Copyright © 2003 John Zipperer unless indicated otherwise.
(12/01/02) Web services have a lot of promises to keep, but they aren't enough. Assuming the emerging picture of the Web services world gets fleshed out successfully, it will leave room for even-more-interesting things to be done with the technology.
Chris Thomas, chief e-strategist at Intel, jokes that he's been called a Web services expert, and he says the good thing about that is that "nobody knows what it is yet," so no one can say he's wrong. But the story of what Web services can and do accomplish for tying together companies is already being told. That's because what they're being touted as being able to doparticularly, the machine-to-machine transfer of application informationis still a crucial thing. They don't need a different mission; they need an additional element in their mission. I say this technology should be stretched to address another, more-important matter: corporate integrity.
You know the roll call: Enron, Global Crossing, WorldCom, and others. Recently, another company announced a need to "restate" finances with the difference in the billions of dollars. Another is doing the same, with the difference of a mere couple hundred million. There will certainly be others by the time you read this. With the regular need for the infusion of billions of dollars in foreign investment and the ability of domestic investors to put their money elsewhere, the topic of American corporate integrity commands real attention. These failings of ethics therefore don't just affect the companies on the "roll call of shame;" they affect almost every public company, plus suppliers, partners, investors/owners, bankers, employees, and the communities in which they reside.
We can respond by hoping that our own businesses and the companies in which we have invested don't turn out to have some disastrous financial secrets. That's the bare minimum. But it's insufficient and unworthy of adults. We need to see more corporate integritydoing right even when one doesn't have to. For those who can't, then maybe they shouldn't be the gatekeepers of their own disclosable information.
That brings us back to Web services, or at least the underlying theories behind why they will be such powerful business tools. For years, we have replaced human-to-human interaction where desirable with computer-to-computer interaction. My pitch is quite simple: If some folks can't be trusted to report their finances correctly, let's develop the software and delivery mechanisms that will pull the appropriate information out of their systems and send it directly to the appropriate concerned partiesshareholders, boards of directors, the Securities and Exchange Commission, the IRSthe people who should receive the information that is legally due them in the first place. Let's develop the applications and algorithms that will take that information and crunch it up into usable reports.
"What?" you ask. "That nut is suggesting I let the government and auditors crunch my numbers for me?"
Well, no and yes. Though I'm no accountant, I know that bookkeeping is more complicated than toting up the money received. But information that is given out anyway should be given out correctly. And before you suggest people should just trust businesses, think about the times you've been tempted to put monitoring software on your employees' computers.
Thomas, speaking at Microsoft's Strategies for E-Business Agility conference this past summer, echoed Intel cofounder Gordon Moore who reportedly said in 1984 that you never leave a recession using the same technology with which you entered it. If you haven't heard of that law as much as you've heard of Moore's other law concerning transistor growth, don't worry; it's largely hooey. We've entered and left all kinds of recessions and depressions using the same technologies as before.
But we can adapt Moore's concept to deal with technology-related crises. We're in one, and we are developing the technology to get us out of it and help prevent a return to it. It will take complicated applications and algorithms, as well as the necessary standardization in the purposefully murky world of accounting, but hardest of all may be the mindset change.
Trust but verify? Bah. Just verify.
(12/01/02) Getting the most value from your information in a distributed organization can be anything but simple. As with any other automation challenge, obtaining a unified and trustworthy view of your organization's financial activity and ensuring it meets internal and, where necessary, external standards is of increasing necessity at the same time that it is increasingly complex, thanks to globalized enterprises, newly hawkish regulators and analysts, and energized shareholders.
Companies face the requirement to track and report their financial information more accurately as well as more quickly, as a result of pressure from the government. Others also apply increased pressure.
"Investors are demanding even more far-reaching changes than government has prescribed," says Mike King, senior manager in Deloitte & Touche's Solutions Division, in a recent seminar on the subject. Some investors look for carte-blanche access to see how their investments are doing. "One major energy firm in the Midwest has already moved in that direction, giving board members access to the financial information of the company via secure intranet," says King.
