April 26, 2010 Hand Over Your E-Mail

THE BUSINESS VALUE OF TECHNOLOGY

C.K. Prahalad remembered 8 | Linux’s aging leadership 14 | Dr. Dobb’s Report: Getting quality code 39 | Unified communications gets real 50 | Microsoft the innovator 52

April 26, 2010

Beyond e-mAilTime to link messaging with enterprise, social apps p.29

Don’t upgrade without giving SaaS a close look p.19By Andrew Conry-Murray

Our buyer’s guide p.25By Michael Biddick

Hand Over Your E-Mail

A UBm TechWeb publication® CAn $5.95, US $4.95

informationweek.com

[Also]

Copyright 2010 United Business Media LLC. Important Note: This PDF is provided solely as a reader service. It is not intended for reproduction or public distribution. For article reprints, e-prints and permissions please contact: Wright’s Reprints, 1-877-652-5295 / [email protected]

16

COVER STORIES

19 SaaS E-Mail’s MomentCIOs are giving online e-mail a

close look, and mega-vendors aredesperate to get their attention

25 Buyer’s GuideHere’s what you need

to consider

29 Let’s Get UnifiedIt’s time to link messaging with

enterprise and social applications

12 Oracle’s Big DealIt pays $685 million for life sciencessoftware maker, showing industry-focused strategy to take on SAP

Red Hat Tricks Out LinuxNew enterprise version emphasizesvirtualization performance, poweruse, and flexibility

14 Linux Ages GracefullyCloud computing and other trendsfavor Linux over Windows, but willnext-gen Linux leaders step up?

Jigsaw Buy Is No PuzzleSalesforce.com is buying companythat uses Wikipedia-style crowd-sourcing for business-card data

16 Microsoft Wagers Big On CloudSteve Ballmer predicts hockey-stick growth for the cloud market

SQL Server Looks AheadSQL Server upgrade sports in-memory analysis, hooks to cloud

[QUICKTAKES]

CONTENTSTHE BUSINESS VALUE OF TECHNOLOGY April 26, 2010 Issue 1, 264

19

informationweek.com April 26, 2010 1

2 April 26, 2010 informationweek.com

34 Standardize Vs. DiversifyCompanies plan to move tofewer business intelligence tools

36 Practical MigrationAcceptance of Windows 7 is ona steady upward trend

39 Dr. Dobb’s ReportWhen Quality CountsStatic code analysis can make abig difference in development

Gov 2.0 Expo will deliver the practical tools andindustry contacts needed to answer the governmentmandate for transparency, efficiency, and costcontainment. Register now: gov2expo.com

May 25-27 in Washington, D.C.

upcoming events: Gov 2.0 Expo

4 LinksResearch And ConnectReports from InformationWeekAnalytics, events, and more

6 FeedbackReaders sound off about recentstories, blogs, and columns

8 Global CIOBy Bob EvansC.K. Prahalad will be rememberedfor his unconventional thinking

10 CIO ProfilesHabit FormingReading The 7 Habits Of HighlyEffective People could help youthrough the downturn, saysToromont CIO Michael Cuddy

50 Practical AnalysisBy Art WittmannUnified communications has gonemainstream—finally

52 Down To BusinessBy Rob PrestonC’mon, let’s give Microsoft somecredit for innovation

[CONTENTS]

INFORMATIONWEEK (ISSN 8750-6874) is published 24 times a year (once in January,July,August,and December;twice in February,March,April,and November;and three times in May,June,September,and October) by United Business Me-

dia LLC,600 Community Drive,Manhasset,NY 11030.INFORMATIONWEEK is free to qualified management and professional personnel involved in the management of information systems.One-year subscription rate for U.S. is $199.00; for

Canada is $219.00.Registered for GST as United Business Media LLC.GST No.R13288078, Customer No.2116057, Agreement No.40011901.Return undeliverable Canadian addresses to Bleuchip International, P.O.Box 25542, London, ON,

N6C 6B2.Overseas air mail rates are:Africa,Central/South America,Europe,and Mexico,$459.00 for one year.Asia,Australia,and the Pacific,$489.00 for one year.Mail subscriptions with check or money order in U.S.dollars payable to INFOR-

MATIONWEEK.For subscription renewals or change of address,please include the mailing label and direct to Circulation Dept., INFORMATIONWEEK,P.O.Box 1093,Skokie, IL 60076-8093.Periodicals postage paid at Manhasset,NY,and ad-

ditional mailing offices.POSTMASTER: Send address changes to INFORMATIONWEEK,United Business Media LLC,P.O.Box 1093,Skokie, IL 60076-8093.Address all inquiries,editorial copy,and advertising to INFORMATIONWEEK, 600 Com-

munity Drive,Manhasset,NY 11030.PRINTED IN THE USA

10

29


Prescription For IP TelephonyFind out the best practices for implementing VoIP andunified messaging systems in healthcare settings.

informationweek.com/analytics/healthtelephony

Serious About VirtualizationIT teams are in for trouble if they don’t focus more onmanaging virtual environments, especially as virtualiza-tion moves beyond servers.

virtualizationmanagement.informationweek.com

Get Cloud Service Levels In WritingIf you decide to try cloud computing, you’dbetter figure out what to do if and whenthings go wrong—and get it in the form of aservice-level agreement.

cloudsla.informationweek.com

Billing: Key To GrowthTake a look at the opportunities and challenges insur-ance companies face in modernizing their core billingsystems.

informationweek.com/1264/billing

Get—And Stay—FISMA CompliantImplementing a program that secures assets and willcontinually address compliance is difficult. Discover aworkable approach.

informationweek.com/1264/fisma

Join David Berlindas he goes behindthe closed doors ofGoogle’s New Yorkoffices and meetsits innovativeemployees.informationweek.com/video/googletick

InformationWeek 500Nominate your company for the 2010 InformationWeek500. The deadline is April 30.informationweek.com/500/preregister

Virtual Event: Optimize Your InfrastructureHear about the latest innovations to help you address thechallenges posed by virtualization. It happens May 20.techweb.com/virtualinterop

Get SocializedAttend the largest gathering for people readyto connect teams and harness intelligencewith social tools. It happens in Boston, June 14-17.e2conf.com/boston

Let The News Find YouGet the news topics you follow delivered to your in-box.informationweek.com/getalerts

Resources to Research, Connect, CommentLinksInformationWeek AnalyticsTake a deep dive with these reports

[ ]

More InformationWeek[ ]

WatchIt Now

Inside Look:What makes Google andits employees tick [

Facebook, iGoogle, And MoreAccess our portfolio of social networking tools, includingFacebook applications and fan page, iGoogle widget,FriendFeed content, Twitter headlines, and RSS feeds.informationweek.com/take.jhtml

Take InformationWeek With You[ ]

Subscribe to our more than 700 reports atanalytics.informationweek.com

Never MissA Report

>> Unified Messaginginformationweek.com/analytics/unifiedmessaging

>> Salary Survey: Data Center And Networkinginformationweek.com/analytics/networkpay2010

>> Master Your Win 7 Rolloutwindows7.informationweek.com

>> IT Outsourcing: Better Management Requiredinformationweek.com/analytics/outsourcing2010

>> Mobile Device Management And SecurityComing May 3

>> 2010 Strategic Security Coming May 10


Senator Wants Piece Of FCCBroadband ActionWhy is Sen. Chuck Schumer askingfederal agencies for financial supportto extend an upstate New Yorkcounty’s fiber network into surround-ing areas? —Rob Prestoninformationweek.com/1262/schumer

Schumer’s idea reminds me of theempty interstate highways built inWest Virginia that were supposed toenable and promote commerce. Un-cle Sam shouldn’t own infrastructurewhen the private economy can pro-vide it. Unlike government boondog-gles, private companies can be “fired”by their consumers. —JK

Good discussion about the reality ofpolitics and our elected officials pos-turing in front of the TV cameras, say-ing all the correct phrases to sound likethey understand the issues and theneeds of the electorate. If there were aviable need for broadband, and userswilling to pay for the service, it wouldalready be in place. —Wild Willy

The interstate highway system didn’tget built without federal funds. Ruralcommunities didn’t get electricity orphone service without governmentintervention. We are moving toward

an era where true high-speed Inter-net access will make at least as signif-icant an impact on quality of life andaccess to information as access tohome phone service has. Govern-ment intervention is needed to levelthe playing field. —Anonymous

States’ Rights Come To Security Forefront Massachusetts’ new data protectionlaw reaches beyond its borders. Bet-ter get ready. —Randy Georgeinformationweek.com/1263/massachusetts

Isn’t it time to reconsider the use of So-cial Security numbers for security?Why is a bank allowed to assume thatanyone who knows my name and SSNis me and hence can spend my money?

Lack of data encryption need notbe the problem we solve. It’s thebank’s laziness in identifying peoplethat’s the real problem.We could havea system where people can opt-inthat uses fingerprints. Nobody coulduse my identity unless he had my fin-gertips. —mschluper970

Google Docs TakesMicrosoft Office Head OnGoogle’s strategy is a huge bet onreal-time collaboration and online-only software. —Thomas Claburninformationweek.com/1262/googledocs

The fact that Google’s offline ability willsoon be returned with HTML5 opensup a world of cross-platform possibili-ties that Microsoft will be unable tomatch. The world is moving to newportable devices, many on ARMprocessors. This will allow the use ofdevices like “slates,” smartphones,smartbooks, etc., that Microsoft doesn’tor can’t support. For example, newsmartbooks have more than 10 hoursof battery life, which is great for flights.

But Microsoft doesn’t support these de-vices at all. Microsoft is completely loston portable devices, so Google wins inthat respect, allowing you to use thedevice you want and not be enslavedto Windows on x86 processors. —CIO

I wonder how some who complainabout Google Docs’ security feel aboutVisa and MasterCard handling theircredit card transactions on a regularbasis. Arguably, this is far more routineand potentially more sensitive. Thereare criminals routinely seeking ways togain access to credit card data, andsome of them do, more often thanGoogle is “hacked.” Yet people are byand large comfortable with the system.

The interesting thing to me isn’t somuch that some people don’t trustGoogle with their data. What’s inter-esting is the dynamic of changingtrust over time, and how technologiessucceed in gaining trust and becomeubiquitous, fail to gain trust and don’tspread, or fall somewhere in be-tween—not completely trusted butwidespread anyway. —T Loos

The advantage of live collaboration isoverrated for top execs, who are usedto the concept of versions of documentsbeing “delivered” as files or e-mails. Ifyou need to do a presentation to aclient, or work on the plane, are yougoing to waste time connecting to a net-work, tethering the BlackBerry? Or justflip open your laptop and use a localcopy? —MemphisITDude

Correction “States Rights Move To Security”(April 19, p. 34; informationweek.com/1263/massachusetts) should havesaid Massachusetts doesn’t requirethat written information securityprograms be filed with the state, justthat they exist.

Write to us at [email protected]


G

L O B A L C I OG

L O B A L C I OThe world is now a much poorer place

without the wisdom, graciousness, vi-sion, and inspiration of C.K. Prahalad,

regarded by some as the world’s top thinkeron management and business strategy, and adearly loved distinguished professor at theUniversity of Michigan’s Ross School of Busi-ness. C.K. passed away last week at his homein San Diego after a brief illness.

