CIO Update: Web Services Case Studies From the Front … · CIO Update: Web Services Case Studies...

In This Issue...

1CIO Update: Web Services

Case Studies From the Front LinesToday’s Web services are being deployed tomanage lightweight data integration and to

provide improved data access acrossenterprise information webs. A discussion ofseven case studies shows how Web services

have been successfully implemented.

1Management Update:

The HR Business ProcessOutsourcing Market Is Booming

Most enterprises are well aware ofbusiness processing outsourcing (BPO),

and the human resources (HR) segment isthe hottest part of the BPO market.

Gartner analyzes the HR BPO market,discusses key trends and provides guid-

ance on vendor selection.

12Management Update:

CRM Business TransformationIs More Than Just Technology

Achieving the business transformationrequired for CRM goes far beyond

developing a vision and strategy and thenattempting to fulfill it through implemen-tation of technology. Gartner points out

the leadership requirements and structurenecessary for successful execution.

17Management Update:

The Outlook for the PKI MarketWith less market emphasis on crypto-

graphic key management, and more onrule-based identity and access manage-ment, public-key infrastructure (PKI)

market participants are transforming orfailing. PKI has not lived up to its hype.

20At Random

(continued on page 2)

InSide Gartner This Week Vol. XIX, No. 28 9 July 2003

(continued on page 9)

Management Update:The HR Business ProcessOutsourcing Market Is Booming

Most enterprises are well aware of business process outsourcing (BPO),and the human resources (HR) segment is the hottest part of the BPO

market. Gartner analyzes the HR BPO market, discusses key market trendsand provides guidance on vendor selection.

HR BPO: Not an End Unto Itself

Some enterprises view HR BPO as an undertaking that is healthy for thebusiness, since it will enable them to focus on core competencies. Othersview HR BPO with skepticism, believing that enterprises can lose controlthrough outsourcing.

CIO Update: Web ServicesCase Studies From the Front Lines

Today’s Web services are being deployed to manage lightweight dataintegration and to provide improved data access across enterprise

information webs. A discussion of seven case studies shows how Webservices have been successfully implemented.

Learn From the Examples of Early Adopters

The benefits of Web services come slowly but steadily, as enterprises maneu-ver from learning about the specifications to dreaming up new uses for them.Enterprises that are interested in using Web services to accomplish the goalsof particular projects, or that are considering Web services as the fundamentalaspect of conversions to service-oriented architectures, should learn from theexamples of early adopters. Such precedents can help enterprises to identifybest practices or inspire them to come up with novel applications for Webservices technology.

2 Inside Gartner This Week

© 2003 Gartner, Inc. and/or its Affiliates. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has beenobtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissionsor inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. Theopinions expressed herein are subject to change without notice. Comments should be e-mailed to: [email protected].

CIO Update:Web Services Case Studies From the Front Lines (continued from page 1)

To demonstrate the increasingdiversity of the technology’s impact,Gartner sought out enterprises thathave used Web services in projects.Case studies of seven such enter-prises are provided below.

Rotech Healthcare

Tactical Guideline: As always withprojects that rely heavily on open-source or community-based develop-ment methods, standards remainimmature, and projects should not be“shoehorned” into a particularmodel. Although Rotech Healthcarehas 10 Web services projects indevelopment or testing, it is notseeking to solve all business prob-lems through a Web services model.

Rotech Healthcare, based in Or-lando, Florida, provides medicalservices through a distributednetwork of small healthcare compa-nies in 650 locations. It maintains alean IT staff and seeks to solvebusiness problems through light-weight integration initiatives.

To better manage its sales resources,Rotech wished to compare dataabout the location of enlisted doc-tors’ offices with the location of itspatients. Incongruities or anomaliesrevealing that more doctors thannecessary had been sold in low-patient areas, or the reverse, wouldaid Rotech in deploying salesrepresentatives to even out themixture. However, data concerningthe patients Rotech serves resides in

a Virtual Storage Access Method filemanagement system, while dataconcerning relevant doctors residesin a Linux-based Structured QueryLanguage database.

Instead of creating a new, relationaldatabase, Rotech established a SOAP(Simple Object Access Protocol) linkbetween the data sources to feed ahomegrown analytical application(see Figure 1). The use of Webservices enabled Rotech to establishthe link more swiftly than it couldhave through conventional means.Rotech has spent very little on theproject, devoting one or two develop-ers per day for less than two weeks.

Aware that SOAP faces challenges interms of its ability to transfer large

amounts of data rapidly, Rotech runsthe reports at night and periodically,instead of in real time.

Rotech believes the results haveprovided immediate benefits.Rotech can see more clearly how itssales resources should be deployedto improve the utilization of its corebusiness services, includingcircumstances where its patientcount implies that its doctor countis too low.

The Colorado Departmentof Agriculture

Colorado’s agriculture departmentneeded to modernize access to themultiple sources of data it uses intracking the health of the state’s

Figure 1Rotech Uses SOAP to Bridge Disparate Data Sources

SOAP

Old

SOAP

Patients(VSAM)

Doctors(SQL)

Patients(VSAM)

NewAnalytic

Logic

Doctors(SQL)

Source: Gartner

SOAP Simple Object Access ProtocolSQL Structured Query LanguageVSAM Virtual Storage Access Method

39 July 2003

captive elk population. Before thedepartment’s Web services project,employees had to manually combinedata from multiple sources into aMacintosh HyperCard applicationfor analyses. Defining, assemblingand inspecting reports could take aslong as six weeks.

When an elk is diagnosed with acontagious disease, it is critical todetermine what other elk it has hadcontact with, to trace back to anyoutbreak’s “patient zero,” as well asto evaluate the risk of contagion inother elk. Thus, the six-week waitwas a significant detriment to rapidresponse. Additionally, the applica-tion within which the data wasanalyzed did not reside on thenetwork and, therefore, was difficultto access.

The dominant technologic source forthe data was a database that gener-

ated printed reports that employees inturn typed into the HyperCardapplication, where both the businesslogic and the data resided. Therelational database consists of about20 tables, with 14 to 30 fields per table.Lengthy waits to trace sick elks’previous contacts were common.

In the Web services solution, usersplace their requests via an ActiveServer Pages Web interface, whichpasses requests via a dynamic linklibrary to SOAP wrappers (seeFigure 2). These, in turn, address aCOM+ (Component Object ModelPlus) transaction layer, whichinteracts with the database. Theresults are passed back through thechain to the Active Server Pagespresentation layer for the user tosee. The SOAP layer for datatransport was adopted to increasethe installation’s future flexibility.

Officials report that they can traceback an elk’s contacts with otherelk immediately, instead of waitingweeks for a report. The universalview of data the new systemprovides is critical for enablingunified strategies of public commu-nication about outbreaks or dis-eased individual elk.

Development required one workerfrom Compuware and two workersfrom the state for 14 weeks. Theproject architect was full time. Twodevelopers were cycled in and out ofthe project.

Developers learned that the Webservices aspect must be tied closely tothe data source. An initial attempt ata three-tier physical architecturefailed, because interchange betweenthe Web service and data sourcebogged down the Web service’s

Source: Gartner

ASP,JavaScript

DLL SOAP COM+

SQL

OtherLegacy

Captive Elk Population Health Tracking System• Reduced tracking time

• Improved interoperation• Replaced legacy system

DLL dynamic link librarySOAP Simple Object Access ProtocolSQL Structured Query Language

ASP Active Server PagesCOM+ Component Object Model Plus

Figure 2The Colorado Agriculture Department Speeds Elk Health Analysis


response time. Placing the serviceand the database on a single physi-cal server and placing the Web serveron a separate server resolved theproblem. The state learned that,although substantial benefits are tobe gained from a Web servicesdeployment, the technology’snewness led to development “hic-cups” that delayed the projectsomewhat.

MapPoint

Tactical Guideline: Microsoft’sexperience with MapPoint .NETillustrates how effective delivery ofWeb services requires at least asmuch effort in operational deploy-ment and commercial strategy as itdoes in technical specification anddevelopment. Enterprises shouldensure that they have identifiedrelevant stakeholders and processowners for all dimensions of a Webservice deployment.

MapPoint shows the potential andthe challenges of fully deployed Webservices. MapPoint is a naturalcandidate for Web services usebecause mapping data has highvalue in many contexts, but isn’tsomething most enterprises want tocollect or manage for themselves.Map data appears static but inpractice changes significantly all thetime, particularly when comple-mented by data such as points ofinterest. MapPoint thus shows thepotential for other owners of special-ized data to distribute information ata transaction level via a Web service.

