Stay safe from harm

A d r i a a n B l o e mC M S Wa t c h

D e r e k B r i n k

A b e rd e e n G r o u p

J u l i e C r a i g + S c o t t C r a w f o r dE n t e r p r i s e M a n a g e m e n t A s s o c i a t e s

M a r t i n K u p p i n g e r

K u p p i n g e r C o l e

| THE INDEPENDENT RESOURCE FOR IT EXECUTIVES

Stay safe from harmStay safe from harmStay safe from harmStay safe from harmStay safe from harmStay safe from harmStay safe from harmStay safe from harmStay safe from harmStay safe from harmStay safe from harmStay safe from harmStay safe from harmStay safe from harmGuidance on Security, BI and ITSM

ENTERPRISE TECHNOLOGY MANAGEMENT

ETM

Cover.indd 1 10/3/10 16:32:45ads repdf.indd 4 10/3/10 17:23:57

ads repdf.indd 4 10/3/10 17:22:30

ads repdf.indd 4 10/3/10 17:21:59

ETM ■ CONTENTS PAGE

4

7 Editor and contributors page

8 Industry snapshot

9 Professional pro� le

82 Events and features

10 Stop looking in the rear-view mirror

DAN LAHL (SYBASE) joins ETM’S ALI KLAVER to talk about how Sybase IQ addresses business challenges, and why it’s important to get out in front of the competition and predict what will happen in the future.

14 Shared purpose

In an economy still very much in recovery mode, the di� erence between success and failure o� en comes down to pure speed. It’s towards solving these kinds of issues that business process management was created. ETM’S ALI KLAVER talks to BPM expert MALCOLM ROSS

(APPIAN) about choosing the right one. r

18 Step up to the BI revolution

CLIVE LONGBO� OM (QUOCIRCA) explains that even though business intelligence is highly regarded by CIOs, it’s not being utilized half as well as it should be—if at all. So when will business see the need?

22 Analytics—Fuel for growth

BRUCE ARMSTRONG (KICKFIRE) talks to ETM’S ALI KLAVER about the critical role of analytics in successful organizations and how smart data warehousing and business intelligence

are the way forward.

26 IT IQ

Organizations are experiencing a growth in the amount of data they generate, and an accompanying demand for making sense of that data in real time. Among the many IT challenges in today’s business world, DAN LAHL (SYBASE) tells ETM’S ALI KLAVER how Sybase IQ is succeeding.

28 Searching for Agility

JULIE C� IG (ENTERPRISE MANAGEMENT ASSOCIATES) moderates a dynamic discussion on application lifecycle management with the expert opinions of GILES DAVIES (MICROSOFT), BRIAN ZEICHICK (COLLABNET) and TIM JOYCE (SERENA SOFTWARE).

36 Is your business perference at its best?

DETLEF � MPS (ARCPLAN) talks to ETM’S ALI KLAVER about the trends arcplan is seeing from successful companies linking key corporate performance data with operational performance.

40 Have you got Insight?

In an economy that is highly competitive for buyer a� ention, is it possible to capture and hold the customers you want? JOSE SANTA ANA (OMNITURE) says that it’s easy to drive business transformation through multi-channel, customer-centric analytics.

BUSINESS INTELLIGENCE

Contents

04-05 Contents page.indd 4 10/3/10 16:42:53

SECURITY AND GRC

CONTENTS PAGE ■ ETM

5

Contents

42 In perfect alignment

Finding, implementing and then working with a CMS can be one of the most di� cult tasks for an organization. ADRIAAN BLOEM (CMS WATCH) says that there isn’t one perfect CMS—instead, it’s all about catering to individual needs.

46 � e unwired enterprise

In an increasingly mobile and � exible world, is it possible to keep hold of the things that ma� er most to your company—and in a consistent manner? IAN THAIN (SYBASE) talks to ETM’S ALI KLAVER about their Unwired Enterprise and touches on competitive advantage, opportunity, security and risk, and the steps for future success.

50 It’s your business... in 3D

With 3D the ho� est thing in entertainment at the moment, a� ention is turning to how it works in the business sphere. ETM’s ALI KLAVER interviews GARTH COLEMAN (3DVIA) about his work developing 3D and 3DVIA Composer, and how it’s become a real cost-saver and market leader.

54 Cloud computing for skeptics

� e opinion on cloud computing is divided, and while it can deliver signi� cant economic bene� ts, it’s not for every organization. PAUL BURNS (NEOVISE) sets the record straight for companies considering this approach to delivering IT.

58 Simplifying IAM

Looking for one identity and access management solution that reduces cost, strengthens security, improves productivity and addresses compliance requirements? JOE SKOCICH (IBM TIVOLI) talks to ETM’S ALI KLAVER about his take on identity and access management and how IBM can help you.

62 Fighting back on cybercrime

� e threat of cybercrime is a risk most organizations deal with on a daily basis, but is there anything we can do about it? ED ROWLEY (M86 SECURITY) tells ETM’S ALI KLAVER that it is possible to stay safe, and within your budget.

66 GRC and IT security— Where is the link?

GRC is an essential element of your IT strategy, but how does it work with security? MARTIN KUPPINGER (KUPPINGERCOLE) tells us that they work hand-in-hand, and that a GRC view helps in optimizing investments in IT security.

70 Safety � rst

SAFEND’S EDY ALMER talks about a fully integrated, single server, single agent data protection solution and shows ETM’S ALI KLAVER why they are the leaders in endpoint data protection.

74 SIEM—Spiralling out

DEREK BRINK (ABERDEEN GROUP) moderates a panel discussion on security information and event management and addresses the main issues in the market with the help of TOM TURNER (Q1 LABS), PAUL STAMP (RSA, THE SECURITY DIVISION OF EMC) and RICK CACCIA (ARCSIGHT).

3D, VIRTUALIZATION AND CLOUD COMPUTING

04-05 Contents page.indd 5 10/3/10 11:49:28

What Good is ‘Zig’ Data If They’ve Already ‘Zagged’?Do you have a solution to keep up with the ebb and flow of your customers’ behavior as they interact with you across multiple channels?

Omniture, An Adobe company, offers Omniture Insight™: a solution that analyzes large volumes of rapidly-changing data in real time, and complements any operational reporting or BI tool you may already have by providing deep customer behavioral analysis.

Use Omniture Insight to:

» Bring together online, clickstream and offline transactional data for multi-channel analytics

» Generate instant responses from billions of records for rapid data discovery

» Navigate from high-level trends to the most granular transactions without pre-aggregation

» Uncover patterns and trends in customer behavior with leading-edge visualization

For more information on Omniture Insight, or any of the other solutions in the Omniture® Online Marketing Suite™, visit omniture.com/omnitureinsight

Omniture® is a registered trademark of Adobe Systems Incorporated in the United States, Japan, & European Community. Adobe, the Adobe logo, and the Omniture logo, are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.

© Copyright 1996-2010. Adobe Systems Incorporated. All rights reserved.

ads repdf.indd 4 10/3/10 17:21:09

7

Editor’s PagE n EtM Contributors

C o n t r i b u t o r s A d r i a a n B l o e m

A na l y stC M S Wa t c h

Pa u l B u r n sP r e s i d e n t a n d Fo u n d e r

Ne o v i s e

M a r t i n K u p p i n g e rS e n i o r Pa r t n e r a n d Fo u n d e r

K u p p i n g e r C o l e + Pa r t n e r

C l i v e L o n g b o t t o mSer v ice Director, Business Process Faci l itat ion

Q u o r c i r c a

HeadquartersInformed Market Intelligence (IMI)

IMI Ltd, Battersea Studios, 80 Silverthorne Road London, SW8 3HE, United Kingdom

+44 207 148 4444Tokyo

1602 Itabashi View Tower, 1-53-12 Itabashi Itabashi-Ku173-0004, Japan

Dubai (UAE) 4th Floor, Office No: 510, Building No.2

(CNN Building), Dubai Media City, Dubai

Stay safe from harmAs always, innovation is the cornerstone of all information technology—including those developments created to do harm. It’s how fast these new developments can be implemented that is key to business success or failure.

In an environment that is in a constant state of action and change, how is it possible to manage your business processes in a secure and cost-effective way? We have a number of industry experts in this issue of ETM dedicated to answering this question.

Adriaan Bloem from CMS Watch says that there is no “perfect” CMS—instead you have to choose elements that are exactly suited to your own business, and in that way you’ll be fast, efficient and on budget (see page 42).

Paul Burns from Neovise jumpstarts a discussion on “Cloud computing for sceptics” (page 54) and Martin Kuppinger from KuppingerCole searches for the link between GRC and IT security (page 66).

During the production of this issue we’ve also uploaded a plethora of podcasts on subjects ranging from a great panel discussion on SIEM (page 74) to how a company has linked key corporate performance data with operational performance (with arcplan, on page 36). Check out www.globaletm.com for more information on our other exclusive and panel podcasts.

One of the most dynamic discussions I’ve had the pleasure of hosting is our panel podcast on application lifecycle management moderated by Julie Craig from Enterprise Management Associates (EMA), with input from CollabNet, Microsoft and Serena Software (you’ll find it on page 28).

Hopefully in this issue of ETM you’ll find the answers and solutions to at least some of the challenges facing IT professionals today.

Thank you for reading, and if you would like to contribute to any future issues of ETM, please feel free to contact us at www.globaletm.com or via email at editor@enterpriseimi.com

Ali KlaverManaging Editor

Fo u n d e r / P u b l i s h e r A m i r N i k a e i n

M a n a g i n g E d i t o rA l i K l a v e r

A r t D i r e c t o r A r i e l L i u

He a d o f D i g i t a l A l f o n s o M u n o z

F i n a n c e D i r e c t o r M i c h a e l N g u y e n

Po d c a s t / S o u n d E d i t o r M a r k K e n d r i c k

A s s o c i a t e E d i t o r s M a r y Wr i g h t

A n n R e a d

A c c o u n t E x e c u t i v e s J o e M i r a n d a

S a n d i n o S u r e s h

M a r k e t i n g E x e c u t i v eM i c h a e l L e

Enterprise Technology Management is published by Informed Market Intelligence

How to contact the editor We welcome your letters, questions, comments,

complaints, and compliments. Please send them to

Informed Market Intelligence, marked to the Editor, Studio F7, Battersea Studios, 80 Silverthorne Road,

London, SW8 3HE or email editor@enterpriseimi.comPR submissions

All submissions for editorial consideration should be emailed to editor@enterpriseimi.com

Reprints For reprints of articles published in ETM magazine,

contact sales@enterpriseimi.comAll material copyright Informed Market Intelligence

This publication may not be reproduced or transmitted in any form in whole or part without the written express consent of the publisher.

07-08 Editor's note.indd 7 10/3/10 10:46:22

8

EtM n industrY nEWs

Hackers

Poll results

iPad

Gartner acquisition

Buzz

Industry snapshotSince the last issue of ETM we have introduced a poll facility on gloabletm.com. Th e results have been surprising:

61% of you think Wikipedia is a reliable source of information.

All of you would pay for a service that let Google know the details of who has Googled you, but dependant on cost.

67% of you are worried about putt ing sensitive information online, both business and personal, while 33% say that they never share their information on any website.www.gloabletm.com

Two of ETM’s valued media and research partners have joined ranks. Gartner announced last year that it had acquired Burton Group for approximately $56 million in cash. Th e acquisition is expected to expand Gartner’s product and service off erings and increase its IT research market opportunity. Th e combination is also expected to drive operational effi ciencies and cost savings.

Gene Hall, Gartner’s chief executive offi cer says: “Burton Group is a great strategic fi t for Gartner and should enable us to off er a more complete solution to every level and functional expert within an IT organization.”www.gartner.com

On another Google note, the internet giant has launched their own social networking site: Buzz, a hopeful competitor for the likes of Facebook and Twitt er. Although in its early days, adoption is high. Buzz let’s users share messages, video and images while also allowing you to connect to the sites that you usually use, such as Twitt er and Flickr—not Facebook though.www.google.com/buzz

Th e Google/China row continues from censorship to China-based hacking exploits. China are still looking to tone down the Google controversy and censor all information both in print and online.

Washington has asked for explanations for the cyber att ack during which the email account of human rights activists was violated. Google has threatened to pull out of China entirely if cases of piracy and the censorship imposed by law continue.

The great debate Haiti’s Saviour

Th e collapse of communication services in Haiti following the earthquake has att ached a new importance to the use of social networking sites. Twitt er was used as a prime channel for communications, while Facebook aided with updates and the creation of lists of those missing

Th e full and immediate impact of the disaster was broadcast around the world in record time which helped aid and military agencies get to those most in need.

PC users have been targeted by hackers using an Internet Explorer exploit allegedly used to break into Google’s corporate network. Th at news aft er warnings by the information security agencies of the French and German governments, which recommended that IE users switch to an alternate browser such as Firefox, Chrome, Safari or Opera, until Microsoft fi xed the fl aw.

Although the vulnerability has since been patched, there has been widespread doubt, particularly on social networking sites, declaring that patching or even updating to IE8 will not solve the inherent problem.

Th e newest Apple gadget has been released and, although there are undoubtedly improvements to be made, it’s still a big hit.

iPad will work with almost all of the apps designed for the iPhone, plus, the iWork productivity applications—Keynote, Pages and Numbers—have been redesigned for iPad. Included is Safari, Mail, Photos, Video, youtube, iPod, iTunes, iBooks, Maps and more.www.apple.com/ipad

07-08 Editor's note.indd 8 10/3/10 10:46:25

PAUL BURNS ■ PROFESSIONAL PROFILE

Meet: Paul BurnsPresident and Founder, Neovise

HOW DID YOU START OUT IN THE IT INDUSTRY?

PB: Right a� er college I had the pleasure of helping implement the TCP/IP protocol stack on HP 3000 mini computers. We were writing code from scratch in basic text editors and using the dra� protocol standards documents from the Internet Engineering Task force as our guide.

HOW DID YOU END UP WHERE YOU ARE TODAY?

PB: A� er working on code for many years, I managed so� ware development teams and also spent time in technical marketing and product management. I became interested in the business side of technology and completed an MBA degree to get my mind around that. I also spent a couple years as an IT industry analyst covering the IT management market. Just last year I founded Neovise, an IT industry analyst � rm that covers cloud computing.

WHAT IS THE MOST REWARDING EXPERIENCE YOU’VE HAD?

PB:Launching and growing Neovise has to be my most rewarding professional experience so far. It lets me bring together skills from all of my past roles and also serves as a creative outlet.

WHAT DO YOUR COLLEAGUES SAY ABOUT YOU? WHAT ARE YOUR STRENGTHS?

PB:Most of them initially see me as the quiet, serious, hardworking type. Once they get to know me they see a risk taker with a sense of humor. In terms of strengths, those seem to come from combining both technical and business perspectives. � at really comes out in my research and writing.

IF YOU COULD CHANGE ONE THING ABOUT YOUR JOB, WHAT WOULD IT BE?

PB: I would like to see my clients in person more o� en. So much gets done on the phone and through email, but nothing can fully replace that personal interaction.

CAN YOU TELL US A CASE STUDY THAT HIGHLIGHTS WHAT NEOVISE CAN DO?

PB: One of the more common starting points for our vendor and service provider customers is to commission a Neovise Perspective Report. � ese are just a few pages and are used by our clients to educate their own prospective customers. � ese reports typically introduce an IT challenge, discuss solutions, and then o� er our own perspective on o� erings from the vendor or service provider. We also o� er research, advisory services, speaking, in-depth white papers and other services.

HOW DO YOU SEE THE FUTURE OF CLOUD COMPUTING?

PB: I view cloud computing as including infrastructure as a service (IaaS), platform as a service (PaaS) and so� ware as a service (SaaS). Each of those service models is separately driving signi� cant change in IT—together they are creating the next major step in the evolution of IT. As developers increasingly use PaaS to build web-enabled so� ware, more SaaS and IaaS deployments will naturally follow. I expect PaaS to be a real competitive control point for cloud computing.

HOW DO YOU STAY UP-TO-DATE PROFESSIONALLY?

PB: I regularly brief with vendors and service providers in the cloud computing space, so I end up with a broad perspective of both capabilities and needs. I also do as much reading and research as I can to keep up with continual change.

Neovise is an IT industry analyst � rm that uniquely adds business perspective to technology. Paul has nearly 25 years experience in the so� ware industry, driving strategy for enterprise so� ware solutions through product management, competitive analysis and business

planning. He has held a series of leadership positions in marketing and R&D, and spent two years as Research Director/Senior Analyst immediately prior to founding Neovise. He earned both B.S. in Computer Science and M.B.A. degrees from Colorado State University. He shares his story so far with ETM:

FACT FILE

Launched on 1st May, 2009• Focus: cloud computing and IT management• Services include: research, advisory services, • positioning reports and analysis, webinars, podcasts, and vendor and product selection support Member of IT Service Management Forum• Writer for ETM.•

Paul Burns

9

If people want more information about you, where can they go?� ey can take a look at www.neovise.com which includes my blog, pro� les on more than 50 cloud computing players, and more information on Neovise.

9 Professional profile.indd 9 10/3/10 12:25:22

h� p://www.GlobalETM.com

HEAD TO HEAD ■ BUSINESS INTELLIGENCE

10

DAN LAHL (SYBASE) joins ETM’S ALI KLAVER again to talk about how Sybase IQ addresses business challenges, and why it’s important to get out in front of the competition and predict what will happen in the future.

Stop looking in the rear-view mirror

10-12 Sybase1.indd 10 10/3/10 13:42:29

PRODUCTS

> Sybase products range from database to government solutions.> Database management so� ware: Best-� t infrastructure for managing data within multiple distributed environments and for a variety of purposes.> Business continuity so� ware: Reduces the cost of remote data recovery while reducing business risk and ensuring data integrity.> Business intelligence and analytics so� ware:

FACT FILE_ Sybase

H ISTORY

> Sybase has a rich 25-year history as a technology leader, starting from its creation in 1984 by Mark Ho� man and Bob Epstein in California.> Sybase has consistently created technol-ogy that enables the Unwired Enterprise by delivering enterprise and mobile infrastruc-ture, development, and integration so� ware solutions.