But even without the external interest, companies look to get more-accurate and speedier financial information to and from their various offices, divisions, and branches. With better information comes better decision making and guidance, right?
The solutions available can take different approaches to solving the problem or parts of the problem.
For example, WiredRed Software's e/pop Audit and Reporting Server helps companies manage and archive their instant messaging (IM) communications, which is increasingly important for companies, especially financial services companies trying to meet federal requirements covering their handling of instant data communications.
There are other, more wide-reaching offerings, such as Cognos Finance, from Cognos Inc., which is designed to help organizations integrate and monitor their core financial processes in a way that meets internal controls and reporting needs. Exact Software's e-Synergy product gives users private access through Web browser portals, where they can access data and analysis that lets them drill down to the division level, item level, cost center, or practically any other factor.
A look at some users of offerings from Hyperion Solutions and Cognos shows the level of importance they put on utilizing technology to obtain a grasp on their financial data and reporting, regardless of the solution they choose to use.
Vignette Builds With
Content management software solutions company Vignette Corp. wanted to address all of these matters. The Austin, Texas-based company had a system that was good, but not as good as it wanted it to be. Just as the U.S. business cycle famously took a turn south, Vignette wanted to get whatever efficiency it could out of its financial performance.
"One of the main issues that you have as a global company is the problem of people having different databases or different versions of the same database, so they come up with different numbers," says Bruce Webb, Vignette's senior director of global finance.
That was one problem Vignette didn't have, because it was using a financial analyzer product from Oracle, which acted as a central data repository and let the company perform planning. Financial analysts at Vignette would pull their data from that database into Excel programs to handle the numbers. But the company wanted something with more robust capabilities, so it went looking for solutions.
"When you have a lot of management reporting, that can be pretty tedious," says Webb. "Did you pull the right numbers and are the sums rightthat sort of thing."
In September 2001, Vignette bought the Hyperion Essbase Server, and it began a two-phase implementation. The first phase was a simple matter of duplicating the interface between its financials applications. The second phase involved an in-house project by Vignette to build an application that would run on top of Essbase and allow the company to conduct global planning and networking.
The decision to build in-house may go against the grain of the buy-it-don't-build-it credo these days, but Webb had available to him some developers experienced in finance and, after all, Vignette is a software company itself.
The benefits of the new system are many for Vignette, including cost savings, better understanding of its costs, improved reporting (and more types of reporting), improved cycle time, and better data integrity.
"In my ROI for the
dollars I laid out for the product, where could I lower my headcount
and the cost of my organization?" explains Webb. "Over time,
what we have been able to do is manage to reduce headcount in this
business cycle while delivering significantly more. And I attribute
that to a large degree to Essbase and the application we developed.
CTX Mortgage and Cognos
"What drove this whole process was a meeting when I sat down with our president and CEO and discussed their vision," explains Harry Hixson, CTX's senior vice president for information technology. "We started out with a theme called Mission Possible, where we set business objectives, and those objectives are communicated through to the field. One of the things we wanted to do was increase communicationhow the company is doing, how the business is doingand communicate that through the ranks."
The company handled this
with "tons of reports," but it wasn't a very efficient way
of getting lots of information into lots of hands on a rapid basis.
"We got into it more and more and decided what we really wanted
was to have a dashboard," says Hixson. "So when branch managers
log in, they see that set of five or 10 or 15 metrics [that pertain
to them], and see how they're doing. They might be weekly metrics,
or daily metrics, but the first thing they'll see is how they're doing."
A year ago, the company evaluated products, eventually choosing Cognos Corp.'s Metrics Manager (then in beta).
"From our perspective, what we were looking at was to totally redo the way we do reporting," says Hixson.
Cognos' OLAP (online analytical
processing) technology, its tools, and their simple user interface
were strong points of the product. And as a result of the new technology,
CTX could better monitor its performance metrics at multiple levels,
as well as from different angles (such as profit per loan, employee
head count, and fixed expense for each loan).
