Wednesday, May 28, 2008

Back to Identity

If you've met me in person over the past year in a business situation, I was probably representing Verdasys and you were more than likely looking at doing something about your organisation's data security posture. In fact, our meeting was probably due to an organisational data leakage prevention initiative you had to be involved with.

If this is a surprise to those of you reading this, then you haven't tried very hard to figure out what I do for a day job (actually, I should say "did" - more on that in a moment) because it's readily available out on the web. In fact, Matt Flynn lists this fact on his blogroll because he bothered to look (Matt, I don't know if you read my blog regularly but you should probably remove the "Verdasys" association now).

I've been THE "technical face" of Verdasys across EMEA (Europe, Middle East and Africa) for the past year, but that association stopped just over 2 weeks ago. I say association because technically speaking, I was consulting for them in a freelance capacity. It's been an interesting experience and I learned a lot about data security, which served as the perfect complement to my experiences in the Identity and Access Management world.

As a result, I purposely avoided saying anything of significance about Verdasys due to the obvious conflict of interest. In fact, I think I only mentioned Verdasys once and that was via a direct quote from an IBM press release. I won't say too much more for now other than the fact I still believe they have a great solution and a great team to move the company forward. For me personally, it was just time to move on and opportunity came calling. I maintain very good relationships with everyone (some subscribe to this blog...hi guys) I had the pleasure of working with and wish them nothing but the best. Of course if they do something I don't particularly agree with in terms of strategy, I'll be calling them out on it (like I've been doing with every other vendor out there, including IBM).

2 months into my data security "gig", I wrote about my impressions of the data security and leakage prevention landscape at the time. I'll be doing a follow up post in the next few weeks regarding my impressions as of now so stay tuned.

As for what I've moved on to, it's like the title of this post says. I'm back in the Identity and Access Management world, but more from a strategic standpoint. I can't say much more about it not because I'm sworn to secrecy, but because it's a very interesting and fluid role and things are changing all the time. In fact, a lot of the onus is on me to help figure out what needs to be done. All I can say for now is that for the past 2 weeks I've been taking a look at the governance and compliance aspects (the industry calls it GRC - Governance, Risk and Compliance) of security, which obviously revolves around Identity and Entitlements.

Of course, as far as this blog is concerned it's business as usual.

Monday, May 19, 2008

What is this Enterprise 2.0 thing?

Phill Eriksen left a comment in response to my previous post and asks 2 questions:
  1. How much Enterprise 2.0 functionality can Oracle deliver today and what is their roadmap going forward.
  2. Isn't this Enterprise 2.0 message just the new 'On Demand' or 'E Business' message IBM has been pushing for 10 years?
Someone from Oracle should answer question 1. Or just wait a few months and I'm sure they can send someone from their new Enterprise 2.0 sales force out to tell us. I'm going to address question 2, because it's an area that's still very much open to debate...

No it's not. I'm not trying to defend Oracle. I'm just trying to clarify the difference. Or rather, the difference as I understand it at this point in time. In fact, if you talk to people in IBM Lotus, I'm sure they'll also agree it's not the same thing.

Enterprise 2.0 is NOT the old IBM "e-business" or "OnDemand" message (Note: I'm going to over-simplify by trying to distill the concepts down to their essence. There are other aspects that I could mention but won't because it'll take too long and people will fall asleep reading).

The "e-business" concept was essentially about businesses addressing the growing popularity of the Internet as the medium of choice. For some businesses, it was about having a web page. For others it was about linking business systems together so that organisations could get things working more efficiently while reducing the need for human intervention. This allowed for better integration between their internal enterprise applications (most of which were legacy apps) and even with partner organisations. In other cases, it also allowed consumers a direct way to transact with organisations without the middle men. The whole "e-business" meme was coined by IBM marketing and found itself being adopted by the industry. Other technology companies had their own term for the concept, but you could pretty much say "e-business" and people knew what you were referring to.

The "OnDemand" phase was the next logical step as IBM saw it. Again, other companies had their own terms and marketing buzzwords, although this time the phrase didn't quite take off like "e-business" did. "OnDemand" began conceptually as utility computing (right from viewing physical resources like memory and disk to business services) but evolved along the way because people started to realise there were a bunch of steps that needed to be performed before we got anywhere near the actual notion of "utility computing". Even now we're still not there, although we're much closer. The steps I refer to were more about making the "IT plumbing" easier to deal with when designing systems and allowing the focus to be more about the business functions and processes. Unfortunately, that meant that very few people outside of the enterprise technical community understood what benefits having an OnDemand business really meant because there really wasn't anything tangible that people could see.