Delivers high-performance enterprise analytics and business intelligence without blowing the budget or abandoning investments in technology and knowledge resources.> Mobile commerce: Delivers mobile services from mobile messaging interoperability to mobile content delivery and mobile commerce services.> Government solutions: Select information technology, management and mobile solutions for government agencies.> Healthcare solutions: Provides the healthcare industry with timely and secure access to vital medical information.

11

BUSINESS INTELLIGENCE ■ HEAD TO HEAD

AK: DAN, THANKS FOR JOINING US TODAY. LET ME JUMP ST� IGHT INTO THE FIRST QUESTION—WHAT DO YOU THINK ARE THE MAJOR BUSINESS CHALLENGES THAT ANALYTICS ADDRESSES?

DL:� at’s a great question Ali, and I think as transactional systems have been quite fully built out most customers and most businesses today are really looking towards building out their analytics, their decision-making capabilities, and their data warehousing capabilities.

� is means that they can not only report on what has happened in the past and understand what’s going on today, but actually make predictions into the future on what new products, new services and new customers they can go a� er.

So in large answer to this question, I think that the transactional systems have solved the business operational piece, but now businesses and people are looking at what they’re going to do to predict future success for their company. And that’s why analytics is so important today.

AK: AT ETM WE FIND THAT A LOT OF COMPANIES HAVE SO MUCH DATA, AND THEY REALLY NEED TO DRIVE DOWN AND ANALYZE EXACTLY WHAT IT IS THAT MEANS. THEY ALSO NEED TO PINPOINT, FOR THEIR OWN BUSINESS ST� TEGY, EXACTLY WHAT THEIR CUSTOMERS ARE LOOKING AT. SO HOW DOES SYBASE IQ ADD PRECISION AND VALUE TO DATA DRIVEN INITIATIVES?

DL: You know, it’s interesting—I was having dinner with a customer in Las Vegas just two nights ago. � ey’re a large casino, and one of the diners got up from the table early from dinner saying that he had to go to bed in order to get up early to analyze today’s information, and tomorrow’s information, early in the morning because data never sleeps.

What he was talking about was actually taking the massive amounts of data that most businesses are tracking, and turning that into information. He is then turning that information into be� er decisions.

If you look at what that casino was aiming for, and what companies like Playphone in Europe is doing, it’s that their marketing folks, their executives and their operational people are a� empting to be� er plan, execute and � ne tune their marketing campaigns so that they can get the best return on their marketing spend for the mobile o� ers that they’re going to give their customers.

What Playphone saw was that they were able to get a � ner level of detail to actually understand their customers be� er, their interests, their preferences and their behaviours, so they could get almost one-to-one targeted campaigns for their mobile phone users.

� ey were only able to complete this task running Sybase IQ, because it does enable � ne grained analysis of large amounts of data. So it was a great success story that Playphone was able to talk about, and we’ve actually got that

success story up on our website. IQ really powers that system and they’re

doing great with it, winning new customers, and becoming be� er and more e� cient at the marketing campaigns that they’re running.

AK: THANKS DAN, THAT’S A GREAT EXAMPLE, AND IT REALLY HIGHLIGHTS HOW IMPORTANT FLEXIBILITY IS AS WELL. HOW DOES SYBASE IQ WORK WITH NEW DEVELOPMENTS? HOW DOES IT HELP BUSINESSES EXPAND INTO NEW MARKETS AND NEW PRODUCT AND SERVICE OFFERINGS?

DL: Well Ali, that’s a critical place where analytics is today. Historically, analytics has been kind of rear-view mirror focussed, if

“We see many more customers

looking at this area that we call advanced

or predictive ana-lytics.”

10-12 Sybase1.indd 11 10/3/10 13:42:34

HEAD TO HEAD ■ BUSINESS INTELLIGENCE

you will. And now customers and businesses are really trying to � gure out how they can take analytics and apply them to make be� er predictions—get out in front of the headlights, if you will?

We have customers taking the information that they have tracked for months, years or maybe decades about their customers and their customer buying pa� erns, then comparing that with just-in-time data.

� ey’re actually looking at how they can create new services, new products and new product mixes to go a� er new and di� erent customers, or to get a larger share of the customer wallets. We see many more customers looking at this area that we call advanced or predictive analytics.

One such company using IQ is a company called Health Trans. � ey were on an Oracle-based system and were really not able to get past the reporting problems they had—they were having trouble just doing that rear-view mirror work.

� ey implemented Sybase IQ and it not only allowed them to quickly address the reporting problems they had, their rear-view

mirror problems, but they actually were then able to take a look towards the

predictive aspect of the business. To go back to the reporting

piece—they were able to get their KPI’s much more quickly, and they were able to reduce the time spent to create their existing reports by up to 88 or 90%. � ey saved a lot

in storage as well, so that’s a great story.

� e really cool thing is that they were actually able to add a new

product line that was web-based to their customers. So they actually went to

their customers, surveyed what they needed, analyzed that through IQ, and then came up with a new product that is web-based.

Now their customers are actually doing some of their own analytics online with IQ under the covers. So it’s a great success story. Health Trans didn’t know that they would actually add this new product line to their business, but they were able to do that with Sybase IQ.

AK: THANKS DAN, THAT’S ANOTHER GREAT CASE STUDY. IT REALLY SOUNDS LIKE SYBASE IQ CAN NAIL DOWN THOSE SOMETIMES QUITE SPECIFIC REQUIREMENTS OF ANY BUSINESS. NOW I WANT TO TOUCH ON COST, BECAUSE I THINK IT’S STILL QUITE AN IMPORTANT CONCERN FOR MOST BUSINESSES, SO HOW DOES SYBASE IQ HELP BUSINESSES MANAGE COST?

DL: I guess the silver bullet for many customers is that they would like to do all this stu� , but many times they go to vendors and it just costs a ton of money to implement systems that are going to help them in managing and

predicting their business, turning information into real data assets, and then into be� er decision making. � at’s one place where, again, Sybase IQ really shines.

To the business person it looks like just another database that goes in under the covers. But to the business, or to the DBA or the IT infrastructure people, it’s actually a way that saves money.

Traditional data warehouses actually bloat out the amount of information that is being stored and analyzed because they have to do a lot of work to organize the database for analytics. Sybase IQ actually compresses the amount of data that needs to be stored, and actually saves you money in disk and compute storage.

Again, the business may not see this directly, but they’ll see that in maybe chargeback costs, the costs are less. So it saves on disk storage, it saves in compute, it saves in a DBA’s time as well. In fact, we � nd in many of our customers that there is a 4-1 reduction in the amount of DBA resources needed to keep the analytics infrastructure up and running.

A good example of that is Experian Integrated Marketing in the UK. � ey run a 3000-person call centre in the UK directly supporting BSkyB. In their implementation they were able to reduce the actual storage costs by about 69-70%.

For them, it has become a green initiative, and instead of bloating out the size of the data warehouse they were actually able to save money on the disk footprint, as well as using commodity Linux servers so they didn’t need to buy any expensive propriety hardware.

And just to � nish that success story, they’re actually supporting 3000 users in real-time, and taking real-time data to their call servers to be� er service the BSkyB customers. So that is another great story that is not only a business success, but also a cost success as well.

12

Source: Butler Group

another great story that is not only a business

“Sybase IQ actually com-

presses the amount of data that needs to

be stored, and actually saves you money in disk and compute

storage.”

Source: Butler Group

Dan Lahl has been with Sybase since 1995 and in high tech for over 30 years with extensive experience in data management, data warehousing and analytics. While at Sybase Dan has also led emerging technology areas for Sybase, including Data Federation, Data Integration, GRID and Cloud Computing. Dan is currently leading the team that is growing the enterprise so� ware business for Sybase in the areas of data management, data movement, analytics, capital markets and development tools.

Dan has a Business Administration degree from the Haas School at U.C. Berkeley and a Masters of Divinity from Trinity Evangelical Divinity School.

Dan Lahl SENIOR DIRECTOR OF PRODUCT MARKETING Sybase Inc.

10-12 Sybase1.indd 12 10/3/10 13:42:40

ANY QUESTIONS?

www.sybase.com/bi

ANY USER, ANY QUERY, ANY TIME.

Look to Sybase IQ for all your answers. Unlimited headroom for data and users, incremental scalability to grow and adapt, the freedom to leverage standard hardware and operating system, and the flexibility to choose your reporting and analytics tools. Add the strategic advantage of faster, more accurate answers to complex queries, unbounded reporting, deep-dive data mining, and predictive analytics. Now you have insight-driven perspective into risks, opportunities, and rewards—high-performance business analytics proven in over 3,100 unique installations at 1,700+ companies. It takes a smarter analytics platform to power the new business reality. It takes Sybase IQ.

Copyright © 2009 Sybase, Inc. All rights reserved. Sybase and the Sybase logo are trademarks of Sybase, Inc. ® indicates registration in the United States of America. All products and company names are trademarks of their respective companies.

Untitled-1 1 16/10/09 15:43:19

h� p://www.GlobalETM.com

ASK THE EXPERT ■ BUSINESS PROCESS MANAGEMENT

Shared purpose

AK: MALCOLM, WHAT ARE SOME OF THE COMMON BUSINESS CHALLENGES THAT BPM IS DESIGNED TO MOST EFFECTIVELY MITIGATE?

MR: BPM is still emerging into mainstream technology for adoption by IT to solve business process management issues, as well as by the business side to more e� ectively manage their daily processes.

� e very � rst thing you should ask yourself is: “What is the status of the work that is in other peoples’ hands?” It really gets down to process visibility, predictability and reliability of your corporate processes. Business process management is designed to solve this challenge around process visibility, as well as control business processes through four main abilities.

First, integrating all systems into one holistic process view. When I say systems, I don’t just mean your IT environments—I mean your departments and the people who participate in your process and removing

the stove pipes that o� en exist inside them. Second, empowering business users to capture process

documentation—and empowering IT to turn that documentation rapidly into automated applications.

� ird, enforcement of business rules to ensure that processes, once encoded, are performed in a very reliable and professional manner so you don’t have one-o� exceptions and single customer service reps doing actions outside of the corporate rules and regulations that you want to enforce on all your business processes.

Fourth and � nally—capturing detailed measurements and statistics on all di� erent aspects of a business process—how long did something sit in someone’s inbox before they processed it, where is the current status of this request and so on.

� ese are some of the things that BPM tries to solve for you to gain be� er control over your business processes.

I n an economy still very much in recovery mode, the di� erence between success and failure o� en comes down to pure speed—how fast can you resolve company issues? How quickly can you remove waste from your supply chain? How rapidly can you lower costs? It’s towards solving these kinds of issues that business process

management was created. ETM’S ALI KLAVER talks to BPM expert MALCOLM ROSS (APPIAN) about choosing the right one.

14

14-16 Appian.indd 14 10/3/10 13:45:40

BUSINESS PROCESS MANAGEMENT ■ ASK THE EXPERT

AK: BPM, BY ITS NATURE, IS A VERY PERVASIVE SOLUTION—WHAT ARE THE SPECIFIC BENEFITS FOR DIFFERENT CONSTITUENCIES IN THE TYPICAL ORGANIZATION?

MR: BPM is very pervasive, as you mention, and it touches almost every role in an organization.

� ink about executives—one of the common struggles that executives have is that they’re thinking in a longer-term view and are se� ing corporate goals and objectives. But how can they align those goals and objectives with their daily operations?

BPM is a great tool that allows you to do high level modelling from that perspective. For example, we want to increase our revenue by 30% this year—how are we going to accomplish that? Maybe we’re going to increase e� ciencies in some of our customer service areas, maybe we’re going to increase our sales force and target market areas. It’s about seeing the execution of those objectives inside the daily operations of their business.

From a manager’s perspective—it’s process visibility, management of daily work and being able to see in real-time the allocation of tasks across their employees. It’s a much more e� ective way of collaborating with employees.

From an end user perspective, it’s � rstly about having access to all the data you need to complete your work at the tip of your � ngers. An end user sees a collaborative task list with not only the work that they need to accomplish, but also interactions with other users, discussion threads, access to resources and documentation for help in completing these tasks.

Most importantly, these detailed metrics are very valuable to the end user because they can compare their individual performance to the corporation—how quickly have I been working, what’s my average time of hiring a new employee versus another department and so on.

Lastly—customers. Your customer is the most common connection point, asking for various information from the status of a request to what is going on in the organization.

BPM is a great way to increase the collaboration and visibility of your internal operations with your outside constituents, partners and customers, and ge� ing them involved in this global “business process network environment”.

AK: OF THE BIGGEST PERCEIVED ROADBLOCKS IN IMPLEMENTING BPM SOLUTIONS, WHICH DO YOU THINK ARE REAL ISSUES AND WHICH ARE MISCONCEPTIONS?

MR: One of the biggest misconceptions we deal with is that the BPM environment is just another tool that an IT user can use to build an application. It actually requires a lot of business user involvement in not only de� ning these business processes, but also managing them daily. It aligns IT be� er with the entire operation of the organization as well.

It’s actually about ge� ing business and IT to collaborate more e� ectively together in building an application, completing the daily processes and meeting a common goal.

AK: LET’S FOCUS ON AN IT PERSPECTIVE. HOW IS BPM CHANGING THE WAY IT WORKS WITH THE BUSINESS AND DEVELOPING NEW APPLICATIONS?

MR: BPM is changing the way that IT develops applications, the concept of model-driven design, orchestration and business user empowerment.

If you think of the traditional way—what many called a mini waterfall development approach—you’d spend several months or even a year gathering requirements. � ese would be wri� en inside a Word document, and then you’d starting the coding process and go into a Java or .Net development environment. � at development process might take several months or even years in large organizations.

Once you’re done coding you go back to the business and deliver an application that meets all the requirements, but in the two years it took

to create, the business has changed. � e requirements have shi� ed and you now need to modify the application.

What you get is a very long, drawn-out development cycle, a slow pace of IT

innovation, and IT falling out of alignment because they’re not tracking with the

business as it changes. BPM is a more agile so� ware

development approach with model-driven design, so you’re orchestrating services into holistic applications and building what we call compositions, instead of applications, inside the

environment. � ese compositions are basically designed to be fast-paced, agile

and change with the business. You might have a JAD session with the

business and, directly inside the modelling tool, in that JAD session, you might actually

start composing the application. Next month there’s another JAD session and it’s modi� ed, again and again. � e

development cycles are very agile and you introduce more features in a timely fashion.

Again, it’s increasing the collaboration between business and IT using a common documentation and automation tool.

AK: HOW ARE COMPANIES GE� ING STARTED IN BPM TODAY?

MR: It’s best to start small in BPM and focus on your process priorities and create what I would call a “process eco-system map” to chart your processes on two di� erent axes—one axis being value to your organization, the other axis being complexity.

Value to your organization might consist of things such as; “� is process supports a strategic corporate goal”, “this process is a main revenue generating process” or “this process a� ects a lot of people inside our organization”.

Complexity could include; “� is process is a high risk area”, “this process is poorly documented” or “this process has a lot of integrations and rules”.

Something that also adds to the complexity is the fact that a process touches a lot of people. If you’re introducing a new technology and need to educate people in its use, then this increases the complexity.

What you want to focus on as an initial application is a high-value, low-complex process. You want it to evolve into the higher complex processes

“Appian is the only environment that has no difference between our

SaaS on-demand version and our on-premise

offering.”

15

14-16 Appian.indd 15 10/3/10 13:45:44

ASK THE EXPERT ■ BUSINESS PROCESS MANAGEMENT

over time. Creating this process eco-system map is very important as a starting point to understand where your organization can best bene� t from BPM technology.

BPM has always had an issue in proving direct ROI because we’re o� en evolving from a state that was undocumented, so we had no real understanding of what the true cost of that process was. O� en one of the main bene� ts of initial installation, or implementation, is that you suddenly gain that visibility into exactly how much that business process cost your organization.

AK: I KNOW APPIAN HAS A VERY LARGE AND QUITE IMPRESSIVE CUSTOMER BASE. CAN YOU TELL US ABOUT WHAT SOME OF THESE CUSTOMERS ARE DOING WITH BPM, AND HOW YOU THINK IT’S MAKING THEIR ORGANIZATIONS BE� ER?

MR: We have a diverse customer base since the nature of our application is very horizontal. We solve business processes from the federal government and the military here in the US, to small and large enterprises around the world. For example, a global customer we’re very proud of is Enterprise Rent-A-Car.

Enterprise Rent-A-Car came to us about � ve years ago with a key process problem around IT request management. � ey had initially built a solution using the waterfall development approach on a .Net platform. It a� ected all 65,000 employees and didn’t work out very well because it couldn’t adapt to change quickly, and they also had over 200 di� erent processes supported by this one application.

By using Appian BPM, they’ve been able to model an entirely new system that’s able to adapt quickly to how their processes evolve. � ey now have a common request online system that allows all 65,000 employees to see the available services in a service catalogue, submit a request to the Enterprise Rent-A-Car headquarters, and see the exact status of all the requests inside the system. � ey have real-time visibility that they didn’t have in the original application.

Based on this success, another division, Group 32, which is among the largest subdivisions of Enterprise Rent-A-Car and does all the rental car management for Southern California, started using Appian BPM to optimize their accounts payable processes.

Group 32 has thousands of cars that need to go to body shops to be repaired and then put back into service. � is repair process generates a huge amount of accounts payable, invoices and payment transactions between the suppliers providing the repair services.

Appian was able to automate these processes and gain visibility through the � nancial divisions so they could see exactly where they spend, who their most common vendors are, how e� ective those vendors are in responding to the repair requests, and more e� ectively reduce the time it takes to get a vehicle repaired, the supplier paid, and the vehicle back out on the street.

AK: CAN YOU TELL US WHAT IS UNIQUE ABOUT WHAT APPIAN IS BRINGING TO THE BPM MARKET?

MR: Appian is unique through its ease-of-use and the comprehensiveness of the tool.

If you look at other BPM vendors, they’re o� en providing a narrow component of the entire BPM stack. By this I mean other BPM platforms provide a basic user interface such as electronic forms, a basic reporting environment and a process modelling environment. But there is more functionality needed such as content management, role-based dashboards, integration adapters, rules and a shared repository for application components.