For all of his accomplishments in theworlds of business and academia, C.K. mightbe best remembered for his passionate anduntraditional thinking about the billions oflow-income people around the world: in hisnative and beloved India, in Africa,China, South America, and else-where. His landmark book TheFortune At The Bottom Of ThePyramid challenged businesses toshift their thinking from the tra-ditional view that those living inpoverty are too poor to afford mycompany’s products, to the more-oppor-tunistic perspective of how can I rethink mypackaging and pricing and distribution to of-fer those people products that they can affordand on which I can make a profit?

I had the great pleasure of knowing C.K.for 14 years, during which we worked on anumber of projects ranging from articles andresearch and presentations to my offeringsome feedback on books he was writing. Ihave never come across a mind like his, atonce startlingly perceptive but humble, gra-cious but demanding, and disarmingly kindyet intensely focused.

In one of those conversations, I suggestedassembling a list of best practices towardwhich readers could strive. “And why, my dearBob, would we want to do that?” he replied.“Is not a best practice, by definition, one that’swidely known, broadly aspired to, and alreadyfar down the path toward becoming a com-

modity? Could we not serve our readers betterby instead trying to imagine what is yet tocome: next practices instead of best practices?”

In our very first conversation, back in1996, we began to form the basis for ourfirst project as we talked about how the ideaof “customer satisfaction” had become out-dated and in some ways counterproductive.“What happens when you’re satisfied?” C.K.said. “Say you eat a large Thanksgiving mealand you say, ‘I am perfectly satisfied.’ Whathappens next is, you sit down and fallasleep. So if I’m a business owner, I don’twant my customers to be merely satisfied—

in such a case, I’ll never hear fromthem again and I’ll gain no idea

from them as to how I might im-prove my standing with them.

“I want them to be delightedand excited! I want them calling

me up and writing me letters andsharing with me their excitement

and telling me how I can make my prod-uct and their experience even better.”

C.K. Prahalad—gentle man and gentleman,scholar and visionary, strategist and creator—excited and delighted not only all those fortu-nate enough to know him directly but alsothe many millions who got to know him andhis dynamic compassion through his books,articles, lectures, advocacy, and ideas. I havenever met anyone like C.K. and doubt I’ll everhave such great fortune again. But the truetreasure of a life so well-lived is that C.K.’s im-pact and ideas and inspiration will live on inways great and small. And so it is that I sayfarewell but not goodbye to my friend.

Bob Evans is senior VP and director ofInformationWeek’s Global CIO unit. Formore Global CIO perspectives, check outinformationweek.com/blog/globalcio, or writeto Bob at [email protected].

C.K. Prahalad: Management Genius, Humanitarian

The distinguished

University of Michigan

scholar will be best

remembered for his

unconventional

business thinking and

dynamic compassion

globalCIOB O B E VA N S


CIOCareer TrackHow long at current company: 15years at Toromont, an industrial ma-chinery and equipment distributor.

Career accomplishment I’m mostproud of: My proud moments comefrom anecdotes and comments. Forexample, a recent hire from a com-petitor remarked about how muchmore information was available fromour IT tools, and that helped him bemore successful. That’s what it’sabout—beating the competition withbetter information and technology.

Most important career influencers:I have three. The first is a cost ac-counting professor in my MBA pro-gram. I don’t remember his name,but he scared the crap out of every-one. You either knew your stuff, orgot fried like bacon. I still use les-sons I learned in that class. The sec-ond is an old boss who taught meyou can find a positive outlook tojust about everything in business.Third is a former manager, when Iwasn’t working in IT. He was anSOB and tried to sabotage my career.I learned that some walls are madeof concrete and can’t be moved.

Decision I wish I could do over: Abad hiring decision—it set me backa year and a half.

On The JobIT budget: About $15 million

Size of IT team: Approximately 50

How I measure IT effectiveness: Imonitor traditional spend-to-planand results-to-plan. However, mykey assessment of our group’s effec-tiveness is feedback from senior andline-of-business management. Ifthey’re more effective and gaining a

MICHAEL CUDDYVP of IT and CIO,Toromont Industries

Colleges/degrees: University ofToronto, BSc in engineering and MBA

Favorite sport: Ice hockey

Last vacation: Huatulco, Mexico—Ilike warmer weather

Business leader I’d like to have lunchwith: Kent Kushar of E.&J. Gallo

Business-related pet peeve: Thephrase “Someone needs to”and sen-tences that start with “Yeah, but”

Smartphone of choice: BlackBerry

If I weren’t a CIO, I’d be ... doingsomething related to marketing

competitive advantage, they know itand say so. If not, we have a prob-lem, no matter what the reason.

Top initiatives:

>> Mobility of people. Smart-phones, netbooks, 3G, 4G, and re-mote video lead to faster decisions,better customer collaboration, andmore efficient resource use.

>> Mobility of things. We’re imple-menting increasingly sophisticatedon-board electronics and systemsthat integrate real-time operatingdata with management information.

>> Customer connectivity andengagement. Combining these tech-nologies with knowledge-based sys-tems lets us work with customers invery tangible and measurable ways.

VisionThe next big thing for my indus-try will be ... embedded electronicsand machine-to-machine IT. Ourbusiness involves selling and servic-ing increasingly sophisticated in-dustrial equipment. Combined withmobile user devices, connectingpeople to people and to their assetscreates enormous opportunities.

Best way for CIOs to cope withthe economic downturn: ReadStephen Covey’s The 7 Habits OfHighly Effective People and focus onthe first habit, which is Be Proac-tive. Concentrate on the things youhave control and influence over.

Kids and technology careers:Technology is our future. My oldestson specializes in search engine opti-mization at an ad agency. I wouldn’tsteer them in this direction at thecost of some other passion, however.

profiles Read other CIO Profiles at informationweek.com/topexecs

Virtualization Plans

Data: InformationWeek Analytics 2009 Virtualization ManagementSurvey of 391 business technology professionals, July 2009

VMware

Microsoft Hyper-V on Windows 2008

Citrix XenServer

Oracle

Red Hat

64%

16%

5%

3%

6%

Which will you run extensively by 2011?


To overtake SAP as theleader in enterprise ap-

plications, Oracle CEOLarry Ellison has vowed tofocus on industry-specificfunctionality. Oracle’s $685million acquisition of PhaseForward, a maker of onlinesoftware for life sciences,shows how this strategy isplaying out.

Phase Forward’s clinicalresearch suite, delivered asan online service, helps drugresearchers manage parts ofthe clinical trial process,from the initial regulatorysubmission to post-approvaldata monitoring.

Oracle has market-leadingproducts for other aspects ofclinical data management,but its front-end data cap-ture software, Oracle RDC,“isn’t what one would defineas best of breed,” says AlanLouie, research director atIDC Health Insights.

The Phase Forward dealis notable for the level ofgranularity that Oracle islooking to provide life sci-ences companies, such assoftware for submittingelectronic forms to the U.S.Food and Drug Administra-tion. It’s also worth noting,given Oracle’s generally cau-tious stance on cloud com-puting, that Phase Forward’ssoftware is delivered as aservice.

Life sciences companies,

like those in many indus-tries, want to manage fewerapplications, so they’removing toward buyingmore comprehensive, inter-connected e-clinical sys-tems to capture data, man-age trials, and track safetyprocesses. Phase Forwardprovides Oracle with newtools for several of thesefunctions.

Driven by complianceand security requirements,67% of healthcare organiza-tions will increase IT spend-ing this year, says MarkBowker, an analyst with En-terprise Strategy Group.Spending decisions tend tobe made “at the clinicianlevel” more than in IT,Bowker says, with apps fo-cused on meeting specificbusiness needs.

SAP makes its own casefor having industry-tailoredapplications. The largerpoint, however, is that thetwo most-powerful enter-prise software companiesare now locked in directcompetition to deliver toCIOs in every industrydeeper and more powerfulinsights, new customer-cen-tric features, and, ultimately,greater business value. (ForBob Evans’ column on thistopic, see informationweek.com/1264/evans2.) —Bob Evans

([email protected]) and Nicole Lewis

The changes in Red Hat’snew enterprise version

of Linux reflects how datacenters are changing, withits emphasis on virtualiza-tion performance, flexibility,and power use.

The beta of Red Hat Enter-prise Linux Version 6 featuresincreased power and per-formance for the KVM hyper-visor, greater Linux serverscalability, and a new versionof the Enterprise Linux filesystem. “This release sets thescene for the next decade,”says Red Hat marketing di-rector Nick Carr.

A virtual machine underKVM may have up to 64CPUs, up from a maximumof 16. Red Hat customers to-day tend to use at most 32CPUs per virtual machineand 256 GB of memory. Un-der KVM in version 6.0,they’ll be able to use up to aterabyte of memory. A featurewith which the KVM hyper-visor can identify a page ofdata in RAM that’s identical to

another, and eliminate theduplicate, will mean more ef-ficient memory use, and thusroom for more VM s on thesame host.

Red Hat also put a lot ofengineering effort into in-creasing I/O throughput ofKVM virtual machines. Thenew features will make itpossible to run heavy I/Oservers, such as databaseservers, in a VM underLinux, Carr predicts. Data-base systems haven’t typi-cally been virtualized.

Version 6 also includesmany power managementfeatures, an area whereLinux has lagged.

Red Hat’s still a dark horsein the virtualization market.Only 3% of companies planextensive use of it for virtu-alization, InformationWeekAnalytics research finds.However, 20% plan limiteduse. Red Hat will get achance to prove itself.

—Charles Babcock ([email protected])

[QUICKTAKES]INDUSTRY IDIOSYNCRASIES

$685 Million DealShows Oracle’s Intent

VIRTUALIZED DATA CENTERS

Red Hat Tricks OutLinux For New Demand


CISCO VIDEO DEAL DONECisco has finalized the $3.3 bil-lion acquisition of videocon-

ferencing firmTandberg, a majorexpansion of its of-ferings in Internet-delivered videocommunicationsand the related in-frastructure. Tand-

berg’s products will be foldedinto Cisco’s TelePresence port-folio in order to offer multi-vendor interoperability, fromdesktops through multiscreentelepresence offerings.

OPEN DATA MANAGEMENTTalend has integrated its threemajor data integration productsinto Talend version 4.0 in thefirst attempt to supply inte-grated data integration, datacleansing, and master data man-agement in an open sourceproduct. The three componentsare Talend Open Profiler,TalendOpen Studio, and Talend MasterData Management.

CLOUD E-MAIL AT ENERGYThe U.S. Department of Energyis testing cloud-based e-mailand collaboration and aims tooffer those services to its em-ployees in addition to on-prem-ises e-mail. It’s drawing lessonsfrom the agency’s LawrenceBerkeley National Laboratory,which is a quarter of the waythrough moving its e-mail envi-ronment to Gmail and antici-pates completing the move byAugust, according to a spread-sheet posted on its Web site.

