Enterprise Initiatives

There have been a few paradigm shifts in IT over the past 30 years. First was the introduction of the PC which changed computing forever. This moved us from a very structured and controlled mainframe environment to an empowered and chaotic distributed environment. The next big change was the introduction of the Internet in the workplace. This has fueled globalization and lead to more demanding and tech savvy customers. The next big thing is cloud computing, specifically, Platform as a Service (PaaS). Before I go into why I believe this to be true, let me clarify the terms.



On Premise
Traditionally, companies run a majority of their software, both proprietary and 3rd party, within their own data centers. Common software products that you see in corporate data centers are Microsoft Office, relational databases like Oracle, DB2, and Sysbase, and financial systems like Lawson and SAP.

Internet
Internet applications are typically web sites or proprietary applications that are built to run on a browser but are hosted within the walls of your company. Popular websites like eBay, Amazon, and Google are run from within those companies data centers. Many of the web applications that most companies built are run within their data center or by some hosting partner. Let's be clear that hosting is not in the cloud. In a hosting environment you have dedicated infrastructure assigned to your application(s) that is not shared with other companies. When you want to scale up you have to buy/lease more infrastructure and bandwidth.

Cloud Computing
With cloud computing, we are now talking about running software that is written by someone else who also manages the infrastructure. SaaS or software as a service is a prime example of this. Salesforce.com has been a leader in this space with their CRM services. You can pay to use any module and plug that module right into your environment. Mashups and services like GMail, Google Docs, Mapquest, social software like Facebook and Twitter fall into this category. How is this different then regular Internet computing? All of these products/services are open and completely programmable and the underlying infrastructure is nothing that you need to manage.

PaaS
Now comes the game changer! Major Internet presences like Google, Amazon, and Salesforce.com have built a highly reliable and scalable infrastructure platform over the years. Now they are building out excess capacity and selling it to us as a service. Now you can take your on premise and Internet applications and run them on their platform. This is a combination of hosting and SaaS but with scale and sharing. Unlike hosting, every company is sharing the same infrastructure. Now a $100M company runs on the same world class infrastructure that a $10B company runs on. There is no other way for the $100M company to justify the robustness of the infrastructure that they get with PaaS. The pricing model changes things significantly. Instead of licensing you now pay as you go. As your traffic increases, your applications have access to virtually unlimited infrastructure and you scale in real time. Good bye disaster recovery and business continuity initiatives. Your entire business continuity plan becomes running on two PaaS providers in case one goes down.

I put together this 7 minute video blog that goes into more detail for you hardcore folks out there.

So what are the main challenges that Saas needs to overcome?

• IT leaders must be educated
• IT leaders fear of giving up control
• IT leaders fear of security issues with giving up their data
• Maturing PaaS technology

It will take a few years before many companies make the move to PaaS, but it is coming. The economies of scale and TCO will be so compelling that CIOs will be crazy not to jump on the bandwagon. Eventually we will get over our control issues. Most payroll and many CRM applications are already running as hosted or SaaS solutions today. Think about it. That is our employee and customer data that is already outside our walls. How about security? When was the last time you went to the bank? Do you buy books on Amazon? Do you use your debit card for most of your purchases? It's already happening. In fact, most security breaches are inside jobs by people who have intimate knowledge of systems and/or infrastructure. PaaS might make us even more secure. Here is another reason. These PaaS vendors' core competencies are building reliable, scalable, and secure platforms. Their applications don't have to be just enterprise class, they have to be global class. They will spend more money on security then our companies can even dream about spending because without world class security, they have no customers.

What does this mean to IT?
Nick Carr, in his latest book The Big Switch, discusses his thoughts. I had the opportunity to see his presentation live at the Gartner AADI conference last week. He believes that IT shops will be substantially smaller 5-10 years from now. The reason is simple, the majority of our infrastructure and applications will be run and managed elsewhere. We will spend less time patching, securing, and upgrading and more time innovating. Today, roughly 70% of IT hours are dedicated to keeping the lights on, which leaves very little time for us to meet the business needs. PaaS does not eliminate this work, but it does greatly reduce it.

Startups and smaller companies now have advantages like never before. They can quickly bring a product to market at very low cost and only pay for the traffic that they generate. As they grow and attract customers, the infrastructure scales automatically to meet their needs. Now, they still need to architect their software to scale, but they don't have to worry about bandwidth, adding machines, and dealing with licenses. This means that your biggest competitive threat might be a company that has not started yet. Your existing competitors have all of the baggage of legacy like your company does. It will take them time to move pieces of their infrastructure to this new way of doing things. It's the new kids on the block that can quickly scale and be agile enough to move at the speed of the consumer.

There is a lot more to talk about on this topic but I'll stop for today. Many people just don't understand PaaS enough yet to see where this can go. I will try to continue to discuss what the future holds and what the impacts of these changes will be to IT and the business.

I wrote an article several months ago named Built to last is a thing of the past. Yesterday, at BEA World in San Francisco, a speaker mentioned the phrase...