MapPoint comprises a substantialdatabase of cartographic data and aprogram to search and display thisdata. The MapPoint application wasconceived and designed to run as asingle-user PC application. It is alsoavailable as an ActiveX control withan extensive object interface, in-tended for embedding in otherapplications. The challenge forMicrosoft was to turn MapPoint intoa multiuser system, accessible overthe Internet, and capable of integra-tion with other systems requiringmapping data.

The initial step of defining a SOAPapplication programming interface(API) was fairly simple, since thatcould be wrapped onto the provenCOM (Component Object Model) APIfrom the ActiveX control. The secondtechnical challenge was moresubstantial. It involved taking aquery and rendering programdesigned for single users andturning it into something that couldservice high-volume concurrentaccess over the Internet. Microsofthad, however, already decided todeliver an Internet mapping servicevia MSN, and the implementation ofa high-performance engine to accessthe cartographic database was,therefore, already planned.

With a SOAP API, a WSDL (WebServices Description Language)interface specification and a high-performance data access engine, theMapPoint Web service was “ready tofly.” The more-substantial challengesinvolved creating a deployment

infrastructure and commercial termsand conditions for use of the service.

A number of the initial deploymentsof MapPoint .NET are within MSNservices (for example, Expedia andHomeAdvisor). Other early adoptersare Dollar Rent-A-Car and theGerman hotel booking servicehotel.de. TellMe uses MapPoint .NETto provide voice driving directionsfrom a mobile phone.

A particularly innovative applica-tion of this Web service was devel-oped by Marks & Spencer, whichuses MapPoint .NET to combat creditcard fraud. When the same accountnumber shows up as having beenused in multiple stores in a brief timewindow, this raises an alert. Thesystem then sends the store locationsto MapPoint .NET with the request toreturn a drive time. If the drive timeis significantly more than the actualdifferential between purchases, theconclusion is that an instance ofcredit card fraud has likely occurred.

Several key factors contributed to thesuccess of the MapPoint .NETinitiative, including the following:• Microsoft identified clear business

objectives related to the intrinsicvalue of the established database.

• It created a deployment environ-ment — including staging andmanaged operations — thatallowed users to test and monitorsystems that embed the Webservice.

• Microsoft identified a commercialframework that reflects the natural

CIO Update:Web Services Case Studies From the Front Lines (continued)

59 July 2003

usage pattern of applicationsusing the Web service. Thisframework, which takes advan-tage of transaction-based pricing,is seen as equitable but not overlycomplex.

• MapPoint .NET leveragesconsiderable prior investment.Creation of such a service fromscratch would be much moredifficult to justify.

uBid

Tactical Guideline: Where intercon-nections between enterprises arecritical to the provision of a service toa customer, Web services technolo-gies offer a relatively standard, low-risk, low-cost, multiplatform ap-proach. uBid’s situation representedan optimal opportunity to use Webservices, given the reasonableness ofthe interface, the limited number ofpartners, the nature of the businesstransaction and the contractualnature of the business relationship.Enterprises should look for opportu-nities that fit this profile as candi-dates for early interenterprise Webservices projects.

The complexity of the functionalityavailable at most auction sites hasincreased significantly, andaggregators are becoming moreimportant as their value and thevalue of online auctions are betterunderstood. uBid needed a moderntechnological solution for supportingmultiple aggregators. The most-important motivator was the threatthat an aggregator might pull its

support from a site if interacting withit was too hard.

uBid needed a solution that wouldenable aggregators to interact withits site in a reliable, secure andcost-efficient way. It wanted asolution that could be developedonce, for all aggregators.

uBid discussed the situation withmany of the aggregators and foundthat they all appeared ready to adoptSOAP interfaces to their systems.uBid’s own Seller Interface, with itsMicrosoft COM and DistributedCOM components, was also a likelycandidate for conversion into a Webservice. uBid and Tallán developed asynchronous XML- and SOAP-basedinterface enabling the flow of infor-

mation between uBid’s databasesand third-party applications (seeFigure 3).

Initially, the project team consisted oftwo people, who spent the first twoweeks evaluating SOAP implementa-tions and designing a solution. Bythe third week, the uBid project teamhad grown to 14 people, had a testsite running and had produced aWSDL file for consumption by theaggregators. The project was com-pleted in 14 weeks.

It now takes less than two weeks toconnect a new aggregator, and theonus for the integration effort fallsprimarily on the aggregator. uBidsimply supplies a WSDL file andhelps test the integration.

Source: Gartner

SOAP

SellersAuction

Aggregators Buyers

Web

uBid

SOAP Simple Object Access Protocol

Figure 3uBid Connects With Multiple Aggregators


Figure 4Eastman Chemical Streamlines Customer Ordering


uBid has seen the average number ofitems available for auction increasefrom approximately 500,000 toapproximately three million. It isnow connected to numerousaggregators and has seen the numberof available items increase signifi-cantly, with a high of six-and-a-half-million items in one day.

Eastman Chemical

Tactical Guideline: Eastman Chemi-cal has steered clear of trying toreinvent its online ordering system,and has also resisted the temptationto re-architect its business-to-business e-commerce system.Eastman has chosen instead topursue a straightforward, compara-tively low-risk Web services applica-tion, which could continue tofunction in a traditional Web serverenvironment should problems arise.

A global company with headquartersin Kingsport, Tennessee, EastmanChemical has been very pragmatic inevaluating the potential of Webservices to streamline Web-based e-commerce. After a careful analysis,Eastman concluded that shorteningthe “info to order” cycle was arealistic application of Web servicesat this early stage of its evolution.

This would mean putting deep,responsive product informationsystems in place to simplify andultimately expedite the onlineproduct selection process. Typically,such systems assist the customerwith appropriate and effective use of

purchased products, using suchtools as product configurators.

Eastman had migrated its configura-tion spreadsheets online as interac-tive product configuration wizards.Since these wizards were driven byserver-side application logic anddynamically generated scripts, theywere cumbersome to maintain andenhance. More importantly, given thebreadth of Eastman’s reseller net-work, this script-driven architecturemade it difficult to providecustomizable, value-added wizardsthat could be hosted by thecompany’s specialized channelpartners.

Therefore, Eastman chose a Webservices approach. It has developedSOAP/XML wrappers for a number ofwizards. Initially, the wizards weredeployed directly to the desktops of its

largest direct customers by usinggeneral-purpose, XML-based, client-side graphical user interface (GUI)engines (see Figure 4). These enginescan execute within a Web browser ordirectly on the desktop, and aredesigned to be powered on the backend by a presentation layer serveroperated by Eastman. The companyused a combination of Microsoft’sCOM+ components and VisualStudio .NET development frameworkto create the wizards.

On the back end, Eastman usesWebMethods’ WSDL generator topublish its wizard interfacedescriptions. These descriptionsare manually uploaded to GrandCentral Networks’ service registry.

Initial testing shows one- to two-second response times for thewizard, which falls well within the

Source: Gartner

COM+

Visual Studio .NET

SOAP

Wizard

Eastman

SOAP Simple Object Access ProtocolWSDL Web Services Description LanguageXML Extensible Markup Language

WSDL files

XMLGUI

XMLGUI

XMLGUI

COM+ Component Object Model PlusGUI graphical user interface

79 July 2003

acceptable range for an interactivedesktop application. Eastman isconfident that this performance willscale satisfactorily, as most wizardsshould have less than 100 concur-rent users at any given time.

Eastman has found that the distrib-uted, rich-client GUI architectureenables it to build and deploy userinterfaces that are far more sophisti-cated than those generally availablethrough Web browsers. This ap-proach has allowed the company tocreate a user experience that en-hances the intrinsic value of thecompany’s product knowledge base.

Key to the success of this projectwas the choice of a highly distrib-uted, XML-based GUI environment,and a relatively uncomplicated,Microsoft-based execution flow onthe back end of the wizards. Thus,Eastman has wisely chosen to“keep it simple” from a processflow and execution standpoint.

Google

Tactical Guideline: Applicationsaccessible through the Internet maybe swiftly divided into elements andexploited effectively with no majorundertaking, if the application isuseful, effective, trustworthy — andpriced right.