On the central administration side, the company determines the information to which those field users will have access. The users thus get the information that directly affects their work assignments and their measurement against company metrics, which tie into their own compensation.
Hixson declines to put dollar figures on CTX's return on investment in the Cognos product, but he says it looks for return in terms of improved information distribution and management. "We were really trying to improve information, place the information easily and readily in the hands of those who needed to make decisions, so we're not looking for a scorecard that has tons of information," says Hixson.
"We're looking to deliver the metrics that the branch manager needs to run his business."
(12/01/02) Planning enterprise technology strategies for the near future is likely to take some adjustment, both from the enterprises themselves as well as their vendors. As the U.S. moves out of recession, the expected resumption of rapid technology spending was replaced with continued caution on the part of businesses.
The conclusion from many observersincluding most visibly the leadership at Oracle Corp.is, essentially, "Get used to it." Ernie Eichenbaum, vice president of Baan USA Inc., speaks for many when he says, "I don't expect to see zillions of dollars of money that companies will be putting toward projects." Businesses are instead adapting themselves to the new reality that, though recession is not a permanent business feature, the more-cautious pace of IT spending that they are seeing today is likely to be the norm for the foreseeable future.
It's not a unanimous opinion. "Everyone is trying to set expectations around the spend level, but none of us has any idea," says Adam Klaber, global CRM leader for IBM Business Consulting Services (formerly PwC Consulting).
Where should companies place their investments to get immediate benefits, and also remain well-positioned for the future?
"How do you build for a world where you acknowledge that you don't know what will happen instead of pretending you do know what will happen?" asks John Jordan, a principal with Cap Gemini Ernst & Young. He says the answer is in better management, not technology. And though companies are not buying comprehensive changeovers from one system technology to another, there is still reason for them to prepare their existing systems for future technologies and industry standards, such as those associated with Web services.
"These days where people are squeezing
budgets, many people are taking existing projects and letting them
do more," explains Baan president Laurens van der Tang.
Steady improvement is thus the key, and it helps to have had a good foundation from the beginning. REI, a 64-year-old outdoor goods retailer with stores in 24 states, recently adopted the IBM WebSphere platform to improve the speed and performance of its online store. Though already proud of its site, the retailer had to keep investing in it. "Regardless of what we wanted to do [with it], we knew we couldn't stay with what we had and scale like we wanted to," says Joan Broughton, REI's vice president for direct sales.
REI has the additional advantage of having had a smart approach to integrating the Internet into its business from the start. Through a combination of good corporate leadership and the lack of extra money to burn, the company never went the route of trying to set up a separate organization for tracking stock for its online sales channel; instead, it always saw it as another way of tying together its stores, catalogs, and customers.
"We intended this year to be the year that we redid the whole site," says Broughton. Next year, she says the new platform will be leveraged for "innovations and more linking between the sales channels."
Jordan suggests other companies also
follow a clear-minded strategy for making technology investments.
"You can't blow up your legacy environment, but you can acknowledge
that you're never going to have a green field," he says. "You
can start standardizing some of your environment now. If you do it
for the next three or five years, then you'll find in three or five
years that you're pretty far along the way."
If Jordan is correct in his approach, then business executives can expect to get value out of their investments without having expensive retooling and restaffing charges. He says a lot of the work of fixing the internal programming in organizations to make sure they're ready to handle automated interaction with outside systems falls under the category of maintenance. The changes thus get made at an acceptable rate without it having to become a separate, expensive project.
"Yes, we are going through a cycle," says Klaber. "But I do believe that there is a pent-up demand of things to do, to improve how companies operate, how they get interfaced with their suppliers and their customers, and they know that there's business value associated with it. I do believe it will not [remain] at this level, because people are very cautious, and they're being incented by their organizations to go slower, not faster."
(12/01/02) Creating a brand new Web site or publication for your business can be easier than trying to relaunch an existing one. That's because publications and sites quickly develop archivestheir legacies of print and other media contentthat can make a switchover to a new format quite difficult.