WORLD BANK DATA ONLINEThe World Bank has released on-line more than 2,000 data setsdocumenting human develop-ment worldwide,data previouslyavailable only to paying cus-tomers. The data—available atthe World Bank’s Open Data Website—includes worldwide infor-mation about health,business, fi-nance,environment,and socialwelfare.People can download bycountry,access raw data,e-mail,and share data via social media.

Linux is in a strong marketposition thanks to cloud

computing and other trendsthat favor it over Windowsand older Unix versions,maintained Jim Zemlin, ex-ecutive director of The LinuxFoundation, speaking at thegroup’s annual developermeet-up. Zemlin didn’t men-tion, though others did, alooming problem for Linux:Key maintainers of the Linuxkernel are getting older.

“There are more graybeards. ... The graying of theLinux kernel is going tocontinue, frankly, until peo-

ple start dying,” said JamesBottomley, SCSI subsystemmaintainer.

Andrew Morton, a keyleader alongside Linux leaddeveloper Linus Torvalds, putthe issue equally bluntly:“Yes, we’re getting older, andwe’re getting more tired. Idon’t see people jumpingwith enthusiasm to work onthings the way that I used to.”

On the plus side, experi-enced kernel developers nowhave deep knowledge of thecode and are willing to tacklegreater complexity, he said.

“The people are more

complex. The code is morecomplex. We have stuff get-ting in now that we wouldhave run away from 10 yearsago,” Morton said. Kernelmaintainers will encourageyouthful enthusiasm whenthey find it, he added.

Each two-month release ofthe kernel includes about10,000 changes, with 1,100-1,200 developers contribut-ing code, many of them forthe first time. The processhasn’t slackened, he said.

Linux remains a strongpresence in the data center,and Zemlin cited futuregrowth in Linux’s use in mo-bile devices. Google’s An-droid OS is an adaptation ofLinux being used on a newgeneration of smartphonesand other devices.

The MeeGo mobile devicesystem, a combo of Intel’sMoblin and Nokia’s Maemoprojects, is in the works, Mor-ton said. And Linux powersnetbooks and nettops, under-sized, low-powered desktopsusually based on Intel’s Atomprocessor. —Charles Babcock

([email protected])

GRAYBEARDS OR WISDOM CIRCLE?

Linux Ages Gracefully

Salesforce.com plans toacquire Jigsaw and its

business-contact-data ser-vice. The $142 million cashpurchase, expected to closeby the end of this quarter,will bring Salesforce into the$3 billion online data ser-vices market.

Jigsaw relies on Wiki-pedia-style crowdsourcing tocompile, correct, and updatebusiness-card contact infor-

mation. It has 21 millioncontacts in its database,which people can get limitedaccess to for free by con-tributing information. Publicusers are adding 36,000records and updating 12,000records per day, Jigsaw says.

Jigsaw is already a Sales-force partner and providesits service through the Sales-force AppExchange. Individ-ual subscriptions to Jigsaw’s

full database start at $25 permonth for 25 records. Enter-prise-level subscriptionsprovide entire sales organiza-tions with broader access.About 70% of Jigsaw’s 800corporate customers useSalesforce.com. Nonetheless,Salesforce said it will con-tinue to run Jigsaw as an in-dependent business.

—Doug Henschen([email protected])

$142M FOR JIGSAW

Salesforce To Buy Data Crowdsourcer

[QUICKTAKES]

Morton: Developers canhandle complexity[

informationweek.com16 April 26, 2010

Steve Ballmer has signaledthat Microsoft is “all in”

when it comes to cloud com-puting. In fact, Microsoft’sCEO said the cloud market ispoised to take off so fast thathe conjured the old hockey-stick growth metaphor. Andjust when does that begin?“It sure feels like we’re theretoday to me,” Ballmer said.

In a recent interview withInformationWeek, Ballmeradmitted that some enter-prise software—industry-specific applications andtransaction systems, for ex-ample—aren’t going to thecloud en masse yet. But hesaid CIOs are ready to movequickly into the cloud with“information-worker infra-

structure,” apps such as Mi-crosoft’s Exchange, Share-Point, and Office.

“The truth of the matter isthere is not an enterprisecustomer I visit today wherethis is not an issue,” Ballmersaid. Any CIO consideringan upgrade to the company’se-mail or other collaborationsystems has to at least con-sider a move to cloud-basedinfrastructure, he said.

Ballmer pointed to theend of 2008 as the timewhen CIO attitudes “justflipped” in favor of cloudcomputing. “Conventionalwisdom became: ‘I’m goingto the cloud,’ ” he said.

Our discussion turned tothe desktop, where Mi-

crosoft software has domi-nated for more than 25years. “People would lovethe desktop to be a service inall of its richness—Windowsand Windows applicationexecution, collaboration,communication, productiv-ity,” Ballmer said. “People arepushing on that, as they arein CRM.” Microsoft will for-mally launch new, Web-based versions of its Office2010 apps next month.

Ballmer expects manycustomers to use both cloudservices and on-premisessoftware. “When you use

SharePoint as a front end forenterprise data, the enter-prise data set doesn’t moveto the cloud,” he said. “Peo-ple still want SharePoint on-premises for that purpose.”

Hybrid environments willrequire integration work byIT departments. Said Ball-mer, “There’s always somethings you’ve got to bridgebetween what’s going on inthe cloud and what’s goingon on-premises.”

For the full interview, goto informationweek.com/1264/murphy. —Chris Murphy

([email protected])

The unveiling of Micro-soft’s SQL Server 2008

R2 was anticlimactic givenall that’s been said about thedatabase upgrade, but theoccasion did stir interest inSQL Azure cloud servicesand anticipation of the Par-allel Data Warehouse editionof SQL Server that’s ex-pected later this year.

Plans for the upgrade toSQL Server 2008 go back toOctober 2008, and a betarelease has been available forsix months. Highlights in-clude in-memory analysiscapabilities provided byPowerPivot add-ins for Ex-

cel and SharePoint, andmaster data managementand complex event process-ing capabilities for ISVs anddevelopers.

Critics describe Power-Pivot for Excel as little morethan an in-memory upgradeof the pivot-table capabili-ties already available in thespreadsheet tool. The add-in will let power usersquickly crunch more data,but it won’t make develop-ing business intelligence in-sight any easier or moreaccessible to spreadsheetnovices.

SQL Server 2008 R2 in-

cludes upgrades for stream-lining administration. Newapplication and multiservermanagement capabilities, forexample, let database ad-ministrators centrally man-age all instances of appli-cations running on anynumber of servers. Artifactssuch as tables, views, andstored procedures can begrouped, deployed, andmanaged using unified poli-cies and procedures.

The Parallel Data Ware-house edition of SQL Serveris based on the massivelyparallel processing technol-ogy that Microsoft acquired

in 2008 through the pur-chase of DATAllegro. Atechnical preview of thesoftware is being tested bysome customers. The edi-tion represents Microsoft’sanswer to the many appli-ances taking over the large-scale data warehousingmarket.

SQL Azure, the cloud ver-sion of SQL Server, includesa subset of the platform’s ca-pabilities. Senior VP TedKummert says Microsoft willexpose broader capabilitiesin SQL Azure and foreseeshybrid environments of on-premises and cloud-basedSQL Server as a way of han-dling peak workloads.

—Doug Henschen([email protected])

DATABASE CLOUDS AND APPLIANCES

Upgrade Hints At What Comes Next

[QUICKTAKES]

THE SWITCH FLIPPED

Ballmer: All CustomersMulling Cloud Services

“There is not anenterprisecustomer I visitwhere this is notan issue,” saidMicrosoft’s CEO.

Ro

ber

t Gal

bra

ith

/Reu

ters

/Lan

dov

-mail is hot again. Major vendors, from Microsoft and Googleto IBM and Cisco, are vying to provide this venerable communica-tions application. While Microsoft Exchange is the on-premiseschamp, e-mail delivered as an online service resets the competition, ascustomers large and small look to reduce costs and eliminate opera-

tional headaches.The competition has just started. Of the roughly 996 million business mail-

boxes worldwide, IDC estimates, only 2%—20 million—were software as aservice in 2009. But when it comes time for companies to upgrade their e-mail,they must consider SaaS options. GlaxoSmithKline, Coca-Cola Enterprises,Panasonic, and the city of Los Angeles are among the jumbo accounts—tens ofthousands of employees—that have moved their e-mail to the cloud.

Although Microsoft is the e-mail market-share leader on-premises, it’s bettingthat most customers will move to the cloud. “We’ll look back in five years and say,‘Why would anyone run their own e-mail?’ ” says Tony Scott, CIO of Microsoft,whose 90,000 in-boxes run on the vendor’s own SaaS environment. StephenElop, president of the Microsoft Business Division,says half of the company’s Exchange, SharePoint, andDynamics CRM revenue will come from service-based products within four years.

E-mail can be divided into three categories: prem-ises, hosted, and SaaS. SaaS is built on a multitenantarchitecture and delivered over the Internet. With ahosted service, the e-mail servers might reside on acustomer premises and be managed remotely or op-erated off the customer premises, but each customer

[COVER STORY]

informationweek.com

E

CIOs are giving online

e-mail a close look.

And the mega-vendors

are desperate to get

their attention.

By Andrew Conry-Murray


[COVER STORY] E-MAIL

gets dedicated servers and storage.SaaS e-mail’s market share doubled

since 2007, IDC estimates. Fourteenpercent of companies that use out-sourcing have SaaS e-mail, our Informa-tionWeek Analytics survey of 530 busi-ness technologists finds.

What’s the draw of SaaS? First, com-panies can get substantial cost savings,as SaaS’s multitenant architecture allows

for economies of scale. Second, compa-nies don’t have to sacrifice features oravailability to get those savings. Third,IT departments can employ fewer peo-ple by handing over time-consumingand costly maintenance to a provider,and they can focus some of those peo-ple on more strategic tasks. Fourth,some companies find that SaaS e-mailmakes it easier to give employees themobile access they’re demanding, suchas from home PCs.

Why NowAs you can see from our table on

p. 24, SaaS e-mail providers offerservices for as little as $3 per user amonth. The recession kick-startedmarket growth, as companies consid-ered options that might have other-wise seemed too daring.

Take Sanmina-SCI, a nearly $6 bil-lion-a-year global contract manufac-turer. Sanmina-SCI moved more than16,000 employees from premises-based Exchange to Google Apps aspart of a company-wide push to re-duce costs. “We looked at servers,backups, personnel tied up in runningthings,” says CIO Manesh Patel.“When we ran that analysis and didthe comparison, it was a fairly com-

pelling case to move to the cloud.” Themove saves the company about $10per month per employee, Manesh says,which works out to about $1.9 milliona year—a figure any CIO would behappy to bring to a budget meeting.

At Blue Man Productions, which runsthe popular Blue Man Group shows, thecost of maintaining e-mail servers for its500 employees in five U.S. cities, plus

Berlin and Zurich, ran into six figures,says company IT manager David Whar-ton. Switching to a SaaS-based Ex-change offering from AppRiver cut thecost by a third, he says.

