Monday, October 31, 2005


Enterprise Architecture and Insulting Firms

Was thinking about how many insulting firms back up the school bus and send in kindergartners to do strategy in many large enterprises without much real world hands-on experience. Figured I would do some homework to figure out what happens when they consult to their own organizations...

Here is an interesting article in CFO Magazine of one firm who consults on ERP systems but couldn't get their own ERP system stable...

I have always had the utmost respect for one consulting firm: McKinsey having worked with many folks from this firm during the dot-com days on wingspan bank. I remember talking to one of the partners in a discussion about work / life balance which kinda seemed non-existent. He did mention that you can pick one of the four: Function, Geography, Industry and People. Would love to know if others in the blogosphere know of any ex-McKinsey folks with technical backgrounds that would love to work for a large Fortune 100 enterprise?

McKinsey does something special not done elsewhere. They thrive on the intellectual capital of its people. They do so by making folks feel connected. They have a very strong alumni network that even when one leaves the firm, they are still part of it. Maybe in all reality, this is what enterprise architecture should be all about. Imagine an enterprise where folks leverage each others knowledge...

Many enterprises are struggling with the notion of intellectual property and don't really know how to capitalize on the smarts of the folks within the walls. Maybe they would be well-served by having their enterprise architect's read the latest Economist magazine and the article entitled: A market for ideas.

In my travels, I have noticed that enterprises that truly understand enterprise architecture seem to eschew outsourcing. Maybe they realize that cost savings can never be truly obtained by turning over the keys to folks in other countries and the real work requires coming up with real strategies done by your own employees.

| | View blog reactions

Sunday, October 30, 2005


Enterprise Architecture: Mistakes Made in Outsourcing to India

One should be careful to extract what is useful from older concepts, and not dismiss anything "old" as useless. A craftsman does not abandon his/her manual screwdriver or hammer just because power ones are available in some cases they are still the best tool for certain jobs. That doesn't mean you should resist advancements either but be aware of software/hardware development history while being open to the new, look beyond hype and backlash to hype to choose the right solution for the task at hand...

The key focus is on lessons learned from the past and not blindly adopting CMMi in order to align with abstract concepts such as CMM pushed by outsourcing firms.

| | View blog reactions

Saturday, October 29, 2005


Enterprise perspectives on SOA

The vast majority of bloggers on the subject of SOA tend to work for software companies or consulting firms that have a vested interest in selling you something. It is time to start sharing a perspective on SOA that is less frequently discussed...

SOA isn't about ESB's or some other marketing ploy used to convince executives that they are behind the times if they don't listen to the message. Curious to find why no one ever talks about the notion of business architecture and how SOA should be aligned to it? Many vendors create technical reference implementations but none of them have even made the attempt at creating a business reference implementation.

IBM has the potential to show leadership in this regard as they have core knowledge about many industry verticals from their learnings on San Francisco. Within the insurance vertical, they have the IIA framework that is a great starting point for creating business oriented reference implementations.

Many insulting firms have been savage in incorporating the word SOA into their marketing material without developing a true understanding of the problem at hand. Enterprises are game to get a "strategy" without figuring out reasons others have failed. Simply, SOA done without organizational change is just plain dumb. The success or failure of SOA is directly correlated to the ratio of intelligence to stupidly. At least one blogger has acknoweledged that blame for SOA failures should be placed on stupid people.

SOA attempts to solve for interoperability but only focuses on technical interoperability. How about management insulting firms as part of "strategy" making recommendation on how to fix the organization chart within large enterprises? I can tell you that one guy who gets it is Sam Lowe, Chief Enterprise Architect of Cap Gemini who has a great entry on the real issues making or breaking enterprise SOAs.

I suspect that CapGemini is capable of creating real strategies around SOAs in that they not only address the organizational issues with their clients but also within their own walls. I suspect they don't have a lot of kindergartners doing "strategy" and backing up the bus. Their strategy seems to eschew having "analysts" who may at best have five years of experience in IT and instead prefer folks who have done real work and gained real experience provide consultative advice.

Speaking of "analysts", maybe the second fatal mistake realized by enterprises is asking the vast majority of them for guidance. In my humble opinion, the folks over at ZapThink and Burton Group seem to get it, but the rest should be simply ignored by corporate America. Of course, Burton Group is more politically correct than myself, but you should check out the three major impediments to SOA...