The popular search engine Googlehas published a SOAP interface. Theuses made of this interface by acommunity of enthusiasts herald thenew rules of the Web services era.

In early 2002, Google announced thatit would provide access to its searchindex and particular functionsthrough an interface using SOAP. Theensuing months brought a flurry ofintriguing exploitations of the oppor-tunity. Google has tallied a variety ofuser integrations to its index andsearch functions, from simple “be-cause it’s there” inclusion of a Googlesearch box on Web journal pages tomore-sophisticated use of its matchingand relevancy algorithms.

Developers have created:• A system that enables users to

input the contents of their Webjournals into a Google relevancymatcher, along with other home-grown analytic functions, toreveal other journal keepers whoshare their interests.

• A typographical-error generatorthat enables users to input a word,then see how it is most-oftenincorrectly rendered in written(Web-accessible) discourse.

• A Web journal publishing enginethat analyzes an entry’s title andincorporates in the entry anaddendum of appropriatesearches as identified by Google.

The enthusiasm with which usershave incorporated search functionalityinto these other applications demon-strates how search is increasinglycapable of being reduced to compo-nents. Like other applications, searchengines were originally aspects ofunitary products that included access,business logic and contents, as well as

other support elements, such asrepository format and user authentica-tion. As those functions have beenbroken out and search applicationshave emerged into their own category,vendors have deconstructed theseapplications further.

The trend toward deconstruction ispromoted and augmented by thegrowing interest in Web services as amethod of accessing applicationinterfaces in a granular, but stan-dards-based, fashion. Google willuse this step to provide its index toenterprises that require a look at thebroad Web, or at their own internalcontent, but lack the sophistication todevelop a full Web index or thecommitment to establish search-and-retrieval logic for their own unstruc-tured content.

Google is casting a wide net over avariety of business models, andaccess to this API is no exception.Gartner expects that, by year-end2004, more than 5 percent of Googlesearches will be invoked through itsSOAP API.

Swiss Interbank Clearing

A few years ago, Swiss InterbankClearing’s (SIC’s) electronic datainterchange (EDI) implementation —based on EDIFACT (EDI for Admin-istration, Commerce and Transporta-tion) — was slow, complex, anddifficult to maintain. EDI requiredexpensive and redundant mecha-nisms to back up operational data



transfers in an asynchronouscommunication mode.

Customer demands for faster fundclearance, along with a Web-basedinteractive interface to monitortransaction processing, could not bemet by the established infrastructure.In addition, customer banks experi-enced problems late in the fundsclearance process, potentially harmingcustomer relationships, and resultingin high exception handling costs.

In 2001, SIC employed Otego AG, aZurich-based consultancy, to developand implement a Web-based system toreplace its older, asynchronous EDIinfrastructure. SIC decided to use aWeb services approach, with the hopeit would achieve lower developmentcosts and reduced time to market ifchanges to the core application werehandled on SIC’s existing mainframe-based clearing system through anXML-based Web connector. The coreapplication was based on scriptingEDIFACT fund clearance processes toXML, and the use of SOAP messagingfor connecting XML data to theHypertext Transport Protocol (HTTP)transport layer (see Figure 5).

SIC clients can choose betweendifferent methods of access (viabrowser, Java client and end-to-endintegration) on existing clientdevices, when necessary. SecureHTTP encryption with SecureSockets Layer is used to ensure thesafe transfer of all data. Authentica-tion is achieved by using smart cardsoperating digital certificates withinan encrypted channel.

The new Web service solution differsfrom the old EDIFACT-based systemin its synchronous data flow, use ofWeb-based specifications andextensible architecture. Responsetimes have been reduced to a fewseconds in a real-time environment.SIC customers receive immediatefeedback to each action in thepayment-clearing process, includingpotential problems.

Bottom Line

Gartner’s recommendations are:• Begin planning now for an

internal SOAP deployment to pilotthis year.

• Identify appropriate externalpartners to pilot an external SOAPproject in 2004.

• Designate one to three developersto experiment immediately with

SOAP interfaces to Google or otherexternal products.

Written by Edward Younker,Research ProductsAnalytical source: Whit Andrews,Gartner Research

This article is an excerpt of a chapter froma new report, “Harnessing the Power ofWeb Services and Middleware: Building andDeploying Integrated Applications for theAgile Enterprise.” The report is an offeringof the Gartner Executive Report Series, anew business venture of Gartner Press thatprovides buyers with comprehensive guidesto today’s hottest IT topics. For informationabout buying the report or others in theExecutive Report Series, go towww.gartner.com/executivereports.

For related Inside Gartner articles, see:• “CIO Update: Web Services Provider

Platforms and Delivering Functionalityas a Service,” (IGG-06042003-02)

• “Management Update: SecurityStrategies for Enterprises Using WebServices,” (IGG-05282003-02)

• “Management Update: A ConceptualEvolution, From Process to WebServices,” (IGG-05142003-01)

SwissInterbank

Bank1

Bank2

Bank3

BankN

EDIFACTXML

SOAP

EDIFACTXML

SOAP

EDIFACTXML

SOAP

EDIFACTXML

SOAP

Source: Gartner

EDIFACT Electronic Data Interchange for Administration,Commerce and Transportation

SOAP Simple Object Access ProtocolXML Extensible Markup Language

Figure 5Swiss Interbank Clearing Takes Transactions to the Real-Time Level

99 July 2003

Regardless of the perspective, allenterprises should be aware of akey principle for success with HRBPO — it cannot be treated as anend unto itself. Outsourcing won’tmake a business smarter. Outsourc-ing HR isn’t strategic – businessgoals are. How well the gainsachieved from outsourcing servekey business goals will be criticalto judging HR BPO success —whether those goals involve lower-ing costs, freeing up resources inother core functions of the businessor increasing resource agility.

Crucial to success in HR outsourcingis keeping the bigger picture in mind:• What are the business goals of the

organization?• How will HR outsourcing help —

or possibly hinder — those goals?

Enterprises must keep those ques-tions at the heart of their decisionsabout whether to outsource HR, towhat extent this business processwill be outsourced, and whichvendor to choose.

HR BPO Market Overview

Strategic Planning Assumption: By2005, 85 percent of U.S. enterpriseswill outsource at least one compo-nent of their HR functions (0.8probability).

Gartner’s BPO market modelsegments this market into threeareas: supply management, de-mand management and enterpriseservices. In each of those areas, anumber of processes are goodcandidates for outsourcing.

HR and human capital management(HCM) are a component of enterpriseservices, which tend to involve back-office, intraenterprise processes thatare largely characterized as beingnoncore yet critical to the day-to-dayfunctioning of the enterprise. Thiscategory of processes is gainingpopularity in the BPO marketplaceamong both providers and buyers.

Providers are creating and strength-ening their offerings in enterpriseservices, because an offering canmore easily be leveraged acrossseveral industries. For example, anHR BPO offering can be applied withlittle customization to financialservices, manufacturing and utilities.This is not to downplay the impor-tance of a sound vertical-marketunderstanding by the vendor;however, when it comes to HRoutsourcing, process expertise is themost important criterion.

The HCM component of enterpriseservices can be further segmentedinto subprocesses that can beoutsourced. The most common arepayroll, benefits, hiring and recruit-ing, training and education, andpersonnel administration. Whenconsidering outsourcing HR,enterprises must first determinewhether it is appropriate tooutsource the entire spectrum ofHR processes, a single HR subpro-cess or a piece of a process. Manyenterprises may choose to forgoBPO entirely, and outsource onlyprocess-enabling components of IT,such as HR management systembusiness applications.

Examining Trendsin the Market

Strategic Planning Assumption: By2005, the number of outsourcedbusiness processes will havedoubled compared to those in 2000(0.8 probability).

Tactical Guideline: HR BPO is avast, mature and growing external-service option for enterprises.However, the market is not mono-lithic, and enterprises must under-stand what “flavors” of HR BPOcan most meaningfully impact theirbusiness. Creation of a sourcingstrategy for HR that determines theproper mix between internal andexternal services will be critical tosuccess.

HR outsourcing has long been thevanguard of BPO, and it remains, byfar, the most outsourced businessprocess. Gartner forecasts that, by2005, HR will constitute approxi-mately 30 percent of BPO spendingworldwide, and that HR BPOspending will top $55 billion (seeFigure 6). Payroll and benefitsservices are driving the growth of theHR BPO market. Enterprises that arealready outsourcing HR processesexpect to significantly increase theirinvestment in HR outsourcing in thenext 24 months.