The company relaunched Space.com this past summer, just in time for its third anniversary. Originally launched by TV business newsman Lou Dobbs, who now serves as the company's chairman, Space.com has been retooled to better present the thousands of archived stories and images, as well as regularly updated news feeds, andmore important to Space Holdingsto give better placement to its advertisers, such as IBM, Intel, Absolut, and Showtime. That's a result of the direction taken by Space Holdings president and CEO Dan Stone, who recently joined the company from Turner Broadcasting System, and who has said that the company is designing itself to work better with customers and marketers.
When Space.com launched in 1999, it used a Future Tense Inc. content management system. Open Market Inc. bought the content system technology from Future Tense, and Open Market in turn eventually sold it to divine inc., which named it the divine Content Server.
"It's been very robust for us," says Jason Hoch, director of operations and business development at Space Holdings. "The core function from the start was a content management solution for the Space.com site. We're taking everything we've learned and use on a daily basis on Space.com and are applying that more and more to our other work."
The amount of content and its multiple uses drove the need for a content management solution that can integrate large volumes of data and use the XML language to help tag elements of content files for multiple uses. The company has more than 25,000 articles in its archives, as well as hundreds of thousands of images, and it needs to pick and choose images for use in different articles and in different sizes. And that content is not only destined to appear on Space Holdings' sites; the company also syndicates the content to partner sites such as those run by Gannett and Yahoo!
"It's really become the heart and soul of what we do relating to content," says Hoch. "By content, we mean producing articles, producing images, image galleries, managing broadband video, having lots of different looks and feels to the pages."
Space Holdings' use of its content management server goes back to when it was Open Market 1.0. "That tool and other tools in the marketplace just weren't as sophisticated as they needed to be," says Hoch. Happily, he says, the vendor listened to what its customers wanted and added new features, such as the ability to create and customize templates, import different types of data, manage video and images, and more. He believes that by continually trying new things, he takes the technology further than other customers might, so his company has continued its relationship of close consultation with its vendor, divine. "As a result," he says, "we're a pretty good test case for divine because we do push the boundaries a little more."
The original decision to go with a product, he says, "wasn't Open Market versus another solution, as much as ÔWe can build this in-house with our own team' instead of ÔHere's a product we can buy from a vendor.'" The ultimate choice three years ago to go with an outside vendor like Open Market was a good one, he says, because it helped avoid the urge to customize everything. "I think you get in a little over your head if you try to do all the customization yourself," says Hoch.
The Content Server's pre-divine origins go back to a successful gamble by the creators at Future Tense. When they developed the product back in 1997, Java 2 Enterprise Edition was not in everyone's lexicon as it is today. Future Tense "took a chance and said, ÔWe think this will be a dominant platform in the future,' and that turned out to be a pretty good bet," says Robert Mattson, director of ECM product marketing for divine.
With a target customer that is involved in large-scale publishing and creating high-volume, robust sites, the focus early on was for a strong, scalable, failover-proof product. "Imagine what the first jeeps were in the army," Mattson says. "Their goal was to run over anything, through anything, and to start up at any time. But over time, they got more plush and more comfortable. That's kind of the development of content management."
Leveraging Success into ROI
It has also helped Hoch keep his in-house team lean. The relaunch of the Space.com site, including the reformatting of those thousands of images and articles, took five weeks from start to finish and included a programming staff of two and a half people.
"We want to extend this to all of our multimedia capabilities, so we want to improve broadband delivery," Hoch continues. The company wanted to create new packages of content for specific target-reader subsections. Space.com is only the first step for Space Holdings, as it will be taking its successes from this project and applying them to its other businesses, archiving their content online. And as it expands to incorporate other print and multimedia businesses, it'll continue to take advantage of this content management system.
Making use of the system throughout the company will likely result in more helpful feedback from end users. As with most content creation-and-management systems today, the divine Content Server lets end users create content in the programs with which they're already familiarsuch as Microsoft Wordand publish directly to the end product. An unexpected result of this has been that the end users have actually become more technically knowledgeable, and those writers and editors have been feeding Hoch new ideas for future capabilities. The Space Holdings relationship with its content manager looks set to continue for some time.