Another problem with SOA where the dots haven't yet been connected is the notion of identity. Craig Burton is starting a good conversation on the problem here. Collectively, we all need to connect the dots...

| | View blog reactions

Friday, October 28, 2005


Industry Analysts and Enterprise Architects

I recently had a conversation with Andreas Antonopoulos of Nemertes Research and uncovered something very interesting about this particular firm. Usually when I talk with industry analysts in which we are not clients, they usually attempt to sell us their services. Of course, within most enterprises the notion of using industry analyst services from a budgeting perspective is under pressure.

Many analyst firms have structured their model around this fact and have changed their approach to pursue software vendors who have big marketing budgets who in turn use the research in their marketing efforts as collateral material to large enterprises such as the one I work for. Analyst firms that use this particular style and the software vendors who give them tons of money haven't yet came to the realization that us folks in corporate America have now caught onto the game and may in the future not only consider this form of research worthless but may start doing the research we desire ourselves.

The main problem with this form of research is that enterprises need access to ideas and the best thinking. They need thoughts on game changing plays not just whom happen to be willing to pay for briefings. Pretty much every enterprise architect I know of in other Fortune 100 enterprises have on their radar the notion of open source software which in the charge the software vendor model simply never seems to show up.

In another conversation with Bloor Research, they mentioned that the problem with most open source projects is that these projects don't do marketing. The real problem is slightly different in that if open source when covered by industry analysts only covers open source that is created by large software vendors and not the stuff that is truly useful then their research is discredited.

I publicly state that the vast majority of open source projects that are truly useful to our own enterprise are not developed by traditional software vendors who embrace open source but by folks in small software companies who don't have the money to pay for marketing and our peers in other enterprises who create valuable software for themselves.

One enterprise I have the utmost respect for is Duke Energy. Their core business is not selling software but selling energy yet they have created valuable software for others to use. I encourage folks to check out their .NET framework for software development. If I were to listen to the advice of analysts, I guess Duke should start marketing something they wanted to simply be a good citizen for?

Duke isn't the only company that is delivering valuable software to the community using open source. In fact, there are dozens more of large enterprises that not only use open source software but contribute. Wonder if we could get analysts to start telling a more interesting story?

Some of the open source projects that my peers have used and contribute to at work include projects such as Liferay Enterprise Portal, Virtual Token Descriptors (VTD) and OSWorkflow.

If analysts want to sell folks like me on buying their research, they will need to start telling the whole story which includes open source projects. They need to tell the story of enterprises whose business is not software but created valuable working software for others to consume. The secret is out and if analysts want to survive, they will do well by considering this value proposition.

Jumping back to the conversation with Andreas, I was very encouraged by our discussion. He was the first analyst to not simply arrange for a briefing where he wanted to talk to me about marketshare or other things of minimal value in my mind but actually asked me if I knew of innovative companies he should be researching. It was the first time I could give analysts a direction they should head. In thinking about this, maybe every enterprise architect should call up their favorite analyst firm and task them with the goal of not only figuring out alternative open source projects but vendors that are not on the radar!

In the discussion, I have learned that he was also working on a research report in the spirit of open source industry analysis that will be licensed under the creative commons model. The folks over at RedMonk were the first to do this with their groundbreaking research on Compliance Oriented Architectures. I wonder if James Governor has realized the effect of his own thinking not only on his clients but on enterprises such as the one I work for. He has started something magical.

We know that RedMonk gets open source, we now know that Nemertes gets open source, curious which analyst firm will be third...

| | View blog reactions

Wednesday, October 26, 2005


Why enterprises should reconsider using XML...

Bet you didn't know that a small company named Scientigo has patented "the idea of packaging data in a self-defining format that allows it be correctly displayed wherever it travels" which is fundamental to the notion of XML.

I wonder what would happen to all the enterprises who use XML if they decided to pull a move like SCO...

More details here.

| | View blog reactions


Outsourcing Racism

I have been told a myriad of times that the caste system in India no longer is practiced and that outsourcing firms do not discriminate. Maybe someone could tell me why in my entire career I haven't met a single person that worked for an outsourcing firm that was a Sudras?

My hypothesis states that many of the outsourcing firms in the United States that are India based also discriminate. Sure, many of them may have a figure head that is from another country, but I defy anyone reading this blog to supply hiring statistics of any of these firms and the number of folks they hire that are black, hispanic, native american, etc. If the number of minorities working for outsourcing firms are below the national average, would a reasonable person conclude this feels an aweful lot like discrimination?

The Civil Rights Act of 1991 provides relief in terms of real fines for those who openly discriminate. For all of those American's who lost their jobs to an outsourcing firm, maybe they can't get their job back, but they can level the playing field by pursuing this approach. Maybe these firms should read the EEOC poster several times.