Cost isn’t the only reason to switch.Features, availability, and streamlinedoperations are also worth considering.And companies are finding they cangive SaaS e-mail to a new level of em-ployee, thanks to the lower cost andbrowser-based access SaaS provides.Microsoft says Starbucks, for instance,chose its SaaS offering to give certainemployees in its coffee shops e-mail,while keeping its corporate e-mail onpremises. After Delta Hotels & Resortswent to Gmail for 2,500 employees, itdecided it could afford to extend e-mailto another 2,000 hotel employees,given Google’s low cost.

DMS & Associates, which providesaccounting and administrative servicesto small businesses, relies on 35 subcon-tractors to serve clients. A year and a halfago, CEO Kimberlee Augustine had hersubcontractors using free Gmail. How-ever, because so much of the businessrelies on e-mail—DMS makes paymentsfor clients in e-mail—she wanted a se-cure archive of all messages sent and re-ceived by the company’s contractors. So

she moved the contractors from Gmailto Rackspace Email, a bare-bones SaaSoffering that gives her administrative ac-cess to all company messages. “I canpeek at what’s going on, get a sense ofthe tone between the accountant and theclient,” Augustine says. “I don’t read allthe e-mail, but I keep an eye on it, and Icouldn’t do that with Gmail.”

Blue Man Productions’ Wharton saysthe AppRiver service, which uses Out-look, makes it easy to provision anddeprovision users, including thosewith mobile devices. This feature is es-sential because many employees, par-ticularly those involved in producingshows, don’t have desks; they live onBlackBerrys and iPhones. “When thehiring notice comes out, in 10 minuteswe can create an account, download anin-box, and hand them a BlackBerry asthey walk in the door,” he says.

The service provides a higher level ofbusiness continuity. Under its old system,all Blue Man offices except in Las Vegasrelied on the mail servers in New York. Ifthose servers went down or power wentout, so did mail service for six of thecompany’s seven offices. In addition, e-mail latency was a problem. “Some usershave 40,000 messages. When you havean in-house server and an in-box withthat many messages, then Outlook andBlackBerry would crawl,” Wharton says.Now, he says, overall performance is sub-stantially improved.

More Than E-MailMarket competition is increasingly

for a collaboration suite that goes be-yond e-mail. Microsoft’s Business Pro-ductivity Online Suite includes e-mailand other services, such as SharePointonline and Web conferencing, startingat $120 a user per year. IBM’s Lotus-Live Notes service bundles e-mail,calendaring, and instant messaging,starting at $108 a year. The GoogleApps suite, at $50 a user per year,wraps e-mail with Google’s browser-based word processing, spreadsheet,and presentation software, which al-

“We’ll look back in five yearsand say, ‘Why would anyonerun their own e-mail?’”

—Microsoft CIO Tony Scott

informationweek.com


lows document sharing and simulta-neous editing.

This larger collaboration challenge iswhat IT leaders are really trying to solve.Circle Global, a manufacturer and re-seller of textiles, recently moved its 75employees from a POP-based e-mailprovider to WebEx mail, a SaaS-basedproduct from Cisco that includes PC-based and mobile e-mail. Circle Globalalso uses the WebEx meeting software.The Cisco e-mail and collaboration soft-ware package costs the same as the POP-based e-mail alone, says Brock Nunn,Circle Global’s head of marketing.

Sanmina-SCI CIO Patel says thatcloud-based providers are continuallyadding features. “People can work insmall groups, work asynchronously,have the information captured andmake it searchable, and make it self-service so IT doesn’t have to get intoday-to-day management,” he says. “Inthe long term, that will be a much big-ger benefit than immediate cost sav-ings.” A SaaS model lets vendors addfeatures without the old upgrade cyclethat required putting code on machines.IT manages can just decide whether toallow a new feature on their domain.

Why Companies Say ‘No’ To SaaSWould-be customers must weigh the

downsides to SaaS, and some concludethey’re too great. Forty-one percent ofcompanies already using some SaaShave no plans to use SaaS e-mail, ourNovember 2009 survey on SaaS found.The biggest concern is around securityand privacy risks from letting a provideroperate your e-mail infrastructure.

The servers and databases in aprovider’s data center are subject to thesame external and internal threats thatyour own infrastructure faces, whetherit’s a cybercriminal exploiting an OSflaw to steal data or a cloud vendoremployee getting access to your e-mail.Companies considering SaaS e-mailmust satisfy themselves that the pro-vider’s physical and logical security andoperations practices are at least as good

as their own. In addition, many SaaSe-mail providers will themselves part-ner with other SaaS companies to offerservices such as archiving, encryption,spam and malware filtering, and so on.Thus, the security and privacy riskscan extend across multiple providers,each of which may have varying levelsof operational proficiency and securityexpertise.

Companies may also have concernsaround compliance. Organizations inhighly regulated industries such aspharmacueticals or finance may be lessinclined to move e-mail off-site due toconcerns that the provider will fail tomeet complex requirements. Some mayworry that the provider won’t providesufficient levels of data protection interms of backup and archiving to pre-serve critical mail in the event that theprovider’s primary data center experi-ences a disaster or emergency.

Companies also must know they canget their data out of a cloud vendor, ifthe relationships sours or the vendorgets out of the SaaS e-mail business.However, compliance concerns haven’tproven insurmountable: Major pharmacompanies GlaxoSmithKline (with Mi-crosoft) and Genentech (with Google)are using SaaS e-mail, for example.

Uptime is a concern. If a provider’se-mail goes down a total of nine hoursin a year (equivalent to 99.9% uptime),employees might not gripe, if they’reisolated and quickly resolved. But if anoutage lasts an hour, or you can’t getclear answers about what’s wrong orwhen it will be fixed, that won’t fly.

Integration and authentication alsocan be challenges for companies tryingto link SaaS e-mail systems to on-prem-ises systems. (See p. 25 for more.)

There’s also a question of disruptionversus return. While SaaS can delivercost savings, some CIOs find it’s notworth the retraining and change if theire-mail system is fairly modern. Forthem, SaaS won’t get consideration untilit comes time for an upgrade.

The Outlook On OutlookWhile companies are turning to SaaS

providers for e-mail, many aren’t readyto give up Outlook as the local client.

DMS & Associates retained Outlookas the e-mail client, in part because itscontractors are familiar with it, but alsobecause CEO Augustine likes its calen-dar functions. Circle Global had con-sidered Google Apps but decided on aprovider that would support Outlookbecause it had other Microsoft applica-

22 April 26, 2010

1%14%

5%41%

13%43%

26%41%

34%

48%

33%

51%

60%

69%

75%

65%

50%

Data: InformationWeek Analytics SaaS Survey of 131 business technology professionals at companies using SaaS, November 2009

Delivered

9%50%

11%38%

33%12%

31%14%

6%

75%30%

19%

10%

0.01%8%

4%0%

Planned for delivery within 18 months

12%

What Are Your SaaS Plans?

CRM

HR and recruiting

Web presence

E-mail

Dummy copy goes here

tions in house it wanted to sync withOutlook, most notably Microsoft Pro-ject Server. “It integrates Outlook taskassignments into each user’s Outlookclient,” says Nunn. He couldn’t syncProject Server with Google Apps.

Microsoft will keep pushing those in-tegrated hooks. With its upcomingSharePoint 2010, companies will be ableto display employee profiles, like an in-house Facebook page, alongside e-mailmessages so you can see thumbnail pho-tos of every person copied on an e-mail.

Microsoft will lose some customers,though. Sanmina-SCI moved off Out-look to the browser-based Google Appsuser interface. “Early on, we were lean-ing toward leaving Outlook, but thereare some features and functions ofGoogle that don’t work with Outlook,so we decided to go entirely with theWeb-based interface,” says Patel.

Sanmina-SCI’s standard browser isFirefox. The browser-based UI does lacksome functionality, such as the ability todrag and drop files or cut and pasteitems, Patel says. “Browser technologyisn’t where it needs to be,” he says.“We’re looking forward to HTML5 toprovide a more robust interface.” But, hesays, the UI has generally worked well.

Microsoft AlternativesCisco only recently laid out its plans

for WebEx Mail, trying to displaceOutlook with a browser-based client.Called Cisco Inbox, the product prom-ises features (due later this year) tomake it easier for users to organizetheir e-mail, and it puts e-mail at thecenter of collaborative environments.

Cisco plans to include what it calls“topics,” which will let employeesarrange e-mail by subjects such as ateam, event, or project. Instead of stan-dard folders, topics will live in a bar onthe main screen just like individual e-mail messages. Cisco Inbox will go astep further by letting people add con-tent to a topic other than e-mail—IMchats, video files, and .WAV-basedvoicemails. An employee will be able

to invite colleagues to view a topic. Cisco plans to integrate Inbox with

collaboration sites, so people loggedinto their mail client and, say,LinkedIn can post messages toLinkedIn by sending e-mail. Cisco ex-pects to initially support Skype andWebEx IM.

Cisco may face the hardest road ofthe Microsoft challengers. Though dom-inant in network infrastructure, withstrong security and voice/video cred, thevendor has very little track record as aservice provider. WebEx gives it experi-ence with the technological challengesof scaling up a quality service, but it willhave to work to convince customersthat it has the collaboration and servicesdepth. Cisco launched WebEx Mail inNovember but declines to say howmany in-boxes it provides customers.

Then there’s a little company calledIBM. Trying to revitalize its Lotus mes-saging brand, it’s pushing LotusLive,which bundles SaaS-based e-mail, IM,Web conferencing, and file sharing.Companies can choose a hosted versionof Lotus Notes or go for a browser-based e-mail client with iNotes.

IBM this month showed off integra-tions of LotusLive with Salesforce.comdata, Skype voice-over-IP calls, andUPS delivery data. For instance, theSalesforce integration adds a LotusLivetab to a person’s Salesforce.com inter-face, to launch meetings and share andedit documents. The company’s mar-quee deal so far is the 100,000-seatwin from Panasonic in January.

Google’s pricing seems to be thebiggest force of change in the messag-ing market. With its free consumer ver-sion, many people have used Google’sbrowser-based e-mail interface beforeenterprise adoption. Bundling e-mailand a productivity suite puts price pres-sure on Microsoft’s giant e-mail and Of-fice franchises. But Google, which gets97% of its revenue from advertisingand won’t say how many paying busi-ness e-mail customers it has, still islearning the enterprise IT market. With

its latest word processing and spread-sheet upgrade, it dropped the ability touse the programs offline, giving cus-tomers a month’s notice and saying itwill work on bringing it back. Googlesays offline isn’t a very popular feature,but enterprise customers tend not tolike those kinds of road map surprises.

All these vendors are going aftermore than just e-mail. Their goal is tocontrol a customer’s entire messagingand collaboration stack while alsopromising to relieve the IT operationalburden. The shift from the premises tothe cloud takes away some of Mi-crosoft’s home court advantage and cre-ates opportunities for players new andold to grab market share.

