BriefingsDirect's latest podcast discussion focuses on the nature of, and some possible solutions for, a growing parade of enterprise-scale glitches. We interview the author of the book as well as a software expert from IBM to delve into the causes and effects of glitches and how governance relates to the problem and fixes.
Please join guests, Jeff Papows, President and CEO of WebLayers, and the author of Glitch: The Hidden Impact of Faulty Software, and Kerrie Holley, IBM fellow and Chief Technology Officer for IBM's SOA Center of Excellence. The discussion is moderated by Dana Gardner, principal analyst at Interarbor Solutions.
Here are some excerpts:
Papows: What we're actually seeing is the confluence of three primary factors that are creating an information technology perfect storm of sorts.
The first is a loss of intellectual capital. We saw, between 2000 and 2007, the first drop in computer science graduates. The merger and consolidation activity -- the other side of the recession of 2008 -- has created massive complexity in these giant corporate IT mash-ups and critical back-office systems.
The third factor is just the sheer ubiquity of the technological complexity curve. It's the magnitude of technology that's now part of our social fabric, whether it's literally one million transistors that now exist for every human being on the planet or the six billion network devices that exist in the world today, all of which are accessing the same critical back-office structures.
You take those three meta-level factors and put them together and we're making the morning broadcast news cycles now on a daily basis with more and more of these embarrassing things coming to light. They're not just inconvenient, but there are monumental economic consequences -- and we're killing people. Look at the recent glitches you have seen at places like Toyota.
One of the most heartbreaking things in the research for the book was on software that controls the radiation devices in our hospitals for cancer treatment. I ran across a bunch of research where, because of some software glitches and policy problems in terms of the way those updates were distributed, people with fairly nominal cancers received massive overdoses in radiation.
The medical professionals running these machines -- like much of our culture, because something is computerized -- just assume that it's infallible. Because of the problems in governance or lack of governance policy, people were being over-radiated.
Holley: Jeff brought up some excellent points. The other thing that we see is that we've had this growth of distributed computing.
If we look at a lot of what businesses are trying to accomplish today, whether it's a new business model, differentiation, or whatever they're trying to do compete, what we are finding is that the complexity of that solution is pretty significant.
If we look at a lot of technologies that are out in the market place, unfortunately, in many cases they are siloed. They repair or they help with a part of the problem, but perhaps they're not holistic in dealing with the whole life-cycle. ... We just have an explosion of technologies that we have to integrate.
Secondly -- this is a point-in-time statement -- we're seeing rapid improvements in the technology to solve this. It hasn't caught up, but I think it will. ... Along with that comes some of the challenges in terms of how we make this agile, and how we make it such that it doesn't break.
Papows: We've grown up for decades now where we just threw more and more bodies at the problem, as the technological curve grew.
There was always this never-ending economic rosy horizon, where you would just add more IT professionals and you would acquire and you'd merge systems.
In 2008, the economic malaise that we're managing our way through changed all of that. Now, the only way out of this complexity curve that we've created is to turn the innovation that has been the hallmark of our industry back on ourselves.
That means automating and codifying all of the best practices and human capital that's been in-place and learning for decades in the form of active policy management and inference engines in what we typically think of as SOA and design-time governance.
Really, all that means is automating those best practices and turning them inward, so that we're governing ourselves as an industry in the same way that we would automate or govern many things. But now it's no longer a "nice to have."
I would argue that it's critical, because the complexity curve and the economics have crossed and there is no way to put this genie back in the bottle. There is no way to go backward.
There are lots of examples in the book [of what can go wrong] that may not be as ubiquitous as Toyota, but there are many cases of widespread health, power, energy, and security risks as a consequence of the lack of policy management or governance
... We all need to say, "I am a computer science professional. We have reached a point in the complexity curve where I no longer scale." You have to start with an admission of fact. And the reality is that the demands placed on today's IT organizations, the magnitude of the existing infrastructure that needs to continue to be cared for, the magnitude of application demands for new systems and access points from all of this new technology, simply is not going to correlate without a completely different highly automated approach.
Holley: One of the nice things that the attention to SOA has brought to our marketplace is the recognition that we do need to focus on governance. I don't know of a single client who's got an SOA implementation who has not, as a minimum, thought about governance.
They may not be doing everything they want to do or should be doing, but governance is clearly on the attention span of everyone in terms of recognizing that it needs to be done.
... That governance is not only around the technology. It's not only around the life-cycle of services. It's not only around the use of addressing processes and addressing application development. Governance also focuses on the convergence that's required between business and IT.
The synergistic relationship that we seek will be promoted through the use of governance. Change management specifically brings about a pretty significant focus, meaning that there will be a focus on the part of the business and the IT organizations and teams to bring about the results that are sought.
... A lot of what IBM has been talking about from a Smarter Planet standpoint is actually the exact issues that Jeff has talked about, which is that the world is getting more instrumented. There are more sensors. There is a convergence of a lot of different technology, SOA, business process management, mobile computing, and cloud computing.
Clearly, on one end of the spectrum, it's increasing the complexity. On the other end of the spectrum, it's adding tremendous value to businesses, but it mandates this attention to governance.
My book, that's going to be out later this year, is 100 SOA Questions: Asked and Answered. What my co-author [Ali Arsanjani] and I are trying to accomplish in the book, which distinguishes us from other SOA books in the marketplace, is based on thousands of questions that we've experienced over the decade in hundreds of projects where we've had first-hand roles in as consultants, architects, and developers.
We provide the audience with a hands-on, prescriptive understanding of some of the more difficult questions, and not just have platitudes as answers, but really give the reader an answer they can act on.
In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more
Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more
For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more
With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more