Gartner no longer includes contractmanufacturing in its market forecastsof BPO. Beyond HR, the remainder ofthe services included in Gartner’sBPO market forecasts include:• Administration• Finance

Management Update:The HR Business Process Outsourcing Market Is Booming (continued from page 1)


• Direct procurement• Indirect procurement• Payment services• Warehouse and inventory

management• Transportation administration• Customer selection, acquisition,

retention and extension services

Within the HR portion of the BPOenterprise services segment, themost popular areas for outsourcinghave been noncore, back-officeservices such as payroll, benefits,and education and training (seeFigure 7). Best practices and vendorscalability have been accrued overtime, and Gartner believes thatenterprises perceive those BPOoptions as being less risky andoffering greater value for the moneythan other candidate processes.

HR is far more mainstream andcommon a BPO undertaking than,for example, field sales and servicesupport, so inhibitors are lowcompared to other processes.Therefore, HR outsourcing services,as a group, have had the mostactivity among respondents toGartner surveys of BPO servicerecipients. However, as BPO iswidely adopted for back-officefunctions, Gartner expects that it willalso gain traction in additional,interenterprise process areas, such asdemand and supply management.

Action Item: Decide whether tacticaloutsourcing of individual processes(like payroll) or holistic, end-to-endoutsourcing (of the entire HR func-tion, for example) makes the mostsense for your enterprise, and take

into account vendor maturity as wellas the experiences of other enter-prises in your industry.

HR BPO Drivers and Inhibitors

The belief that outsourcing can cutcosts attracts enterprises to HR BPOlike moths to a flame. Like the moths,these enterprises can become enlight-ened, but can also get burned.

Enlightenment comes when the cost-reduction-seeking enterprise discov-ers other beneficial outcomes thatoutsourcing can provide, such as theability to focus on the core businessand improve service levels. However,many enterprises have been burned— badly, in some cases — as a resultof misaligned expectations, selectionof the wrong vendor or too narrow afocus on why they were outsourcingin the first place.

Enterprises turn to processoutsourcing for a variety of reasons.They include:• The high cost of transactions• Too much time spent on daily

operations• The high cost of upgrading

applications• Unintegrated processes• Difficulty in hiring or retaining

process staff• Lack of timely or accurate reports

Those “pain points” in the backoffice manifest themselves in avariety of drivers and inhibitors tooutsourcing. Foremost among thedrivers are the goals of focusing onthe core business, improving

Market Size($ in billions)

$32.1 $35.2 $39.0$45.9

$51.4$54.9

0

40

80

120

160

$200

2000 2001 2002 2003 2004 2005

HR OutsourcingRest of BPO Market

Source: Gartner DataquestBPO business process outsourcingHR human resources

Management Update:The HR Business Process Outsourcing Market Is Booming (continued)

Figure 6Worldwide BPO Market Size and Forecast, 2000 to 2005

119 July 2003

service levels and reducing imple-mentation costs.

A major obstacle for enterprises,however, is doubt or skepticismconcerning whether they willactually achieve the desired businessbenefits. Other challenges includefear of loss of control (the “notinvented here” syndrome) and theresulting impact on employees (the“retained team”). Moreover, enter-prises often lack the appropriateinternal process measurements,which makes it difficult to designcontract terms, conditions andmetrics to reward the achievement ofthe desired results.

Action Item: Vendors shoulddemonstrate real-life examples of HR

BPO customers that have realizedvalue over time. Vendors should alsodemonstrate a strong dedication tothe BPO model in years to come.

Selecting a Provider

Tactical Guideline: Many leadingplayers in HR BPO hail from outsidethe realm of IT services. Enterprisesmust select vendors from emergingcategories of contenders, and no“runaway” leaders exist.

Selecting the right HR BPO providerrequires that enterprises do theirhomework. To help enterprisesnavigate the competitive landscape,Gartner has highlighted particularBPO vendors as examples of sixmain categories from which enter-prises can choose:

• The consultants include theformer “Big Five” consultingfirms: Accenture, BearingPoint,Cap Gemini Ernst & Young,Deloitte Consulting and IBMBusiness Consulting Services.

• The IT outsourcers includingsome of the largest IT serviceproviders. Examples includeAffiliated Computer Services,Computer Sciences, EDS andUnisys.

• The pure-play vendors areventure-capital-funded companiesthat generate all their revenuefrom BPO. Examples include Exultand Xchanging.

• The process specialists includelarge payroll, benefits, logisticsand call center providers. Ex-amples are Aon, Automatic Data

HR

Other

Payment

Financeand

Accounting

0%

20%

40%

60%

80%

100%

(118 survey respondents)(76 survey respondents)

Admin.

Source: Gartner DataquestHR human resourcesCOBRA Consolidated Omnibus Budget Reconciliation Act

Outsourcingof

Enterprise Services

Top Seven HR Outsourcing Services

Payroll

401(k)

Background Checks

COBRA

Health and Welfare

Flexible SpendingEducation/Training

Figure 7The Most Popular HR Outsourcing Services


Processing, Ceridian, Convergys,Fidelity Employer Services, OnvoiBusiness Solutions, ProBusinessServices, RebusHR, Spherion andSynhrgy HR Technologies.

• The offshore providers includesubsidiaries of the well-knownIndian application outsourcers.Examples include Progeon (anInfosys company) and WiproSpectramind.

• The business service providersmeld Internet-based delivery —following the application serviceprovider model — with a BPObusiness focus. Examplesinclude Administaff,Employease and Workscape.

Bottom Line

The following are some key HR BPOtrends in 2003, and Gartner expectsthem to continue in 2004:• Business Focus: In 2003, many

long-term HR BPO deals aresigned for short-term, cost-cutting

reasons. A short-term drive to cutcosts is leading to an increase inenterprises signing HR contractsthat are focused on immediate costramifications. Many enterpriseswill be disappointed in the longerterm, while others will be enlight-ened by outcomes that are benefi-cial to the business.

• HR BPO Competency: As moreenterprises become comfortablewith the premise of BPO, they willshift their focus to longer-termengagement models that trans-form their HR processes.

• Pricing: The bulk of HR BPO dealsin 2003 are priced on a utilitybasis, with only the occasionalaggregated, multiprocess dealreflecting a complex pricingscheme. In 2004, more of themultiprocess deals will emerge.

• Contract Flexibility: Traditionally,HR outsourcing deals have beenlow in flexibility, but in 2004 therewill be an increased ability to

Management Update:The HR Business Process Outsourcing Market Is Booming (continued)

change service levels and adjustprocess delivery outputs.

• HR as “Strategic BPO”: By 2004,an increasing number of enter-prises, impelled by an improvingeconomic and competitive climate,will become mainstream adoptersof end-to-end, strategic BPO deals.

Written by Edward Younker,Research ProductsAnalytical source: Robert Brownand James Holincheck, Gartner Research

This article is an excerpt of a chapter froma new Gartner report, “Successful ITOutsourcing: Strategies, Tactics andManagement Approaches for EffectiveStrategic Sourcing.” The report is anoffering of the Gartner Executive ReportSeries, a new business venture of GartnerPress that provides buyers with compre-hensive guides to today’s hottest IT topics.For information about buying the report orothers in the Executive Report Series, go towww.gartner.com/executivereports.

For related Inside Gartner articles, see:• “Management Update: IBM Commits to

the Business Process OutsourcingMarket,” (IGG-04232003-03)

• “Management Update: Job-Loss BacklashWon’t Stop the Offshore BPO Trend,”(IGG-04232003-04)

Management Update: CRM Business TransformationIs More Than Just Technology

Achieving the businesstransformation required for

customer relationship management(CRM) goes far beyond developing avision and strategy and then at-tempting to fulfill it through theimplementation of technology.Gartner points out the leadershiprequirements and structure neces-sary for successful execution.

Three Key Elements

CRM and its supporting technolo-gies provide an enriched flow ofcustomer information — fromcustomer interactions throughout theenterprise to people resources whomay be the next customer touchpoint.Technology has the capacity to move

this information reliably from pointto point at high speed. The challengelies in motivating people resources toact appropriately with the informa-tion received, based on the resource’srole and the nature of the interaction.

