that’s now being leveraged through access to people’s information, company’s information, market collateral and data -- a rich trove of information. Now is the time to figure out the best way to approach it and to leverage it.

Joining us on this call are an analyst and an executive from ZoomInfo. Let me introduce Shar VanBoskirk, a senior analyst at Forrester Research. Welcome to the show, Shar.

Shar VanBoskirk: Hi, Dana. Thanks so much for having me.

Gardner: Also Bryan Burdick, chief operating officer at ZoomInfo. Welcome, Bryan.

Bryan Burdick: Thanks, Dana. Thanks for having me.

Gardner: We want to look at where we are, but, more important, where we’re going with this whole notion of search as applied to marketing and business -- getting things done in a new and innovative way. I suppose that in order to know where you’re going, you have to have a strong sense of where you are. I’ll throw this out to either of you. What is the state of search marketing, and how did we get to this point? I’m principally interested in business drivers and technology drivers. What has gotten us to this point of where people are starting to look at search for business purposes?

VanBoskirk: I can start off. I’ll just weigh in by saying that what has made search so popular today is that it's proven both very effective at getting users to take action, and very effective at giving marketers a way to measure their effect on advertising and consumers. If we look at the history of the interactive medium specifically, around 1999 advertisers were really looking for the next big thing. They had gotten a good result and a good return from display ads, but no one was very clear about what was the sweet spot of the online channel. Overture had a couple of attempts with some paid search ads, and the people who gave it a try realized that they could put some money in and see some immediate returns. That's the kind of cost effectiveness that has lead to the boom that we see today in search marketing.

Gardner: Overture is part of…

VanBoskirk: Now part of Yahoo!

Burdick: I agree with that, and also would add to it that one of the business-model effects of search engine marketing is the ability to very cost effectively try new things. You can try new keywords, see how they work, get immediate response, understand the ROI, do more of what works, and try new things along the way.

Gardner: So, it seems that advertising online and in all the other modalities and channels for advertising often required a gut instinct as to what was going to work and what wasn’t. You could see what went in at one end and you could just look at the results, but figuring out how they came together was sort of guesswork. It seems to me that search, using contextual ads and keywords, removes the guesswork and it gives you clarity and visibility into the thought process that brings people from research to an actual business decision. Does that make sense?

Burdick: It really does, and it also really shortens the time cycle of that whole process. You can try keywords and paid-placement advertisings on Google or Yahoo!, or wherever, today and get results literally in a day, sometimes even in hours, depending on the overall volume.

VanBoskirk: I think search works, because it catches people at the point where they are raising their hand for information and for marketing messages. So, the guesswork of advertising that search doesn’t apply to was always assuming, "Hey, maybe my user is interested in my product or if I catch them at this time, it looks like they might be really responsive." Search took all that guesswork away, because it basically said, "I, as a user, am actively searching for more information about something I’m interested in. If you, Mister Advertiser, can actually give me the information that I want, I’m going to respond to that."

Gardner: When we think of search, we often think about people looking for maybe medical information. "I’ve got a wart on my hand. How do I get rid of it?" or "How do I get rid of the fleas on my dog?" -- consumer research and questions. I think more and more we’re seeing search being used for real business research. People could have $20 million or $30 million budgets and be looking for procurement efficiencies and new avenues for finding products, services, personnel, partners, and ecologies. How does this translate into business? Did the consumer use lead to the business use, and is business catching up? Is that what’s going on?

Burdick: We’re definitely starting to see some of those trends. Consumer advertisers were certainly the first to adopt, and jumped on to the search-engine marketing and advertising bandwagon. In a lot of ways, it goes back to their ability -- as Shar was just saying -- to present a very targeted message, and get an immediate response and ROI, whereas the B2B sales cycle tends to be longer.

As the model is proven out on the consumer side, B2B advertisers are starting to find ways to leverage those same technologies and those same avenues. New avenues are developing. We see new vertical search engines that are really targeting the business consumer or the "prosumer," as the case may be, and delivering even more targeted results to the B2B searcher.