(12/01/02) It is not a surprise that the economy is a determinant in the rate of investment in Internet networking technology. But in 2003, enterprises, their service providers, and carriers will feel the effects of the changing ways in which companies use their networks to conduct business. And that is likely to add up to some continued investment in networking technology by all of them.
A relatively optimistic viewpoint from Forrester Research expects that overall technology spending will return to healthy growth in 2003.
However, its expectation is based on a model where the nation's GDP growth will be above the "tipping point" for technology spending, which is an arguable point. But enterprises will feel the need to upgrade their networking technology because of pressure from the traffic they put on their networks, in no small part because enterprise applications are converging on their IP (Internet protocol) networks.
"We see a wide range of enterprise applications that are now Internet-enabledCRM, databasesthese are all converging on IP, so they are requiring more IP resources," says Mark Bieberich, senior analyst at the Yankee Group. In addition, he points to the continued adoption of wireless data services, which add to the IP traffic on a network.
"But, while you can get more bandwidth for the money, you can't necessarily use the bandwidth in new and innovative ways, because the rate of service introduction on the part of carriers is very, very slow," says Bieberich.
He says prices have dropped on hardware, but the general economic situation may still hold back some companies from aggressively taking advantage of the price cuts.
In general, he sees the investments being made in network-edge products, not in the core, and spending will be for solutions that increase manageability and flexibility. By that, he means service providers will look for technology that allows them to offer multiple features in one solution.
An ongoing upgrade in the Internet protocol itselffrom IPv4 to IPv6could drive some further investments in routing technology. IPv6 has a number of improvements over version 4, but the main one may be the expansion in the Internet's ability to create addressessomething that is an acute problem in countries that were allocated a small number of addresses.
"In 2003, we think it will be the pivotal year for IPv6," says Uri Rahamim, vice president of worldwide sales and marketing for Hitachi Internetworking.
He notes that the switch to IPv6 will
affect many pieces of enterprise IT investment, including operating
systems, applications, and infrastructure and equipment.
Hitachi Internetworking recently announced the availability of two new models in its GR2000 offering of routers. The new items are specifically aimed at the enterprise market.
IPv6 capability is probably not the top priority of enterprise router purchases. Cost and features such as size and ability to provide end-to-end quality of service are equally as important.
"Clearly, everybody is watching their cost," says Rahamim. But IPv6 is a capability he sees companies using as a "checklist" item that any investments they make in routers have to meet. "The vision of the migration from IPv4 to IPv6 is not going to happen overnight," he says. "It will be a fairly long process of moving from one to the other."
(12/01/02) The investments that enterprises make in their server infrastructure will benefit from developments in form and the adoption of standards, but those benefits will build over time due to today's sober buying trends.
Perhaps the most significant factor in spending on server hardware will remain the economy; not many companies are willing to get out ahead of revenue growth. Forrester's August 2002 "Benchmark North America Business Technographics Data Overview" reinforces this view. The overview found that most firms are sticking to existing technology budgets for the tail end of 2002, with continued demand for hardware such as servers. But many seem ready to cut or increase their budgets dramatically if the situation warrants.
Gartner Dataquest also
says that companies won't have the confidence to make big investments
in servers until they are more confident about future revenues.
Server investments made in 2003 are likely to follow some clear trendstoward Intel-based servers, blade servers, and a safety-in-numbers adoption of operating systems on those servers that are standards based or at least easier to run. (That means more Windows and Linux and fewer proprietary Unix implementations.)
Companies thus are accepting standards. "More and more customers are saying that it may not be their entire facility today, but it's not an 'if it will happen' but 'when it will happen,'" says Dell Computer spokesman Bruce Anderson. "We're seeing a lot of interest in Oracle running on Linux."
