OK, so the holidays are over, you've either closed, or are in the process of closing out 2009 year-end processing. The 2010 decade has begun, and it promises momentous change before we see the end of it: Leading edge technologies will become commonplace; Still newer technologies will emerge; New business threats and opportunities will arise; And the impact of the Baby Boomer phenomenon will finally arrive.
According to my friend Pete Lindstrom, the Information Systems Security Association (ISSA) is surveying its members for suggestions on three 2009 stories that, in retrospect, were the "most" of something. I'm not a member of the ISSA, but awards are fun, right? Here are my nominations:
Most significant breach of 2009: Heartland Payment Systems
Yes, this breach happened in 2008. But the story broke in 2009, so I'm counting it.The significance of the breach wasn't just the size (130 million credit card numbers). The story that surrounded the breach provoked some interesting debates about the role of PCI, the effectiveness of auditors, and the willingness of clients to QSA-shop, ignore advice, and blame third parties for their own failures.
Most overhyped story: "The cloud is insecure, m'kay?"
It is easy and appropriate -- today -- to discuss the risks assoociated with putting applications and data on semi-public devices you don't own. Criticizing is easy, but the fixing is more interesting. I predict that in time "the cloud" will be the best thing that has ever happened to information security, because it focuses attention on the data, not the infrastructure. Or to put it differently, it puts the "information" back into Information Security. This is exactly the discussion we need to have.
You never know what’s coming at you next, which is why process agility is so important. Your organization must have a ready response for anything. And you must make sure that every process participant can identify, at their level, what that response might be, so they can take appropriate action.
Today, SAP announced a tiered support offering which reinstates Standard Support as an option, in addition to the Enterprise Support offering that SAP put in place in July 2008. This announcement should help to defuse a contentious battle that has played out over the past 18 months, where customers pressed for SAP to reconsider its phased-in migration to higher-priced Enterprise Support.
Along with its 2009 results, SAP today made another attempt to undo the damage of its clumsy attempt to hike its maintenance % up to Oracle-like levels, by announcing the reinstatement of Standard Support as an option for customers. “SAP’s new support model is a direct response to the many discussions we’ve had with our customer and user groups,” said Léo Apotheker, chief executive officer, SAP.
When we embarked on this project I wasn't sure if it would be a complete failure or a roaring success. Still, the optimist in me suggested it might work. The timing of launching the survey, just before the Christmas Holiday period was risky. However I'm pleased to say the results so far have been better than expected.
I recently came across a trade-press article with the headline “Mining the Cloud.” The cynic in me immediately issued a silent scoff: How is that different from “crawling the Web”? Are we just mapping old wine to shinier new bottles? Or is there something different here?
But, seeing as how I too like to proliferate discussions of mining this or that information type, I was willing to cut the reporter some slack. The article was from Redmond Developer, and concerns “Project Dallas” under Microsoft’s Azure cloud initiative. Essentially, “Project Dallas” (still in beta) supports discovery, manipulation, visualization, and analysis of data retrieved from multiple public, commercial, and private data sources via the Azure cloud. “Dallas” allows enterprises to provide users (via REST, Excel PowerPivot, and/or Visual Basic applications) with online access to aggregated feeds via Azure, which essentially operates as an online information marketplace. Also, “Dallas” allows customers to have Azure host their data for them, or simply continue to host it on their own premises while the cloud service connects securely to it.
Since 2007, Forrester analysts Ken Vollmer, Noel Yuhanna and I have collaborated to publish an annual review of the application, process, and data integration technology landscape. The goal of this important recurring research is to help application development, business process, data management, and enterprise architecture professionals navigate the often complex and confusing myriad of choices available to solve their organization’s integration challenges.
This year’s report focuses on ten distinct integration technologies including ESB, CIS (Comprehensive integration solutions), B2B service providers, Privacy industry exchanges, B2B gateway software, and Integration appliances on the application and process integration side, as well as ETL, CDC (change data capture), and EII (enterprise information integration) on the data integration side. In addition, we continue to look at Information-as-a-Service (IaaS) as an architectural approach to supporting data integration requirements.
A key take away from this research is our recognition that application, process and data integration can no longer remain isolated siloed competencies within an organization. Our recommendation is that organizations look to consolidate their integration strategies and resources into a shared services organization that can leverage all the strengths of these different techniques.
We hope you enjoy, and look forward to hearing your feedback.