Key elements for accomplishing thisinclude:

139 July 2003

• Skills and process training• Alignment of compensation with

corporate goals• Disciplined first-line management

driving execution

Strong Executive LeadershipIs Essential

Those elements alone, however, willnot make up for the absence of strongexecutive leadership. Executiveleaders must create a sound visionand strategy, and then empowerexecutive teams with resources andcommitment. Executive vision mustbe accompanied by leadershipcourage if CRM strategies are tosucceed in increasing theenterprise’s ability to provide valueto its customers through improvedservice, support, products and sales.

In addition, technology cannot fulfilla CRM vision and strategy unlesscritical, intermediate steps — such asidentification of the desired customerexperience, organizational collabora-tion and process redesign, andplanning for the relevant data andmetrics — have been addressed inadvance of its deployment.

In short, achieving the businesstransformation required for CRMgoes far beyond developing a visionand strategy and then attempting tofulfill it through the implementationof technology.

Transformation BeginsWith Leadership

Strategic Planning Assumptions:• Through 2005, 75 percent of CRM

projects that do not delivermeasurable return on investment(ROI) will have failed because ofpoor business executive decisionmaking (0.8 probability).

• Through 2005, 65 percent ofexecutives who say they areimplementing a CRM initiativewill lack alignment among theirenterprises’ customers, associatesand executive leadership team ongoals, strategies and action plans(0.8 probability).

Strong executive leadership is aconstant of every successful CRMinitiative. Executives create thecustomer relationship strategy aspart of a corporate vision for growthand increased shareholder value.CRM initiatives often deliver nobusiness value when CIOs and theirstaffs lead CRM initiatives withoutbusiness executive support. Execu-tives must not only achieve boardbuy-in, but also get buy-in from usersand customers — without them,promised contributions to earningsper share will never materialize.

Many executives lack a completegrasp of the CRM economics thatlead to board-level buy-in. For eventhe most politically astute executives,ensuring that the required cross-functional cooperation and fundingis in place will often pose a seriouschallenge. Therefore, a key prerequi-site for success lies in the prepara-tion of enterprise leadership to meetthe challenge. Lacking such prepara-tion, CRM initiatives will fail, as willmany elements of CRM — such asfield sales automation, technology-

enabled marketing and call centertechnology deployments.

The enterprise’s capability to fostermore profitable customer relationshipslies squarely with the senior manage-ment team. A customer-centric culturestarts when senior managementprovides a vision and a state ofempowerment within which customer-centric behavior, processes and valuemeasurement can thrive. CRM initia-tives will fail if a gap exists betweenthe words of a senior executive and theactions taken by those charged withmanaging customer relationships.Described as the “leadership gap,” thedisconnection is the leading cause ofenterprises’ failure to realize thebehavior and process changes neededfor CRM.

In addition, without the properexecutive steering, well-intentionedCRM initiatives will get sidetrackedwhen senior management approvesrogue initiatives because the visionand operational objectives are notaligned. Funding for ad hoc, depart-mentally focused CRM projects willcause enterprises to squanderfinancial and human resources overthe long term because budgeting willnot be aligned and coordinated at theproper levels. Thus, many CRMinitiatives are doomed from the startwhen executive vision is lacking,support is incomplete and empower-ment fails to materialize.

Action Items:• To achieve the goal of building

more profitable customer relation-ships, enterprise leaders must be


Management Update:CRM Business Transformation Is More Than Just Technology (continued)

prepared to show the way aschange agents in behavior, pro-cesses and technology adoption.

• As part of project governance,CRM project champions shouldset up the sales, marketing andcommunication campaign neededto align CRM goals and objectives.

Leadership Structurefor Successful Execution

Fulfilling the vision of a CRMbusiness strategy requires multitierexecution teams to deliver theelements needed to transform theCRM vision into functional reality.This is an imperative that must notbe ignored. Successful CRM leader-ship demands the proper structuralinterplay (see Figure 8).

Execution of a CRM vision requiresallocation of qualified resources from

multiple organizations. Thoseresources will form teams at thevision, strategy, design and develop-ment levels:• Vision — The CEO, driven by

customers and focused on share-holder value, creates the vision forCRM, then allocates resourceswhile acting as “champion ofchange.”

• Strategy — The CRM executive, atthe direction of the CEO and incollaboration with finance and ITexecutives, crafts the CRM strat-egy that will deliver on the visionand ensures that multiple CRMinitiatives are synchronized withthe greater enterprise strategy.

• Design — Driven by the func-tional business leader, the designteam defines the business pro-cesses to be implemented andcreates business specifications forthe technical blueprints.

• Develop — The project managerleads the development, deploy-ment and support of the applica-tions that automate CRM businessprocesses.

Under this structure, organizationsresponsible for executing key por-tions of the plan will have sufficientdecision-making authority, balancedwith accountability, to do so, whilethe interlocked teams ensure consis-tency between vision and reality.

Linking TechnologyInvestments With StrategicGoals and Benefits

Strategic Planning Assumptions:• Through 2005, successful CRM

technology initiatives will havebeen funded based on their abilityto deliver specific businessbenefits with measurable ROI, and

Figure 8Structure for CRM Execution

Validate that business strategieswill increase shareholder value

Create vision, allocateresources, champion change

Vision

Align project initiatives withbusiness strategies

Strategy

Execute and deliver projects ontime and under budget toachieve business objectives

Design

Manage multiple projectthreads to timely completion

DevelopChange

Management

CEO

CRM Executive

Business Leaders

Project Manager

Deployment

DevelopmentUserProcess

TechnicalInfrastructure

Customers

Board of DirectorsShareholders

Finance

Finance

Finance

IT

IT

IT

Source: GartnerCRM customer relationship managementIT information technology

159 July 2003

will be characterized by realisticdeployment schedules focused onsolving specific challenges (0.8probability).

• Through 2005, fewer than 15percent of business executives willclearly articulate how selectedCRM applications will help themattain specific enterprise goals,such as increased revenue, profitsor market share (0.8 probability).

The climate for business investmentin IT has changed dramatically.Many CEOs are now deliberatelycautious in making incremental orinitial investments in CRM technol-ogy. However, the impact andpotential of CRM suggest that itcannot be ignored. Enterprisessuccessful with CRM have achievedcompetitive advantages throughdetailed market segmentation,collaborative team selling or im-proved service response rates.

For enterprises already in the CRMgame, the key question is what willcomprise the next phase and howwill it fit with the blossomingenterprise CRM strategy. If they’veexperienced disappointment, how dothey re-energize the initiative toavoid falling further behind, whilecapitalizing on sunken investments?

Enterprises that are ready to playwill be smarter and more focusedthan their predecessors, havinglearned from their mistakes. Thoseenterprises will make targetedinvestments tied to specific results thatwill deliver customer and business

value by automating improved,customer-facing processes.

Besides delivering measurableresults and value, technologyimplementations must be alignedwith strategic goals. Alignmentamong enterprise strategies, businessprocesses and applications oftechnology is often missing in CRMinitiatives. While senior executivescan espouse corporate strategies, theexecutives making process-trans-forming technology decisions areoften unable to articulate whichsoftware applications will bestsupport the enterprise’s objectives.Another reason enterprises oftenachieve suboptimal results is thattechnologies support a departmen-tally focused view.

Successful enterprises know whichstrategies support corporate goals,and understand which businessprocesses must be optimized tosupport the strategy. Successful CRMbusiness architects understand theimportant role that technology playsin transforming business processes.Enterprises should align their CRMapplication focus with specific goalsand strategies (see Figure 9).

Action Items:• To improve the chances of project

success, focus on ensuring thattechnology implementations aretied to specific business benefitsand the delivery of measurableROI.

• Prioritize application functional-ity investments based on their

ability to support the enter-prise CRM strategy.

Bottom Line

• CRM is a marathon, not asprint. Once transformationbegins, an enterprise has along way to go. Proceed inmanageable increments andmake short-term investments,looking for quick returns onthe path to business value.

• Executive buy-in is manda-tory, not optional. Executiveleadership creates vision andstrategy, and then empowersexecutive teams with re-sources, commitment andcourage.

• Skipping from vision andstrategy development straightto technology deployment is arecipe for failure. Technologycannot fulfill on a CRM visionand strategy unless critical,intermediate steps have beenaddressed in advance of itsdeployment. Intermediate stepsinclude the identification of thedesired customer experience,organizational collaboration,process redesign, and relevantdata and metrics. Those stepsare the internal “heavy lifting”that cannot be provided byvendors or integrators.