Standards give enterprises advantages in cost, performance, and ease of use. Anderson says enterprises are also interested in investments in blade servers, a trend that has started slowly but is expected to pick up significant momentum in coming years.
That is good news for IBM, which is also hoisting the blade servers banner. "Customer surveys we've seen show that the open-source movement, autonomic computing capabilities, grids, and pervasive computing are among the key technology trends that will drive infrastructure and services in the coming years," says Mark Shearer, IBM's vice president for eServer products.
Organizations want systems that give them security, resilience, ability to grow, as well as the ability to use power-on-demand and not have to pay for features they don't need. Dell, for example, responded with a modular blade server approach that will let companies buy their servers only with the elements they wantthe next step in the build-your-own-computer approach.
Organizations will have plenty to gain from their server investments in the coming year, but it is less a revolution in their infrastructure and more the foundation for more dramatic change in years to come.
(08/26/02) When Taiwan-based software maker Ulead looked for a new e-commerce partner for its U.S. distribution, it turned to the company that already provided its e-commerce infrastructure. The fact that element 5 AG was located a stone's throw from Ulead's European headquarters didn't hurt, either--in fact, it helped accommodate a close working relationship when the two added customized features for Ulead. After only three months of using element 5 to outsource the distribution of its products, Ulead already reports increased sales as well as increased happiness with its online e-commerce functionality.
Ulead, founded in 1989 in Taipei, Taiwan (where it is still headquartered) and with offices in China, Europe, Japan, and the United States, develops and sells imaging and digital content products ranging from server-based image and Web-content solutions for enterprises to consumer digital-imaging software. It has been selling via the Internet for about five years; two years ago, the company's European branch began using element 5, but the U.S. branch used several e-commerce partners until it made a change to element 5 this past May.
Conall McCarthy, e-commerce manager for Ulead's U.S. operations, praises the element 5 solution, in particular its tools for cross-selling at the shopping-cart level, coupon codes (to help track ROI from marketing campaigns), e-mail marketing, reporting, reseller controls, multiple language and currencies support, and its management interface. "We can see the sales of each of our products by country, by time period, [and] we can get gross sales reports," he says.
That control panel is one of the solution's selling points, says Gerrit Schumann, CEO and cofounder of element 5 AG. He says the intention of it is to give software publishers the ability to use it as if it's an in-house solution. They can monitor sales, set up new products, run marketing campaigns, send out e-mail and marketing newsletters, manage reseller relationships, and more, all in a Web-based interface. "We can do that for them," Schumann says, "but this way they have instant access to sales reports and customer data and all that. In addition, we feed them data via e-mail, XML format or plain text. We can give them monthly summaries or weekly summaries."
The Cologne, Germany-based element 5 was founded in 1996 with a shareware solution that was developed to serve any potential software company that wanted to use the Internet as a sales channel. Element 5 now offers a range of outsourced services, from catalog, delivery, ordering, fulfillment, reseller management, and multi-lingual customer service.
Schumann says he expects to see a lot of growth from U.S.-based software companies trying to sell into the European market, and he believes he's well-situated to benefit from offering them a service that is cheaper and better-established than a go-it-alone approach. "Even if the [European] economy is relatively slow, you still have a higher penetration of Internet access, and more and more people are using credit cards for purchases online," he says. "The advantage is if you deliver products electronically, you don't necessarily have to fulfill locally with a warehouse. There's no investment required to set this up. If publishers only have an English-language product but they sell outside the U.S., they can increase the likelihood of that selling by 10-15 percent. I don't think it would be as attractive if they had to [physically] go to Europe to make the sale."
But visiting Europe has only cemented the opinion of Ulead's McCarthy that element 5 will go the extra mile to meet his needs. "I've been in their European office," he says, "and I've met many of their developers. Whenever I've had an issue, they've always tried to work with me," a response he says he didn't always get from his previous e-commerce partners.
His ultimate confirmation, though, comes from the multiple ways he's measuring return on investment for the project. In the first three months of using element 5's solution, he says sales have increased 36 percent over the same period a year earlier. And he adds that he also has less downtime than before, as well as increased control and functionality.