For example, when you think about automating human processes, then having your enterprise content management system natively integrated is very important. Appian is the only BPM provider that provides all of these components in one integrated suite solution, making your management

and maintenance of the environment extremely easy, and your uptime to get the system going extremely fast as well.

Another unique thing about Appian is that an entire solution is available as either an on-premise,

or a SaaS-based on-demand o� ering. So, if you’d like to start modelling your processes right

now, you can go to www.AppianAnywhere.com and register. We’ll have an account for you in a few minutes so you can begin using BPM.

Appian is the only environment that has no di� erence between our SaaS

on-demand version and our on-premise o� ering. It provides a great amount of

� exibility. A lot of customers just want to dip their toe into BPM � rst—they can come into

our SaaS environment, do an evaluation, do a pilot project, and then decide if they would like

their IT department to take it in-house and manage it as an on-premise application. � at’s no problem—you can

transfer any time between the two environments. We’ve even had other customers say that they’ve had to cut back on

IT sta� and they don’t have the resources to maintain the servers. We can then transfer an on-premise environment to a SaaS-based o� ering and go back and forth, or have a combination of the two o� erings there for one customer. It’s a great way to get quickly started with an entire BPM solution.

“Appian is unique through its ease-of-use and the comprehensiveness

of the tool.”

Malcolm has been directly involved in the implementation and development of enterprise BPM solutions for over 10 years with a variety of BPM platforms. Prior to his involvement with BPM technologies, Malcolm worked for leading B2B and B2C e-commerce so� ware providers and led numerous technology consulting engagements at Fortune 100 corporations.

Malcolm received his BS degree in Computer Science with a minor in Actuarial Mathematics from Florida State University.

Malcolm RossDIRECTOR OF PRODUCTMANAGEMENTAppian Corporation

16

14-16 Appian.indd 16 10/3/10 13:45:54

ETM_FP4C.indd 1 1/7/10 11:28 PMads repdf.indd 4 10/3/10 17:20:15

ANALYST FEATURE ■ BUSINESS INTELLIGENCE

CLIVE LONGBO� OM (QUOCIRCA) explains that even though business intelligence is highly regarded by CIOs, it’s not being utilized half as well as it should be—if at all. So when will business see the need?

Step up to the BI revolution

Business intelligence (BI) has been the focus for many technology vendors over the past year or so—to the point where it has possibly been overblown and overhyped.

With the number of pure-play BI vendors shrinking rapidly as the mainstream technology vendors buy them up (for example, Oracle with Hyperion, IBM with Cognos, and SAP with BusinessObjects), you would have thought that the onslaught of information would by now have meant that the market was fully aware of what BI o� ers, and purchasers would have made up their minds on

which direction to go product-wise. But there seem to be many problems out there in the end-user community, not least of which is understanding what BI really is.

Over the past few months, Quocirca has carried out research into perceptions of BI for both Oracle and IBM. � e � ndings have shown that while the mid-market organizations seem to see the need for suitable business intelligence, the larger organizations have yet to fully understand what it means for them. For example, in Figure 1, we see how mid-market organizations in the UK perceive the concept of BI.

When we compare this with Figure 2, where Quocirca looked at large organizations around the world, we see a completely di� erent picture. Although

18

18-20 Quocirca_BI.indd 18 10/3/10 13:47:07

BUSINESS INTELLIGENCE ■ ANALYST FEATURE

And for many, it is not a case of being able to report against formal data held conveniently in databases. Figures 3 and 4 show how the respective groups responded around spreadsheet use.

Again, although the wording of the question and the response mechanisms are slightly di� erent, we can see that there is a tendency in both cases to the perception that spreadsheet use is harmful to the organization.

Too many people take the easy option when dealing with their data needs. � ey aggregate what they need by creating a new spreadsheet, and then use whatever skills they have to manipulate the data and produce graphs for distribution as required.

� e main problem that this introduces is that the spreadsheet is no longer a “live” document—it is now a snapshot of what has happened and doesn’t re� ect what IS happening. Today’s organizations are too dynamic for this approach,

and BI must be able to support reporting against live data and information sources—including spreadsheets and the internet.

So what is the real opportunity for BI? Vendors obviously have to create messaging more resonant with end user needs, and they must ensure that they talk to those who will actually be using the tools.

BI has to be able to provide results that enable an end user to rapidly uncover information that they would not be able to uncover through other means within a feasible timescale. BI must also be able to embrace the whole audience who need the information created—whether they be employees, contractors/consultants, partners, suppliers or customers, and the pricing has to re� ect this.

On the whole, today’s BI o� erings already do this—but the perception is that they don’t. � e key may well be in positioning BI as a central tool for a broader group of people. � is

the research was couched in slightly di� erent ways, the overall comparison between the two data sets yields some interesting, yet worrying, � ndings.

Whereas a third of the mid-market respondents see BI as providing them with a means of looking backwards and forwards at the performance of the business, with two thirds seeing it as providing forward-looking capabilities, only 30% of large organizations see BI as a strategic tool, with nearly one quarter stating that they do not know what BI is.

Note how less than 5% of the mid-market respondents see it as being overly expensive, against 15% of large organizations.

For technology vendors in the BI space, much of their messaging has been aimed at the large organizations, where “big ticket” projects are to be found. One reason why Quocirca believes the research in this market provided such a picture is that we were not talking to IT people—we were talking to lines of business people, those who have a responsibility for dealing with data and reporting on it within their business.

At the mid-market level, these people will need to talk to IT to gain even basic support for their needs, and the business person will carry out a degree of research themselves into what can be provided to make their job easier. In large organizations, things become more prescriptive and employees get on with doing their jobs, rather than researching means of solving the issues in di� erent ways.

� erefore, the focus from the vendors on selling to IT people in large organizations means that the � nancial reporting people have li� le in� uence on what is happening. If IT are essentially unaware of the problems the end users are up against, then they are certainly not going to try and identify exactly what the problem is to add to their own workload of issues to deal with—especially with additional constraints on spending.

� e basic messaging around BI should be about ge� ing the right information, in the right format, to the right person, at the right time—surely something that it would be di� cult for any business person to disagree with? � is may be so, but when you look at a lot of the actual messaging that comes out from vendors, it is not quite so straightforward.

Some get BI confused with reporting only against formal data held in databases, others get too technical in discussing how their solutions can integrate with enterprise applications via SQL and JDBC. Your average business person doesn’t care about this—they just want to get their job done.

19

18-20 Quocirca_BI.indd 19 10/3/10 13:47:08

ANALYST FEATURE ■ BUSINESS INTELLIGENCE

may require core pricing structures to be more � exible, enabling more people to become active in manipulating data and information for their businesses. Although “free” seats for readers are now pre� y much standard, it may well be that vendors need to provide a more active capability to make BI strategic to the business.

For example, the majority of BI tools are aimed at just a few people within an organization. A 1000-employee organization may well have less than 100 full seats of BI in place, and a 100-user organization may have less than � ve, or even just one. If a vendor were to lower its per seat cost by let’s say 50%, it could take that 100 user base in the large organization to 400 seats—an increase in revenues for the vendor of 200%.

E� ective BI is more than just “important” in today’s markets. Without it, organizations cannot be fully responsive against their competition and will be making decisions based more on “gut feel” than on reality. � e markets are changing, and vendors are having to face up to open source o� erings as well as niche players who are bringing novel, far more intuitive approaches to the fore.

Quocirca recommends that organizations put pressure on BI vendors to more e� ectively meet their needs—greater reach at lower cost—and that they then use the BI capabilities to apply greater control over their data assets, and to create a more useful view of probable futures for their organization.

Quocirca’s reports on the Oracle and IBM research are freely downloadable from Quocirca’s site at h� p://www.quocirca.com/prep_fuel.htm (IBM) and h� p://www.quocirca.com/prep_epm1.htm

In his position Clive covers the need for companies to understand the core processes in their value chains, and the technologies that should be utilized to facilitate these processes in the most � exible and e� ective manner.

In his remit, Clive covers collaborative tools, work� ow, business process discovery and management tools, service-based architectures and outsourcing, as well as other associated areas such as security, voice/data convergence, and IT asset optimization.

Clive LongbottomSERVICE DIRECTOR, BUSINESS PROCESS FACILITATION, Quocirca

20

18-20 Quocirca_BI.indd 20 10/3/10 13:47:09

Want to Accelerate Growth?Get GIL.

Growth, Innovation and Leadership 2010 is HERE!

Frost & Sullivan’s premier networking event, Growth, Innovation and Leadership (GIL), brings together thebest and brightest of visionaries, innovators and leaders to inspire and be inspired. This interactive exchangeof fresh ideas, innovative strategies and proven best practices empowers CEO’s and senior executives withthe necessary tools to accelerate the growth rate of their companies.

Join us - learn, share, engage, inspire and be inspired.

CEO’s and their growth teams frequent GIL to:

· Focus on driving growth, innovation and leadership· Discover fresh and innovative ideas· Exploit opportunity in any economic climate· Network with cross-industry peers· Gain a 360 degree perspective of their industry· Learn best-practices in driving growth· Benchmark award-winning tools and strategies· Actively engage in our global community · Advance their ability and career· Become innovators, visionaries and leaders

Attend Today!www.gil-global.com/europeEmail: gilglobal@frost.comTel: +44 (0) 20 7730 3438

GIL 2010: EuropeThe Global Community of Growth,Innovation and Leadership17-19 May 2010Emirates Satdium, London, UK

Strategic Partner

ads repdf.indd 4 10/3/10 16:46:19

ASK THE EXPERT ■ BUSINESS INTELLIGENCE

BRUCE ARMSTRONG (KICKFIRE) talks to ETM’S ALI KLAVER about the critical role of analytics in successful organizations and how smart data warehousing and business intelligence are the way

forward.

Analytics—Fuel for growth

AK: BRUCE, HOW IMPORTANT IS BUSINESS ANALYTICS IN TODAY’S COMPETITIVE MARKET PLACE?

BA: I would quote a study by Gartner who is one of the industry analysts tracking this space. For the last four years running they’ve created a CIO survey, and the number one priority on a CIOs list of top 10 is business intelligence and data warehousing. I would say that it has been a top priority for a long time, and continues to be.

If you take a look at what’s going on in the market today and what businesses need to deal

with, being able to analyze the information that they have available to them on their customer behaviour, their products and their inventories is critical to being able to stay in business and to become leaders.

One of our customers in the video advertising space, LiveRail, has seen a great shi� in the market to online business. � e video advertising space is expected to reach over � ve billion in just a few years time, so that’s one of the spaces that’s creating a whole new set of data that needs to be analyzed.

LiveRail provides not only video advertising services to their big customers like Sony, but

also the video metrics associated with those ads. Who is watching those ads? Are they pausing? Are they skipping through them? It’s critical information for this new channel to get to the end customer. So there’s expected to be over 60% growth in that business in years to come.

� at’s just one example of how critical analytics has been, and with some of the new data types and channels to get to end customers, just how important it’s going to be in the future as well.

AK: THANKS BRUCE, THAT’S A GREAT EXAMPLE. ETM IS SEEING THE SAME

h� p://www.GlobalETM.com

22

22-24 Kickfire.indd 22 10/3/10 11:48:13

Rather than adding 30 new general purpose CPU’s every time your data grows, you add another single Kick� re SQL chip. We believe this is a huge breakthrough.

I started my career at Teradata, I was there for 15 years and I ran the business. We went public and I ran the business for NCR when we were part of NCR.

Teradata is the number one data warehouse company in the world, and it is not uncommon for customers to spend millions if not tens of millions of dollars to get high performance data warehousing using general purpose computers, which is what Teradata uses.

I’ve learned from that experience and realized that not only do the high end customers demand lower cost, high performance and high reliability solutions, but there’s a whole new segment of the market, especially driven by the web, that requires much lower cost and much lower power consumption.

Hence, the breakthrough that Kick� re has provided with the SQL chip enables not only the high end customers to more cost-e� ectively deploy high performance data warehousing, but also a whole new sector of the market, driven mostly by web-based businesses.

AK: I DID A BIT OF RESEARCH EARLIER AND I WAS GOING TO BRING THAT UP MYSELF—THE KICKFIRE SQL CHIP REALLY HIGHLIGHTS THAT SORT OF FLEXIBLE BI INF� STRUCTURE YOU WERE TALKING ABOUT EARLIER. I’D LIKE TO HAVE A LOOK AT THE CURRENT MARKET IF WE CAN—TELL ME WHICH ENTERPRISES ARE REALLY

23

BUSINESS INTELLIGENCE ■ ASK THE EXPERT

Analytics—Fuel for growth

SORT OF SYNERGY WITH THAT FOCUS ON DATA WAREHOUSING IN THE FIELD. BUT WHAT DO YOU THINK IS SO DIFFERENT ABOUT TODAY’S COMPETITIVE ENVIRONMENT?

BA: I think especially since the economic downturn last year it seems as if the dust is se� ling, and it remains to be seen just what the growth is going to be this year in the worldwide economy.

It’s all about taking advantage in these peaks and valleys of the economy, and what we’re starting to see is that our customers are beginning to grab market shares as quickly as possible.

One of our other customers—Barry Diller’s InterActiveCorp, a large division of IAC which is a multi-billion dollar holding company of web properties—is Mindspark. � ey became a Kick� re customer last May and have already bought three more systems from us.

What they’re doing is essentially aggregating content across their various websites and analyzing the interactions between those websites so they can move tra� c between them in a more e� ective way.

� ey’re essentially locking out their competitive sites that may only have one or a small number of sites. Mindspark has a vast network of websites focussed on di� erent demographics, and the ability to analyze the tra� c between those sites gives them a huge advantage and allows them to take market share when it starts to pick up here.

AK: THANKS BRUCE, THAT’S ANOTHER GREAT EXAMPLE AND I KNOW OUR AUDIENCE LOVES CASE STUDIES. LET’S SPI� L OUT INTO A KIND OF FUTURE-FOCUS, IF YOU LIKE. CAN YOU TELL ME ABOUT THE CHANGES THAT IT NEEDS TO PROVIDE TIMELY BUSINESS ANALYTICS?

BA: Obviously the technology continues to evolve, and the di� erent channels and distribution models also continue to evolve. You have increasing interest in cloud businesses and you’ve got an increasing use of open source technology.

But what hasn’t changed is the need for IT to very rapidly deploy systems at a low cost and high availability.

What we’ve done here at Kick� re is package in a data warehouse appliance, using MySQL, the number one open source database, which means that it’s low cost and widely accepted within small and large enterprises.

We have a data warehouse appliance that provides very high performance data warehousing at a fraction of the cost, and because it’s a true appliance with storage and server and so� ware—all completely packaged together and optimized in a single server—we get customers who have been able to deploy a data warehouse appliance in less than a day.

� at kind of responsiveness is what IT really needs to drive in order to not only meet the business requirements that are constantly changing, but to begin to eat away at that backlog which has frustrated their end user business customers.

So, we believe that IT needs to continue to do their job of deploying systems rapidly, cost-e� ectively and reliably, and at Kick� re we’ve tried to help them with that task.

AK: YOU’RE RIGHT BRUCE, � PID DEPLOYMENT AT LOW COST IS ESSENTIAL IN THIS SPHERE, AND ESPECIALLY BECAUSE IT IS SUCH A HIGHLY COMPETITIVE MARKET. CAN YOU TELL US WHAT THE NEW REQUIREMENTS ARE FOR DATA WAREHOUSING AND BUSINESS INTELLIGENCE INF� STRUCTURE?

BA: Well, the data continues to grow. � e ability to rapidly deploy data warehousing in a cost e� ective way, and then being able to scale the technology up, continues to be very important as the data continues to grow. It’s equally important to meet the new requirements in terms of the types of analytics. � e way customers are trying to analyze the data continues to be important, so having a very � exible infrastructure from a BI perspective continues to be vital.

What we’ve done at Kick� re is invented the industry’s � rst SQL chip. We’ve implemented SQL on silicon which allows data to be � owed through our purpose-built co-processor at 100 to 1000 times’ faster performance than general purpose computers. One Kick� re SQL chip is equivalent to over 30 general purpose computers.

So rather than having to deploy a massive infrastructure with massive parallel processing and sometimes up to hundreds of general purpose CPU’s, with the Kick� re chip you can greatly reduce the cost, footprint and power consumption required, which then allows companies to scale up in a much more e� cient and cost-e� ective way.

“The way customers are trying to analyze the data

continues to be important, so having a very flexible infrastructure from a BI

perspective continues to be vital.”

22-24 Kickfire.indd 23 10/3/10 11:48:13

ASK THE EXPERT ■ BUSINESS INTELLIGENCE

Bruce is a database industry veteran with 25 years of technology-speci� c development, marketing and sales expertise. He began his career at data warehousing giant Teradata Corporation, where he spent 15 years as part of the team that established the company as the leader in the market. Following Teradata, Bruce held the position of Vice President and General Manager of the Server Products Group at Sybase, where he ran the company’s $700 million enterprise database management business.

Bruce has a Bachelor’s Degree in Computer Science from the University of California at Berkeley.

Bruce ArmstrongCHAIRMAN OF THE BOARD AND CEOKickfi re

POISED TO WIN IN SUCH A CHANGED MARKET BA� LEGROUND?

BA: We see mostly online and what we’re calling digital-based business—so not only web businesses but as I mentioned before LiveRail and video. We also have customers in the mobile app space, like Nokia and Handmark.

Another one of our customers in the social networking area, Mamapedia, is the number one social networking site for mothers. � ey have over two million mothers online communicating with each other about everything from babysi� ers and landscaping, to how to raise a child in a home school environment.

It’s a very popular site, growing very quickly, and our view is that businesses that are going to succeed are ones that are able to adapt to their changing demographics very quickly.

When Mamapedia � rst started they had a smaller number of mothers online and they were able to keep in touch with their customers through newsle� ers. All of their business intelligence and analytics was around what exact content should be delivered to which exact mother, associated with their areas of interest.