I wonder if those in corporate America who hire outsourcing firms that practice EEOC but don't require if of their outsourcing partners may also be guilty? The EEOC is in charge of administrative and judicial enforcement of the federal civil rights laws and providing compliance education. I wonder what the legal exposure is to enterprises in this fashion? Maybe a lawyer could blog a response.

Other bloggers in the blogosphere have jumped all over Iraq's constitution because it will forever forbid gay marriage but haven't done the same for countries we are friendly with such as India, China, The Philippines and so on. I wonder if folks that support this issue are hypocritical? Here is an interesting link to this subject.

Next week, I will blog about the persecution of Christians in India along with some facts that may change one's perspective. In closing I leave you with an interesting article entitled: India charges Finnish tourist for bathing naked.

| | View blog reactions

Tuesday, October 25, 2005


Corruption will lead to India's downfall

Bet you didn't know that Indians pay $4.6 billion in bribes each year to obtain basic services such as water and electricity...

Here is a link to the full story!

| | View blog reactions

Monday, October 24, 2005


The correct way to think about identity...

Most bloggers have the wrong perception of federated identity. Let me tell you why...

There are two bloggers on identity management that I read with passion. First, there is Archie Reed of HP and the second would be Kim Cameron of Microsoft. Sadly, both are having the wrong conversations when it comes to identity. The perspective they share is from the viewpoint of the consumer when the conversation from the perspective of the corporation is more interesting.

For example, due to laws such as Sarbanes Oxley a manager needs to attest on a periodic basis that all of their direct reports have access to the systems they need while not having access to the systems they don't. While this appears as a somewhat simple statement, when dissected it becomes more difficult. Imagine working in a large enterprise where there are 200,000 employees. Wouldn't it be useful to record centrally the notion of attestation? Wouldn't it be useful in a court of law when the government comes with their subpoenas that this recording was digitally signed? Makes me wonder if Archie and Kim ever had the opportunity to talk to the folks at Accenture, PWC and Deloitte about certifying identity?

Even if you were to ignore corporate environments for a moment, the conversation is still flawed. Users don't pick a digital identity solution. Nowadays with large enterprises prefering to buy systems over building systems inhouse, they don't pick a digital identity solution either. In the real world, identity is analogous to plumbing in that it simply is embedded into a larger context.

When one buys a house, they specify things like color of paint on the walls, siding and carpet but usually don't have much say in the color of the pipe of their plumbing. Identity is plumbing. Users don't demand plumbing and users don't demand identity in the sense they blog about it.

Others within the blogosphere are now talking about Sxip and Identity 2.0 which they will repeat mistakes already made. As an architect and advocate of open source wherever possible, they did good here by making it open. Likewise, they have done an equal good job of solving for various system qualities (i.e. availability, scalability, performance, etc) and have even done wonderful in advocating various standards around it. But they failed on two important aspects...

First, they didn't define how Sxip will interoperate with other identity implementations. After all, we can't believe that their will be a single uber-identity? Do we really have faith in corporate America and their ability to adopt the same identity proposed by this standard such that there is one?

Interoperability is key to the success or failure of an approach. Sxip if done correctly should interoperate with identity approaches used in corporate America today including Kerberos, Active Directory and so on. The one pet peeve that torques me is when open products don't interoperate with other open products. How about making it interoperate with OpenSAML?

Kim Cameron has done a wonderful job of coming up with a metasystem whitepaper but too are leading us in a direction that is not ideal. Reference architectures need reference implementations. I really hope that Kim will push his bosses to create an open source reference implementation of the identity metasystem, otherwise I would encourage others to run in the opposite direction. Sxip did get this right.

Some within the community will argue whether the approach used by Sxip is really standards based in that it wasn't ran through a standards body. My own thinking in this matter is they did the right thing. The vast majority of standards bodies are filled with vendors looking for standards as an advanced form of branding. Standards bodies themselves need to invite end users to participate and ratify standards and stop being insular.

Anyway, I hope that Kim Cameron has thought about making Sxip interoperable with the identity metasystem he is proposing. Inquiring minds would love to know...

| | View blog reactions


India and Racism

Inquiring minds want to know if folks from India practice racism? My own thought on the matter seems as if it still is present. Let me state the reasons why...

When one looks at firms such as Infosys and their employees, a vast majority of them tend to be of higher castes. Of course, many will tell you that caste based hiring no longer occurs but statistics show a different picture than the rhetoric.