Gardner: I suppose companies think of this in two ways. One being, "I want to use search to improve how I gather information, research, do business, find partners, and find suppliers." But they're also saying "I want all the people who are looking for my goods and services to be able to better find me." What should companies be doing now in order to be better found?

VanBoskirk: The fact is that 71 percent of users are using search engines to find Websites. So, thinking about your question of which came first, the business need or the consumer behavior, I think the answer is that we’re all users of the Web. Whether we’re using it for personal or business reasons, search has become just a natural way for us to begin finding information. What that has led to then is a need to capitalize on that behavior, whether you are a B2C marketer or B2B marketer. There are similar best practices for both.

I always tell marketer clients to think first about their natural search engine optimizations. So, really they should be thinking, "Is the content on my site related to the searches that my users are doing for me, and is it presented in a way that’s easy for Web crawlers to get around?" That’s work that, if you do it once, can pay off for you for years to come.

Then, you can think about some paid search ads that might be really related to the specific, more timely searches or the specific offers and timed programs that you might be running. They should think of all within this notion of, "Who is my user? What are they looking for from me? What is the language that they’re using to conduct that search or to find that information?" You need to understand who those users are, how you can optimize your site to meet their needs, and then look at the paid search ads. It’s the same best practice that works for either a consumer or a B2B marketer.

Gardner: I suppose a consumer doesn't need to have a presence on the Web in order to use it, whereas for a business, their presence, and the amount of content, trackable media, and information that they put out is what’s going to help them get into this mode of being a part of online commerce.

VanBoskirk: That’s an interesting question, because we’re seeing a lot more consumer-generated content appearing in search engines. While it’s true that you have to have some sort of Web presence to appear in search results, what you have to do to create a Web presence is much different today then it was even a year ago. You might actually have information that is about one consumer talking to another consumer about a product, as opposed to that product’s Web page appearing as the most relevant search result in a search results page.

Burdick: That raises the ante for businesses that need to control brand image across the Web, and need to control their digital image. It’s not just about what goes up on their own Website, but, as Shar was saying, it’s about what the blogs are saying. It’s about what the press is saying. It’s about what review sites are saying.

As search engines go to the next generation and do things like semantic search, like we’re doing here at ZoomInfo, we actually are able to aggregate that content across these entities and pull together a complete picture of people and companies. That same technology will start to apply to other entities and other search engines down the road.

Gardner: So, whether I’m a business buyer or a consumer, when I do a search on "buggy whips," I’m not just going to see results from Acme Buggy Whips Co., I’m going to see chats and blogs and all the information about the state of buggy whips.

Burdick: Right, and it will move from buggy whips as a keyword to buggy whips as a concept or entity. A great example that I like to use is, if I search for "enterprise router" on one of the traditional consumer search engines, I’m going to get lots and lots of results. They will include everything from Enterprise Rent-a-Car to the latest episodes of Star Trek, including a lot of results about enterprise routers. They’re looking at those as keywords versus a more semantic search that understands that an enterprise router is a product. "Here are the companies that sell enterprise routers" is the kind of result you get from a semantic engine like ZoomInfo.

Gardner: So, the search can be better for me if it knows that I’m a business user in a business mode.

Burdick: Exactly. Again, "router" is a great example. If I search for "router," as a consumer I might be interested in a woodworking tool, but if I’m doing it for my business perspective, I’m clearly interested in networking connectivity or the like.

VanBoskirk: Bryan is touching on the next phase of search and the next phase of search marketing that a lot of marketers haven’t yet prepared for. If we look at the most sophisticated marketers today, they’re very good at understanding the broad suite of keywords that they need. They’re probably purchasing a lot of keywords, and they’re maybe even doing some smart bid management to figure out how much they should be paying for certain keywords, based on the profitability of the traffic that they’re getting from each of those term.

What’s next is this notion that Bryan’s talking about around creating an increased relevancy in the results. It’s not determined by some sort of magic algorithm that counts how many mentions of a word are on a page or how many links are linked to that page. It has a bit of a learning embedded in it.