(11/01/02) In a report released this fall by the White House on the topic of National Strategy to Secure Cyberspace, the President's cyber-security advisors put forth their case for weaving security concerns throughout public and private Internet usage. When President Bush's special advisor for cyberspace security, Richard Clarke, said a year ago that he was interested in a public-private partnership to tackle cyber-security issues, listeners could have been forgiven about being skeptical about the government's commitment to carrying through on its end. But by now, with the federal government clearly approaching information security as a critical issue; private enterprises may have a lot to do yet on their end.
Security has been steadily climbing the priority ladder in enterprises for a couple years now. It began for some with a wave of increasingly damaging (and publicized) virus and trojan horse attacks, and it became even more of a corporate priority in the vulnerability self-assessments that occurred after the terrorist attacks of September 11. In both cases, organizations wanted to find ways in which people internally or externally could threaten the security of their data and business processes.
Today, as a result of those assessments, their concomitant security appliance and application purchases, and a push from the U.S. government, enterprises are facing a large and growing need for making their companies secure. As confusing as the entire security issue can get it does, after all, include everything from e-mail anti-virus programs to encrypting enterprise data from internal crooks the federal government and American industry clearly have moved past the point where the issue can be approached as a series of limited and unrelated projects.
Companies are beginning to see security as something that has to be "baked in" to the company's basic business processes rather than addressed at the outskirts or even at the end-point of product development. Making that vision a reality will require another wave of "best practices" to be popularized in organizations.
The Human Firewall Council, a Houston-based consortium dedicated to highlighting the human, non-technical aspects of information security, has even put together an online survey for company leaders to take to benchmark their organization's security efforts against industry best practices. Its Security Management Index survey is based on standards for 10 security areas, including access, policy, privacy, business continuity, and more. (See the survey at www.humanfirewall.org/smi.)
Interested companies are also being urged to raise security as an issue when they do business with other companies. "Companies have not made security a purchasing priority," says Mary Ann Davidson, chief security officer at software giant Oracle Corp. "If you don't make security a purchasing criterion, you can't cry about it afterward. The industry has for a while been irresponsible." And though she says she doesn't want to "blame the victim," she says, "The customer has been, too."
Udi Levin, director of product management at Allot Communications, maker of the NetEnforcer information policy enforcement solution, thinks companies are coming up to speed on security. "I think the companies' CEOs really know the danger is there," he says, suggesting that business performed over the Internet is a cause of unease by executives. "The top management is really concerned about the waste of resources in terms of money and time and so on."
But the software industry is not alone in having room to improve its security dedication. If Richard Clarke and his staff are on the vanguard of the new, comprehensive approach to enterprise (and national) security for Internet-enabled data and business, then many organizations will be looking at themselves to see where actions or inactions affect the security of their organizations, products, and services.
Jim Howard, CEO of content management system outsourcer CrownPeak Technology, says his company does pay attention to security throughout its production process. The company's head of security and the CTO are in every product-development meeting, "and we have a lot of discussions about what we can do and what we can't do," says Howard. "We feel that it's our responsibility with security as with things like backups and disaster recovery and hardware management and storage management--as a hosted software product to do this better than almost any IT organization would do it themselves, because we're professionals."
Davidson's role at Oracle is similarly involved, giving her regular contact with employees (as well as the ability to go to the top of the company to make her point if need be), so she can make sure security receives attention at every point.
"The only way to do that is process, education; it's people internalizing it," Davidson says. By educating their staffs on the cost of security failures in the companies and their products offerings, employees can be motivated out of self-interest.
Davidson also suggests another thing companies can do, this time something that directly addresses their making security a priority in purchasing. She suggests they do more research into solutions they are considering buying; that would include checking with your organization's insurance company to see what it charges for security coverage on a specific product.
There may also be information available on the actual costs of securing a specific product, and Davidson says people are starting to do some research on it, but there are not a lot of data points yet. But if customers demand it, that may change..