Built to change, architected to last

I think that this is a great motto and one that teams starting SOA implementations should use as a their vision. Built to change, architected to last is all about agility and flexibility. BEA is touting their own new acronym called Dynamic Business Applications. This new term refers to an architectural mindset based on four principles:

1. Built to change (flexible)
   
2. Embody business processes
3. adaptive
4. agile

This mindset is BEA's response to today's business environment where the business is changing faster then IT can keep up with. The solution is to provide a platform of business processes and services which allow users to design and/or assemble their own composite applications (mashups). The days of buying enterprise third party applications and forcing the users to use the canned processes and features are over. The business changes so fast that third party packages become a crutch over time due to their long release cycles. Simply put, the packages can't keep up with business needs. The answer is take the best of breed features and services from the combination of third party packages, SaaS solutions, and custom code and present a common interface that integrates all of the functionality together into a single view of the users' workflow.

Dynamic Business Applications is a shift to a world where applications are human made and designed for the way people work. The IT team delivers business processes, business services, core infrastructure, and integration services. The business can then create their own composite application by assembling all of the pieces together. Think of it as the Lego approach. The IT team builds the rectangles, squares, wheels, and various connectors in all different shapes, sizes, and colors. If the users want to make a boat, the choose all the pieces necessary to make the boat. If they want to make a plane, they choose the pieces necessary to make a plane. The users did not have to wait for IT to build them a boat or plane.

To accomplish this, IT must work closely with the business to identify the core business processes and services. This is where it is extremely helpful to establish a SOA roadmap. Once you have identified the collection of business processes and services in some key area of the business, you can then prioritize your deliverables by delivering the processes and services with the highest chance of reuse first. This greatly improves your speed to market in the long run.

Another shift in thinking that should be mandated in organizations is to move away from creating reports and move to creating information. My philosophy on this topic goes like this....

You should only develop reports if it is an output of the system (ie. bill, invoice, purchase order, etc.). Otherwise, IT should leverage business intelligence and deliver data as content to the users with a tool that allows them to format the output and drill down into the data as needed.

Why do we continue to pay developers to write custom reports only to get frequent change requests to change or add new columns, create multiple output formats to please different individuals' preferences, and make changes to group or sort things differently? Not only is this expensive and an inefficient use of people's time, but the users typically have to wait for IT to make these changes. Although these changes may be quick to make, it may be a long time before the change is high enough on the priority list to get worked on. Wouldn't it be better to present data to the users and give them self service capabilities to define their own reports, create their own dashboards, and do their own what-if analysis?

IT needs to become an enabler instead of a bottleneck. We should stop building custom applications and start building the building blocks that can be assembled into Dynamic Business Applications.

In part 1 of this series I asked the question, "Are you running IT like it's your business?" Then I highlighted five barriers for preventing IT leaders from being able to transform their IT shop into a well oiled, cost effective machine?

• Resistance to change
• Lack of resources (time, money, and human capital)
  
• Lack of tools
• Lack of metrics
• Lack of process

In part 5, I will focus on Lack of Process.

Many people in IT think of process as paperwork, overhead, or even a total waste of time. I have seen some processes that fit those descriptions. But in those cases, somebody implemented processes for the sake of having processes instead of implementing a set of processes that help IT deliver quality software and services.

Companies with no processes or ineffective processes have the following issues:

1. Reactive mode, constant firefighting
2. Consistently deliver late and over budget
3. Sweat shop mentality, working hard instead of smart
   
4. Low morale
5. High turnover

All five of these issues are extremely expensive. If you owned your own company and it had these issues would you ignore them? Many IT shops that have these issues look to offshoring as the answer. Can you say doomed? If you can't manage your own internal resources and projects, what makes you think you can manage a group of people in another country? Even if you pick the best offshore resources in the world, the overall success of your projects still rely on your ability to manage them. In other words, it depends on your processes.

There are many types of processes and methodologies that are proven. They range from strict methodologies like CMM and its 5 levels to Agile Methodologies and Extreme Programming (XP). The proper methodology depends on your company culture, your products and services, and your budget. If you are sending a man to the moon, you should use a very strict methodology like CMM. When lives are on the line or millions of dollars are at stake then no short cuts should be taken. If you are implementing infrastructure projects then the PMI methodologies can be a good fit. They provide a good step by step or check list approach that helps you assure that you have not missed a step. If you are delivering applications on the web or providing features for internal or external customers then you probably want speed and that is where Agile and XP come in. With these methodologies, you want to iterate through all phases and deliver in quick intervals. These methodologies focus on getting the right features into the hands of the users quickly and discourage trying to anticipate every user need.

But process isn't just about delivering new software and services. Project prioritization and production support are two critical areas that need to be managed effectively. If either of these two areas are not under control, your chances of success are greatly diminished. Here are the effects of not having a good prioritization process:

1. Over allocation of resources
2. Not working on the most important projects
3. Constant changing of direction, lack of focus
4. Frequently run over budget and delivering late

Here are the effects of not having effective processes to manage production support:

1. Putting out the same fires on a daily business
2. Poor quality applications due to constant patching
3. Poor customer satisfaction
4. Low morale and burn out
5. IT unable to launch strategic initiatives due to high cost and resource constraints
   

So what should you do? Two things. First, implement portfolio management. I wrote an article that could help you get started quickly. Second, look at implementing change management or service management best practices like ITIL or Cobit. By using the best practices for managing change and support, you can reduce your costs, improve your quality, and free up resources to work on high priority projects.