It can understand that if this user has searched for these things in the past, we know that this is the type of user they are, or other people have found satisfying results from these types of searches or these types of results. We know that they’re going to be the most relevant for people who are just like them. There’s a lot of evolution that’s happening that we're going to see evolving in 2007 around figuring out how to increase the relevance of search results.

Gardner: I suppose for consumers there is generally some reluctance to put too much personal information out there that might help them in their searches, but might have detrimental effects otherwise. For businesses, that are in business mode, they might be a little bit more willing, and it might be in their best interest to get more information out there about what kind of business they are, what sort of activities they’re involved with, what their direction is. Is that what you’re alluding to, that the companies can start sharing more information, and therefore empower search and marketing through search among and between different businesses?

VanBoskirk: Sure, the most important information is less personally identifiable information and more relevant information about the types of searches you’ve done. It might be just a catalog of the history of your searches. On some of the social search sites you can actually vote or tag pages that have answered a need for you in a past search. So, on del.icio.us, which is a part of Yahoo! you can actually tag pages that you feel are related to a search. Go back to the example of enterprise routers. I do that search. I find a couple of results pages that are really going to meet my needs. I tag them "business routers," but then I do another search that has something to do with my "Star Trek" interest and I tag those pages "Star Trek."

Now, I’ve got them cataloged in my own del.icio.us page, and somebody else who wants to use del.icio.us can view my tags and realize, "Hey, this is someone who likes Star Trek. I’m going to check out the pages she found that were related to her interest in that particular topic." It’s less about actually giving up personal information about you as a searcher and more about just being willing to share the searches that you’ve done, and even voting for pages that you felt like were relevant answers to your question.

Gardner: So, either voluntarily, or as part of the process, we’re creating a layer of metadata on top of the search activities that then makes the next search activities even richer and more powerful.

VanBoskirk: Exactly.

Gardner: One of the things that’s interesting to me about this business approach for the future of search in marketing is that it’s not just for the big subjects. It can be for something extremely specific.

For example, suppose I’m an engineer designing a cell phone, and there is an integrated circuit that I just want for a very specific task on a very tiny circuit board I’m designing. If I want to make sure that it’s a supplier that’s trusted and so forth, I can do a very discrete search on the SKU, on the actual number of the circuit, almost like taking a serial or model number and then finding out who’s got them and where. This could be very discrete in terms of how search can aid commerce. Is that sort of a long-tail effect we should expect?

Burdick: Definitely. In fact, the search engine marketing space has evolved, as both advertisers and searchers have gotten more sophisticated, and that long tail has continued to get longer and longer.

The other thing that it’s driven is the proliferation of more vertical search engines, because it's relatively simple for somebody who’s developed a new search capability to drive into a particular vertical and start to monetize that right away. With the different ad networks that exist out there, even if you haven’t put together an ad sales force on your own, you could put Google AdSense or one of these other networks up on your site very quickly and start to monetize that. This is going to drive more people to have more niche sites available for the targeted search needs.

Gardner: It sounds like this could hypothetically scale down to a single buyer in the world and a single seller actually finding each other.

Burdick: One of the things that Shar and I were actually taking about a couple of weeks ago was: Is there a future where eBay meets Overture, and you actually have classified ads being placed by individuals in a search engine marketing type of a format?

Gardner: Now, let me understand this. If I go out and do a “search,” in a sense I’m also offering an auction saying, "Here is what I’m looking for. Who is ready to bid on it?"

Burdick: Potentially.

Gardner: What do you think of that, Shar?

VanBoskirk: One of the nicest things that search marketing introduces is level playing field for the little guys to compete against the big guys. It provides a way for a small local advertiser to find the customers that are actually engaging in information that they can provide.

Not a lot of other media can do that. You’re limited in how much television you can afford, and there is no way that a small local bank can compete against Citibank. In this case, a small local bank could actually buy more specific keywords for their target audience in their geography than could a large national bank. Why couldn’t an individual seller of apartments available in particular areas, or used equipment, use search as a way to reach out to people who are willing to find their specific product?

Burdick: You’re already starting to see some of that evolution, particularly in the help-wanted space. Companies like Indeed and SimplyHired, and some of the other job-board aggregators, have started to put together pay-per-click models that are driven off the same types of platforms, the same auction-based model as the consumer advertising in the traditional search engines.