American's who grew up in the 80s and 90's are keenly aware of the notion of equal opportunity and understand it is simply wrong to hire (or not hire) based on the nationality, religion, gender or ethnic origin of a person. In fact, American corporations have taken deliberate steps to not only put an end to discrimination but to also encourage diversity. Too bad the Indian government hasn't encouraged diversity at all levels.

Sometimes folks from India who come to America forget or simply are not aware that they too should practice diverse hiring and not just people from their own countries. I was reminiscing with a friend who was born in India about an experience I had in the days after September 11th.

I visited the local market down the street from work to buy halal meat. The shop was owned by a person from Somalia and is located in a minority community comprised of black and hispanic people. Several street people approached me in conversation while I was in the shop telling me that I should avoid buying pizza from the guy next door because he was down with Bin Laden (He wears a turban and was a Sikh). They also told me that they would put him out of business. Not wanting to put my own health in harm's way, I didn't bother to educate them to the real facts and let them think whatever they wanted and for this I admit my guilt.

Anyway, as months past the pizza shop owned by the guy from India was ultimately closed. In a location a couple of doors down, another Indian person opened a fried chicken store prior to it closing and is still wildly successful. Being somewhat puzzled, I asked myself the reason why one was successful while the other one wasn't and the answer suddenly appeared.

The Indian owner of the pizza shop thought it was sufficient that he simply could work hard and take money from the community without giving back. He only hired people from his country. Compare and contrast the Indian owner who opened the fried chicken store had hired people from the community that were of different ethnic descent and was successful.

In other words, he understood the importance of diversity. He knew that if he created jobs from those in the community, they in turn would show him not only respect but reward him with business. I wonder how many other folks from India will stop hiring only others from their own country and start practicing diversity?

Maybe diversity will not be a choice in India. Imagine what would happen if American companies started to enforce the same rules and guidelines they practice in America on their outsourcing partners? Imagine how much better India would be if a new generation understood that discrimination no matter what the reason is wrong...

| | View blog reactions

Sunday, October 23, 2005


Industry Conferences and Industry Analysts

This was an interesting week for me in that I had the opportunity to speak at one conference about service oriented architectures, attend another conference on information security and talk in detail with six different industry analysts throughout the week. Today's blog entry is an blend of all of my thoughts for the week.

In the blogosphere it is typical practice for folks to blog their experiences at industry conferences. I am no different. As usual, the vast majority of speakers are either from the industry analyst community or the vendor community and are infamous for presenting thinly veiled sales presentations chock-a-block with eye candy but lacking any substance. I can finally say, that I was presently suprised in attending the Information Security Conference put out by TechTarget. While it had the analysts doing their industry voodoo and vendors pitching their wares, it also had some decent presentations by end customers something that is rarely seen at other conferences.

Within the information security space, it seems as if folks are still struggling with getting spam under control, patch management and other kindergartner level information security topics. With the recent attacks that are in the media, I was disappointed in that no one was talking about security that happens at the application level. There were no presentations on identity management, federated identity or a topic near to my heart on writing secure code. For the most part everyone is still talking about security at the infrastructure level. No wonder most enterprises when breached end up in the media. No pity on them...

As far as my conversation with industry analysts in all started with a conversation I should have had with a prominent industry analyst that didn't occur. Awhile back, I came across a report on enterprise portal software and noticed that it did not contain any mention of open source portal offerings. Within the same time period, I ran across a wonderful open source portal: Liferay that was more scalable than anything on the planet and was validated to be more secure by an independent third party. As I started to learn more about Liferay, I also learned that it was used by several prominent Fortune 100 enterprises. Was curious why the analysts weren't talking about it.

The conversations with analysts brought me to a conclusion that I never really thought about in the past. I used to contribute to a variety of open source projects but that there are tons of folks on the planet to do this. My real calling is in my own ability to speak about corporate usage of open source. Since I am employed by a Fortune 100 enterprise, I could start talking about not only open source in terms of the software we use, but our mindset in what we will adopt and what we won't. I asked myself what would happen if I started to think of myself as a vendor giving a briefing to an industry analyst on the products we use would they then consider putting them into their quadrants...

Only time will tell if analysts will if analysts will start covering open source projects not created by just large software vendors who are simply dumping stuff into the marketplace but will tell the story of those who simply want to create useful software with no profit motive. Maybe there is an analyst that would not only talk about using open source software but contributing to it. Maybe they would tell the story in better detail of my own experiences or even the experiences of others. As a purchaser of analyst research, I feel it is important that analyst cover multiple perspectives including paid and open source software. Maybe they will tell the story of the folks at Duke Energy and their contribution of the DUKE .NET development framework to open source.