Companies still can’t live without e-mail, but it’s clear many can do withoutrunning the hardware, software, andstorage that on-premises e-mail requires.CIOs are increasingly comfortable withSaaS and hosted alternatives. Of course,companies considering SaaS e-mail mustdo their homework to choose a finan-cially viable provider that can meet theiruptime and feature requirements. But noCIO should do an e-mail upgrade with-out at least considering SaaS.

Write to Andrew Conry-Murray at [email protected]



SaaS E-Mail

Price per user per month (100 mailboxes)

Mailbox size

Price of encryption, per user per month

SLA (credit penalties vary)

April 26, 2010 25

More companies than ever areconsidering e-mail as a service, but theoptions aren’t easy to sort through.

Cost per user per month might seemlike the overriding criterion, but addingoptions such as encryption can shootup the price. Some vendors might notoffer key features you need. That’s whywe created this buyer’s guide.

Our requirements are that the ser-vice is provided to users via a Webbrowser, there’s no hardware on thecustomer premises, and the serviceruns in a multitenant environment.Here’s what we learned from the 10vendors who responded to our buyer’sguide questionnaire.

PriceSaaS e-mail gets in the door because

it’s cheaper. But you’ll need to factor ina lot of add-on charges for most ven-dors to get an apples-to-apples com-parison. Fully loaded, most business-class e-mail comes in at around $12per user per month for a Microsoft Ex-change service. Simple POP3 e-mailaccounts will be a lot less, some only$1 per user per month.

When comparing SaaS ROI to on-premises, look at all of the hard on-premises costs, such as hardware, soft-ware licenses, staff support, and clientlicenses. Put a price on lost productiv-ity from outages and any gain fromshifting IT staff to more valuable initia-

tives. Some providers, such as Rack-space, also provide a client license suchas Outlook or Entourage, so thesecosts also need to be considered.

Storage From 1 GB to unlimited space, the

vendors vary greatly in terms of howmuch storage they offer. This could beanother big driver in the price, as someproviders charge considerably for ad-ditional storage. E-mail archiving playsa big factor, too—the ability to archivee-mail and the pattern of storage yourcompany requires will play a large rolein the costs of the different providers.More qualitatively, look closely at howusable the search functions are andhow quickly information can be re-trieved from the archive.

Synchronizing To SmartphonesWhile all providers can do this syn-

chronization, it’s another cost driverand it can vary based on the smart-phone you use, as well as the provider.Rackspace’s syncing, for example,varies greatly by the service: $10 peruser per month for BlackBerry (on topof the fees from your mobile provider),$3 for Active Sync, $15 for Good Mo-bile, and $19.95 for Apptix. We actu-ally switched from BlackBerry to Win-dows Mobile because of the high costof syncing fees—almost equal to thecost of the mailbox.

The value, however, can be tremen-dous. Keeping messages and calendarinvitations synchronized across ahighly mobile workforce is a key timesaver for us, and it’s crucial in someenvironments.

Exit StrategySaaS might not work out for you. Or

the vendor might not deliver. So, aswith any cloud service, before you getin you should know how you’ll get out.For example, with the Google service,you can take your content with youand export all mail from Gmail (viaPOP or IMAP), or just forward yourmail to any other service, at no cost.

In our environment, all e-mail issynchronized with desktops or lap-tops, which has several benefits. Wehad someone with a complete disk fail-ure, and within 30 minutes, they had anew machine, connected to the sharede-mail service, and the mail replicated.Critical folders, including in-box, werethere instantly, and the others took afew hours to sync almost 2 GB of data.For moving to another service, theconfiguration would work the sameway: Each employee would be con-figured to connect and sync to the newservice.

At the administrative level, we haveseen problems with corporate-wide ex-ports and imports. In addition to thesheer size of the data involved and

Buyer’s Guide To SaaS E-MailBy Michael Biddick

Google

$4.17

7 GB

$2.91

99.9%

NaviSite

$5.95

1 GB

$2.25

100%

Rackspace

$12.50

2 GB

Partial, included

100%

Microsoft

$5

25 GB

$1.88

99.9%

Intermedia

$12.60

25 GB

Partial, included

99.999%

IBM

$3

1 GB

Included

99.9%

GoBeyondIT

$12.95

5 GB

$10

100%

Cisco

$5

5 GB

Included

99.9%

Apptix

$8.85

2 GB

$6.95

100%

AppRiver

$12.95

Unlimited

Included

100%


folder structures, we see inconsistentresults from the tools designed to helpdo this. Some will create a “Data”folder that places all folders in a singlestructure, and deconstructing this canbe time consuming.

Conventional backup and restora-tion is another option, again at the in-dividual user level. Recently, we elimi-nated our e-mail backup policies,relying on the SaaS provider’s backup.This saves us bandwidth and time, asour backup provider is also in a cloudenvironment. Most of the providers of-fer full backups with redundant stor-age for all online mailboxes.

The InterfaceUser interfaces vary greatly. We use

Outlook on the local machines and theWeb client occasionally. While the Webinterfaces can mirror much of the func-tionality within the local client, theremay be minor differences, and somethings seem faster in the native client.

The administrative interface is prob-ably where you’ll want to spend themost time. It’s where you’ll do all ofyour configuring of mailboxes and ad-minister accounts, as well as monitorusage and billing. For companies thatlike to monitor or take control of em-ployees’ e-mail accounts, some ser-vices allow duplicate messages to in-bound and outbound accounts,hidden from the user. It’s potentiallyuseful with terminated employees un-der difficult circumstances.

The activity can be logged for audit-ing of what administrators do with theaccount. Some features, unlike conven-tional premises-based e-mail servers,can’t be disabled, so companies need tobe aware of what they’re getting.

Encryption And SecurityAll the vendors offer some level of

encryption, most by partnering. Costand type of encryption vary greatly, sobe sure to spend a lot of time in thisarea if encryption is important to you.

TLS tends to be included, whereas AESis usually an additional fee. The level ofsophistication that vendors offer alsovaries greatly.

Explore how encryption is provided,and ensure that additional software isn’trequired on the client for those apps towork. Microsoft, for example, uses Volt-age for encryption, providing a Web-based interface that means no addedsoftware on the desktop.

The other security area to consideris authentication. Generally, authenti-cating a SaaS e-mail application against

Active Directory means your providerwould need to integrate with your Ac-tive Directory; most don’t. Withoutthat, the SaaS provider maintains usernames and passwords.

Most companies will be reluctant togive a SaaS provider integration accessinto Active Directory. Many won’t doit, since caching and gaps in access tothe domain controller may cause secu-rity and access problems. In terms ofwide-scale enterprise adoption, the is-sues surrounding Active Directory area big barrier for SaaS providers.

OverheadEven when e-mail is delivered as an

online service, there’s still IT overheadassociated with managing the accountsand any group or alias lists. In somecases, these are centrally located and in-ternal IT teams can create differenttypes of administrators, but they maynot be exactly the type of profile youneed. For example, it’s impossible withsome services to let someone create ac-counts but not delete them, or createaliases but not accounts. When itcomes to SaaS e-mail, you’ll have to ad-just some of your policies to gain thebenefits of the shared infrastructure.

Just be careful which compromisesyou make. I saw one organization thathad about a dozen people as adminis-trators of its SaaS e-mail, just so theycould manage group and alias lists.From a security perspective, this isn’ta good option.

However, as a user and administra-tor of SaaS e-mail, I can say the experi-ence has been positive. The savingsfrom the hardware, software, andmaintenance burden far outweigh anycons. As providers incorporate morefeatures, more companies will expandtheir SaaS footprints.

Michael Biddick is president and CTOof Fusion PPT, a consulting and ITservices firm. You can write to us [email protected].


Get This And All Our Reports

Become an InformationWeekAnalytics subscriber: $99 perperson per month, multiseatdiscounts available.

Subscribe and get our report onsoftware-as-a-service e-mail atinformationweek.com/analytics/saasemail

This report includes action-oriented analysis, including ourvendor-comparison table.

What you’ll find:

> Comparison of vendor offer-ings by price, antivirus, SLAs,and more, in downloadableExcel format for your use

> Analysis of how to factor thisvendor data into your decision-making criteria

April 26, 2010 29

We define the next-gener-ation communicationsutopia as a system thatprovides employees

with e-mail, instant messaging, collab-oration, presence, voice and videocommunication, and structured dataintegration via Web client, desktop, ormobile device. But before you get tooexcited, realize that most IT groupswon’t so much be running toward thisnew collaboration strategy as slinkingaway from siloed systems that theynever quite got running correctly.

Consider these data points: Nearlyhalf of the 479 business technologyprofessionals responding to our Infor-mationWeek Analytics Enterprise Mes-saging survey either have no e-mailarchiving or let users archive as they seefit—a plan that’s only marginally betterthan nothing. A tiny 3% have e-mailsearch tied into a broader enterprisesearch system, and synchronizationwith enterprise apps like ERP is faringonly a bit better. When we asked aboutinterest in combined e-mail and collab-oration tools, 80% basically yawn.

“E-mail is a pain but easier to dealwith than the other emerging commu-nication technologies that are less likelyto be controlled and dictated by the ITdepartment,” says one respondent, whoremained anonymous—possibly so po-tential applicants younger than 30 won’trun away screaming from his company.

Unfortunately, that respondent,while he may have a valid point, is liv-ing in denial. Not providing a servicewhile also not having a policy banningits use is a recipe for an undergroundIT movement. Instant messaging is

commonplace, yet only a third of re-spondents officially provide it. The restshould check Web and traffic logs.Users don’t need third-party clientsanymore; AOL, Google, Yahoo, andothers have very nice Web 2.0 browser-based systems that work like champs.If you don’t provide an approved sys-tem and ban and block consumer-fo-cused clients, you have unmonitoredand unlogged egress points for data.

Some organizations we spoke withdid take the integration leap early, andstayed with it. “We started down thepath of integrated e-mail way back in2005,” says George Hamin, director ofIT for Subaru Canada. “Our teams areso geographically spread across such alarge area, we wanted to begin with in-tegrating voice.” Hamin’s group builton that success and jumped early toExchange 2010, giving employees anintegrated mailbox with voice, instant

messaging, conferencing, and e-mail.That’s far from the norm, but even

companies under financial constraintscan do better with what they have nowand position their communicationssystems for the next wave of collabora-tive technologies.

Original Sin: E-Mail In A SiloDid we mention our surprise that

61% of the 479 business technologyprofessionals responding to our surveydon’t integrate their e-mail systems intomajor enterprise applications like ERPor CRM? That’s especially curious since52% of respondents come from com-panies with upward of 1,000 employ-ees—24% have more than 10,000.

It’s mind-boggling that we’ve largelyleft this critical part of the informationflow out of our structured data stores.Client and partner e-mails are lost in theether, vendor notes disappear, and proj-

E-Mail: Let’s Get UnifiedTime to link messaging with enterprise, social apps By Michael Healey

[UNIFIED MESSAGING]

Chart_1

10% We’ve had a policy in place for less than one year

19%

20%

We’re in the process of developing a policy

We’ve had a policy in place for more than one year

How Is Your E-Mail System Configured?