� at was very e� ective, built a very loyal group, and really allowed Mamapedia to grow their business from there because they knew they had the formula right. � eir analytics have completely changed as their business model has now shi� ed to a� racting new mothers online, and so they’ve grown very rapidly through search engine optimization and other types of analytics that allow them to draw new mothers in who correlate with their existing mothers online.

� is was a big shi� in their analytics and it exempli� es what we think is going to be the critical success factor for businesses today and in the future, which is being able to rapidly respond to their customers needs and their changing business models as they grow.

AK: THANKS BRUCE, THAT’S A GREAT EXAMPLE OF � PID GROWTH THROUGH A SHIFT IN ANALYTICS THAT YOU WERE TALKING ABOUT. FOR OUR FINAL QUESTION, TELL ME IN WHAT OTHER MARKETS ARE YOU SEEING COMPANIES LEVE� GE ANALYTICS FOR SUCCESS?

BA:We’ve been focussed on the digital markets that we’re talking about, but in more traditional spaces we also see continuing growth in business intelligence and analytics.

Traditionally � nancial services has been a large consumer of data warehouse technology—on the retail side they have lots of customers, and on the commercial side lots of transactions, so a lot of data comes at them in � nancial services.

We have recently expanded our sales force to have a specialist in the � nancial services market based in New York, on Wall Street, to be able to go a� er that market. Sco� Davidson, our district sales manager, has worked at Sybase and at other business intelligence companies, focussed on � nancial services and especially around Wall Street.

Sco� is beginning to penetrate the � nancial services market as they continue to grow in their need for analytics, but also again looking for rapid deployment and cost-e� ective, high-performing data warehousing.

We also see

two other markets. One is healthcare, and we’ve got a relationship with systems integrators in the healthcare and health services market. A lot of this is coming from the government, essentially mandating new requirements for collecting and analyzing information, and so this is driving up the need for data warehousing technology. We are ge� ing into that market, because it’s highly specialized, through systems integrator partners such as a company called Lancet.

Finally, retail companies have also been a big consumer of data warehousing. � e famous example of course is Walmart and their use of a data warehousing technology in order to analyze point-of-sale transactions.

� at need to analyze more and more information, and also to begin analyzing the multi-channel relationship between e-commerce as well as store-front sales, becomes more and more important.

We have actually partnered with another systems integrator who is an expert in this space, a company called RSI, to be able to go a� er the retail market. So in addition to the web businesses, or the digital businesses that I mentioned before, � nancial services, healthcare and retail continue to be more traditional businesses, but will very quickly expand their use of data warehousing and business intelligence.

24

“... the number one priority on a

CIOs list of top 10 is business

intelligence and data warehousing.”

22-24 Kickfire.indd 24 10/3/10 11:48:14

m6017-kickfire_etm_ad_rd2a_ol.indd 1 3/9/10 4:57:30 PMads repdf.indd 4 10/3/10 17:18:45

HEAD TO HEAD ■ DATA WAREHOUSING

IT IQOrganizations are experiencing a growth in

the amount of data they generate, and an accompanying demand for making sense of

that data in real time. Among the many IT challenges in today’s business world, DAN LAHL (SYBASE) tells ETM’s ALI KLAVER how Sybase IQ is succeeding.

h� p://www.GlobalETM.com

AK: OUR FIRST QUESTION TODAY IS ABOUT CURRENT MARKET TRENDS, SO WHAT DO YOU THINK ARE THE MAJOR TRENDS REALLY DRIVING THE NEED FOR CHANGE IN ANALYTICS AND DATA WAREHOUSING ENVIRONMENTS TODAY?

DL: Well, as we say in the United States, that’s the $64,000 question. � ere are a lot of trends that we see in this analytics space, there’s a high amount of churn and misunderstanding, and a lot of people are trying to come to grips with what’s going on in data warehousing and analytics.

Let me outline where we see the trends from an IT perspective. Analytics (and data warehousing) is shi� ing from a very strategic part of the business where you have just a few super-users that are doing data warehousing analytics.

It’s moving down to operational analytics where you have lots of users demanding that data from the organization be turned into information for their decision-making processes. So we see lots of users now demanding the need for data.

Second, we see users again demanding ad hoc queries—that means not just standard reports that provide one key performance indicator or KPI, but the ability of the user to drill through so they can get the answer to the next question they want to ask, and the next, and the next, all in a chaining type of series of events. So the need for ad hoc queries is also large.

� e third is the move from ge� ing a reporting style of analytics to actually moving into predictive analytics—to go from the “rear view mirror” analytics to “in front of the headlights” analytics. We see a lot of people looking to do more deep data mining and using tools to do predictive analytics—that’s also a big trend.

� e � nal trend that we see is the absolute explosion of data to be analyzed. It used to be that the vendors would talk about the explosion of data, and now the customers are actually talking about the explosion of data in their enterprise. � at has to be analyzed and turned into information, and then has to be really understood so that it can be turned into be� er decision making.

So those are really the four trends that we’re seeing—the demand by more users, the need to do ad hoc query analysis, the look towards predictive analytics versus rear view mirror analytics, and then the absolute explosion of data.

AK: THANKS DAN. THOSE ARE GREAT POINTS AND WE’RE SEEING THE SAME THINGS HERE AT ETM, ESPECIALLY THE EXTREMELY HIGH DEMAND FOR USABLE DATA WHICH IS CERTAINLY A BIG ISSUE. I THINK WITH THESE TYPES OF DEMANDS IT REALLY SPI� LS OUT INTO THINGS LIKE FLEXIBILITY AND EVEN SECURITY. SO WHAT TECHNOLOGIES DO YOU THINK SUPPORT THE NEED FOR GREATER SPEED AND SECURITY OF ANALYTICS ENVIRONMENTS?

DL: If you look at a big high level view of what is trying to handle these trends and to answer them, there are really three basic technologies that do that.

� e � rst is the traditional row-based analytical products—like Oracle, SQL Server and (IBM) DB2—and our own product from Sybase called ASE, where you’re actually taking a row-based system and trying to do analytics on top of that.

� at has proved around those four trends to not be as capable as in years past, so there are what we call specialty analytic servers coming out in the � avour of analytic appliances. What you do is you take the approach of throwing a lot of hardware at the problem, so that you can answer those four trends.

� e third area is to actually take the database of information that you have and instead of organizing it by row, organize it by column, because at the end of the day what you’re actually doing is analyzing the a� ributes, which are the columns.

� e approach that we’ve taken with Sybase IQ is to actually organize that spreadsheet of database information, if you will, into columns versus rows. And the example I like to use is one a couple of days ago—I was in Las Vegas and I bought a la� e at the Caesars Palace Hotel, and I paid $4.50 with my Visa card.

From a transactional standpoint, the right way to organize that is by row. But if Caesars Palace wants to understand if they’re selling more la� es than mochas or Americanos, and that they should perhaps increase the price of their la� es, they’re actually analyzing the columns, or the a� ributes of that information, not the rows. So doesn’t it make sense to organize that information by columns versus by rows? � at’s the core value proposition of the Sybase IQ product.

26

26-27 Sybase2.indd 26 10/3/10 11:47:21

And then we’ve added a number of di� erent things on top of that as well, like the ability to do in-database analytics, and provide security functions for data at rest, data at � ight and user-authentication—plus the ability to scale out the environment through adding nodes or adding disk structures to the system.

But that’s really the three basic pieces—it’s the row-based, that are kind of falling over, it’s the appliances that are really a brute force approach, and the Sybase IQ approach which is the column-based approach that we think is a more elegant and smarter approach to analytics.

AK: THANKS DAN, WHAT A GREAT EXAMPLE ABOUT THE USABILITY OF DATA. I WAS WONDERING, WHAT INNOVATIONS REALLY ADDRESS THE NEED FOR GREATER USER CONTROL OF THE ANALYTICS ANALYTICAL QUERIES?

DL: We’ve talked about the trends and if you tie that back to what’s going on with users, ad hoc queries, predictive analytics and with the people who are watching data, we’re � nding that more and more people have to do self-service on their analytics.

We have a number of customers who are now required to expose their information to an unknown number of people for whatever queries they want to run over the web. � at’s 24x7 unknown queries, and to give that kind of requirement to an IT person or a DBA or a CIO will give them nightmares, because in the past it’s been really hard to optimize a data warehouse for that type of environment.

Again, Sybase IQ is able to handle that. Take that core value proposition of organizing by column without having to do a lot of work and gyrations on top of your row-based system to optimize for analytics by adding indices, or aggregates or cubes—if you can handle that through just the core structure of the database and the query optimizers that optimized to hand the SQL coming in for analytics, then customers are able to actually provide that to their users.

A good example of that is a company called LoanPerformance in San Francisco. � ey have to do 24x7 operations for their customers who are all over the world. � ey track mortgages not only in the United States but in other countries as well, and they have to be able to provide full access to their data structures, which is over a couple of terabytes, to any customer that comes in. Every month they have to update their database with more a� ributes and more columns—did the person pay on time? Did this mortgagee pay the full bill? Did they miss a payment?

� is is a very complex environment, and they realized they could only expose it to their user community using a technology like Sybase IQ.

We think that we’re hi� ing a sweet spot of the trends, and Sybase IQ is providing not only business value, but le� ing those DBAs and CIOs sleep at night.

AK: IT CERTAINLY SOUNDS LIKE QUITE A COMPREHENSIVE SOLUTION, BUT IT’S ALSO ABLE TO PINPOINT SPECIFIC BUSINESS REQUIREMENTS. HOW CAN BUSINESSES BE� ER ADDRESS THEIR NEED FOR MANAGEMENT OF INFORMATION THROUGHOUT ITS LIFECYCLE?

DL: In that fourth trend, which is about lots of data that need to be analyzed, we actually see a lot of customers now struggling with handling

their enterprise data warehouse, or even their data marts for that ma� er. We actually have customers, either government or non-government,

that are actively managing, with IQ, terabytes of data. So in this management of data we’ve added a new option to Sybase IQ that allows you to do information lifecycle management for data warehouses.

� e advantage is that you can take your most recent data—let’s say your current quarter or your current month’s information—and put that on your most expensive EMC disks, if you will. � en take your data from one month, or one quarter to a year, put that on the slightly slower disks, and then take the information from a year on out and actually put those on very

slow disks, because it’s not going to change and it’s really only used for archive purposes.

� en you can run queries against all of that information. So within Sybase IQ we call that our

VLDB (very large database) or information lifecycle option. We’re seeing a number of customers really excited about that because they can optimize not only for cost, but they can optimize for backup as well. Once you get past a year your data is probably not going to change and you don’t need to back it up as o� en as the most current

data. � e second piece that we see is that we’re

actually able, through other Sybase products besides Sybase IQ, to load the data in real time. Some

customers want to analyze just-in-time information with historical information.

We’re able to have some of our customers like BNP Paribas over in France take information in every � ve minutes and load it, and then analyze it in � ve-minute increments. It’s pre� y amazing what that customer is doing with the management of their information.

Finally, we also have the capability to model the data, to change the schemas of the data, going from third normal form to star, or snow� ake schema, and you can do that quite easily through other tools that we provide from Sybase like PowerDesigner and other tools.

So we’ve spent a lot of time and e� ort to help our customers in the lifecycle management of their information. Again, we see that as a key part of that fourth trend I outlined at the outset.

DATA WAREHOUSING ■ HEAD TO HEAD

Dan Lahl has been with Sybase since 1995 and in high tech for over 30 years with extensive experience in data management, data warehousing and analytics. While at Sybase Dan has also led emerging technology areas for Sybase, including Data Federation, Data Integration, GRID and Cloud Computing. Dan is currently leading the team that is growing the enterprise so� ware business for Sybase in the areas of data management, data movement, analytics, capital markets and development tools.

Dan has a Business Administration degree from the Haas School at U.C. Berkeley and a Masters of Divinity from Trinity Evangelical Divinity School.

Dan Lahl SENIOR DIRECTOR OF PRODUCT MARKETING Sybase Inc.

27

“... the Sybase IQ approach... is

a more elegant and smarter approach to

analytics.”

26-27 Sybase2.indd 27 10/3/10 11:47:21

Searching for Agility

EXECUTIVE PANEL ■ APPLICATION LIFECYCLE MANAGEMENT

h� p://www.GlobalETM.com

JULIE C� IG (ENTERPRISE MANAGEMENT ASSOCIATES) moderates a dynamic discussion on application lifecycle management with the expert opinions of GILES DAVIES (MICROSOFT), BRIAN ZEICHICK (COLLABNET) and TIM JOYCE (SERENA SOFTWARE).

JC: PERHAPS OUR PANEL CAN START BY TELLING US A BIT ABOUT THEMSELVES, THEIR COMPANY AND THEIR ALM SOLUTIONS?

GD: My name is Giles Davies and I work for Microso� in the UK. In fact, I’m relatively new to Microso� and joined about 15 months ago but my background is in development and application lifecycle management solutions.

I work in a group called the developer and platform evangelism group whose mission is to secure the platform for Microso� , so that’s around Windows and the other platforms that Microso� has. Speci� cally, I work in the development tools team and I’m a tools technology specialist within that team, covering our application lifecycle solution which is primarily Visual Studio and Team Foundation Server.

BZ: � is is Brian Zeichick. I work at CollabNet as a Product Manager for TeamForge which is our ALM solution for distributed teams.

I have experience in scoping and designing features, analysis and goal-directed user-centric design theory. In addition, I also cover web development and standards, including rich internet applications.

Founded in 1999, CollabNet is based on open source principles. We are also the company behind Subversion, which is the leading SCM (So� ware Con� guration Management) solution. CollabNet is the ALM platform leader for distributed so� ware teams.

Our ALM tool, CollabNet TeamForge, is one of the most open and accessible platforms in the industry. It allows teams to manage the entire so� ware development lifecycle using Agile or any other process methodology.

TJ: My name is Tim Joyce. I’m Senior Product Manager for Serena’s � agship—SCCM Solution, Dimension CM. I spend a great deal of my time talking to our customers about their pains and requirements around ALM, both speci� cally for SCM and the broader ALM space as well.

I’ve been working with Serena ALM solutions for about 14 years now, and that’s across a number of di� erent roles including consulting, training, marketing and product management.

Serena So� ware is a global ALM company with around 15,000 customers worldwide. We provide a range of solutions including so� ware change and con� guration management, application developments, business process management, and of course project and portfolio management.

JC: TO START THINGS OFF, I SEE APPLICATION LIFECYCLE MANAGEMENT AS BASICALLY A FUSION BETWEEN THE TECHNOLOGY SIDE OF THE BUSINESS IN TERMS OF DEVELOPING, DEPLOYING AND MANAGING APPLICATIONS, AND THE BUSINESS FUNCTIONS OF PRIORITIZING, FUNDING AND STAFFING THEM.

MY RESEARCH IS SHOWING ME THAT THERE’S A LOT OF APPLICATION DEVELOPMENT HAPPENING IN TODAY’S COMPANIES, AND THAT IN FACT THE FREQUENCY OF COMPANIES REPORTING CUSTOM APPLICATIONS LEADS THOSE REPORTING PAC� GED APPLICATIONS BY A SIGNIFICANT MARGIN.

THAT BEING SAID, VIRTUALLY EVERY COMPANY DOING APPLICATION DEVELOPMENT HAS SOME ELEMENT OF APPLICATION GOVERNANCE IN PLACE. FOR EXAMPLE, MOST HAVE A STANDARD DEVELOPMENT ENVIRONMENT, SUCH

28

28-35 ALM.indd 28 16/3/10 13:39:35

APPLICATION LIFECYCLE MANAGEMENT ■ EXECUTIVE PANEL

GD: � ey may have a stack of individual products, absolutely. And it’s not so much the functionality within each of those pieces, it’s actually ge� ing the understanding out of that set of products, if you like.

JC: ONE THING THAT I’VE NOTICED IS THAT ILLUST� TIONS ARE ALWAYS MORE INTERESTING THAN DESCRIPTIONS,

SO I’D LIKE TO ASK THE PANEL TO TALK ABOUT A SPECIFIC CUSTOMER DEPLOYMENT AND HOW

THEY DEPLOYED APPLICATION LIFECYCLE MANAGEMENT. ALSO, WHAT KINDS OF

BENEFITS ARE THEY SEEING?

GD: My example is of a smallish company, probably in the region of about 150 in development sta� , in � nancial services. We became involved because the company had grown through acquisition and part of

the organization was .Net based, in terms of technologies, and part of the organization was

Java-based. � ey got to a point where di� erent teams had

di� erent stacks of products and they had a mix of technologies around version control, how to track

changes and defects, di� erent build solutions and so on. � ey wanted to both consolidate and simplify the tools they had and manage the infrastructure in a more e� cient way, but also to address the issues around reporting.

One of the other challenges we had, which I thought would be

AS ECLIPSE. MOST ALSO HAVE A STANDARD LIFECYCLE METHODOLOGY AND SOME TYPE OF CODE REPOSITORY AND VERSION CONTROL.

WITH THAT INTRODUCTION, THE FIRST QUESTION I’D LIKE TO POSE IS WHY DO THE COMPANIES DEPLOY APPLICATION LIFECYCLE MANAGEMENT SOLUTIONS, AND WHAT ARE SOME OF THE ISSUES THAT ARE ACTUALLY DRIVING THESE DEPLOYMENTS?

GD: One of the ones that I come across frequently is around project transparency and reporting to team leaders, project mangers, senior management and so on.

� e issue that I’ve come across a few times, particularly around reporting and status of projects, is that it’s really not to have surprises around what’s going on. So, how do we know what the quality of this project is? Are we likely to release on time? Having access to that information, and having con� dence in it, is one of the big drivers for us in providing an ALM solution.

JC: SO THEY HAVE THE PIECES IN PLACE, FOR EXAMPLE ECLIPSE, AND A CODE REPOSITORY AND THAT SORT OF THING, BUT THEY NEED TO BE ABLE TO PULL TOGETHER A BIGGER PICTURE.

“They’re changing the

way they work and I think

that’s been very positive for the

industry.”

29

28-35 ALM.indd 29 10/3/10 11:45:29

EXECUTIVE PANEL ■ APPLICATION LIFECYCLE MANAGEMENT

“I’m seeing a

bigger picture than just the

development side of things that

we’ve dealt with for so many

years.”