Anyway, in concluding today's entry I encourage all folks in corporate America to read a great blog entry by Bill Burnham entitled: Conflicts and Cash: Industry Analysts and Start-ups. It is eye-opening...

| | View blog reactions

Saturday, October 22, 2005


The art of becoming a Hit Slut

I figured I would share a little known secret about many of the bloggers in the blogosphere that folks may not know about. While some bloggers are ethical and post in order to give back to the community, others have different motives. Many are simply blogging in order to become hit sluts.

Bet you didn't know that the vast majority of hit slut bloggers hang out on a blogging site known as ITToolbox? On this site you will find respected bloggers such as Dave Taylor who has his own blog but tends to also post here. Bet you don't know the reason why? You will notice at the bottom of all his postings a disclaimer regarding republished with permission. Is it because ITToolbox will claim all intellectual property of folks who blog there? Is it because the motive for blogging here is to draw traffic to a blog one personally controls?

Other popular bloggers here such as SecurityMonkey talk about ethics yet choose to remain anonymous. Why would someone hide their identity?

Other bloggers such as George Eby Mathew, Sumit Malhotra, Indranil Mukherjee, Sandilya Venkatesh all seem to have positive things to say about outsourcing but never seemed to present a balanced perspective on the topic. Have you ever seem their outsourcing posts even for a second acknowledge that outsourcing can fail? Have you ever seen them quote any statistics on the number of failed outsourcing projects? Have you even seen them provide insight into best practices one what to do when outsourcing fails and a Fortune enterprise wants to bring it back inhouse. I believe that these individuals know more than they are willing to share on this subject but have other motivations in not engaging the community in honest dialog on this topic.

The primary reason for all of the conversations here is not because of anything said to date, but rather the fact that none of these folks ever mention that they are paid hit sluts. Don't get me wrong, its ok to be paid by ITToolbox to blog, but wouldn't ethics dictate that this occurs? Bet you didn't know that ITToolbox doesn't pay per article or similar practices used within the media. They compensate bloggers (aka authors) based solely on the amount of traffic they generate, ultimately turning them into hit sluts.

Sadly, I used to be a hit slut myself and loved the fact that I got a check from ITToolbox every month for $200 in which I used to donate to my favorite charities. But an awakening occured. I was the number two blogger on ITToolbox in June but never received the final check.

When I first started blogging with ITToolbox, I remember emailing Tim Ribich of ITToolbox asking him if he would contribute my payments for October through January directly to specified charities so that I could ensure that 100% of the contribution made it to a worthy cause such that Uncle Sam didn't require me to deduct income taxes from it. He indicated this would be taken care of. Over the next couple of months, I learned that this wasn't taken care of and started receiving abstract email messages.

When I blogged on this particular issue, I also noticed that my blog postings would mysteriously be moderated. Moderation is OK in situations where folks are breaking the law, but I was simply encouraging others to contribute to charity and talking about my own blogging experiences. This awakening caused me to realize that I too was a hit slut and needed to not only practice ethical blogging but encourage others to do so as well. Anyway, I suspect that if any ITToolbox bloggers even consider for a second responding to this blog, their own postings too will become moderated.

The only thing I can hope for is that readers of ITToolbox will start demanding ethical practices not only of the bloggers their but the blog host as well. Readers of blogs have a choice and will leave it up to society to conclude what is right and what is wrong...

| | View blog reactions

Friday, October 21, 2005


Identity-Enabled Enterprises

Recently came across two different articles that folks in corporate America should read. The first is entitled: Federated Identity: Single Sign-On Among Enterprises and the second is Building Identity-Enabled Web Services.

Curious if John Udell, Archie Reed and Kim Cameron have read them?

| | View blog reactions

Sunday, October 16, 2005


Outstanding Questions on Mobile Data Security

Been thinking about all the recent laptop thefts and figured someone in the blogosphere could steer me in the right direction...

1. Anyone aware of open source disk encryption software that works with Windows XP? The only project I have ran across is Truecrypt.

2. GNU folks have created a replacement for PGP named gnuPG. Curious if any third party that specializes in cryptography has certified this project?

3. Would love to also learn about open source equivalents that allow for securing USB, Firewire, etc for Windows XP.

| | View blog reactions

Wednesday, October 05, 2005


Catholic Church no swears that some parts of the bible are not actually true...

Check out this article...

| | View blog reactions

This page is powered by Blogger. Isn't yours?