"OnDemand" gave way to "Services Oriented Architecture (SOA)", which was really just a way to facilitate the "OnDemand" movement. SOA provides a standardised way to use business functions, processes and pretty much anything that needs to be utilised by many applications (or consuming services) across the board. In other words, SOA tries to turn business functions and processes into utilities. Imagine if each time you built a house, you had to go figure out how to build your own power generator and everyone built a power generator in their own way. That would REALLY suck. What happens if it breaks? You better know how to fix it...because if you can't find the person who built it for you, then you have to pay someone to take a look and try to reverse engineer it before they can even attempt to fix it. Instead most of us just go to the electricity company and pay them to supply us with electricity. We don't care how they produce it. All we care about is that it gets to us somehow.

Enterprise 2.0 should be MUCH more tangible. People should actually be able to see what is going on and hopefully experience the benefits directly in their day to day work lives. It looks like the initial focus is going to be around collaboration and information and should extend to other things as people start to "get it". If Enterprise 2.0 is done right, the "plumbing" that Enterprise 2.0 applications run on should be built on top of SOA concepts. Note that I said concepts...not necessarily SOA software from a big vendor. The key to understanding Enterprise 2.0 in my view lies in being an actual user of Web 2.0 applications and at the same time understanding enterprise technology and business. Enterprise 2.0 is about taking everything about Web 2.0 that may be useful for business and evolving alongside it.

For anyone wondering what the fuss is about, start using a social networking application like Facebook. I don't mean sign up for an account, poke around (pun intended...you'll get the pun if you use Facebook) then dismiss it as being useless or irrelevant to you. REALLY use it. You'll learn to ignore the noise (there is a lot of it in there) and learn what the useful things are...the things that make a difference to your experience as a person in real life. Take these useful things, change all the personal aspects (e.g. information) to work related ones and then imagine having it at work.

If you still don't see even a semblance of any value, go speak to your kids or someone under the age of 30. If you are under the age of 30, then you should be ashamed of yourself...or maybe you are a lawyer (I don't mean to offend the legal profession, but all my lawyer friends seem to be luddites - maybe it's because they spend all day killing trees by printing out copious amounts of documents and then reading these documents without having the need to use a computer or the Internet).

What do you think Enterprise 2.0 is?

Saturday, May 10, 2008

Roundtable with Oracle President Charles Phillips

I mentioned Oracle not so long ago and the fact that they are starting to reach out to the blogging community. They've now extended those efforts properly to the UK.

Last week, I was contacted by Oracle about my availability for a meeting today with Charles Phillips, Oracle's President who has been visiting customers around Europe this week. The theme of the meeting was to be Web 2.0 and linking this into Enterprise 2.0, specifically with regards to how Oracle is addressing these areas.

I initially thought it was an open event in a large auditorium full of people and assumed I would simply be in the audience - more or less the type we're used to when someone gives a keynote speech at a conference. I later found out that it was a small event that was being held in a meeting format where the attendees had to be invited. I was a little apprehensive at first because I'm not a writer/journalist by trade, but thought it would be interesting to meet the man in person, hear what he had to say and ask a question or 2 of my own.

It turned out to be a meeting around a table with a mixture of invited participants and a handful of Oracle attendees including Chief Marketing Officer Judith Sim and Charles Phillips of course. Oracle's rationale behind selecting the invitees was basically that we were all regular bloggers about a topic of interest (related to Oracle's business somehow) and based locally in or around the UK. Whether we were media types, analysts or consultants, it did not really matter.

The only real bit of news that came out of the meeting was that Oracle are taking the Enterprise 2.0 initiative forward by implementing an "Enterprise 2.0 sales force" to take their solutions to market and more importantly, to educate their customers.

The format was "open". Oracle stressed that they wanted it to be a discussion and they hoped to have many more in future. To his credit, Charles didn't preach to us. He simply gave a brief 2 minute introduction about why he wanted to speak to us, what he's been doing all week and then opened the floor to questions for discussion.