• Aligning individual behav-iors with the desired enter-prise behaviors requireschange management. Motivat-ing employees to change theirbehaviors in support of


Figure 9Aligning CRM Application Focus With Goals and Strategies

Management Update:CRM Business Transformation Is More Than Just Technology (continued)

corporate strategies requires thealignment of compensation andongoing training with strongfirst-line management skills andsupport.

Written by Edward Younker,Research ProductsAnalytical source: Joe Galvin,Gartner Research

This article is an excerpt of a chapter froma new report, “Building Business BenefitsFrom CRM: How to Design the Strategy,Processes and Architecture to Succeed.”The report is an offering of the GartnerExecutive Report Series, a new businessventure of Gartner Press that providesbuyers with comprehensive guides totoday’s hottest IT topics. For informationabout buying the report or others in theExecutive Report Series, go towww.gartner.com/executivereports.

For related Inside Gartner articles, see:• “ Management Update: The Eight

Building Blocks of CRM,” (IGG-06252003-01)

• “Management Update: CustomerExperience Management Is Critical,”(IGG-06182003-03)

• “Management Update: ApplyingAnalytic Techniques to Gain CustomerInsight,” (IGG-06112003-03)

• “Management Update: The Real-TimeEnterprise at the Customer Front Line,”(IGG-05282003-01)

• “Management Update: Realizing theCRM Vision, From Strategy to Execu-tion,” (IGG-05212003-01)

Source: Gartner

Goals

Customer-FacingStrategies

Processes

FunctionOwner

Sales

Marketing

CustomerService

Revenue(Growth)

Profit(Margin)

Market Share(Volume)

Cash Flow(Liquidity)

CustomerSelection

CustomerAcquisition

CustomerRetention

CustomerGrowth

• Customer businessanalysis

• Needs reassessment• Up-sell/cross-sell• Campaign management

• Market segmentation• Campaign planning• Brand and account

planning• New product launch

• Lead management• Needs assessment• Proposal generation• Closing the deal

• Order management• Installation• Inquiry handling• Problem resolution

179 July 2003

Management Update: The Outlook for the PKI Market

With less market emphasis oncryptographic key manage-

ment, and more on rule-basedidentity and access management,public-key infrastructure (PKI)market participants are transform-ing or failing. PKI has not lived upto its hype.

Digital Certificates

Digital certificates, or signed publickeys, serve several functions:• Personal digital certificates can

be used for identification andauthentication, encrypted e-mail,and in protecting files throughencryption.

• Certification authorities issueserver digital certificates, whichare required for Secure SocketsLayer (SSL), to protect data intransit between a client (typi-cally a browser) and a Webserver or portal.

• Developer certificates are issuedfor signing software.

• Hardware platforms, such as set-top devices and personal digitalassistants, can hold digitalcertificates to identify a unit to aservice.

With some notable exceptions, PKIsystems and the certification authori-ties that are part of a PKI have, asforecast, become embedded inapplications that require publiccryptographic key management. Few“uppercase” centralized PKI projectsare being launched in North Americaor being attempted worldwide(uppercase refers to a major, trueinfrastructure). However, continuinginterest exists regarding “smart

card” platforms, such as the U.S.Department of Defense’s CommonAccess Card program, in the contextof identity and access management,and in several industry cases.

Remaining Interest Areasfor Enterprise PKI

What interest remains in enterprisePKI is related directly to governmentor defense agency special cases, orsecurity managers’ efforts to be inregulatory compliance with variouslaws, such as the HIPAA (HealthInsurance Portability and Account-ability Act), the Gramm-Leach-BlileyAct or the Sarbanes-Oxley CorporateResponsibility Act. Those initiativesgenerally have one of two goals:• Secure communications, such as

e-mail and file transfers to dispar-ate individuals and enterprises.This is most apparent in thehealthcare vertical market, whereorganizations that are trying tomeet HIPAA privacy and securityregulations are searching for waysto secure communications amonghealthcare providers, insurers andresearchers, and with healthcareconsumers.

• Digital signature applicationsfor enterprises requiring strongauthentication andnonrepudiation for high-value orhigh-risk transactions. This ismost apparent in the bankingand financial vertical industries,and where organizations faceaudit requirements and compli-ance with the Gramm-Leach-Bliley and Sarbanes-Oxley acts.Enterprises that are bringing

formerly paper-based applica-tions that require signaturesonline often have this objective.

However, even in those regulatory-driven circumstances, alternativesare available, and regulations thatonce seemed to require PKI havebeen modified and weakened toallow use of non-PKI-based solu-tions for compliance.

Client Certificates

Long-term issues for client-sidecertificates have obstructed marketacceptance. The issues includeinteroperability, cross-certification,portability, privacy and legalliability. Moving digital certificatesto the desktop has proved to beespecially difficult because it re-quires touching every desktop. Usersmust be trained, certificates must bemanaged and private keys must beprotected. The smart-card optionfor storing and protecting privatekeys, while enabling portability, isslowly improving in terms ofreader deployments, but NorthAmerica is far from having ubiqui-tous smart-card readers.

Despite user ID and passwordproblems and limitations, IT securitydirectors view the routines asadequate for most identification andauthentication requirements. Users’presumed requirements for crypto-graphic digital signatures are oftenwrong; other, easily used, forms ofelectronic signature are acceptable.Tactical solutions that do not rely ona centrally managed PKI can be used


for other applications, such as securee-mail and managed file encryption.

Secure Sockets Layer

Web site managers initially boughtserver-side certificates from thirdparties, such as VeriSign, to provideencryption of data moving through theInternet to the Web server in an e-business application. An SSL sessionis invoked for entering personal dataor submitting credit card information.

SSL is becoming more importantbecause it provides virtual privatenetwork (VPN) capabilities in asimpler manner than IPsec, alsoknown as IP Security. Competitionhas increased for SSL certificates,which has placed substantial pricepressure on the early trusted thirdparties.• VeriSign acquired Thawte Con-

sulting, a South African SSLprovider.

• GeoTrust has been particularlyaggressive.

• Major PKI vendors Entrust,Baltimore Technologies and RSASecurity offer SSL certificates.

• Smaller, lesser-known entrants,such as FreeSSL.com, ComodoGroup and IPS CertificationAuthority, usually “chain” (link)to one of the better-known certifi-cation authorities that have theirroot certificates installed in themost-used browsers.

An increasing number of IT secu-rity directors are using self-signedcertificates to avoid buying third-party credentials, particularly for

intranet applications. However,some enterprises still want a“trusted” certificate from a knownbrand.

The SSL standard specifies only dataencryption. Suppliers that haveattempted to upsell services to certifythe identity and owner of a Web sitehave been only modestly successful.The limitations of this type of serviceare indicated in a service’s relyingparty agreement: “While [the Service]is intended to help provide informa-tion to you about a Web site whichwill help you detect and avoidspoofing, hijacking, hacking andsimilar misuse of the Web site pages,you acknowledge that [the Service]cannot prevent spoofing, hijacking,hacking and similar misuse of Website pages, and that you may bemisled under certain circumstancesto believe that certain false pages orimages are genuine pages from aWeb site.”

The SSL portion of the PKI markethas become commoditized with thedecline in dot-coms, increasedcompetition and the use of self-signing SSL certificates. Some SSLgrowth will occur in SSL VPNs, Webservices and supporting wirelessLAN encryption, and for creatingauthenticated and secured mailservers. However, the size of theopportunity is unknown.

Enterprises should use well-knownbrand name certificates for public-facing Web-based applications. Morethan half of Web sites across alldomains use VeriSign or Thawte (a

VeriSign company), in part todisplay a known seal on their sitesto elevate consumer trust in thosesites. However, for many Web sites,self-signed or lesser-known certifi-cates are adequate if the goal issimply to encrypt traffic between thebrowser and server.

Code-Signing Certificates

In traditional application develop-ment, developers review their workwith their managers and physicallysign printouts to take responsibilityfor their efforts. As applied toelectronic software distribution,code signing essentially provides“shrink wrap” for an application byidentifying its publisher or devel-oper, and it ensures that the applica-tion hasn’t been altered before orduring downloading.

Code signing often uses softwarepublishers’ certificates that arepurchased from a commercialcertification authority. In addition toidentifying the publisher, applicantsalso pledge that they will notdistribute software that they know,or should have known, containsviruses, or would otherwise harmusers’ computers or other code.