30

interesting to chuck in was, of course, the Java technology base. So from our point of view, the development teams at an IT level had a mixture of Visual Studio and Java.

What we did was introduce Team Foundation Server as the single repository that can store all of this information; all of version control, source control data, change management defects, task lists and so on, reporting capabilities and automated build, and open it up to both the Java communities and the .Net communities.

We have a partner called Teamprise who o� er a really � rst class Eclipse-based integration into Team Foundation server—who incidentally we acquired in November. We were able to o� er the same capabilities to both sets of technologists.

I think this is an interesting example of the ALM story—we’re looking at how we can combine all of the information they have, make something meaningful out of it and make it much more open and transparent. We also needed to support their drive towards Agile and the fact that they had di� erent technologies in use.

TJ: Among the many customers that we have I think one of the great examples is a global leader in banking and insurance, geographically diverse, distributed across Europe, North America and Apac. � ey’ve got about 200,000 employees and revenue last year was around 90 billion Euros—so it’s a signi� cant organization.

� is really started o� as a release management problem, and in the words of one of the project managers, they had chaos in release management. � ey had multiple home grown systems, manual procedures that had grown up over the years, and of course there had been quite a lot of acquisition going on so there were a number of di� erent, disparate systems.

At the same time they were trying to scale what they did, they were bringing a new part of the business into the process they had, and they found that the current systems they had just didn’t scale to what they wanted to do.

� ey were also very labour intensive and had the very typical, sort of heroic, late night and weekend work habit to try and get releases out of the door on time. � ey also had a lack of visibility of control, o� en because of this rather ad hoc and manual procedure, so they really had no way of being absolutely sure that what they deployed was the right stu� and went to the right place. � is is a fairly classic situation.

� ey started the implementation o� with the thing that was hurting the most which was mainframe release management. � ey ripped out and replaced most of the numerous home grown solutions and manual procedures they had, replacing it with Serena Dimensions CM which is our so� ware changing con� guration management tool.

But having done that � rst phase of the implementation, I think this was where it started to become an ALM solution rather than simply a release management solution. � ey realized the power of what they had and extended this out to add documentation, scripts and other objects to make this a collaboration platform between not just development, but development and the business.

� ey also outsourced quite a lot of their development and have multiple geographically distributed development sites as well, so their outsourcers now directly access the SCM repository so you can see what they need to do, they can allocate work to outsourcers, and so on.

It’s giving them a single global repository for all of the collaboration, communication and sign o� that goes on.

� ey then extended this out beyond the mainframe to distributed environments, moving it out to large numbers of people with around 1000 applications under control at the moment—it’s an ongoing roll-out process. � e bene� ts are vastly improved traceability, visibility and control.

BZ: One of our clients, a large global delivery service, wanted to standardize and centralize so� ware development across its IT arm. � e goal was to link various processes within their application development to enable automation and standardize across the multiple internal operating

departments. To achieve this goal, the IT arm deployed CollabNet’s ALM solution, TeamForge, to work with its internal

home-grown platform. � ey wanted to integrate their platform across a worldwide system using

TeamForge for ALM—basically using it as a so� ware development engine.

TeamForge helps them overcome challenges of distributed development, allowing anyone to the core development environment via a web page or through an API. � e other nice thing is that they have many other legacy tools that they

wanted to continue using, and because we have open APIs, it was very easy for them to integrate

TeamForge and multiple existing systems. Choosing CollabNet for ALM gave them valuable

results. � e platform enabled their teams, through their organization, to collaborate e� ectively on development

processes. In addition it allowed them to improve collaboration between geographically dispersed teams through process standardization.

� is company was also using automated, tedious manual tasks. � e CollabNet platform promoted rapid time-to-market through consistencies of tools and process. It also enabled engineers to get up-to-speed quickly on new projects, or switch projects without having to do additional training, because it was consistent throughout their whole experience. � eir now centralized development environment eliminated department-speci� c systems that tended to create bo� lenecks and ine� ciencies.

� e company was also evaluating improving security and backup capabilities. � e solution enabled them to simplify compliance processes due to be� er reporting and traceability.

An example of this it their ISO audit. � e auditor was able to come in one morning, go into one o� ce, and do the whole ISO audit in half a day by si� ing with one development manager and accessing the core development environment. � is was a huge improvement over previous audits that took up to a week, with the auditor talking to each department.

Teams using any development methodology—Agile, scrum or XP, or even a waterfall, can bene� t from the CollabNet ALM platform.

JC: THOSE ARE ALL GREAT STORIES AND IT’S INTERESTING TO HEAR SOME COMMON THEMES. IT SEEMS LIKE THERE’S A LOT OF CHAOS AROUND THE DEVELOPMENT PROCESS—COMPANIES ARE USING MULTIPLE LANGUAGES, MULTIPLE TEAMS AND DISTRIBUTED TEAMS. APPLICATION LIFECYCLE MANAGEMENT PRODUCTS ARE A WAY TO BRING TOGETHER THIS BIG PICTURE AND ADD CLARITY TO WHAT CAN VERY EASILY DETERIO� TE INTO QUITE A CHAOTIC AND DIFFICULT PROCESS TO MANAGE.

THAT BEING SAID, THERE ARE SOME KEY CHALLENGES

28-35 ALM.indd 30 10/3/10 11:45:29

ads repdf.indd 4 10/3/10 16:48:06

EXECUTIVE PANEL ■ APPLICATION LIFECYCLE MANAGEMENT

“The age of replication

and replicating databases is long gone, and I think

another important thing is to be agnostic

to the process, the platforms and the

technologies.”

32

THAT I SEE EVOLVING TODAY WHEN I TALK WITH COMPANIES. ONE IS THE EVOLUTION TOWARDS MORE AGILE METHODOLOGIES, AND CLEARLY IT’S STARTING TO LOOK LIKE THIS IS GOING TO BE PRE� Y MUCH THE DE FACTO STANDARD, AT LEAST FOR THE NEAR TERM.

WHAT IS THE IMPACT OF AGILE METHODOLOGY ON ALM SOLUTIONS? I KNOW WE’RE STILL IN THE PROCESS OF EVOLVING FROM THE WATERFALL LIFECYCLES OF THE PAST, SO HOW HAS THIS IMPACTED THE SOLUTIONS AND THE CUSTOMERS THAT YOU HAVE IN PLACE?

TJ: I think one of the very positive things that Agile has brought to this area is that it’s made a lot of organizations think carefully about what their procedures are, how they do development, and how this � ts into the broader ALM space. � ey’re changing the way they work and I think that’s been very positive for the industry.

BZ: I would say that moving to Agile can be a challenge, and it doesn’t occur over night. It requires a shi� in mindset for the entire project team, and it can create identity crises for some project members, including product managers and testers, because their whole role is changing.

� e developer role is also changing. In other, more standard processes such as waterfall they’re more of a peripheral member, whereas with Agile they really become the centre of the work� ow.

GD: I totally agree with those. � e only thing I would add is probably at the tool level. It means that we have to change the tooling to acknowledge the impact of Agile as well.

From our point of view, although we’re process agnostic, our own Agile process templates and so on are evolving to make sure they’re � � ing what we think people need in terms of the Agile reports, the scrum type reports, and whether we just need to make sure that everything is able to be automated. We’ve also got continuous integration and the reporting and testing that goes alongside that.

JC: GREAT POINTS. A FOLLOW-ON QUESTION IS THAT AGILE HAS CERTAINLY MADE AN IMPACT, BUT POSSIBLY AN EVEN BIGGER IMPACT IS THE FLEXIBILITY OF THE KINDS OF DEVELOPMENT TEAMS THAT WE’RE SEEING TODAY.

WE’RE SEEING DEDICATED DEVELOPMENT TEAMS WITHIN COMPANIES WHICH ARE WORKING WITH TEAMS ACROSS THE WORLD. SOMEONE HAS TO DECIDE WHICH TEAMS DEVELOP WHICH SOFTWARE MODULE. THERE IS SO MUCH FLEXIBILITY AND CHANGE IN THIS CHURN THAT’S GOING ON THAT I THINK APPLICATION LIFECYCLE MANAGEMENT PRODUCTS CERTAINLY HAVE A KEY ROLE HERE TOO.

GD: Some examples that spring to mind are around � exibility and distribution, so I agree, and I think the challenge is particularly where you have a distributed outsourcing model.

For example, it might be that development is taking place in the UK but the testing is being performed from India through a partner or an SI. � at’s

a challenge organizationally because the distribution doesn’t � t particularly well with Agile, actually, although most companies are doing both at the same time—most large companies in any case.

From a tooling point of view, obviously we have to try and support that and make sure that, again, it reinforces the aspects of application lifecycle management.

BZ: I think that working across the globe with di� erent time zones, tools, means of communication and limited means of interacting is a real challenge. It can introduce delays, miscommunication and even morale problems.

� e real key to making that work is enabling communication through the use of a common toolset and a centralized repository. One of the key

values TeamForge brings is that it centralizes management for users, projects, processes and assets—essentially for entire

distributed teams. Users can initiate a discussion thread, and then someone in the US the next

day can see it and be able to correspond very e� ectively.

TJ: A centralized repository is absolutely key. � e age of replication and replicating databases is long gone, and I think another important thing is to be agnostic to the process, the platforms and the technologies.

� ese things change quite rapidly sometimes and it’s important to have a

system that you can change, that will react and support new platforms as they come out, and

will support new methodologies and tools as they come in.

JC: I TALKED AT THE BEGINNING OF THE PODCAST ABOUT ALM AS BEING A TOUCH POINT BETWEEN THE TECHNOLOGY OF DEVELOPING APPLICATIONS AND THE BUSINESS SIDE OF GOVERNING AND FUNDING THEM. WITH THAT IN MIND, I’M SEEING A BIGGER PICTURE THAN JUST THE DEVELOPMENT SIDE OF THINGS THAT WE’VE DEALT WITH FOR SO MANY YEARS.

FOR EXAMPLE, ITIL TALKS A LOT ABOUT TECHNOLOGY SILOS, BUT I’M ALSO FINDING IN MY APPLICATION MANAGEMENT P� CTICE THAT THERE TEND TO BE TIME-BASED SILOS. IN MANY CASES, COMPANIES HAVE VERY LI� LE COMMUNICATION BETWEEN THE DEVELOPERS AND OTHER PERSONNEL WHO WORK ON PRODUCTS AT DEVELOPMENT TIME, AND THE OPE� TIONAL PERSONNEL AND APPLICATION MANAGEMENT TEAMS WHO DEAL WITH THESE APPLICATIONS ONCE THEY GO INTO PRODUCTION.

ONE THING THAT I’M FINDING IS THAT SOME OF THE ARTIFACTS THAT SURFACE DURING DEVELOPMENT—THINGS LIKE CLASS NAMES AND CODE MODULE NAMES—CAN BE EXTREMELY VALUABLE IN IDENTIFYING AND MANAGING APPLICATIONS ONCE THEY’RE IN PRODUCTION. IT’S VERY RELEVANT TO IT-RELATED INITIATIVES LIKE CONFIGU� TION AND SERVICE LEVEL MANAGEMENT, AND TO RUNTIME APPLICATION MANAGEMENT.

I KNOW THIS ISN’T THE KIND OF QUESTION THAT YOU TYPICALLY DISCUSS, BUT WHAT ARE SOME OF THE

28-35 ALM.indd 32 10/3/10 11:45:30

C

M

Y

CM

MY

CY

CMY

K

ETM ad test drive.pdf 11/4/09 10:14:19 AM

ads repdf.indd 4 10/3/10 16:49:53

At EMA, Julie’s focus areas are Best Practices, Application Management, So� ware Development, Service Oriented Architecture (SOA), and So� ware as a

Service (SaaS). Julie has over 20 years of deep and broad experience in so� ware engineering, IT infrastructure engineering and enterprise management.

As a former IT senior engineer, she developed enterprise management solutions and deployed multiple packaged system, application and performance management products. Julie’s IT experience includes working with Enterprise Systems Group and the former JD Edwards & Company, now part of Oracle.

Giles Davies works in the Developer and Platform Evangelism Group in Microso� UK as a technical specialist covering development tools, specializing in the full

Application Lifecycle Management tooling of Team Foundation Server and Visual Studio.

Giles started his development career with Microso� technologies in the days of client/server applications before becoming an early adopter for Java, working with CORBA and subsequently J2EE. He has also worked in the Java space for a number of organizations including Borland and IBM Rational.

EXECUTIVE PANEL ■ APPLICATION LIFECYCLE MANAGEMENT

34

WAYS THAT VENDORS ARE HELPING TO BRIDGE THIS DEVELOPMENT OPE� TIONS GAP? DOES APPLICATION LIFECYCLE MANAGEMENT HAVE A MESSAGE THERE?

BZ: I’d say one of the key things is being able to link source code changes to � xes. When a developer actually checks in a piece of code, the ID that’s associated with that code is then linked to the artifact or work item they’re working on. Later on, if someone else needs to go in and � gure out what’s going on, they can look at that artifact ticket and trace it back all the way to the code that actually broke the system.

Another key part is continuous build and test for quick responses and patch time. If you have that continually working, then you can see when something does break, link it back to the artifact, and then see the piece of code that broke the system.

GD: I think one of the areas that we’re driving for is to include testers in this whole application of lifecycle management. Obviously they’re there, but they’re probably one of the key silos within the overall development organization.

We come to the same point—how can we make sure that the testers know what’s coming—and that could well be through work item association—so we know that the following bugs, requirements and change requests are in this particular build?

� en they understand what’s coming, know what to test and progress that through the staging environment with some con� dence, having known what’s come out of development, and get rid of that “chucking it over the wall” to the testers aspect. � ey’re o� en a sort of bridge-head into the production environment, so it’s got to pass through the levels of testing before it can be released from test environments out into production environments.

I agree with the virtualized test environments. One of the big issues we see—I think actually probably exacerbated by the move to Agile from the developers—is that from a testers point of view they’re seeing more and more code drops coming from development teams, and the sheer preparation work required to actually build and provision test environments prior to being able to take on new code drops can become quite daunting.

So I think being able to smoothly incorporate the management of those virtual test environments as well can help in that process.

TJ: When we talk about automating the path to production you really shouldn’t have these “throwing over the wall” processes where you have di� erent groups using di� erent tools and not collaborating well.

� is really should be part of the same process—even if it’s not actually the same tool—the information � ows through so that the other people in test, QA, production support and IT support can access the same information in the same repository.

From development, all of those valuable relationships of source code to change documents, and then linking through to the objects that get deployed, mean that this information captured in development is then available to everybody else in the organization.

JC: A LOT OF WHAT WE’VE TALKED ABOUT TODAY IS VERY SIMILAR WITH WHAT I’VE HEARD IN TALKS WITH COMPANIES IN THE PROCESS OF DEPLOYING SERVICE ORIENTED ARCHITECTURE—BASICALLY THAT SOA DEPLOYMENTS VERY QUICKLY DEVOLVED INTO VERY CHAOTIC KINDS OF MANAGEMENT PROBLEMS IF THEY WEREN’T GOVERNED FROM THE START.

IT SEEMS THAT ONE OF THE KEY VALUES IS THE GOVERNANCE OF JUST CODE, BUT THE WHOLE DEVELOPMENT PROCESS THAT ALM PRODUCTS BRING TO THE TABLE. EVERYONE’S COMMENTS HAVE POINTED TO THAT.

AS THE FINAL TOPIC, ONE THING THAT I ALWAYS FIND INTERESTING TO TALK ABOUT IS FUTURES. PERHAPS YOU CAN GIVE US A ROADMAP OF WHAT YOU SEE HAPPENING IN THE ALM MARKET ONE TO FIVE YEARS OUT, AND PERHAPS HOW YOU SEE ALM PRODUCTS EVOLVING?

GD: I suppose the obvious answer is that I see them actually broadening, so there are quite a few roles that we cover collectively at the moment.

For example, as we move more into integrations with production. It’s about system management solutions and how we have a � ow-through from the development side of the shop through into production and operations.

I would anticipate another growing area to be closer to the end users and perhaps business analysts—how they can also input into this

Julie Craig - ModeratorRESEARCH DIRECTOR, APPLICATION MANAGEMENTEnterprise Management Associates (EMA)

Giles DaviesTECHNICAL SPECIALIST, DEVELOPER AND PLATFORM EVANGELISMMicrosoft, UK

28-35 ALM.indd 34 10/3/10 11:45:36

Tim Joyce has been involved with Dimensions and other Serena Application Lifecycle Management (ALM) solutions in various roles for the last 14 years. In this

time he has managed and implemented Serena ALM solutions in both large and small organizations across the world. Tim has experience of ALM across numerous industry sectors and methodologies.

He is currently a Senior Product Manager responsible for Dimensions CM and as such is a certi� ed Agile Scrum Master and Product Owner.

Brian joined CollabNet in 2008 and is an expert in goal-directed and user-centric design theory. Brian’s current projects include competitive analysis of ALM and

Agile tools, scoping and designing features for upcoming CollabNet TeamForge releases, and evaluating forward-looking technologies. He has extensive experience in web development and standards, including rich internet application design and development using Flash and Actionscript.

Brian’s professional experience includes work as a Senior Interaction Designer at Merced Systems, Ariba and QuadraMed.

APPLICATION LIFECYCLE MANAGEMENT ■ EXECUTIVE PANEL

35

process and get more information back. We’re starting at the core around developers, testers, project managers and so on, and I see this expanding out in all directions to encompass these other slightly more peripheral aspects.

BZ: One thing that’s really going to change is how the planning aspect of ALM solutions handle things.

We’ve been talking about allowing for process agnostic methods and I think that is key so you can set a plan and have it be—whether waterfall, Agile, scrum—all on the same system.

Another part is being able to see the metrics of that plan at any level so that someone at C-level, for example, could zero in and see how their di� erent project teams are doing. In the same vein, be� er collaboration and communication across distributed teams will also continue to grow in the ALM space.

TJ: In the short term, I think requirements management is ge� ing much bigger play in this area. It’s o� en been considered as limited to the embedded space, but I see a lot of companies adopting much more formal requirements management processes and wanting those hooked more closely into the development process as well.