I grew up in a family business and brought the entrepreneurial spirit with me into corporate America. I struggle to accept how some IT leaders do not manage IT like it is their own family business. These leaders are smart people (usually) and I know that they would be taking a different course of action if it was their own family fortune that was on the line. For you IT leaders that live in the world of chaos and firefighting like I have described throughout this series, if you won't drive change for your company, consider doing it for your people. Working hard instead of smart is not what we all envisioned when entered the exciting world of computer science.

This wraps up the 5 part series on running IT like it's your business. I will follow up with a conclusion that discusses how to implement some of these initiatives. Thanks to those of you who have stayed with me for this long series. Please provide some feedback. I would be happy to clarify any points or dive deeper into any topic.

In part 1 of this series I asked the question, "Are you running IT like it's your business?" Then I highlighted five barriers for preventing IT leaders from being able to transform their IT shop into a well oiled, cost effective machine?

• Resistance to change
• Lack of resources (time, money, and human capital)
  
• Lack of tools
• Lack of metrics
• Lack of process

In part 2 I will focus on Lack of Resources.

What are some of the most common phrases you hear when attempting to promote change within your organization? The top one I hear is "I don't have time", followed by "I don't have money", followed by "I need more resources". These are the biggest cop outs in the world. The reason why nobody has time, money, or resources is because they don't put any initiatives in place that allow them to do anything other then put fires out.

At some point you should reach a threshold of pain and realize that there must be a better way. Everybody is working 50-60 hours, all the projects are late, production support continues to increase, and the users are screaming. Everybody is working hard, but nobody is working smart.

If this sounds like your shop, you might want to take a step back and put a plan together to stop the madness. If you owned your own trucking business and you spent most of your time repairing your fleet of trucks you would probably be out of business. So why do so many IT shops spend countless hours every day in repair mode? It's time to make time, time to spend your shareholders' dollars effectively, and time to maximize your precious resources.

Let's start with time. Where are you spending your time? Do you have any metrics that allows you to proactively manage and control your projects or your production support? In many shops, the main cause of all these issues is lack of a sound project prioritization process coupled with a lack of a resource allocation model. If projects get accepted at will, priorities change like the seasons, and you have no data to show that your resources are over allocated, you will become a reactive culture. If you are not practicing Portfolio Management, you should make that a priority (view this article I wrote on Portfolio Management). If you have no visibility into how much time you are spending in production support, what categories of issues you are encountering, and how long it takes to fix issues then you should make change management a priority. If you are meeting with the business to discuss the next wave of new projects and do not have a clear picture of your resource capacity, you need to start practicing human resource planning.

Next is money. Obviously, if you are spending too much time keeping the lights on then you are wasting money. But are you wasting money on infrastructure? Are you still pouring millions of dollars into big name vendors like Microsoft, IBM, Oracle, and HP? Are you paying huge amounts of money for "Gold Support"? You need to start evaluating Open Source alternatives. If you believe in the myths of Open Source, it's time you start doing your homework and read about these 50 Open Source success stories. Oh, and that Gold Support you are paying for each and every product...there are many Open Source Support Providers who can support a variety of open source products at a fraction of the cost. What is better is that these folks earn their stripes supporting customers and are actually extremely interested in helping you resolve your issues. This is their core competency. I wonder how much effort Big Blue would put forth to help a small $100M company resolve its problems. The days of saying, "Nobody every lost their job buying Microsoft and IBM" are long gone. If that is all you are buying you are definitely not seeing the big picture and your CEO might start giving you that look.

Are you still buying rack after rack of servers to support your test, development, staging, and production environments? Have you embraced Virtualization Software like VMWare yet?

And what about human capital? We already talked about spending too much time keeping the lights on and spending too much time maintaining rack after rack of servers. But what about development and testing? Do you have an architecture that allows rapid deployment and reusability? Have you separated your business rules from your applications? If your business rules are embedded in your applications then you are creating additional work to maintain and test your applications thus increasing your chances of creating defects.

Let's say you are a retailer with 1000 stores and you have a business rule for defining what a high volume store is. You have several different systems that use this business rule (billing, inventory, eCommerce site, financials, etc.). Now you want to change the definition of a high volume store. You now have to make that change in each of these systems and implement all of the systems at the same time. This simple change has turned into a project. Wouldn't it be better to go to one place, make the change, test it in one place, and roll? You don't need to practice agile methodologies to be agile. You just need to be smart! My recommendation is invest in your architecture. Create a business rule layer that sits between your applications and your presentation layer. I would go one step further and create a service layer to orchestrate your business rules and allow other applications and/or customers to access your business rules.

Well, I have rambled a lot longer then I usually do so I will pause until part 3 which focuses on Lack of Tools. I will add a conclusion after part 5 that tells you how to prioritize these initiatives and how to get started.