The tradition of signing coderelates to quality control. Withexecutables, the risk of code growsinto potentially major securityconcerns. Web browsers areequipped with security mecha-nisms to protect users’ computersby restricting the resources that areavailable to downloaded pro-grams, drivers or other code.

Management Update: The Outlook for the PKI Market (continued)

199 July 2003

Although growth in the use of PKI-enabled code signing is moderate toflat, new markets are emerging for itsuse in Web services and, in particu-lar, for mobile/wireless applications,where rogue code could causeservice interruptions in a networkrun by a single entity.

The PKI Opportunity Is Muted

PKI vendors have looked to potentialmarkets within government agencies(with long decision processes) andtelecommunications companies(with challenged budgets). Somecountries have considered PKI aspart of national identity card pro-grams to address homeland securityissues, but this invariably leads toprivacy concerns. Canada withdrewits health card identity programbecause of these concerns. However,Baltimore has sold PKI systems fornational identity projects in Finland,Estonia and elsewhere.

PKI has niche market opportunitiesin heavily R&D-related applicationareas (for example, pharmaceuticals)as well as some regulatory contexts,such as compliance with the U.S.Food and Drug Administration’s 21Code of Federal Regulations (CFR)Part 11. (However, even 21 CFR 11requirements have been reducedbecause of pharmaceutical com-pany protests.) Opportunities alsoexist in intelligence and lawenforcement communities.

Web Services Offer Hope

The emergence of Web services is apotential bright spot in PKI’s future.Web services are next-generation,Web-protocol-based applicationintegration technologies that aresupported at the platform level byindustry heavyweights such asMicrosoft, IBM, BEA Systems andSun Microsystems. Security mecha-nisms for advanced Web servicesseemingly will require certificates forfine-grained encryption and digitalsignatures on subelements in aSOAP (Simple Object Access Proto-col) message or on a multipart XMLelectronic form. Complex,multiparticipant Web servicescannot adequately represent trustrelationships, and enforce privacyand confidentiality, without PKI’sasymmetric cryptographic function-ality. However, the current earlystage of Web services deployment,which is primarily internal toorganizations, does not yet indicateif certificates will be deployed on aservice-by-service basis, or if enter-prises will be content with executingall Web services with a small numberof SSL certificates.

In both cases, it is likely that man-aged services, such as VeriSign, andlow-end solutions, such as Microsoft,will benefit the most from the evolu-tion of Web services security. Inaddition, as Web services mature,other trust mechanisms possibly will

emerge (if needed), and digitalcertificates — and the PKI systemsthat help manage them — will fallby the wayside as a good technol-ogy that failed to find a broad baseof application.

Bottom Line

• Public-key infrastructure is “disap-pearing” into applications as anembedded feature, rather thanremaining as an end product.

• PKI certainly is not living up to itshype.

• Alternative approaches are beingfound to secure applications, suchas S/MIME (Secure MultipurposeInternet Mail Extensions) for securee-mail and digital signatures.

• PKI vendors are failing or trans-forming into other vendor types.

• IT security directors must focus onthe value that applications gainfrom the PKI functions of man-aged cryptographic keys, ratherthan view PKI as an infrastructureservice looking for applications tosupport.

Written by Edward Younker,Research ProductsAnalytical source: Vic Wheatmanand Ray Wagner, Gartner Research

For related Inside Gartner articles, see:• “Management Update: Security

Strategies for Enterprises Using WebServices,” (IGG-05282003-02)

• “CIO Update: The Status of Technologyfor Trusted E-Signatures,” (IGG-07172002-04)


At Random

The Past Can Still Hurt MCI, but It Will Recover. On 10 June 2003, two MCI (formerly WorldCom) executives resignedin the wake of a report detailing the events that drove the company to file for Chapter 11 bankruptcy protectionin 2002. The U.S. Bankruptcy Court commissioned Richard Thornburgh, formerly U.S. attorney general, toinvestigate the activities at WorldCom that led to the company’s financial trouble. Many top executives havesince resigned, including WorldCom’s founder and CEO Bernard Ebbers. At the root of the past problems,Thornburgh concluded, was an arrogant management culture and weak oversight.

The WorldCom scandal still has the power to wound MCI, but the company has moved well toward rehabilita-tion. The bad news includes:

• The Thornburgh report prompted the resignation of MCI’s treasurer and general counsel.• On 6 June 2003, Susan Collins, Chairman of the U.S. Senate’s Governmental Affairs Committee, supported

a call by the Inspector General of the U.S. General Services Administration to investigate whether MCIshould be barred from federal contracts. That outcome would hurt MCI’s revenue significantly.

• As part of MCI’s emergence from Chapter 11, it has agreed to a settlement with the U.S. Securities andExchange Commission and will likely have to pay a fine of $500 million.

• Further settlements could significantly draw down its cash.• Past governance issues may force CEO Michael Capellas to give up his role as chairman.

Nevertheless, MCI has nearly overcome all the hurdles to returning to the market as a solid competitor. It hasplenty of cash. It has reorganized and begun efforts to streamline operations and integrate systems. It has beenscrupulous in implementing sound auditing and oversight to demonstrate that it has overcome the problemsthat brought down WorldCom. Gartner expects MCI to emerge from Chapter 11 intact in 2H03, albeit with lesscash due to settlements.

Analytical sources: Jay Pultz and David Neil, Gartner Research

Sprint’s Hosting Customers Should Act Now to Secure Good Service. On 10 June 2003, Sprint announced that itwill close down its Web-site hosting operation. Sprint will cut 500 jobs and take a pre-tax charge of $400 millionto $475 million. Sprint will develop plans to migrate its customers to other providers and phase out operationsat eight hosting centers. It will turn two other hosting centers into data centers for clients and for Sprint’s ownrequirements.

Like Cable and Wireless, Sprint wants a fast break from data center hosting for Web sites. For the 12 months to31 March 2003, Sprint’s Web site hosting business brought in only $60 million out of a total revenue of $26billion. Sprint will now withdraw from the hosting business by ending direct sales of hosting services and byplanning to move clients to other providers. Once Sprint selects favored partners, it will sell their services andfacilities and hope to retain the communications traffic. But even with a partner, it won’t be able to offer custom-ers a complete solution. And these arrangements deprive Sprint of a way of directing traffic onto its network.Sprint will also become a less attractive provider of backbone services for Internet service providers and multipleservice operators that want to be close to their network provider.

Customers faced with this sudden contraction in Web hosting facilities should not make hasty decisions. Theyshould review their contracts for clauses covering transfers and cessation to understand their options fortermination. Meanwhile, they should put Sprint on notice that they will still require high service levels during

219 July 2003

the transition period. And they should address any troublesome contract and service issues with Sprint now: Itmight be harder to negotiate with a new service provider. Many customers will prefer to find a new provider forthemselves. If you have to move assets physically, you should do it on your own terms and with a serviceprovider of your own choice.

Analytical sources: Lydia Leong and Ted Chamberlin, Gartner Research

Enterasys Challenges Cisco’s Dominance of the Router Market. On 16 June 2003, Enterasys announced the XSR-3000 and XSR-4000 series of security router platforms for regional offices and corporate data centers. Theserouters integrate wide-area network (WAN), virtual private network (VPN) and firewall technologies. Theirprices start at $5,995 in the United States.

In recent years, Cisco Systems has dominated the market for enterprise-class routers with a market share ofabout 85 percent. Nortel Networks and some commodity-class vendors (such as Tasman Networks and Adtran)have issued some competing products, but until now, no vendor has challenged Cisco aggressively. By provid-ing a reasonably priced alternative to Cisco routers, Enterasys will win a small percentage of opportunities fromcost-conscious buyers in midsize enterprises and some large enterprises.

To compete with Cisco at all three levels of the enterprise router market, Enterasys’ strategy involves offeringproducts with a lower price for equivalent performance:

• The XSR-1800 series of small, branch-office routers, announced in 2002, competes with Cisco’s 1700/2600routers.

• The midrange XSR-3000 series will vie for market share with Cisco’s 2600/3600/3700 series routers.• Later in 2003, Enterasys will ship the XSR-4000 central-site aggregation router to challenge Cisco’s 7000

product family.

