Email	Print Reprint
	add to:
	Del.icio.us Digg Google Furl	Slashdot Y! MyWeb Blink
	TABLE OF CONTENTS Home Monster Mashups

IT is accustomed to mediating the conflict between accessibility and security. But the pressure from both sides is about to get more intense: Emerging technologies like SaaS (software as a service) and enterprise mashups are smashing traditional barriers, while scrutiny from regulators, auditors and compliance officers is getting more relentless. Our big challenge for 2007: Implement strategies to protect data without choking off business processes.

New software technologies are making that job harder. If your organization isn't yet investigating SaaS, for example, it likely will be. Thirty-nine percent of very large enterprises already use SaaS, according to Forrester, while 24 percent of large enterprises and 22 percent of midsize companies use or are interested in the strategy (see "SaaS Adoption Rates by IT Dept. Size" below, left). And, vendors are working to let even the smallest organizations get in on the fun.

Meanwhile, Web 2.0 technologies like mashups draw business users like moths to a flame. IBM created a proof-of-concept mashup for a home-improvement chain that combines real-time weather forecasting from the National Weather Service, Google Maps and the company's inventory database. If a snowstorm is predicted for a particular region, the retailer can tweak inventories of rock salt, shovels and generators for stores in that region. Try countering a sales pitch like that.

Requirements Click to enlarge in another window

All this openness sounds great--until a breach happens. As if federal and state regulations aren't enough to worry about, industry requirements like the Payment Card Industry's Data Security Standard are getting tougher; new requirements for 2007 focus on application security (see graphic at right). Learn more about PCI.

SaaS Adoption Click to enlarge in another window

Open Up And Say SaaS

Typical software deployment models, where IT owns responsibility for deployment and uptime, are giving way to alternative delivery methods, including hosting and SaaS. Gartner estimates that 25 percent of new business software will be delivered through services by 2011--a considerable increase over the 5 percent of software it says was delivered as a service in 2005.

Why the growth? SaaS promises faster deployment of applications and a lower capital outlay while freeing up IT resources that would otherwise be allocated to software maintenance tasks, such as patching and upgrades.

2007 SURVIVOR GUIDE INTRODUCTION BUSINESS STRATEGY SECURITY WIRELESS STORAGE & SERVERS MESSAGING & COLLABORATION APPLICATION INFRASTRUCTURE ENTERPRISE APPLICATIONS NETWORK MANAGEMENT NETWORK INFRASTRUCTURE

However, SaaS won't sideline IT. Far from it. Departments rolling out SaaS applications need our help in evaluating the provider's ability to deliver the service--including complying with internal and external privacy regulations. IT must also work with lines of business to evaluate the true TCO of a SaaS deployment. That means cutting through vendor hype to ensure the balance sheet reflects expenses beyond subscription costs, such as increased data storage capacity requirements and the internal work required to integrate the service into the organization.

Once the service is running, business groups will also call on IT for customization to accommodate specific business needs and to integrate services with other key applications.

Both software vendors and customers are investing in SaaS. This past November, Microsoft launched Office Live, which delivers Web hosting and business applications as a service for small businesses. It's also preparing to launch hosted versions of its CRM and ERP applications. Meanwhile, Oracle offers Oracle Database and Oracle Fusion Middleware; it will host these in its own data center or manage them onsite for customers. Oracle also offers a variety of Siebel, JD Edwards and PeopleSoft applications as hosted offerings or as services.

But the newest entrant to the SaaS market is a start-up called Workday, which is taking on Oracle and SAP by offering ERP as a service. The company, launched by former PeopleSoft CEO and founder Dave Duffield, is going after midmarket customers with 1,000 to 5,000 employees.

In fact, midsize and smaller companies are getting increased attention from software vendors that are adopting SaaS as a delivery model. Progress Software, for example, helps ISVs that serve vertical markets, such as health care, insurance and transportation, re-architect their software to offer it as a service. The company says SaaS is helping these ISVs reach new customers.

Even vendors outside the SaaS arena are looking to get in the game by integrating with SaaS applications. IP telephony vendor ShoreTel, for instance, recently launched an application that lets Salesforce.com users make calls by clicking on a customer name or icon, boosting the number of calls a sales rep can make.

As SaaS establishes itself as a valid option for application delivery, IT must address the data protection and compliance issues it raises. This is particularly true for SaaS applications, such as ERP, that deal with corporate financial information, salaries and HR records, and health care, which may include patient records and personally identifiable information.

Carefully vet SaaS deployments to ensure that sensitive information residing in databases outside of IT's control are properly secured by the provider, especially for multitenancy situations in which data from multiple SaaS customers resides on the same server. Consider encrypting data at rest and ensure that issues such as database access controls and auditing will satisfy internal and external privacy compliance policies.

1 | 2 Monster Mashups Next Page

RELATED ARTICLES No Related Articles		TOP 5 ARTICLES No Top Articles.