Charles started by saying that he understands PR as we know it is no longer working and he doesn't need it. If he wants to get at his customers, he can go directly to them very easily. He also mentioned that the purpose of his European visit was to get a feel for customer needs and how they were leveraging Oracle technology. Essentially, many are looking to simplify computing environments and of course Oracle are only too happy to help. He also noted that as a result of all the acquisitions they've made over the past few years, Oracle technology is now firmly embedded in many more organisations and is becoming a strategic platform (which means more CEO meetings as opposed to the past where they only got as far as the CIO).

I won't go through everyone's questions and Charles' answers because they weren't particularly focused or even related (I'll get to that later) and if I detail everything, this post will sound even more like the meeting minutes it is starting to resemble :-)

The topics that came up were:
  • Customer Relationship Management (CRM).
  • Supply Chain Management (SCM).
  • Cultural differences especially in the Asian region and how Oracle looks to handle this without "pushing technology down their throats".
  • Extending the Enterprise 2.0 initiatives and reaching out to the wider developer community. Judith Sim mentioned Oracle Mix as a good example of how they are currently doing it and will continue to use that avenue.
  • Salesforce CEO Marc Benioff's Web 3.0 announcement.
  • Convincing middle management about the value Enterprise 2.0 can offer.
  • Linking business processes and Enterprise 2.0 concepts.
  • Security/Identity 2.0 and Oracle's position on how it fits with Enterprise 2.0 (I asked him this in a rather long winded way).
In trying to help us understand how Oracle views Enterprise 2.0, Charles gave the following examples:
  • Finding the right expert internally within an organisation to help with something you are doing - Charles talked about how Oracle encourages their employees to tag themselves as being "experts" in certain areas. In addition to this, others get to vote on whether you are really an expert in the areas you claim. It's the whole notion of reputation...very Identity 2.0. I was tempted to ask him about where he thought reputation fit into their Identity strategy but thought it might have been too specific and targeted a question and not appropriate for the topic we were discussing at the time (collaboration).
  • Sharing of information between sales people within CRM systems - Teams of people typically share material informally through various methods including word of mouth or email. Oracle wants to move this informal information sharing into the CRM system to facilitate more collaborative interaction between the sales teams and help identify useful material using things such as tagging and voting so they can more easily find materials and not have to re-invent the wheel. Doing this also gives management more visibility with regards to what is working, what is useful and how to potentially improve things.
  • Expense approval processes - Currently, the typical process involves the approval step being left to the judgement of the individual. For example, if someone expenses a flight from New York to San Francisco, the approver will look at the cost and make a "best guess" as to whether it looks reasonable. Oracle's view of how this should evolve is to allow the approver real time and historical information to help them make a more informed decision instead of guessing.
The word collaboration came up quite a fair bit during the meeting. It is obvious Oracle sees the ability for people to collaborate efficiently, easily and in real time as being key to making Enterprise 2.0 successful.

As for my question, I started by taking note of Oracle's very fast growth to now being one of the leaders in the security space, particularly the Identity and Access Management arena through their flurry of acquisitions (Charles responded by saying "I'm glad you noticed"). I also noted that they announced their strategy for Service-Oriented Security (which I mentioned here) and how it clearly feeds into their Enterprise 2.0 strategy from a middleware perspective. My question was around how Oracle would move forward with the following things:
  1. Making sure that the whole security layer becomes more pervasive in their application and middleware portfolio.
  2. Using the Enterprise 2.0 initiative to help organisations realise a better and more complete enterprise security model especially around data privacy and governance without having to spend years implementing the so called "off the shelf" solutions.
  3. How they would look to drive their leadership position forward and become more active in the Identity and Security community with some of the Identity 2.0 initiatives, noting that he had mentioned the concept of reputation (which is a very new and misunderstood area in Digital Identity) when giving his example on collaboration and voting on whether someone was indeed an expert.
Charles sort of answered my question. He answered all 3 at once by saying he thinks they already have a great set of solutions and an "Identity stack" to allow for the whole pervasive notion and good integration with their other software products. In his opinion, Oracle just hasn't done enough evangelising. He thinks Oracle will help customers by bringing to market best practices and expertise they have internally and that a lot of this will be driven through education and the Enterprise 2.0 sales force (the "Enterprise 2.0 sales force + education" answer was prevalent in most of his answers to everyone's questions).