Gardner: Let’s take one of the points we made earlier. We have more visibility into what’s actually taking place in this marketing-to-sales activity. Then, we’ve got this long-tail effect, where I don’t need to take an ad out on the super bowl for $2.5 million. I can find my audience for fairly short money. If we combine these two, can’t even very small mom-and-pop shops demonstrate an ROI for an advertising or marketing approach on the Internet, even if we’re only talking about a few hundred dollars? Is it that granular?

VanBoskirk: It could be. We haven’t seen a real solid local effort from any of the big players. Google and Yahoo! have been really working to develop a local presence and local set of marketing services for individual local advertisers. I don’t think it’s quite there, but as we see smaller search engines unfold, they may be more niche focused on a particular type of user or on a particular vertical or industry.

Also, as we start to have mobile search unfold, where I’m traveling through a certain area and I’m searching for information, we’re going to start to see local opportunities play out in a bigger way for some of these mom-and-pop advertisers. They can purchase keywords on national search engines today, but the commerce opportunity may be more difficult for them. If I’m in San Francisco and I see a paid search ad for a regional restaurant in Boston, they may show me the ad, but they’re probably not going to get my business.

Gardner: So, it's a waste of time and waste of money.

VanBoskirk: This year we’re going to see some more opportunities that will actually help realize that local opportunity for the local advertiser better than it has been to date.

Gardner: Another major trend is globalization. While there’s local commerce that might aid and abet certain business, there are other businesses that are happy to be expanding their potential market to anywhere, anybody that can find me. I can put it on a UPS or a FedEx truck and it’s off, out my front door and it’s in your front door two days later. Is this business opportunity and a long tail and globalization somehow related?

Burdick: I think that it is. In the B2B world, where you’re really not trying to reach a local consumer, you’re trying to do business anywhere in the country or the world. As different vertical search engines evolve and create more targeted inventory, those companies are going to be able to better leverage the keywords in those vertical search engines, versus competing for the same keyword in the consumer engines, where they're competing with the consumer advertisers.

Gardner: Because they’re doing this through search and contextual ads, they’ve got more visibility. They can say, "Wow, I just spent a $1,000 on keywords, but I generated $4,000 in new business from customers that I never knew existed."

Burdick: The model will be slightly different in the B2B space than it has been in the consumer space. The consumer space really is about direct marketing, it’s about driving a transaction. I’m Circuit City. I buy the keyword "DVD player." I’m trying to sell a DVD player. In the B2B space, there will be some of that, but it’s largely going to be more lead generation. I’m looking for somebody who is interested in the product category that I’m trying to sell.

I’m trying to bring them in as a lead, send them more information, and not necessarily close a transaction online right then and there. You’re also going to find that the number of searches, done in the B2B space are smaller in terms of total number of transactions, but the transaction value is a lot larger.

So, I think as B2B -- and Shar, you might have some numbers around this -- but as the B2B advertisers move online, the opportunity is actually bigger in the B2B space. A smaller number of transactions, but bigger dollars per transaction.

VanBoskirk: I can chime in too with some stats to support that. We know that 46 percent of B2B marketers use search engines during the awareness phase of their purchase process. If you think of the purchase funnel going "awareness - consideration - preference - purchase," consumers typically use search engines in the consideration phase. I already know what I want and I’m just going out to compare one provider to another. Or, I’m going out to do a little bit more research around price and features.

In the B2B environment, people are engaging with search engines before they have even created their shortlist. They’re actually using search engines to help them decide who they should be conducting additional research with, and then that research could happen online, through a sales call, or through any kind of the regular in-person sales channels that a business marketer might leverage.

Not only is the opportunity for the end transaction greater in a B2B environment, but it exploits the channel more completely. It’s not just relying on, "I’m researching the product, get me while I’m doing that and get me to buy," it’s actually using the medium to brand a company and introduce a new brand into a market. It’s using the medium to provide information and help a user research the product.