1

23

4

5

67

89

Enterpise Messaging Survey chart 2

Data: InformationWeek Analytics Enterprise Messaging Survey of 479 businesstechnologyprofessionals, December 2009

81%Traditional, managedand hosted in-house

Server is hostedexternally

but managedinternally

Hosted andmanaged

externally

11%

8%

informationweek.com


ect details sit in one person’s in-box whilesomeone else screams for an update.

Most IT groups we work with blame alack of resources and a fear of compli-ance and e-discovery issues, and ofcourse, integration can be expensive; wediscuss ROI justifications in depth in ourfull report. However, when CIOs don’tthink of their systems as an integratedwhole, they tend to miss the obvious.

For example, a technology firm basedin New England would regularly houndstaff about updating the project man-agement system. Supervisors heldweekly meetings to check who hadfilled in their activity logs. People hatedthe meetings, hated the admin work,and as a result, a robust project man-agement system was underused. Thesolution: The company added a “mailto database” function that let staff CCthe database on project-related e-mails.Some business and IT managers weredead set against this development ef-fort, sure it wouldn’t work.

You can guess the results. Project up-dates skyrocketed, from an average of1.2 per week per project to a whopping12. And all it took was some applica-tion development time. A similar dis-connect from the way rank-and-fileemployees use their e-mail systemsseemed evident in our survey results.When asked about desirable features,CRM/ERP integration ranked as one ofthe least interesting new capabilities toadd, behind integrated SMS texting.That’s just shortsighted. Knowledgeworkers live in e-mail. Giving them anautomated way to feed less-used sys-tems like ERP with critical informationshould be a priority.

This past year saw a continued risein the use of automated e-mail withinbilling systems, leveraging electronicdelivery to save on postage. This mesh-ing of invoicing, support, and generalcorrespondence from customers canput a company in an awkward posi-tion, however. For example, what hap-pens when your organization e-mailsan invoice to a customer? Is it tagged

to track forwards or responses back toyour organization? What if a customerforwards it to a sales rep with a ques-tion? Does the system CC credit?

Worst case is if that response neverreaches a human. We’ve heard toomany service horror stories that in-clude the phrase, “Those idiots don’teven know what they e-mailed me.”

This isn’t just a problem with legacyapplications. Even among cloud-basedapps, synchronization among enter-prise apps and e-mail systems is negli-gible. That’s staggering since mostcloud-based enterprise applications,

especially supply chain, CRM and ERP,have e-mail integration tools built-in.

And it gets worse: Only half of ourrespondents let users search their owne-mail archives, and a paltry 3% havemail and archive search tied into abroader enterprise search system thathelps find critical information.

For IT groups that don’t plan to pro-vide a framework to integrate data intocritical CRM and ERP systems anddon’t provide search tools for users tocrawl their own mailboxes and ar-chives, consider that major customer-service issues will require bringing to-gether every person who contacted theclient to piece together the full story.

Of Clients,Vendors, And TwitterFor all the talk about social network-

ing bringing organizations closer to thecustomer, we found some basic socialnetworking tools collecting dust. Only34% of respondents provide client andvendor access to their calendars for on-line scheduling, a capability that haslong been available from every majorplayer, including Cisco, Google, Lotus,and Microsoft. If you’ve ever used onlinescheduling to coordinate a meeting, youknow it’s a nice feature. So why hasn’t itbeen widely adopted? Typically, becauseit requires a driving force and some usertraining on the functionality. If nobodyasks, most IT groups simply don’t offer.

And the core concept of social net-working goes beyond simple schedul-ing, effectively moving the conversa-tion out of your e-mail system and intothe cloud. For those of you who be-moan the archiving and tracking re-quirements related to client communi-cations now, this could be your worstnightmare. LinkedIn, Twitter, andFacebook have moved well beyond tra-ditional blogging and morphed intounique communication chains thatmay include clients and vendors indi-vidually or within a larger group.

IT response to social networks hasbeen varied.

A plucky 30% actively seek to wran-

[UNIFIED MESSAGING]

Get This And All Our Reports

Become an InformationWeek Analytics subscriber for $99 per person per month, with multiseatdiscounts available, and get ourfull unified messaging report atinformationweek.com/analytics/unifiedmessaging

This report includes 42 pages ofaction-oriented analysis, packedwith 30 charts.

What you’ll find:

> ROI breakdown of an e-mail/CRM integration project

> Core components of next-gene-mail and the universal in-box

> Analysis of the impact of spam,security, and compliance onunified messaging systems

informationweek.com32 April 26, 2010

gle this phenomenon—for now anyway—by controlling allposts centrally, while 16% don’t allow any posting at all; mostcite regulatory and confidentiality concerns. Only 5% are at-tempting to leverage the social nature of these platforms by al-lowing multiple individual postings while putting a centralizedalerting and editing system in place.

The rest? Let’s just say they range from “I don’t know” to “Idon’t care.”

If you’re sitting in your cubicle quietly muttering, “Twitter isfor kids,” think again. Of course, your 500 or 1,000 best cus-tomers don’t need to know what your CEO is thinking everyminute of the day. But IT should work with business leaders todevelop a policy. While there’s no question that consumers dom-inate most of the current social networking landscape, there’s amad rush across multiple systems by all types of organizationstrying to gain some type of competitive edge.

CIOs in highly regulated companies could simply blame theman and say no, but they may be missing an opportunity. Ourfavorite example is a mortgage company that navigated the post-meltdown world of regulations to come up with a way to pro-vide daily rates to its clients via social networking. This initiativeextends way beyond IT and requires amazingly tight control andcoordination with management, but it pays off: If you’ve everrefinanced, you know the lottery-like anticipation of monitoringthe rate and timing the decision to lock in.

Social networking has all the potential of the early Internet—and all the snake-oil hype. Evidence on the actual effectiveness isdecidedly mixed. For example, a study last year by social market-ing consultants HubSpot analyzed over 120,000 Facebook pagesand found almost 50% have fewer than 500 fans. The popularones are dominated by musicians, tributes, and consumer goods,but still, only 0.3% exceed 1 million fans. Put that within the con-text of your customer e-mail flow and gauge when and where youneed to have two-way communications via social networks. Sellfizzy drinks or rock ’n’ roll music, and you know your path in thesocial space. Supply the sugar for the drink manufacturers or lo-gistic services for the tour bus? Skip the tweets and figure out howto make sure everyone knows where the shipments are.

Falling In Love All Over AgainThis is an interesting time for e-mail systems and those who ad-

minister them. E-mail’s overall effectiveness has been crimped by ahuge surge in volume as well as a host of different ways to get mail.Faster, simpler options like instant messaging lure users out of theirmailbox clutter to a cleaner message path. However, it simplymakes the communication picture more challenging when multiplemessages from the same users cross systems. The vision of bringingit all together in a universal in-box has tremendous appeal, but thisis a challenging nut to crack due to limitations of interoperabilityand resistance to relying on one vendor for everything.

IT has been noticeably reactive over the past few years, focusingon security, archiving, and compliance rather than on utilization

[UNIFIED MESSAGING]

rates and usage patterns. E-mail wassimple enough, compatible enough, andportable enough to jump-start produc-tivity worldwide, eliminating manualand time-consuming processes. But wecan’t expect another such advance. Thenext push forward won’t come from anyone killer app. It will come instead fromIT teams that do the hard work andbuild on the core tenets of e-mail andtransition to a unified communicationsvision with a universal in-box.

Begin with some functional designchanges as well as retraining of the userpopulation. The next-generation e-mailsuccess story is less dependent on tech-nology—IT has proved it can build outthe secure infrastructure needed forcommunications even when the coreprotocol is inherently insecure. Getready. Vendors are stacked up outsideyour door, and they have stories to tell.If the overall vision for these systems

isn’t tied into the your policy, training,and core workflows, you may end upstacking a more complicated interfaceon top of your end users.

But done right, you could be a hero,something Subaru’s Hamin knowswell. “Until you have a full system, you

don’t see the true value,” he says.“Once it’s in, good luck taking it away.”

Michael Healey is CEO of Yeoman Tech-nology Group, an engineering andresearch firm. You can write to us [email protected].

In Sync

Data: InformationWeek Analytics Enterprise Messaging Survey of 479 businesstechnology professionals, December 2009

27%

16%

12%

4%

61%

Customer support and help desk applications

CRM applications

Accounting and ERP applications

Other

None

With which types of in-house systems does your e-mail system have synchronization capabilities?


StandardizeVs.DiversifyEnterprises aim for fewer business intelligence tools By Doug Henschen

[BI TRENDS]

Among the more than 500business technology profes-sionals who completed ourInformationWeek Analytics/In-

telligent Enterprise 2009 Business Intel-ligence Survey in July, 47% reportedthat they’d standardized on one or afew BI tools deployed company-wide.In 2007, only 33% of the 500 IT proswe surveyed said they’d deployed BItools to that degree.

The trend toward BI tool consolida-tion and standardization isn’t just mar-keting fabrication. If you’re anythinglike George Neill, director of IT at Or-ganic Valley, a nationwide dairy co-opwith 500 employees and about $500million in sales, chances are you wantto simplify purchasing and get themost out of every dollar spent.

“When you’re a smaller organization,it just doesn’t make sense to have a lotof tools with similar functionality,”Neill says.

Given this penchant for consolida-tion, the BI megavendors—SAP Busi-ness Objects, Oracle, IBM and Micro-soft—would have you believe they’rewell positioned for this. Logic and ourresearch suggest they’re right, to an ex-tent. Powerhouse technologies such asMicrosoft SharePoint and the Oracledatabase were pervasively deployedacross many enterprises even beforethe great BI consolidation of 2007—the year Oracle bought Hyperion, SAPacquired Business Objects, and IBMpicked up Cognos.

Acquisitions have promoted furtherconsolidation. But that’s not to say thatall businesses are settling for just one

vendor or toolset. In fact, technologydiversity rules in large and some mid-size companies; in our survey, we qual-ified our question, asking if firms havestandardized on “one or a few tools.”

The top trend from this survey is thatbusinesses are setting BI standards—even if that means using two or threeproducts. With multiple tools, eachgenerally provides different aspects orstyles of analysis and reporting. For ex-ample, until recently, specialist vendorsprovided advanced analytics tools,such as statistical analysis and model-ing suites; the leading BI suites, mean-while, were dedicated to query, analy-sis, and reporting capabilities. That’snot changing, and existing deploy-ments still tend to reflect that divide.

Another key trend revealed in our

survey is that businesses are forgingnew BI agendas. Yes, the longstandingchallenges of accessing data and devel-oping reports are still there, as is thepush to share BI more broadly acrossthe enterprise. But there’s growing in-terest behind advanced capabilitiessuch as analytics, embedded BI, andsearch-style querying.

New business requirements and newvendor capabilities make it unlikely anorganization will settle on a single BIvendor. But consolidating around twoor three vendors can help meet re-quirements and get the resource- andtime-savings of standardization.

Doug Henschen is editor in chief ofIntelligent Enterprise. Write to him [email protected].

How Does Your Company Deploy BI Tools?