I followed up by asking if he thought a lot of the work would or needed to be done internally or whether there were more acquisitions on the horizon. I'm not sure if I said those words specifically, but that's what I meant. He reiterated that he thought they already had most of what they need and it was a matter of driving the initiatives forward with what they currently have.

His answers to my questions were a little bit generic and I could easily imagine other large Enterprise Identity and Access Management vendors like IBM, Sun or CA coming up with that answer. In fact, it was the type of answer I would have given in my IBM days when customers asked similar things (albeit in a different context to Enterprise 2.0). To be fair, I may have been too specific about Identity and he just didn't have the right product marketing people around him to answer my questions in more detail.

In my opinion, Oracle haven't quite worked out what to do with security in the context of Enterprise 2.0. They are clinging on to their notion of "Service-Oriented Security" for now as being their Enterprise 2.0 security layer. The initial focus looks to be on the whole notion of collaboration and Oracle WebCenter. For those of you familiar with the IBM world, think IBM Lotus Web 2.0. I don't know enough about each of the technologies to comment on which I think is better, but IBM and Oracle are going head to head yet again in trying to be the leader in this space.

Some of the other attendees have posted their reactions to the meeting. Here are the ones I've found (I'll add more as I find them so stay tuned):
  • Dennis Howlett's ZDNet blog entry (which made the ZDNet front page for a few hours) - He lists the questions he asked and was generally positive.
  • One of Dennis Howlett's twitter statuses during the meeting - I wonder if he included me in the "no idea about Enterprise 2.0 category". In the group's defence, we are all from different backgrounds and have different interests. Just because we didn't approach the whole Enterprise 2.0 thing from his angle doesn't mean we don't know anything about it. Sure there's still a lot of educating to be done because Enterprise 2.0 is still largely open to interpretation. We simply got a taste of what Oracle thinks it is. IBM probably has a different view, as will other vendors. Heck, the industry hasn't even agreed on what Web 2.0 means yet! So Dennis, give the group a break.
  • Matthew Aslett - Good overview of the collaboration technologies mentioned and how they fit in with the Enterprise 2.0 initiative.
  • Neil Ward-Dutton - Review of the meeting and some views on Oracle's "reaching out to bloggers" initiative.
  • Stuart Lauchlan - Review of the meeting concentrating on the Enterprise 2.0 related news.
The list of attendees suggests to me that Oracle wanted to get people from different backgrounds and interest groups so they could get a good spectrum of ideas and varied approaches. We certainly got varied opinions and questions. Unfortunately, the whole discussion lacked a little focus and everyone seemed to be trying to link their questions in with others to give everything some continuity and fluidity (which may also explain Dennis Howlett's opinion that we were all asking "v.soft questions"). It was difficult to get everyone in a room to REALLY sink their teeth into whatever the discussion happened to be because a specific question being addressed at any particular point in time may not have been an area everyone knew a lot about. Everyone had their own interests and agendas and it showed in the questions that were asked. The discussion was probably also a victim of the fact that Enterprise 2.0 is a new area and open to much interpretation. Perhaps some sort of very loosely defined structure or pre-meeting brief around Oracle's Enterprise 2.0 plans would have facilitated more thought and discussion because the attendees would be able to do a little bit of preparation. It's a tough one because it's a bit of a contradiction to put structure around what is meant to be an unstructured session.

I'm not trying to detract from the event. All things considered, it was a worthwhile activity and a very good first attempt here in the UK. Essentially, I think what Oracle were trying to achieve was a real world manifestation of what happens in the Blogosphere: real time open discussion based on varied opinions with a theme at the centre. It was a good effort from the Oracle PR team and I think everyone in attendance appreciated the gesture. One of the other attendees remarked to me that he was VERY surprised at being invited to such an event because Oracle in the past has been particularly formal about public relations. They are obviously doing a lot of work to change that perception and the more of these types of event they do, the better they will be for it. How very "Public Relations 2.0" of them (cringe if you want at that comment but I couldn't resist).

P.S. There are some photos of the meeting and in the single photo that I'm in where you can see my face (there were a few of the back of my head), I look like I'm asleep! I obviously wasn't otherwise I would have had a lot of trouble writing this post. They must have caught me in mid-blink! No, I'm not going to post it on here :-)