It may even be using the medium to qualify users. They’re actually going to be able to determine, "Is this the person making the decision on the product, or is this just the person who is the research assistant doing a little bit of the homework to pass on the info to their boss who’s actually the one buying the product.

Gardner: So, we’re really automating a marketplace regardless of geography, regardless of budget. We’re really matching up buyers and sellers, but with this much more powerful insight into when they show up and what caliber of seller are they. Do you want to put a sales person on this call or not, or do you just want to zap them a brochure URL of some kind? This is really almost an extension of what we’ve know as commerce. Right?

VanBoskirk: The risky thing in taking that perspective is that search engines are still, first of all, a tool for finding information. We can’t completely turn them into a marketplace, because consumers are pretty savvy these days too, and they know that they’re being used as a marketing audience when they’re conducting searches. They’re also aware of declining value in search results. The more ads they see or the more they feel like they’re being promoted to, the less relevant they feel like the results are.

The caution kind of lands on the marketer to understand that this is an extremely valuable medium for reaching very targeted customers, but that they have to actually facilitate the user accomplishing their goals, to get them the information they need. If that’s to provide information or if it’s enable a purchase, both are valid user goals that the marketer sometimes doesn't want to acknowledge. They’re focused on purchase. We have to hang on to this notion that the search engine is still a user tool for finding information. It's not just a marketplace between buyers and sellers.

Burdick: That actually points to a really interesting evolution that we’ve seen particularly in paid-placement ads. When you think back to 1999 or 2000, when Goto, now Overture, was just rolling out, and others started adopting this paid-placement model, there was huge uproar about "How could you put sponsored links above natural organic search results and the relevance of those?"

Overture, Google, and the others were really smart about saying, "We’re going to make sure that these advertisers, these sponsored links, are relevant to the user." Now, you actually find that for certain types of searches people view those ads as the most relevant results -- "That’s exactly what I was looking for." Shar points out that advertisers need to be careful not to go too far the other way on that.

Gardner: So trust is an essential ingredient or people won’t go back for more. It won’t become a marketplace. It will be gamed. It will be jaded. Now, we’ve seen many attempts at gaming these systems already. Is there a necessary "Switzerland" of B2B online commerce that can, in a sense, protect and provide some neutrality to the goal of this commerce, and therefore be trusted by both the buyers and sellers?

VanBoskirk: A part of that is the focus on increasing relevance that we were talking about earlier. Google will maintain that its goal is to organize the Web and to continue to always focus on providing user relevance. It does that now through kind of a formula of figuring out which sites are the most related to keyword searches that are being done. But, there are a lot of other ways to add relevance.

Bryan was talking about what ZoomInfo is doing around creating entities and some intelligence around what is actually meant by the search. There are also a lot of these tagging and voting technologies, understanding who is searching for the same type of information.

Rather than thinking about a board, if you will, that will determine who is trustworthy and who is not, that community of searchers will weed out the folks who are just not generating relevance for them. They will force search engines, like they are with the big guys, Google and Yahoo!, to reevaluate what they’re doing to determine relevance. If the big guys can’t adjust to it, then a lot of smaller search engines are going to come into mainstream use, simply because the results that they provide are going to be a lot more relevant. It will be the user community that determines that, rather than an entity on high that kind of establishes, "These are the good guys -- these are the bad guys."

Burdick: The whole premise of search engine marketing is that the market forces are so efficient to begin with that they will weed out the wheat from the chaff very quickly.

Gardner: Okay, so we’ll have a market force that can help segment search into different niches for B2B relevancy, and we’ll have a self-monitoring effect in that people won’t get burned twice, and they know how to exercise and vote with their attention, with their dollar, with their business. So, what’s the opportunity for a company like ZoomInfo? How do you enter into this with a preferred business search and marketing capability. What’s the secret sauce that you have?

Burdick: Our secret sauce is actually this semantic search model that I was talking about before. In one sense we're similar to regular search engines in that we have crawlers and spiders that go out on the Web and find information. But, then we’ve got a series of about 15,000 different natural-language processing (NLP) algorithms that can understand the content and then create relationships between the entities, even relationships that aren’t explicitly stated anywhere on the Web.