Enterasys owns the VPN and firewall technology that it has integrated into the XSR line, thereby giving itcredibility with security-conscious enterprises. However, the XSR routers are IP-only (in contrast to themultiprotocol solutions offered by Cisco and Nortel) and lack the range of IP telephony and voice-over-IPfeatures available on Cisco’s remote office router families. Enterasys plans to address some of these featuresthrough partnerships and industry standards, but it has not yet offered a clear time frame for these capabilities.

If you seek an alternative to Cisco routers, consider Enterasys. However, because the Enterasys routers are new,you should thoroughly test their interoperability with Cisco central-site routers and all features that will beinitially deployed. Through at least year-end 2003, insist on paying a minimum of 20 percent less for Enterasysrouters than you would for the considerably more established Cisco router family.

Analytical source: Lawrence Orans, Gartner Research

Intel’s SIPP Can Deliver Greater PC Image Stability, Consistency. On 10 June 2003, Intel introduced its Stable ImagePlatform Program (SIPP), which aims to give PC manufacturers and enterprises greater platform stability andadvanced notice of future PC desktop and notebook changes.


PC image stability (or lack thereof) remains a challenge for IT administrators. Today, new PC images are createdwith each iteration of hardware change, typically two to three times per year, with each image typically takingthree to six weeks of labor. Tools such as IBM’s ImageUltra or Dell Computer’s X-image have helped reduce thenumber of images, but disk imaging remains problematic.

Gartner believes that SIPP (formerly known as Granite Peak) will help reduce some of the imaging costs associ-ated with introducing new PC desktops and notebooks. But SIPP doesn’t guarantee that images will be consis-tent between different PC platforms or PCs from different original equipment manufacturers (OEMs). Intelcontrols much of the image-influencing technology (for example, chipsets and graphics adapters), but OEMsstill can change or add technology components that require a change of drivers and image.

With SIPP, which starts with the 865G and Centrino offerings, Intel commits to standardizing and delivering ona regular schedule (five quarters of consistency) any PC platform changes. Thus, Intel may hold off on majortechnology changes for up to a year after the introduction of a chipset. SIPP covers only Intel components, notany technology manufacturers or customers add. Gartner believes that most PC OEMs will support SIPP.

SIPP allows better planning for image change. By committing to consistency with its own components on aregular schedule, Intel alleviates many of the imaging problems it helped create. Intel customers will benefit fromplanning their certifications of PC platforms around the SIPP schedule.

Customers adhering to the SIPP schedule should, over time, reduce the image creation and testing now required.However, customers should dictate their own schedule when standardizing on products and realize that stableimage guarantees should come from the OEM and not Intel.

Analytical source: Mark Margevicius, Gartner Research

Court Upholds Wireless Number Portability, Increases Competition. On 6 June 2003, a U.S. court rejected an appealagainst a Federal Communications Commission ruling on mobile number portability. U.S. mobile phone opera-tors will have to allow cell-phone users to switch service providers without changing their phone numbers. Therequirement will go into effect in the 100 largest cities by 24 November 2003.

The court’s ruling should finally break the deadlock over number portability. Customer churn will increase asmore users switch service providers. Overall, the churn rate at the six largest operators was 2.6 percent in 4Q02and trending lower. The various parties will react differently:

• Consumers will not switch providers only because of number portability. They will try an alternative ifthey dislike their carrier’s quality of service, prices or coverage. Some 35 percent of consumers surveyed byGartner said they would switch providers if they could keep their numbers, a typical churn rate.

• Less than 2 percent of business users switch providers each month, but our survey showed 43 percent ofbusiness users would switch if they could retain their numbers. Longer-term contracts and operators’competitive responses will limit this potentially higher churn rate.

• Operators should expect churn rates to increase from 0.1 to 0.3 percentage points after November 2003.Some operators will use the change to entice customers to switch by advertising their strengths.

At Random (continued)

239 July 2003

When number portability begins, many users will find that their numbers are ported too slowly. Other problemsmay include some database disconnects, incorrect input at the point of sale, some foot-dragging by carriers, andmanual communications between carriers and the Number Portability Administration Center.

Consumers and business users should not change a carrier with a ported number until after mid-January 2004,when most of the problems will have been worked out. In smaller markets, number portability will not arriveuntil April or May 2004.

Analytical sources: Tole Hart and William Clark, Gartner Research

802.11g Wireless LAN Products Will Appeal Most to Small Businesses. On 12 June 2003, the Institute of Electricaland Electronics Engineers approved the 802.11g standard for wireless LANs (WLANs). This standard, back-ward compatible with 802.11b, specifies the rules for faster WLANs (54 Mbps theoretically). The Wi-Fi Alliancewill certify both optional and mandatory features of 802.11g, including support for the 54 Mbps data rate,backward interoperability with Wi-Fi-certified 802.11b products, and simultaneous operation of 802.11b and802.11g devices in a mixed network.

Scores of companies (including Proxim, Buffalo Technology, D-Link Systems, Netgear, SMC Networks andLinksys Group) have offered prestandard 802.11g products since early 2003. Gartner expects certified productsto be available by 4Q03. Most vendors will offer 802.11g-compliant upgrades for “firmware” (embedded logic).

Gartner expects that in the best case, 802.11g products will attain throughput efficiencies of 52 percent, that is,they will run at 28 Mbps (compared with 5.2 Mbps for 802.11b). Although 802.11g is backward compatible with802.11b, using 802.11g devices in mixed-mode environments will likely reduce their throughput. During mixed-mode operation the throughput of 802.11g devices will suffer because the packet preambles and media-accessmethods must be set to nonoptimal alternatives to support 802.11b clients simultaneously. This arrangementcan further reduce the throughput of 802.11g devices by 40 percent to around 17 Mbps.

802.11g will appeal most to home users and small businesses, which can use it in a single mode. The perfor-mance of 802.11a, b or g may be limited by the link from the installed facility to the Internet, usually digitalsubscriber line (DSL) or cable modem service. Such links may support speeds of only 200 Kbps to 1 Mbps. Inthese cases, installing higher-speed internal WLANs may not deliver much performance improvement.

In respect to security, 802.11g will be compatible with Wi-Fi protected access. Waiting for 802.11a will also givevendors time to sort out their Wi-Fi protected access security implementations, especially for multivendorinteroperability.

Gartner continues to recommend that enterprises choose 802.11b and wait for 802.11a to mature, which willlikely happen by year-end 2003. 802.11a defines 54 Mbps networking in the 5 GHz range over eight or morechannels (depending on country) and will not conflict with, nor be affected by, 802.11b operation. By 1Q04,802.11a, 802.11b and 802.11g combination cards will be available for the same price as an 802.11g offeringtoday.

Analytical sources: William Clark, Ken Dulaney, Severine Real and Andy Rolfe, Gartner Research


The Industry’s#1 Destination

for ExpertCRM

Guidance

Gartner’s CRMSummit Fall

2003Register TODAY!Space is limited.

Premier and Platinum Sponsors include:AmdocsAprimoCallidus SoftwareE.piphanyGenesys Telecommunications LabsNortel NetworksOraclePeopleSoftSalesforce.comSAPSASSiebel SystemsSynygyTeradata

Why Attend CRM Summit Fall 2003?

••••• More than 30 top analysts will share their CRM

expertise and experience.

••••• Special speakers Don Peppers and Professor N.

Venkatraman will provide keynote presentations.

••••• Don Peppers will share his latest insights on how

CRM can be a part of a fully integrated value

chain and create a great customer experience.

••••• Professor N. Venkatraman, one of the world’s

most sought after experts on strategy and

technology, will discuss the emerging

“networked era,” which promises to transform

customer, citizen and partner relationships.

••••• CRM Excellence Awards will be showcased to

recognize organizations with outstanding CRM

initiatives that generate exceptional results.

••••• CRM case studies will be presented that

illuminate the power of transformative customer

relationships.

••••• Sponsor Case Study Panels, in which leading

product representatives will present a detailed

client case history and describe the solutions

that were used and what results were obtained.

Don’t Miss It!September 8-10, 2003Westin Century Plaza Hotel & SpaLos Angeles

To register and for fullconference details visit:www.gartner.com/us/crm1-800-778-1997 or +1-203-316-6757

CIO Update: Web Services Case Studies From the Front … · CIO Update: Web Services Case Studies...

Documents

Transcript of CIO Update: Web Services Case Studies From the Front … · CIO Update: Web Services Case Studies...