Data: InformationWeek Analytics/Intelligent Enterprise 2009 Business Intelligence Surveyof 534 business technology professionals, July 2009

Standardized on one or a few deployed throughout the company

2009

Deploy on a project-by-project basis

Many scattered throughout departments, operations, and locations

Deploy as part of other technology initiatives

None of the above

47%33%

19%

18%25%

22%

14%17%

2%3%

2007

Get the full business intelligence report free for a limited time at informationweek.com/analytics/bisurvey2009


To say that enterprise IT’s ac-ceptance of Windows 7 is ona steady upward trend wouldbe an understatement. Re-

sponses to our July 2009 Information-Week Analytics survey asking about de-ployment plans contained such vitriolas, “Stop being so greedy” and “Stopabusing your OS monopoly.” Our per-sonal favorite: “Be more like Apple.”

Today, however, attitudes are muchmore upbeat. Our February 2010 sur-vey of 699 business technology profes-sionals from companies with more than500 employees yielded responses like,“Better and more useful than I ex-pected,” “It is a vast improvement overVista,” and “It just works, finally.”

While the OS still has its share of de-tractors, a critical mass of comments—and the hard numbers—point to a pos-itive direction in terms of broad-basedacceptance. To analyze changes in over-all rating, deployment timelines, andmigration barriers and drivers, we com-pared the July 2009 and February 2010responses of those hailing from compa-nies with more than 500 employees.Then we went on to ask current respon-dents about testing strategies, the appcompatibility outlook, their plans for64-bit editions, and the nuts and boltsof deployment strategies; we coverthese in depth in our full report, atwindows7.informationweek.com.

In terms of the percentage of PCsrunning various operating systems,Win 7 now accounts for an average of7% of PC operating systems. Trendingdata suggests most of that pickup is

coming from retired Windows 2000and XP installations. While a 7% shareis not an earth-shattering debut, it’salso not a bad showing consideringhow risk averse we’ve been over thepast year, and how complex and costlyOS migrations are. Direct trending datacollected in our most recent poll fur-ther reinforces our view that enter-prises are generally more amenable toWindows 7: 55% of respondents feelcomfortable classifying Windows 7 asan “excellent” operating system, com-pared with just 34% six months ago.

Now the question starts to become:What’s the competitive cost over thenext 18 months of not moving to Win-dows 7? From a support staff perspec-tive, already-limited hardware supportfor XP will continue to dwindle. Newerperipherals won’t have XP drivers, forc-ing you to use older drivers not opti-mized for performance. The latest ver-sions of vital enterprise applications(antivirus especially) will also likely be-gin dropping, or offering subpar, sup-port for XP within 18 months.

The existing mix of XP and Vista ma-chines will continue to cause headaches

as well, and most organizations areplanning their Office 2010 deploy-ments. Do you really want to build threeimages, for XP, Vista, and Win 7? Oreven two, if you skipped Vista?

Business agility may also be affected.For example, organizations moving to-ward VDI that don’t align this effortwith a Win 7 upgrade will need to“restart” and begin creating Windows 7virtual desktops from scratch, wastingtime. Movement toward a 64-bit OSwill be stalled as well, and you won’t beable to adopt Windows Server 2008 R2features that require Win 7, notablyBranchCache, which is a great advancefor organizations that haven’t investedin WAN optimization appliances. In ad-dition, the slicker, cleaner DirectAccesssetup is a godsend for remote users.Not only will it reduce support calls, itmakes it easier (and faster) to get intothe office remotely. As we discuss in ourfull report, these and other factors mustplay into your migration calculations.

Randy George is an InformationWeekcontributor. You can write to us [email protected].

How Would You Rate Windows 7?

Data: InformationWeek Analytics Windows 7 Survey of 595 business technology pros who have tested Win 7 in February 2010 and 412 in July 2009

2009 2007

55%Excellent

Satisfactory

Poor

How Would You Rate Windows 7?

Data: InformationWeek Analytics Windows 7 Survey of 595 business technology pros who have tested Win 7 in February 2010 and 412 in July 2009

Excellent Satisfactory Poor

2010

2009

55%

34%

43%

60%

2%

6%

Win 7: Practical MigrationMicrosoft’s latest OS is gaining market—and mind—share By Randy George

[WINDOWS 7]

Get the full Windows 7 migration report free for a limited time at windows7.informationweek.com

ACI Worldwide is a providerof payments software tobanks and merchants aroundthe world. With more than

800 software engineers working in de-velopment centers in seven time zones,issues such as software quality and se-curity are critical to ACI’s success. As di-rector of security engineering, it’s my jobto ensure that our code base is bug-freeand intruder resistant, while continuallyimproving the software’s overall quality.

These concerns aren’t new. They’vebeen our mantra since the companywas founded more than three decadesago. We decided several years ago thatthe best way to ensure quality and se-curity was to introduce static sourcecode analysis into our developmentprocesses.

Static code analysis is the process ofexamining and evaluating softwarewithout actually executing the code.Analyzing software when executingsoftware is known as dynamic analysis.Static code analysis is all about movingthe detection of critical security andquality problems upstream, ensuringthey’re identified and fixed early in thedevelopment process.

This approach yields significantproductivity gains across the entireprocess and leads to cleaner, more sta-ble builds, more efficient testing, andof a course, a higher-quality product.Besides helping us find bugs thatwe’ve missed in unit testing, staticcode analysis has made all our engi-neers aware of security issues and

helped us teach junior staff bettercoding techniques.

What’s InvolvedStatic source code analysis tools are

almost entirely automated. They’re likecompilers, but instead of generatingmachine-executable code, they simplyfind bugs and issue warnings about se-curity vulnerabilities, logic errors, im-plementation defects, concurrency vio-

lations, boundary conditions, and otherglitches in the code. The tools provide alist of problems, each tied to a specificlocation in the source code. Detailedcontext is usually provided to explainhow the tool arrived at the conclusion.

Static analysis tools use very sophisti-cated process flow and data flow an-alysis. The quality and security issuesthey identify are often complex and in-volve obscure logic problems, which iswhy these tools can be so valuable.

Static source code analysis tools ana-lyze 100% of the source code, far morethan any external test tools. For organ-izations that must comply with thePayment Card Industry Data SecurityStandard or Payment Application DataSecurity Standard, these tools fulfillcode review requirement. They alsoproduce valuable metrics, includingkilo-lines of code (KLoCs), file counts,and “churn”—that is, the number offiles that have changed between tworegular builds.

Introducing static code analysis andthe requisite tools into the develop-ment process isn’t always painless,however. At ACI Worldwide, we foundmany subtle pitfalls in our efforts toroll out this approach company-wide.The tool changes the way many peoplework and must become a part of theorganization and its culture.

For instance, static code analysistools usually require careful integrationinto the project build process. For largesoftware products, these builds are of-ten somewhat of a black art, involvingthe use of Make and Ant. There aremany options and dependencies. Allstatic code analysis tools offer power-ful utilities to analyze the build processand insert themselves into the rightplaces, but some manual tuning is usu-ally required.

These tools also must be integratedinto developers’ daily work. Again, toolmakers offer both command-line ver-sions of the tools as well as plug-ins formany of the popular integrated devel-

Read all about software development at Dr. Dobb’s: drdobbs.com

April 26, 2010 39informationweek.com

When Quality, Security CountStatic code analysis can make a big difference By Sid Sidner

1. Do you need a static or dynamicanalysis tool?

2. What languages and platformsdoes it support?

3. How flexible is the reportingcomponent?

4. How easy is it to add or update rules?

5. Does it integrate with your IDE?

5QueriesFOR CHOOSING THE RIGHTCODE ANALYSIS TOOL

opment environments such as Eclipseand Visual Studio.

Most importantly, the tools requirethat the code base have a subject matterexpert (SME) who can also provide thesame service for the tools. That personwill answer questions not just about

how the tool operates but also about theissues that the tool is finding—includ-ing identifying when the tool is generat-ing a false positive. The SME will pro-vide training and support to otherdevelopers, a fairly heavy workload forthe first few weeks, until everyone is fa-

miliar with the static analysis tool. Afterthat, that part of the workload shouldsettle down to several hours a week.

Initial Analysis: Panic TimeThe biggest challenges with static

code analysis tools are problems in ex-isting code. There’s an old program-mer’s joke that says God made theworld in six days because he had no in-stalled base. This is certainly not thecase for most businesses, which oftenhave millions of lines of code.

The first time an existing codebase isanalyzed, tens of thousands of issueswill be found. Don’t panic. Remember,these issues have been there for a while,and the software continues to functionand provide users with what they need.

At ACI Worldwide, all the issues froman initial build on existing code are im-mediately deferred and hidden fromsight. That way developers don’t getoverwhelmed and can stay focused onensuring that new problems aren’t intro-duced into the code. At some point inthe future, product planners and thesenior development staff review the de-ferred issues, prioritize and group them,and decide when remediation can befactored into the planning for a futurerelease. There’s no perfect approach, andbusinesses must always make hard deci-sions about whether to counter a vul-nerability or assume the risk.

Tips For SuccessHow can you ensure a successful de-

ployment? Here are some hard-wontips from our experience:

>> Define an initial issue policy. Youmay decide to only deal with the mostsevere issues for the first project cycle.

>> Get the global mechanics work-ing. Many of the tools require licensemanagers and centralized result servers.

>> Attack one product at a time.Get it working with one group andthen move on to the next.

>> Identify SMEs. Every productneeds at least one subject matter ex-pert. Large products that are broken

informationweek.com

[DR. DOBB’S REPORT] STATIC ANALYSIS

into major components will naturallyneed a SME for each one. Be sure thatthe SME and his or her manager un-derstand the ongoing responsibilitiesand time commitment.

>> Train SMEs. Make them desig-nated experts.

>> Work with SMEs. Help them todo build and tool integration for theirproduct or component.

>> Train developers. The SMEshould guide how the tool is integratedinto the team’s development process.

>> Perform initial analysis on exist-ing code and defer all issues. Don’tdiscuss the large quantity of issues withthe developers. If any ask, explain tothem that they’ve been set aside and willbe considered in a future product cycle.

>> Deliver help from SMEs to de-velopers as required. During the first

days of the rollout, the SME shouldmonitor the developers’ work. Develop-ers should be analyzing the code often,at least before they submit a completedunit of work into the product build.Just as a developer wouldn’t check in aunit of code that doesn’t compile, theywon’t want to check in a unit that stillhas static code analysis issues.

>> Run the build analysis often. Ifthe developers are doing their job andaddressing issues as they come up, thenno issues should be found at this stage.

>> Review deferred issues. After the

process is running smoothly and thetool is a routine part of work, review de-ferred issues and plan whatever remedi-ation is needed for future releases.

The Right Tool For YouThere are numerous open source

and commercially available static codeanalysis tools on the market. Whenchoosing one, the place to start is withlanguage support. Some tools like Ada-Core’s CodePeer and Green Hills’ Dou-bleCheck support a single language.Other static code analysis tools supportmultiple languages (see table, p. 44).