As we get further out, and as the other panellists have said, the likelihood is that we’ll broaden what ALM means and it will spread out way beyond where it traditionally is now. � is means that one single solution won’t be able to do everything.

It will then be important to have a platform that will integrate closely with other tools so you’ll be able to plug in other tools that we currently don’t think of as being part of the ALM space.

JC: FROM THE PERSPECTIVE OF MANAGING APPLICATIONS ONCE THEY GET INTO PRODUCTION, IT WILL BE GREAT TO SEE SOME OF THAT INTEG� TION HAPPENING BECAUSE THE OTHER THING THAT I’M SEEING FROM MY PERSPECTIVE IS THAT COMPANIES ARE STARTING TO VIEW APPLICATIONS AND DATA AS VERY VALUABLE BUSINESS ASSETS.

THE APPLICATIONS THAT ARE PRODUCED DURING DEVELOPMENT ARE THE GIFT THAT KEEPS ON GIVING—IN TERMS OF VALUE OR AGG� VATION AND COST WHEN IT GETS TO PRODUCTION TIME. SO THE BE� ER THE PROCESS FOR

Tim JoyceSENIOR PRODUCT MANAGERSerena Software

Brian ZeichickSENIOR PRODUCT MANAGERCollabNet

DEVELOPING APPLICATIONS, THE MORE COST-EFFICIENT IT’S GOING TO BE TO MANAGE THEM ONCE THEY GET INTO PRODUCTION.

I’D LIKE TO GIVE EACH PANELLIST A MINUTE OR TWO TO MAKE ANY CLOSING REMARKS OR TOUCH ON WHATEVER WE MIGHT HAVE MISSED.

GD: I think we’re certainly seeing an increased move towards application lifecycle management, and more and more organizations are recognizing that they don’t just have version control or bug tracking or whatever, but actually trying to bring this together.

We’re also becoming more all-embracing—certainly from a perception point of view. We don’t require that the development teams are on an entire Microso� stack of technologies and tools and I think that’s reality, and that’s what our tools are there to support.

So I think we’re moving towards having accessible API’s, supporting the broader teams, and providing good solutions for teams out there.

BZ: We’re seeing increasing support of heterogeneous environments, methodologies and technologies. Agile is de� nitely on the rise, but some groups will still be using waterfall and other processes, so we need a process-agnostic platform or tool that allows for that.

Using an integrated suite of di� erent tools located in one integrated repository is also very important, as is having a culture of collaboration within ALM tools, especially for distributed teams. Visibility is also needed around the entire development process, at any level.

TJ: I think it’s been an interesting time recently where the choice of what tools organizations buy for development has really been driven by developers—this has been the case for the last few years.

� is is changing a li� le bit and I think senior management are starting to understand Agile be� er and what’s needed, and I think that those decisions are moving up the stack a li� le bit.

� e really interesting thing is how we as vendors are going to manage the needs of the traditional development team with the needs of the much bigger ALM scope that I think we referred to a few times on this panel.

� is is quite a challenge for vendors, and quite a challenge for organizations as well.

28-35 ALM.indd 35 10/3/10 11:45:42

HEAD TO HEAD ■ CORPORATE AND OPERATIONAL PERFORMANCE

36

Is your business performance at its best?

DETLEF � MPS (ARCPLAN) talks to ETM’S ALI KLAVER about the trends arcplan is seeing from successful companies linking key corporate performance data with operational performance.

h� p://www.GlobalETM.com

36-38 Arcplan.indd 36 10/3/10 13:49:21

CORPORATE AND OPERATIONAL PERFORMANCE ■ HEAD TO HEAD

37

AK: DETLEF, FOR THOSE IN OUR AUDIENCE NOT ENTIRELY FAMILIAR WITH WHAT ARCPLAN CAN DO, COULD YOU RUN THROUGH THE HISTORY OF THE COMPANY AND THE SOLUTIONS YOU PROVIDE?

DK: � ank you, Ali. arcplan is an established independent business intelligence solutions provider. We have been serving organizations for more than 15 years and now have over 2500 customers. Our entire portfolio is designed to put decision-making in the hands of di� erent users around the organization.

AK: CAN YOU BRIEFLY TOUCH ON ARCPLAN’S OFFERINGS AND TELL US ABOUT THE MAIN BENEFITS?

DK: arcplan Enterprise is our � agship product for measuring and reporting on operations. arcplan Excel Analytics puts ad-hoc reporting into the hands of the power excel users—and we see so many of them in today’s organizations. � en we have arcplan Edge, a � exible budgeting, planning and forecasting tool to manage all your planning requirements.

Regardless of the solution or combination of solutions you choose, our products are all designed around a common goal—making organizations perform be� er.

AK: I LIKE YOUR LAST POINT—MAKING ORGANIZATIONS PERFORM BE� ER. I’M SURE EVERY ORGANIZATION IS LOOKING AT WAYS TO IMPROVE. LET’S LOOK AT COST FOR A MOMENT, BECAUSE A LOT OF COMPANIES ARE STILL CAUTIOUS WITH THEIR BUDGETS AND ARE ACTIVELY UTILIZING THE TECHNOLOGIES THEY ALREADY HAVE IN PLACE TO GET THE JOB DONE INSTEAD OF LOOKING AT THE NEXT LEVEL. HOW DOES ARCPLAN T� NSLATE INTO COST-SAVING AND REALIZING TOTAL COST OF OWNERSHIP?

DK: We see this quite o� en among our customers as well. arcplan is about reducing cost and total cost of ownership. � e cost savings come in so many ways.

By making be� er decisions on operational information we’ve had customers report signi� cant savings by improving their internal processes. In actual fact, we had one customer utilize arcplan to develop a supplier quality dashboard and, by having real-time access to the quality of their suppliers during the purchasing process, they reported a cost saving of about $250,000 per annum. � at has saved millions for the organization over the last few years.

� e other form of cost saving we see quite o� en relates to the time saved in accessing key information for the company. Consolidating spreadsheets and output reports as a manual and lengthy process should be a thing of the past.

arcplan enables customers to save time on reporting and, ultimately, the bigger savings come from realizing information faster and being empowered to make those business decisions that are right for the company.

AK: NOW LET’S GET DOWN TO SPECIFICS. CAN YOU GIVE US A GOOD CASE STUDY THAT HIGHLIGHTS THE SUCCESSES YOU’VE SEEN IN YOUR CUSTOMERS TO DATE?

“Arcplan is about reducing

cost and total cost of ownership.”

FACT FILE

Founded in 1993, arcplan has more than 2500 customers and 300,000 users worldwide.• Headquartered in Düsseldorf, Germany, with US headquarters in Philadelphia. • arcplan delivers its solutions through a global direct sales force and a network of more than 130 partners in over 30 countries.• According to � e BI Survey, arcplan’s clients’ rate #1 in terms of project success. � ey are also the leading third-party BI vendor for • SAP BW, Oracle/Hyperion and IBM/TM1.Interactive performance management applications have been deployed at arcplan customers such as Daimler, Graham Packaging, • HCA, � ai Airways, InterSky, UBS, EMC and Bayer.arcplan is most o� en deployed to improve management process such as budgeting, planning and forecasting; � nancial controlling; • consolidation and reporting; quality management; inventory management and supply chain management, with proven bo� om line bene� ts.

36-38 Arcplan.indd 37 10/3/10 13:49:23

HEAD TO HEAD ■ CORPORATE AND OPERATIONAL PERFORMANCE

“... arcplan has seen the industry evolve over the last 15 years and our independence and focus on BI allows us to take steps with our products that we believe will move the industry forward.”

38

Before joining arcplan in 2008, Detlef was co-founder (in 1998) and President of RedDot Solutions Corp, the US operations of web content management specialist RedDot. Detlef ensured rapid pro� table growth and a loyal, satis� ed customer base and conducted the successful sale of the company to Hummingbird, which is now part of Open Text. Prior to RedDot, Detlef served as vice-president of sales and marketing at Spectrum Laboratories Inc., a California-based provider of bioprocessing solutions. At Spectrum, he de� ned and implemented successful direct sales, marketing and business development strategies.

Detlef holds a BA in Economics from the Rheinische Friedrich-Wilhelms University in Bonn (Germany) and an MA in business administration, economics and computer science from the Freie Universität Berlin.

Detlef KampsCEO, arcplan

DK: I’ve mentioned the supplier quality example already so let me touch on another case study.

� is is of a leading provider of integrated food and facilities management services in the US, Canada and Mexico, serving 10 million customers in 6000 locations every day.

As you can imagine for them the real-time performance analysis can make or break their business. When they approached us a few years ago they indenti� ed a few challenges. Most important was the ability to do real-time performance and accurate forecasting. � is is so critical to their business but they were � nding it unachievable.

Management had li� le transparency into information and therefore struggled to understand future performance forecasts. Also, because of the size of the organization, they had a very disparate user base with di� erent familiarity of systems.

� ey turned to arcplan because of our ability to o� er a solution that ties into their existing infrastructure and databases, ensuring that additional investments weren’t needed and that our usability would serve their growing users.

Today, this customer has realized that traditional budget, planning and forecasting processes don’t need to be in silos, and that looking at the real-time operation in conjunction with corporate performance is key to their business growth.

We provided them with a � exible solution that adapted to their business and multiple end-user tools to ensure adoption.

While this is one example, we have dozens of success stories with customers who all faced unique challenges but with the common goal of improving performance. Time and again this is where arcplan has helped.

AK: IT’S INTERESTING THAT A LOT OF SOLUTION PROVIDERS OUT THERE OFFER A SINGLE TOTAL SOLUTION, AND I THINK ARCPLAN’S POINT OF DIFFERENT IS DEFINITELY YOUR ABILITY TO TIE INTO EXISTING INF� STRUCTURE. FOR OUR FINAL

QUESTION, LET’S LOOK TO THE FUTURE. WHAT WILL YOU BE FOCUSSING ON THIS YEAR, AND WHAT DO YOU SEE HAPPENING IN THE FUTURE?

DK: We are seeing already that BI is no longer a tool used by a small group in the organization asked to generate reports across departments. We live in a world where information is accessible in our everyday life and the same goes for business intelligence.

Our portfolio is focussed on addressing the di� erent users in the organization—whether it’s the BI analyst, the planner, or the excel user. With each new release of our products we will be adding even more users to our list.

arcplan has seen the industry evolve over the last 15 years and our independence and focus on BI allows us to take steps with our products that we believe will move the industry forward.

“By making be� er decisions on operational

information we’ve had customers report

signi� cant savings by improving their internal

processes.”

36-38 Arcplan.indd 38 10/3/10 13:49:25

We make organizations perform better™ With arcplan, you get cost effective business intelligence when and how you need it. arcplan’s complementary approach empowers you to simultaneously analyze information from multiple data sources such as ERP, OLAP, relational databases, and Web services. arcplan users get answers and take action faster because they can skip the costly implementation of a separate, complex analytical data store and get a robust, intuitive user interface.

Visit Us at www.arcplan.com

Improve Your Business Performance

Scorecards & Dashboards – Track key metrics and inform decision makers about ongoing business activity.

Financial & Operational Reporting – Review real time and historical data from multiple data sources with an intuitive and engaging user experience.

Budgeting, Planning & Forecasting – Combine the power of Excel-based planning with the robust web based analysis of your operations to ensure true performance management.

Looking for a better approachto Business Intelligence?

Propel your business forward through informed decisions and complete access to information.

arc_PropelBI_2.indd 1 1/12/2010 12:23:44 PM

ads repdf.indd 4 10/3/10 17:16:49

In an economy that is highly competitive for buyer a� ention, is it possible to capture and hold the customers you want? JOSE SANTA ANA (OMNITURE) says that it’s easy to drive business transformation through multi-

channel, customer-centric analytics.

BI NEEDS TO EVOLVE FROM OPE� TIONAL TO BEHAVIO� L ANALYTICSBusiness intelligence (BI) tools need to evolve to become customer-focused, dynamic and information-rich applications that can o� er top executives and business managers alike unprecedented insight into their customers.

In the past, these professionals had to rely on BI tools designed largely for operational reporting versus customer behavioral analysis. While the ability to drill down on sales for last month, last quarter, or the past year by region or other variables is essential, it is only part of the solution; decision-makers now also need immediate insight into customer behaviors and preferences.

What has long been missing is a way to see the full picture of every customer interaction with a company, and to quickly analyze large volumes of changing customer data from multiple channels. � is has been di� cult because information about how a customer interacts with a company is typically in di� erent formats and spread among many systems—the web, CRM, � nancials, point-of-sale systems, call centers, data warehouses, traditional business intelligence tools and other systems.

To add to the challenge, the sheer volume and dynamically changing nature of customer data can make it di� cult to bring together and analyze information fast enough to make � ndings actionable. As a result, companies have

struggled to make timely, intelligent business decisions using data that resides throughout their organizations.

UNEARTHING VALUABLE CUSTOMER INSIGHT FROM MOUNTAINS OF DATARecognizing the importance of giving companies comprehensive, multi-channel views of the customer, Omniture delivers Insight so� ware. Omniture Insight is unique in its ability to combine clickstream information about customers’ online interactions with transactional data from o� ine channels such as point-of-sale (POS) systems, call center interactions, ATMs, kiosks, RFID tags, reservations and other systems.

In addition to managing and gathering data across multiple channels, Insight enables organizations to quickly analyze massive volumes of rapidly evolving data in real-time. � e dynamic application o� ers powerful visualization options that allow managers to immediately infer meaning to make quick, smart business decisions.

Insight readily accepts data from virtually any source, including data warehouses and business intelligence tools, and allows users to load and analyze structured data without the pre-aggregation typically required for data analysis. � e result: executives and managers can leverage Insight to e� ciently uncover pa� erns and trends that lead to meaningful, actionable business decisions.

For a great success story, listen to the globaletm.com podcast featuring Tom Lo� (Omniture) and Michael Dugan from Forbes.com.

COMPANY PROMOTION ■ BUSINESS INTELLIGENCE AND ANALYTICS

Have you got Insight?

How can companies help ensure success in today’s competitive marketplace? It goes without saying that gaining customer

loyalty is at the heart of every company’s prosperity. Yet now more than ever, customers are bombarded with marketing messages from more companies through more channels. � ey also have a virtually unlimited array of options when buying products, whether shopping online or walking into their favorite stores.

Even just one less-than-positive experience can drive a customer to switch to another vendor with a single click or phone call. And just as customers are becoming more � ckle, companies face the dire need to maintain and grow their customer base in order to thrive in an increasingly crowded global economy.

� is means building closer relationships with customers and gaining a be� er understanding of their needs, gleaning insight from every customer interaction with call centers, online sites, in-store point-of-sale systems, and other channels that connect a business with its customers.

Today, company managers and decision-makers need more than information and knowledge about marketplace trends—those are typically in ample supply.

What is now required is in-depth, real-time insight into customers that enables companies to recognize buyer preferences, predict behaviors, and deliver the right products and messages through the right channels—ultimately a� racting and retaining loyal, long-term customers.

40

40-41 Omniture.indd 40 10/3/10 10:52:48

INSIGHT IN ACTIONMany businesses have adopted Omniture Insight to help them understand customer behavior pa� erns to improve acquisition and conversion, and increase loyalty. For instance, Dollar � ri� y needed to analyze online customer behavior and then tie that information to o� ine data stored in reservation systems.

Dollar � ri� y, a global car rental chain with more than 1600 corporate and franchise locations in 70 countries, uses Omniture Insight to be� er target customers with appropriate o� ers and minimize the costs associated with “no shows” from customers making reservations online. Integral to achieving these aims is ensuring that the proper audiences receive information about relevant services, helping to match customers directly with their preferred services.

Dollar � ri� y uses Omniture SiteCatalyst to bring web data into Omniture Insight, giving managers instant information about customer behavior online. Insight then integrates all web behavior/reservations with Dollar � ri� y’s internal data warehouse that contains information on revenue, transactions, upgrades, etc. Insight is then used to identify customer segments with compelling behaviors (such as no-shows) that cross web, o� ine, or a combination. � ese segments are then used for targeted o� ers or campaigns.

� is enables Dollar � ri� y to easily identify customer segments for timely, targeted o� ers or campaigns, basing decisions on reliable data and reducing problems associated with no-shows on reservations made worldwide. At the same time, the company uses Insight to optimize paid search initiatives, correlating key words and campaigns to o� ine revenue, customer a� ributes, upgrades and other important business data.

Like Dollar � ri� y, Paris-based Dailymotion is enhancing its business using Omniture Insight. � e consumer video site a� racts more than 59 million unique visitors each month who upload videos about interests and hobbies, eyewitness accounts and more.

Unlike many websites, Dailymotion does not have an e-commerce function. Instead, the company generates revenue from selling advertising on its site. � e more registered members the company has and the longer the engagement time, the more a� ractive the site is for potential advertisers.

To increase user engagement and registrations, Dailymotion presents users with relevant content, � ne-tuned via a “recommendation” panel. Prior to implementing Omniture Insight, it was di� cult

to fully understand how users were interacting with the site. A� er

deploying Omniture Insight, Dailymotion could see at a

granular level what content visitors consume; what elements they do and do not engage with; how much time

they spend online, and other critical behaviors.

For example, Omniture Insight provided impressive visibility,

such as the ability to compare the behavior of 35- to 40-year-old women in Germany with the same age and gender in the UK. Armed with this knowledge, the company honed its recommendation engine so that users are presented with relevant content, which has in turn increased user engagement. � e ability

to identify particular demographics and keep them online longer has made Dailymotion more a� ractive to advertisers as well.

BUILDING A CUSTOMER-CENTRIC ENTERPRISEFor executives and managers relying on business intelligence, it is an exciting time thanks to new technologies for driving business growth and transformation. Today, with solutions like Omniture Insight, companies are realizing business bene� ts through customer insights never before possible.

For optimizing a business based on a solid understanding of what a� racts and motivates customers, Omniture Insight is a powerful solution that delivers proven bene� ts to companies across an array of industries.