A simple example would be, we know that this person is the CEO of ZoomInfo. We know that ZoomInfo is located in Waltham, Mass. Therefore, we know that this guy works in Waltham, Mass., even though that content was never stated anywhere. That’s a simple example of what we mean by semantic search that allows us to create these connections between entities.

The net result of that is when you come into something like the zoomlist.com, which is our preliminary company search product on the Web. You can do a search for "venture capital," find all 2,800 companies in the U.S. that are in the venture capital business, and it automatically creates drill downs into different types of venture capital. Were you interested in life sciences or technology or different branches of venture capital, the search engine and the algorithms completely, automatically drive all of that. There’s no human involvement in creating those links.

Gardner: So, a lot more context around what's going on, taking advantage of what metadata and other inference materials are available. Shar, where do you think this can go? What would be the next steps in the evolution of this B2B, Internet-based and search-based marketing?

VanBoskirk: We’ve talked a lot about the relevance need, and this is poised squarely in that. We’re going to see a lot of change this year, just in the name of helping to refine search engine results. Most users are feeling like it’s almost too much now to search the entire Web. I don’t really need the entire available universe of information. What I need is an answer to my question. It’s almost as if the search engine becomes a bit of a concierge, and the Zoom model is poised very well for that.

We’re also going to see an exploration of other media, and how search can help catalogue information that’s available in other media. Bryan and I were talking about this a couple of weeks ago, as well. The mobile opportunity for search is poised to take off this year.

We see a lot of helpful examples in that space too. I might be doing a mobile search, and I’m looking for Bank of America ATMs, when I’m traveling somewhere, and I get an ad for a Wells Fargo ATM. That's a keyword-based ad that they’ve purchased that’s just like you would place on a online search, but it’s related to the mobile search that I provided.

So the next place for Zoom and for any search engine is to think about what happens beyond the Web. Are there ways that the same sort of search capability can move into other media that also needs the same functionality, the same type of cataloging and information provided back? Why not extend the kinds of information searches that we’re doing on the Web into other media that we’re using just as actively.

Gardner: What would be some other examples of media that a company might be able to bring into this to add even more context, to make them a richer source of information and therefore a contextual relationship through search?

VanBoskirk: A couple of thoughts come immediately. Mobile is here now. We also see RSS content being searched and being used as place-to-place contextual ads.

Gardner: You mean like podcasts?

VanBoskirk: Podcasts, RSS feeds, if you’re getting actual text content delivered to you. I think television is the next logical place for search to go. That one’s not here yet, but as people start to store digital files of video on their cable boxes or on their digital video recorders, we’re going to want to search that information. So, there will be another kind of catalogue that will evolve, where we can search information. Why not allow that to be sponsored and have paid search ads that are adjacent to the video content you’re storing as well.

Gardner: So, more opportunity to bring rich content into this mix that can help provide a richer contextual binding of interest, between perhaps buyers and sellers in a B2B sense or even just discovery, just information.

VanBoskirk: Sure.

Gardner: Very interesting. Well, thanks. We’ve run out of time. We’ve had a very enjoyable and deep discussion about the future and some of the implications for search and marketing and B2B, and how B2C is morphing and providing some tools to business. Joining us on this discussion we’ve had Shar VanBoskirk, a senior analyst at Forrester Research. Thanks for joining, Shar.

VanBoskirk: Thanks very much, Dana.

Gardner: Also Bryan Burdick, he is the chief operating officer at ZoomInfo. Thanks, Bryan.

Burdick: Thanks, Dana. This was great.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You have been listening to a sponsored BriefingsDirect Podcast. Thanks for listening.

Listeners of this podcast are invited to learn more about B2B advertising opportunities with ZoomInfo. Just go to www.zoominfo.com/adpodcast to learn how Zoominfo's business search portal provides a rich online B2B advertising opportunity.

Listen to the podcast here.

Podcast sponsor: ZoomInfo.

Transcript of Dana Gardner’s BriefingsDirect podcast on future trends in search and advertising. Copyright Interarbor Solutions, LLC, 2005-2007. All rights reserved.