But language support isn’t the onlyconsideration. When ACI Worldwidewas in the market for a static codeanalysis tool 2-1/2 years ago, we identi-fied five vendors—Coverity, FortifySoftware, Klocwork, Ounce Labs, and


JavaFX Database Programminginformationweek.com/1264/ddj/javafx

How To Develop For The iPadinformationweek.com/1264/ddj/ipad

MORE DR. DOBB’S ONLINE

Veracode. Veracode was eliminated im-mediately because it only offered codeanalysis as a service, and we wanted atool that could be used in-house andprovide developer training. Each of theother four vendors performed an in-house proof-of-concept on a large C++program (2,500 KLoCs) and a largeJava program (600 KLoCs).

Coverity was eliminated because, atthe time, the tool provided excellentquality checking but had limited se-curity checking. Conversely, we elimi-nated Ounce Labs because it focusedalmost exclusively on security, assum-ing that the prospect already hadquality checkers, which wasn’t thecase for us.

Fortify Software and Klocwork werecomparable in their ability to find im-portant quality and security issues.However, Klocwork’s licensing modelmade it less expensive for us. Kloc-work used the FlexLM license man-ager with floating licenses, whereasFortify Software had a dedicated codecontributor model. Since we have de-velopment centers spread around theglobe in different time zones, we’reable to share the licenses very effec-

tively around the clock, so Klocworkwas the right fit for us.

Final AnalysisOverall, static code analysis has

proved to be a valuable tool for ACIWorldwide. For a reasonable cost perdeveloper, we’re finding serious bugsmore comprehensively and earlier inthe development process.

In addition, the Klocwork suite wechose provides a way to connect expe-rienced senior developers with juniordevelopers. The tools include extensive

help files that refer developers havingdifficulty with an issue to a more-expe-rienced developer to get advice—al-ways a valuable interaction.

Bottom line: Static code analysistools help incorporate security andquality awareness into the fabric of theentire development organization.Finding bugs earlier and avoiding se-curity breaches is invaluable to anysoftware development effort.

Sid Sidner is director of security engi-neering for ACI Worldwide.



Watch Your LanguageDifferent static code analysis tools find defects in different languages

Tool Languages Supported

AdaCore’s CodePeer AdaCoverity’s Prevent C, C++, C#, and JavaGrammaTech’s CodeSonar C/C++ and AdaGreen Hills’ DoubleCheck C/C++ Klocwork’s Insight C, C++, C#, and JavaLattix’s LDM Ada, C/C++, Java, and .NET Microsoft’s StyleCop C++ and C# Ounce Labs’ Ounce Core Java, JSP, C/C++, C#, ASP.NET,

and VB.NET

informationweek.com

Gwyn Fisher is chief technical officer at Kloc-work, a provider of static code analysis tools.He recently spoke with Dr. Dobb’s editor-in-chief Jonathan Erickson.

Dr. Dobb’s: What’s the hard part of static analysis?Fisher: There’s a tipping point in using a static analysis

tool, and it depends on finding that “aha!” moment asquickly as possible. This might be a bug you’d never havefound yourself, or it might be an architectural recommen-dation that slipped past you. Whatever it is, it has to hap-pen pretty quickly.

Dr. Dobb’s: As a tool builder, how do you cope withnew technologies?

Fisher: It might be a technology paradigm shift, suchas multicore, it might be a new standard or a new defacto adoption of a framework such as Boost—all of theseform the core of what we invest in over time. Developersbuy a static analysis tool because it finds bugs in theircode. Anything else we do differentiates our approachfrom our competitors, but if we don’t support their lan-guage, platform, or libraries, then the product isn’t worthimplementing.

Dr. Dobb’s: Does parallelization make static analysisfaster, better, more accurate?

Fisher: Yes indeed. Any competent analysis product canprocess nodes in the control flow graph that occur at thesame level in the hierarchy in parallel. We provide bothmulticore parallelism as well as a multimachine parallelism,both of which can be used to scale the analysis task almostlinearly across hardware resources.

Dr. Dobb’s: When it comes to static analysis, what’sthe Holy Grail?

Fisher: What we’re all working hard at is trying to ac-tually completely solve the problem of static analysis. To-day’s commercial tools all work in an unsound model ofanalysis, whereby we claim to find some bugs in yourcode, and we don’t—and can’t—claim to find all thebugs in your code, and only the bugs in your code. Anytools—mostly academic—that perform sound analysis,and therefore claim to find all bugs in your code, do so atthe cost of vast false-positive numbers, upward of 80% to90%. Obviously that’s not tractable for real usage, so theHoly Grail here is a technology that not only can find allbugs, but has a 0% false-positive rate at the same time.... But don’t hold your breath.

Q&A:‘Aha!’ MomentsAnd The Holy Grail

[DR. DOBB’S REPORT ] STATIC ANALYSIS

It has been a long time coming, but itlooks like unified communications, atleast in some form, is now mainstream. In

our recent survey, 30% of you tell us you’vealready deployed UC, while another 30%have plans to do so sometime in the nextcouple of years. UC means very differentthings to different people, so your first ques-tion is probably: What does implementingUC mean?

For some, it’s just a matter of replacingconsumer chat tools like AIM and Messengerwith enterprise versions. For others, it’s goingall the way to deploying high-end desktopvideoconferencing. For most. though, what’simportant is the ability to pick and choosethe pieces of UC to implement. That requireshaving a strong IP and SIP infrastructure, sothat implementing the desired technologiesis cost effective while letting your architectsleave off any app that doesn’t benefit the or-ganization. That’s making UC much more ap-proachable this time around.

Another interesting data point from oursurvey is that the two business considerationsthat most commonly drive a UC implementa-tion are improving employee collaborationand improving employee efficiency. Thosetwo factors outdistance all others by 25 and18 percentage points, respectively. The busi-ness benefits that rank lower include creat-ing a more mobile workforce, saving ontravel expenses, upgrading PBX systems, andsaving on capex and opex. In other words,the self-apparent use of UC (collaboration) isnow justification all by itself. Seems all thosestudies on collaboration along with a coupleof years of Web 2.0 messaging have had theireffect on us: Creating a collaborative environ-ment is now important.

We see so many polls saying that loweringIT costs is the most important thing underconsideration that it’s noteworthy when the

desired outcome of implementing a newtechnology is anything else. As I see it, this isan important transition for most new tech-nologies. If all a new tech does is purport tosave you some money, chances are youshould be looking at other priorities. Tele-phones, computers, and most other tech-nologies didn’t come in the door with apromise of immediate costs savings; theywere expenses that made companies better atdoing their business. That’s not to say thatcost cutting isn’t an important goal. It is, butthe projects that truly deliver savings univer-sally call for consolidating, closing, discon-tinuing, and firing. If those outcomes aren’tpart of your project, be dubious of realizingany long-term savings.

While the business benefits of UC aremore achievable than ever and implement-ing the technology is more reasonable,there are still plenty of ways to mess up aunified communications implementation.Here, the survey data and comments revealtwo items to watch.

First, keep your system simple. Even whenusers have had training—and it’s critically im-portant that they do—systems that are hardto use just won’t see a lot of use. What’s “hardto use” can be subjective, but it’s worth un-derstanding. Such requirements as lots of au-thenticating and re-authenticating can be off-putting. The second thing that can derail yourwork is turf wars between telco and IT teams.If that age-old struggle is still going on in yourorganization, it’s time to end it for good.

Art Wittmann is director of InformationWeekAnalytics, a portfolio of decision-support tools and analyst reports. You can write tohim at [email protected]. More than100 major reports will be released this year.Sign up or upgrade your membership atanalytics.informationweek.com/join.

Unified Communications’Day Has Arrived

practicalAnalysisA R T W I T T M A N N


It seems that all

those studies

on collaboration

along with a couple

of years of Web 2.0

messaging have had

their effect on us

Microsoft, always the butt of criticismbecause of its enormous size and in-fluence, is taking more jabs than

usual about its perceived inability to innovate.One former executive, writing in The NewYork Times, called the company “a clumsy, un-competitive innovator.” My colleague BobEvans worries that Microsoft is “drifting to-ward fat and complacent, prone to bold talkbut tepid action.” The message boards areteaming with unfavorable comparisons to Ap-ple, Google, and other competitors that arerattling the high-tech rafters with their excit-ing products and novel delivery models.

I pretty much agreed with that thinkingbefore heading to Redmond last Thursday fora day of meetings with Microsoft’s top execu-tives, but I came away more confident aboutthe company’s ability to shake things up, es-pecially in the cloud. Sure, all the execs, in-cluding CEO Steve Ballmer, were on mes-sage, reiterating Ballmer’s March manifestothat Microsoft is now “all in” when it comesto cloud computing. But as with Bill Gates’“Internet tidal wave” missive in 1995, theproof is in the execution, and early signsshow a company committed to transformingthe way it builds products and serves cus-tomers (and generates profits), rather thanone trying to capitalize on the latest hype.

Take the Windows Azure Services Platform.Released in February, this cloud-based appdev environment isn’t just something Mi-crosoft plucked out of the vapor. It’s beenworking on it for more than four years, withthe goal of providing developers with on-de-mand compute, storage, and networking tohost, scale, and manage apps in Microsoft datacenters via the Web. Azure is mainly for .Netapps, but it also supports PHP, Java, Ruby, andPython. Later this year, Active Directory willbe able to issue a federated identity to authen-ticate users of Azure services.

Microsoft execs note that mainstreamadoption of Azure is years away, and thecompany is now absorbing prodigious cus-tomer feedback to iterate the platform. As foreveryday apps such as Exchange, SharePoint,and Dynamics CRM, Microsoft sees half of itsrevenue from those products coming fromcloud-based versions within four years. “Weneed to be (and are) willing to change ourbusiness models to take advantage of thecloud,” Ballmer wrote in his March memo toemployees. Compare those words and deedsto the equivocation about software as a ser-vice from SAP and Oracle, and then tell mewho the laggards are.

Granted, Azure and Exchange Online aren’tquite the stuff of iPad buzz, but big enterpriseIT platforms and decisions don’t work thatway. It’s the reason Steve Jobs couldn’t care lessabout selling to enterprises, where architectureand standards and manageability and compli-ance and ROI trump gotta-have-it impulse.

And no question, Microsoft has laid someeggs—Zune comes to mind immediately, asdo Windows Vista and Mobile. But Microsofthas had plenty of buzz-worthy innovations itdoesn’t get much credit for. One example isProject Natal for Xbox 360, which uses sen-sors and software to track body movementsand respond to spoken directions andchanges in voice tone. Its Surface tabletoptouch-screen computer has enormous poten-tial as a gathering place for multiple users tointeract with data and each other.

Never before has a company so big and soastoundingly rich been taken so lightly by somany. Microsoft won’t dominate the cloud—no company will—but it will be the preemi-nent, most profitable player there in no time.

Rob Preston is VP and editor in chief of InformationWeek. You can write to Rob [email protected].

Microsoft The Innovator? Give It Some Credit

Early signs show a

company committed

to transforming the

way it builds products

and serves customers

(and generates profits)

R O B P R E S TO N

52 April 26, 2010

Businessdown tofrom the edi tor

informationweek.com

April 26, 2010 Hand Over Your E-Mail

Documents

Transcript of April 26, 2010 Hand Over Your E-Mail