CHANGE BUSINESS INTELLIGENCE AND ANALYTICS ■ COMPANY PROMOTION

Jose is Director of Product Marketing at Omniture and has over 10 years experience working with business intelligence. Prior to joining Omniture, Jose was an industry analyst for both IDC and Gartner, where he covered business intelligence and data warehousing. He has also had stints with Hyperion Solutions (now Oracle) and IBM.

Jose Santa AnaDIRECTOR OF PRODUCT MARKETINGOmniture

41

“… companies are realizing business bene� ts through

insights never before possible.”

40-41 Omniture.indd 41 10/3/10 10:52:50

ANALYST FEATURE ■ CMS

In perfect alignment

42

Finding, implementing and then working with a CMS can be one of the most di� cult tasks for an organization. ADRIAAN BLOEM (CMS WATCH) says that there isn’t one perfect CMS—instead, it’s all about catering to individual needs.

42-45 CMS Watch.indd 42 10/3/10 10:47:32

For more information, and to access the Web CMS report by CMS Watch, go to: h� p://www.cmswatch.com/CMS/Report

CMS ■ ANALYST FEATURE

would allow you to edit content, store it in a database and then automatically publish it from there would save time and, therefore, money.

Separating content, design and technology made sense. But if you already have a CMS that purports to do this, such e� ciencies are increasingly hard to calculate. Likewise, return on investment bene� ts (increasing transactions, accelerating time to market) become deltas that are hard to quantify. Now that many enterprises are on their third or fourth CMS, it’s hard to justify another change.

It’s been said that the business case for a website is much like that for a telephone system. It’s hard to put a number on it, but in this day and age you just can’t do without. A website—and the CMS to manage it—are simply the cost of doing business.

� ere’s some truth in that. To a public that’s increasingly at home in a digital world, without a website your organization virtually wouldn’t exist. Nevertheless, I will o� en press the issue and ask: “Why do you even have a website?”

Surprisingly few will have a real answer to this question. � ere are some obvious exceptions (such as e-commerce), but usually it’s quite hard to give a succinct description of the purpose. If you can’t be clear on the goals for your website, how can you possibly achieve them?

I’ve seen many project plans and business cases. � ey’re usually quite thorough and will list many of the advantages of change and improvement. � ey will o� en focus on the so� bene� ts of implementing a new CMS. A new system can put business people in control of your online communications, maintain user experience and brand consistency or improve your agility.

� ese are all compelling reasons, but each has a trade-o� . You’ll have to decide which is the most important, and why. Take a hard look at how this would be achieved—without a clear sense of that, it will be impossible to infer

The life span of a web content management implementation is about three years. Of course, that’s an average and there are exceptions, but only moderate

deviation. It’s not a very popular thing to say, especially to those about to start a new project. But it shouldn’t be ignored.

Many � nd this surprising because building a website—and implementing a system to manage it—isn’t the most tasking of technical challenges. When I ask a CIO or IT director what his most complex project is the company website rarely comes up.

Certainly, publishing content online isn’t exactly a trivial task, but web content management (WCM) systems have been around for some 15 years. � ere’s plenty of so� ware available to help—in a conservative estimate I would say there are over 1000 systems (CMS) to choose from.

So, on the surface, that would seem the logical essence of the problem. With such freedom of choice, how do you select what so� ware to use? Obviously, a previous system must have performed underwhelmingly for it to be replaced on such short notice. � e answer, therefore, must be to get a be� er system.

CMS Watch publishes the Web CMS Report, which contains in-depth reviews of 42 di� erent products. As one of the authors of the report, one of the questions I’m most frequently asked is: “What’s the best CMS?”

� e short answer to that is—it depends. � e real answer is another question: “What’s the problem you’re trying to solve?”

THE BUSINESS CASE FOR WCMIn the mid-to-late ‘90s, website managers were happy simply to see content appear on a website. Websites were managed mostly by hand. Pages were cra� ed in specialized editors and then transferred to the web server. Webmasters were author, marketer, designer and technical manager.

� e internal rate of return for a CMS was relatively easy to calculate—using a system that

“A CMS shouldn’t just manage the content—it

needs to manage the flow of content.”

requirements for a system to support them.Many companies have a mission statement.

Perhaps it would be helpful to have a mission statement for the website, as well. Or be� er still—link the purpose of the website to the goals of the organization.

THE CONTENT MANAGEMENT PA� DOXAs the web keeps innovating at a staggering pace, requirements change—what your site should do is a moving target.

For instance, in recent years, there has been growing demand for “social” features (in a Web 2.0 world, a website should allow for user-generated content, comments and ratings). A redesign will be drawn up, wireframes illustrate the functionality to be added, and a functional design describes how this should work.

Of course, this impacts what’s expected from a CMS as well. � e website delivery (to the visitor) is a key function (and if your site needs to be interactive, your CMS will also need to be able to manage the interaction).

� is, of course, is a good reason many implementations have a short lifecycle. When you � nd the product you were using is no longer � � ing the requirements then it’s time to � nd

43

42-45 CMS Watch.indd 43 10/3/10 10:47:32

ANALYST FEATURE ■ CMS

However, I’m careful in calling this a paradox. � e back-end and the front-end of a website aren’t a mutually exclusive contradiction. It’s possible to � nd the right tools to solve the problem, but you have to carefully de� ne it � rst.

UNDERSTANDING YOUR NEEDSI’ve seen quite a few RFPs sent out to vendors in a CMS selection procedure. � ese will o� en take the form of a long questionnaire (one example had over 1200 questions, most of which could be answered with a “yes” or “no”). � is kind of procedure is deceivingly safe—the tally of boxes checked can be scored, which means that in the end one CMS will be objectively be� er than another.

In reality, however, it has li� le bearing on what the system is supposed to achieve and how. � is is illustrative of what I’ve described before—while appearing to be thorough, it falls short of understanding what is needed.

So how do you create real understanding of your web content management? Scenario analysis can be an e� ective shortcut. For example, in the Web CMS Report, CMS Watch describes 12 common scenarios that are used to evaluate the � tness of the systems for speci� c uses.

Of course, those scenarios are abstractions and they are theoretic archetypes of what we � nd organizations typically require. But your organization should be able to describe in much more detail what the process would look like, what it should achieve and how. Without your own coherent scenarios, it’s more than likely that a web content management project will have disappointing results.

WEB CONTENT MANAGEMENT IS A PROCESSContent management is a process and the CMS is no more than the system to support it. But this is not just a daily concern. As I’ve mentioned before, the goal of WCM is a moving target. Content is still king and the web revolves around it, but you’ll be faced by increasing demands from users both internally and externally.

� ough the so� ware still nurtures metaphors like “authoring” and “publishing”, make no mistake—producing a website is unlike writing, designing and printing a book. And yet, subconsciously, that’s still a lingering association.

a be� er match, and due to the ever-changing nature of the web, the CMS producing your site will have to adapt.

But there’s an important factor here that’s too o� en overlooked. � e system not only publishes the website to your visitors, it also manages the content coming in from your organization on the back-end.

� is is illustrated by the confusion the term “user” engenders in a web content management context. Are we talking about visitors to the site or about the webmasters, content managers, web editors and authors, also using the system?

� is is the content management paradox—the requirements of the one group of users will usually be at odds with the requirements of the other group of users. For example, you can’t simply push out your content to a website that’s organized analogous to the enterprise. � is would make li� le sense to visitors who may not be familiar with your internal structure.

But the reverse is true as well—what makes a good website structure may not be logical, or at least not very convenient, to your internal organization.

For your internal users, content management is a process—creating, editing, deploying and possibly archiving or deleting (although arguably not enough of either). To them, the ideal content management system is the one that is best suited to support their content management process.

� ere’s one big di� erence with visitors, however—your employees are forced to work with the system, it’s part of their job. Many of the bene� ts of a CMS can only be realized in the back-o� ce. An important reason to start a new WCM implementation, whether implicit or explicit, is that the current one isn’t a good � t for the internal organization. And as with any system there’s a danger in trying to reverse this. A CMS won’t be able to enforce a procedure where no de� ned process is in place.

In this paradox, a content management system should mediate between those two sides. It shouldn’t just manage the content—it needs to manage the � ow of content. A CMS needs to bridge the gap between IT and users twice, and it needs to match on both sides.

If you wonder why web content management projects have a relatively high rate of failure, or why the lifespan of implementations is so short, this is another source of the problem. It’s rare to strike a balance between the con� icting interests and, more o� en than not, weighting the trade-o� s was never part of the initial project.

“Without your own coherent

scenarios, it’s more than likely that a web content management project will

have disappointing results.”

44

42-45 CMS Watch.indd 44 10/3/10 10:47:33

CMS ■ ANALYST FEATURE

Based in � e Netherlands, Adriaan covers web content management, social so� ware and enterprise search technologies. He worked in desktop publishing, web design, and as a network administrator and consultant in the legal � eld for several years before joining the Faculty of Law. As project manager for the migration of nearly a thousand websites to a new CMS, he evangelized new practices, educated webmasters and kept the technical oversight of the implementation of the infrastructure.

Adriaan has been involved in a host of knowledge management and web content management projects for the decade prior to joining CMS Watch, both as a practitioner and as a consultant.

Adriaan BloemANALYSTCMS Watch

Perhaps that’s why the three-year lifecycle of WCM systems is tacitly accepted. A� er major e� ort and investment the site is published—to be overhauled once its cover and pages are too outdated for just a minor new edition. � en the cycle starts again.

By contrast, looking at some of the renowned sites on the web, it’s hard to tell when they last had a major redesign. When did eBay rigorously change its look? When was the last time Amazon completely changed its functionality? And yet, if you were to hold them side by side to what they looked like � ve years ago, you’d see they’re entirely di� erent.

� e lesson these organizations have learned is to see the web as something in constant � ux and to avoid major “big bang” updates that would alienate their users. � ey have an emphasis on gradual evolution rather than revolution. � is is something a content management process should embrace. Keep moving at a steady pace, rather than embarking on marathons every three years

THE BEST CMSSo which out of those more than 1000 products is the best CMS? It’s the best system to support your own very speci� c scenarios, content management process, user and visitor needs and, last but not least, will enable you to have a web presence that aligns with the enterprise goals.

� is is far from a one-size-� ts-all—there is no universally “best” CMS. And what’s more, as with any so� ware tool, it’s no more than a means to an end. What perhaps di� erentiates web content management systems from other enterprise tools more than anything else is the wealth of choice.

In the end, this isn’t about avoiding the three-year cycle by selecting the right product. It’s about creating a thorough understanding of what needs to be accomplished. Only that understanding will allow you to select the right tool for the job. More importantly though, it will allow you to create more value out of web projects.

45

42-45 CMS Watch.indd 45 10/3/10 10:47:34

46

HEAD TO HEAD ■ ENTERPRISE MOBILITY

In an increasingly mobile and � exible world, is it possible to keep hold of the things that ma� er most to your company—and in a consistent manner? IAN THAIN (SYBASE) talks to ETM’S ALI KLAVER about their Unwired Enterprise and touches on competitive advantage, opportunity, security and risk, and the steps for

future success.

The Unwired Enterprise

h� p://www.GlobalETM.com

46-48 Sybase3.indd 46 16/3/10 13:42:18

47

HEAD TO HEAD ■ ENTERPRISE MOBILITY

AK: IN MY RESEARCH FOR THIS INTER-VIEW I CAME ACROSS SOME REALLY INTERESTING STATISTICS ABOUT SYBASE. YOU HAVE OVER 20,000 ENTER-PRISE MOBILITY CUSTOMERS—SO FAR I SHOULD ADD—85 OF WHICH ARE IN THE FORTUNE 100.

EVEN FOR A COMPANY SUCH AS SYB-ASE, WHO HAS BEEN IN THE INDUSTRY FOR 25 YEARS, THAT’S QUITE IMPRES-SIVE. I THINK IF ANYTHING IT REALLY SHOWS THAT YOU HAVE A SOLID SOLU-TION THAT IS ENTIRELY SECURE.

CAN YOU TALK A LI� LE BIT ABOUT WHAT MAKES IT SO SUCCESSFUL AND HOW YOU TACKLE ISSUES LIKE DEVICE MANAGEMENT AND SECURITY?

IT: We’ve obviously got two areas which are the main lynch-pins that companies should be aware of with mobile technology—one is security and one is management.

So you have standard security, such as the authentication of users, and we have encryption of data on the device as well as in transit. You‘ve got to remember that these mobile devices actu-ally contain lots of sensitive data and you have to really make sure that they are locked down, just in case they are lost.

We also have things like antivirus port lock-ing and technologies such as so� ware inventory, so� ware distribution, asset control and remote control, so that these mobile workers can still be out in the � eld doing their jobs and your IT guys can sort these problems out.

� ese areas intermix a lot, so in fact, standard security and management go hand-in-hand.

AK: IT’S QUITE INTERESTING TO SEE THAT COMPANIES DO FOCUS ON THE SECURITY SIDE A LOT, BUT WHAT IS EQUALLY AS IMPORTANT IS THE MAN-AGEMENT SIDE. IT’S NOT THAT PEOPLE FORGET ABOUT IT, BUT IT CAN BE HARD TO UNDERSTAND AND IMPLE-MENT WHEN YOU HAVE YOUR EYE ON THE SECURITY FRONT LINE.

CAN YOU PERHAPS GIVE US SOME EXAMPLES OF HOW SYBASE MOBILITY WORKS, AND WHAT IT HAS ACHIEVED SO FAR?

IT: Well if you go to Sybase.com there are a lot of success stories there, but let’s just pick on a few.

One big name that everyone will know is MacDonald’s. MacDonald’s has a lot of operation consultants that go out and check their corporate and other restaurants. � ey will gather lots of

FACT FILE

1. Proven—34,000 enterprise customers and 91 of the Fortune 100 rely on Sybase.

2.Experienced—heritage in enterprise so� ware since 1984.

3.Innovative—148 patents awarded in data management and mobility; 185 patents pending.

4.Global—4000+ employees in 60 countries.

5.Financially strong—exceeded $1 billion revenue mark in 2007, followed by 10% growth in 2008. In the 2008 Annual Report, Sybase reported $640 million in cash.

6.Market leader in data management, analytics, mobile messaging and enterprise mobility:

•Leader in Gartner’s Mobile Enterprise Application Platform Magic Quadrant•Leader in Gartner’s Wireless Email So� ware Market Magic Quadrant •#1 in market share for mobile device management •Leading vendor in mobile middleware •Leading vendor in messaging services.

For more information please go to: www.sybase.com/mobility

AK: IAN, FOR THOSE PEOPLE IN THE AUDIENCE NOT ENTIRELY FAMILIAR WITH SYBASE, CAN YOU GIVE THEM A SHORT HISTORY AND PERHAPS TELL US WHERE SYBASE IS PLACING ITSELF IN THE MARKET TODAY?

IT: Sybase has been around for just over 25 years now. We started in 1984 when Mark Ho� -man and Bob Epstein started in Berkley, Cali-fornia, so a lot of people know us as a traditional database company—we created SQL Server with Microso� . We still have databases, we have ASE, we have replication server technology, and we have data warehousing—so we have ASE, RepServer and IQ.

But also, in that last 25 years, we’ve produced design and development tools as well. People will probably know PowerBuilder and we have PowerDesigner. Traditionally, those � elds are still carrying on but now we’re into mobile technolo-gies, and Sybase’s vision is to enable the secure movement of business-critical information backwards and forwards from the data center to the mobile workforce.

� is is what we call the Unwired Enterprise, and that’s what I’m here today to talk about.

AK: TWENTY-FIVE YEARS IS DEFINITELY SOME SOLID EXPERIENCE. WHEN YOU’RE TALKING ABOUT ENTERPRISE MOBILITY—I THINK THE JURY IS STILL OUT ON WHETHER A MORE MOBILE WORKFORCE MAKES FOR A MORE COMPETITIVE BUSINESS WORLD. BUT WHAT DO YOU THINK ARE THE MAIN BENEFITS FOR COMPANIES WHO ARE LOOKING TO IMPLEMENT THIS TYPE OF TECHNOLOGY?

IT: Well, I actually think the jury isn’t out anymore. Seven or eight years ago we were persuading people about the bene� ts of mobility and we had a few innovators that really took the plunge. But now it’s virtually impossible to buy any mobile device—say a Smartphone—that isn’t capable of taking emails and business ap-plications. Plus, users are obviously demanding the mobilization of business data.

With proven bene� ts such as reduced billing cycles, improved � eld service technician produc-tivity and e� ciency, improved customer services, increased � rst time � x rates and improved infor-mation � ow—not to mention the cost savings—I think those companies that haven’t put mobility at the front of their technology now risk their enterprise being taken over by competitors. So there are a lot of things that they need to be aware of and implement.

46-48 Sybase3.indd 47 16/3/10 13:46:53

48

HEAD TO HEAD ■ ENTERPRISE MOBILITY

information that used to take many days to pro-cess and feed back to the restaurants.

Now, with Sybase technology, they can actually maintain and secure the devices used by inspectors, but also capture data straight at the source which takes hours o� the internal processes so that those operation consultants can spend more time with each store manager.

If we look at the City of O� awa’s Transit Services Division, they have made their overall system more e� cient, reducing the need to purchase two to three buses a year (a saving of $750,000 per bus), plus an ongoing operational saving of $70,000 per bus per year. With a � eet of over 1000 buses, the savings speak for them-selves.

And then we can take examples such as TVF who, among others, have managed to reduce the number of physical systems being returned to them for updates and repairs by 90%. You can image the cost savings in that alone.

And if you look at Airtours, we can see that they cut communication spending by close to 60% due to their mobility implementation. � ese are just some of the very real-life examples of how Sybase Mobility works.

ALI: THANKS IAN, I’M SURE YOU COULD TALK ALL DAY ABOUT SUCCESSFUL SYBASE CASE STUDIES, BUT THOSE CERTAINLY DO PORT� Y A STRONG ENTERPRISE MOBILITY SOLUTION.

NOW THAT OUR AUDIENCE HAS A GOOD G� SP OF THE BASICS OF WHAT YOU PROVIDE, CAN YOU TAKE US THROUGH THE STEPS AN ORGA-NIZATION WOULD NEED TO TAKE TO ACHIEVE, AND PERHAPS MAINTAIN, A SUCCESSFUL MOBILE WORKING PLAT-FORM?

IT: What follows are really my main thoughts. Obviously companies will need to take

a strategic approach to ensure that they can really evolve and adapt, because we’re now living in an area of mobility which is moving very fast. � ey need to take advantage of the opportunities that will happen, but they also need to change as it goes.

A great thing in any IT project is the ability to start small and move rapidly—they need to be agile. � ey need to identify and understand an initial project that is going to give them maxi-mum bene� t.

� ey also need to be aware that mobil-ity does not � x broken or badly performing processes. It’s not a magic bullet and things have to work correctly before you then go into the mobilization side.

Plus, they need to plan for a heterogeneous approach because we’re living in a day and age now where new devices come out regularly. For example, the iPhone has taken the enterprise and the mobility side by storm, and I think the iPad will follow. BlackBerry is still strong and Win-dows Mobile is still in there, but they still need to plan for that approach.

Something like a mobile enterprise applica-tion platform will help and this is something that Sybase has put a lot of time and e� ort into.

And lastly, they need to realize that they probably will become their own mini operator. By that I mean provisioning these devices, man-aging and securing them, and even de-provision-ing devices.

AK: THANKS IAN, SOME GREAT POINTS THERE. I LIKE THE FACT THAT YOU BROUGHT UP THE ST� TEGIC AP-PROACH, WHICH AS WE KNOW REALLY HAS TO ALIGN WITH BUSINESS ST� T-EGY AS WELL.

LET’S GO TO OUR FINAL QUESTION, AND I ALWAYS LIKE TO HAVE A LOOK INTO THE FUTURE. WHAT WILL YOU BE FOCUSSING ON THIS YEAR, AND WHERE

DO YOU SEE THE FUTURE OF ENTER-PRISE MOBILITY GOING?

CONSIDERING THAT NEW TECH-NOLOGIES SUCH AS THE IPAD, WHICH YOU MENTIONED, WAS RECENTLY RELEASED, THEY’RE REALLY ALLOWING US TO BE A LOT MORE MOBILE BOTH IN WORK AND PERSONAL LIFE.

SO DO YOU THINK THIS HE� LDS A NEW AGE FOR TECHNOLOGY AND PERHAPS ENTERPRISE MOBILITY IN PARTICULAR?

IT: De� nitely, I think it does. And this is where we’re really looking at it from the Sybase perspective.

I’ve mentioned one thing already which is the mobile enterprise application platform. � is is a generic term but for us it’s called the Sybase Unwired Platform. We’re able to mobilize any back-end data source, or process, on to any set of devices. So we’re very heterogeneous and we’re very agile.

We are currently working with SAP to mobilise SAP processes and systems which we announced in March 2009. And extending our technologies of Afaria, we’re currently focussing on something called management as a service, which is all around managed mobility empow-ering organizations to secure and manage em-ployees’ mobile devices without having to build, install and maintain their own solutions.

� e idea is that some of these companies don’t want to or don’t have the capability to manage these devices, but understand what we’ve said about the need for management and security. � ey would like to use our technology but have that supplied and administered by a third party.

So to recap, we’re focussing on managed mobility and SAP along with our management security, and also our Unwired Platform.

Ian is the Sybase Unwired Platform and PocketBuilder Evangelist and works closely with the team in Dublin, California, and Concord, Massachuse� s, on new features and demonstrations. In his customer-facing Evangelist role,

Ian is very involved with the design, production and testing of Enterprise class Unwired Solutions that have been implemented using Sybase’s Unwired tools for Sybase customers around the globe. In addition, Ian is a dedicated technical expert continually working with Sybase’s key partners and clients to enhance the capabilities of the Unwired solutions that Sybase o� ers.

Ian can also be found on Twi� er @ithain and blogging on h� p://blogs.sybase.com/ithain

Ian ThainSENIOR TECHNICAL EVANGELIST, Sybase

46-48 Sybase3.indd 48 16/3/10 13:47:31

Get the proof now at sybase.com/mobility

when it comes to

enterprise mobility leadership,numbers don’t lie.

There’s no doubt about it. Sybase is the clear mobility leader. Over 20,000 enterprise customers. More than 1,500 mobility partners worldwide. Top analyst rankings for seven years running. No other company comes anywhere close. So as you’re planning new mobility initiatives, why risk your success by going with an unproven provider? The truth is, for unwiring the enterprise and extending core data, business processes, applications and services to millions of users around the world, there’s really only one choice: Sybase.

see why 85 of the fortune 100 chose sybase for proven enterprise mobility solutions

Copyright © 2009 Sybase, Inc. All rights reserved. Sybase and the Sybase logo are trademarks of Sybase, Inc. ® indicates registration in the United States of America. All products and company names are trademarks of their respective companies.

SYBIAOC83851 Numbers_Ads_04.indd 1 5/20/09 1:12:44 PMads repdf.indd 4 10/3/10 16:55:51

ASK THE EXPERT ■ 3D

Tell

your

stor

y...in

3D

W ith 3D the ho� est thing in entertainment at the moment, a� ention is

turning to how it works in the business sphere. ETM’S ALI KLAVER interviews GARTH COLEMAN (3DVIA) about his work developing 3D and 3DVIA Composer, and how it’s become a real cost-saver and market leader.

AK: CAN YOU GIVE OUR AUDIENCE A BRIEF OVERVIEW OF 3DVIA AND 3D—HOW DOES IT WORK?

GC: It’s important to start with the concept of 3D and it really is everywhere today—it’s not just for the engineers of the world. You’re seeing 3D in games, you’re seeing 3D movies and we live in a 3D world.

� e promise of 3DVIA, as part of Dassault Systèmes, is really to look at how we can empower new communities of users, outside of engineering, to engage with 3D and how to use 3D to help tell compelling stories.

� is is essentially what we call a lifelike experience where we want to be able to tell real stories about real products and how they work in the real world. � is concept of lifelike experience provides relevance because you really want people to learn, understand and experience things, and that starts to happen when users begin to demand lifelike experiences and companies begin to adopt 3D-based technology to create them.

It helps with the pervasive use of 3D in very e� ective ways—not just for entertainment, but also to add value to learning and education.

What we’re doing with 3DVIA is

50

h� p://www.GlobalETM.com

50-52 3DVIA.indd 50 10/3/10 11:44:09

3D ■ ASK THE EXPERT

democratizing this use of 3D and helping industries and companies to reach this potential, in other departments, so that they can leverage the 3D data that their engineering departments are creating.

� is leveraging of 3D helps these other divisions, customers and suppliers to create robust communications that inform them about what their products are doing; how to engage with them; how to explain their products’ main capabilities; the concepts of how to build or service them, get replacement parts and so on.

With 3DVIA Composer we have the technology to leverage and share this 3D engineering data by providing a tool for non-engineers to use. We’re making it very accessible for new stakeholders and new communities of business users to take advantage of 3D and providing a way to keep all that information up-to-date, so that as engineers make their changes, other users can receive them and update all of their documents, instructions and other technical communications.

3DVIA Composer is about taking what are traditionally very manual and very disconnected processes—di� erent departments, digital photos of real prototypes, manually-created sketches, diagrams, technical illustrations—and replacing that with 3D technology to create those types of assets and keep them up-to-date.

Companies become more e� ective by reusing 3D data in this fashion and they don’t have to change their processes to get immediate savings. Companies then start to evolve their traditional documents and improve them through telling their story in 3D—and that provides more informative, more interactive and more engaging content.

� e idea here is to not just use 3D for 3D’s sake, but to use 3D to create a powerful story that’s engaging, informative and interactive. We are empowering these groups to create “interactive product experiences.” And that’s really going to change the way businesses work.

AK: WHAT ARE THE MAIN BENEFITS FOR BUSINESSES THAT ARE LOOKING TO IMPLEMENT THIS TYPE OF TECHNOLOGY?

GC: First of all, we are still engaged in educating companies about what is possible. We’re really ba� ling the analogue way of thinking—where people are used to traditional processes, or propagating the traditional status quo. We’re helping companies understand how 3D can improve their operations.

Once we start to explain that to them and how they can easily reuse 3D by ge� ing new

people working with it and understanding it, you get comparisons to when 3D CAD � rst came on the scene. Twenty years ago when engineers were using 2D dra� ing tools, many thought 3D CAD wasn’t needed, and that they could still do everything they needed to do in 2D.

Today, if you’re not using 3D for design and helping to manufacture and build all of those design-related elements, you’re not going to be very successful or competitive in revamping and creating new products.

So this type of paradigm shi� to 3D, which has happened in engineering already, is starting to happen outside of engineering and it is helping to speed up the creation of content for technical communications.

Once you start to speed up that creation process, documentation doesn’t become a critical path action. You can ship products on time with complete documentation, and you can start building products sooner because you’ve actually built the assembly documents more quickly, people can understand them more quickly, and they can start building them with a minimal amount of training.

You have be� er instructions if you’re using 3D, you can improve the comprehension, productivity and basically every aspect of how people are interacting with your product across your lifecycle.

AK: I’D LIKE TO TOUCH ON THE BO� OM LINE BECAUSE I KNOW IT’S STILL A CONCERN FOR MOST BUSINESSES TODAY. HOW IS 3D A COST-SAVER?

GC: I’m glad you asked this question, because this is where the rubber hits the road.

� ink about technical illustrations which are really the main way a company describes what you need to do with a product. When using 3D to create these illustrations, many companies are telling us that they’re seeing an 80% reduction in the time it takes to create them—more typically it’s a 50% reduction.

I had one company tell me that it took three months to do their designs in CAD, and three months or more to build the assembly instructions because they were taking digital photos of 400 parts and then assembling them, taking photos at each step, embedding the photos into a Word document, and annotating them from there—it was a very painful process.

You’d be surprised how many

companies do this sort of thing because they have no other way.

A� er giving these non-engineers 3DVIA Composer, they can now build their assembly documentation in weeks instead of months and get that product out the door more quickly. � at translates not only into a speed improvement in terms of productivity, but with the 3D technology they can incorporate and rollout changes as much as 90% more quickly than they were able to do with photos and printed documents.

� en, when a shop � oor worker is actually building these things, an 80% improvement in e� ciency, or 50%, or even 20%, are huge improvements. If you start adopting 3D and delivering your instructions and information in 3D, you’ll have more engaging, informative and interactive instructions, and this provides be� er education which in turn lets people perform their tasks more e� ciently.

I had one company tell me that by doing things correctly the � rst time, by brand new users and experienced users alike, they had an overall improvement of 25%. � at’s 25% less errors � rst time around, because they have be� er instructions.

When you repeat this over and over again for the hundreds of workers that are operating with instructions for assembly, service or operation, you have a monumental change and a huge improvement in the costs of your business.

AK: CAN YOU GIVE US A CASE STUDY THAT HIGHLIGHTS HOW 3DVIA WORKS AND WHAT IT HAS ACHIEVED SO FAR?

“� e idea here is to not just use 3D for 3D’s

sake, but to use 3D to create a powerful story

that’s engaging, informative and

interactive.”

51

50-52 3DVIA.indd 51 10/3/10 11:44:09

Tell

your

stor

y...in

3D

Tell

your

stor

y...in

3D

Tell

your

stor

y...in

3DASK THE EXPERT ■ 3D

GC:De� nitely, and this is very typical of many of the customers that we’ve worked with. I’ll pick one in particular—it’s a company called KaVo and they’re a medical device company based in Germany. � ey have o� ces worldwide and have been in the business for 100 years, providing dental equipment. � ey really pride themselves on excellence of design and the quality they deliver.

What they would do is take a CATIA assembly that they were working with in their engineering department and build a traditional engineering drawing from that—time consuming when you’re detailing things out in a 2D world—but the engineering drawing was not really good enough to tell people how to assemble things.

So the manufacturing side had to take those 2D engineering drawings and re-work them into illustrations and images to help with the step-by-step assembly processes. � ese groups didn’t regularly use CATIA—which is really more for engineers to use—and when trying to work in a 2D world it was taking a long time to get things done.

When they went from CATIA 3D into 3DVIA Composer, they were able to create all of their instructions in 3D—what they wanted to do, explaining to users what to watch out for, showing where to install components and so on—thereby eliminating the need to build 2D illustrations.

� e traditional time and e� ort of manually producing 2D technical documentation has been eliminated and that’s resulted in a 50% improvement for them, because it’s faster to build these things in 3D. � ey also deliver the instructions in 3D, so they don’t have to deliver manuals and papers—they just have to provide an updated 3D document.

What’s really important with this use case, and we get this all the time from our users, is the community that is accepting this instruction has a really favourable adoption. � ey really love the interactive instructions created by 3DVIA Composer and it’s improved their way of working. User adoption is key for any new technology and our users are very, very impressed and enjoy using the technology—both from authoring content and consuming it.

� e time reduction comes from actually

building the instructions in 3D, and even though they still need to create technical publications for traditional printed materials, all their work in 3D can be easily published out into various forms of 2D.

From an IT involvement and integration viewpoint they have ENOVIA, which is Dassault Systèmes PLM system to manage the product lifecycle and processes. So ENOVIA is delivering data and informing people on the design side,

but they also have SAP, which is managing all the change orders and the product

lifecycle on the engineering side.

3DVIA Composer is a great way to link

the engineering world with the manufacturing world and tie all of this data together so that all the

communications, information

and instructions are delivered and

controlled in a very tight fashion from an IT

perspective.

AK: THAT’S A GREAT EXAMPLE OF 3DVIA COMPOSER AT WORK. NOW LET’S LOOK TO THE FUTURE. WHAT WILL YOU BE FOCUSSING ON THIS YEAR, AND WHERE DO YOU SEE 3D GOING IN THE FUTURE?

GC:On the Composer side, related to what I just referred to with KaVo integrating into their IT environment, we just announced late last year an integration with 3DVIA Composer and ENOVIA SmarTeam. � at’s going to simplify work for companies that have SmarTeam and want to take advantage of this technology because it’s much easier now to get started.

We’re making sure that 3DVIA Composer can be installed and operational in hours, the training is one or two days, and people are up and running and extremely productive.

Hooking it into the IT backend, 3DVIA Composer is fully XML compliant and there are a lot of things you can do. We have automation technologies and while there’s usually some IT e� ort involved in connecting all these things, IT people love it when they understand our architecture. And by providing an out-of-the-box type of integration, it simpli� es that e� ort.

Moving forward in 2010 we’re going to make sure that all of our sales channel partners are

capable of deploying this SmarTeam integration, and we’re also continuing to evolve and develop our strategy of PLM 2.0, as it is on the Dassault Systèmes V6 platform.

Additionally, 3DVIA Composer is a very customer-orientated product and we continue to get suggestions from customers to improve the user experience.

On a broader note and back to 3DVIA in general, 2010 is going to be a very big year for us. We recently surpassed 20,000 3D models on 3DVIA.com. � at’s very important because when you want to get communities of new users working with 3D that don’t have access to build 3D, we provide the free tools and models—a� er all, without content how can you build an experience? So 3DVIA.com is our platform to connect new communities of 3D enthusiasts and you’re going to see some very interesting things happen this year.

When you have bigger demand and usage of 3D in the general population, you’re going to have new generations of people coming into businesses that are used to working in 3D. When that happens, there’s going to be a whole set of people that are energized to help operationalize 3D in companies and transform how they operate.

Tell

your

stor

y...in

3D

Garth is the Director of Channel Marketing for 3DVIA at Dassault Systèmes. In this role, he manages all aspects of product marketing for 3DVIA Composer, manages the North Ameri-can pre-sales support team, and is responsible for maintaining 3DVIA’s market leadership in innovative, interactive 3D applications which demonstrate lifelike experiences.

Garth holds a Bachelor of Engineering and Society in mechanical engineering from McMaster University in Hamilton, Ontario, Canada, and an MBA from Babson College in Wellesley, Massachuse� s, USA.

Garth ColemanDIRECTOR, CHANNEL MARKETING, 3DVIADassault Systèmes

“3DVIA Composer is a great way to link

the engineering world with the manufacturing

world...”

52 Tell

your

stor

y...in

3D

50-52 3DVIA.indd 52 10/3/10 11:44:11

“What about putting a gym in the plane?” Laura, age 10.

With 3D, your customers are your best designers.Working in 3D lets you integrate your customers’ preferences into your project more easily than ever, even online. Together, you can create, share and experience your ideas - all in 3D. With Dassault Systèmes solutions, your company is empowered by a new, universal language to invent the products of the future.

Discover SolidWorks, CATIA, SIMULIA, DELMIA, ENOVIA and 3DVIA at www.3ds.com

© Dassault Systèmes 2010. All rights reserved. CATIA, DELMIA, ENOVIA, SIMULIA, SolidWorks and 3D VIA are registered trademarks of Dassault Systèmes or its subsidiaries in the US and/or other countries.

Dassault_ETM_216x280.indd 1 20/01/10 16:01ads repdf.indd 4 10/3/10 16:57:29

ANALYST FEATURE ■ CLOUD COMPUTING

Cloud computing for skepticsThe opinion on cloud computing is divided, and while it can deliver signi� cant economic bene� ts, it’s not

for every organization. PAUL BURNS (NEOVISE) sets the record straight for companies considering this approach to delivering IT.

54

The National Institute of Standards de� nes IaaS as follows:

“� e capability provided to the consumer is to provision processing, storage, networks and other fundamental computing resources where the consumer is able to deploy and run arbitrary so� ware, which can include operating systems and

applications. � e consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications and possibly limited control of select networking components (e.g. host � rewalls).

” For more information on cloud computing, PaaS and SaaS see: h� p://csrc.nist.gov/groups/SNS/cloud-computing

54-56 Neovise.indd 54 10/3/10 13:52:34

CLOUD COMPUTING ■ ANALYST FEATURE

customers to run on virtual machines (VM) on the same physical server. � is means di� erent companies will share the same physical server. � is level of multi-tenancy provides the � exibility to assign workloads to the most under-utilized servers.

Elasticity means that the resources consumed by an application can both grow and shrink. Changes in resource consumption are typically driven by changes in demand for the application. � e traditional method for handling elasticity is the combination of scale-up and scale down. Scaling-up involves moving an application to a more powerful server, and scaling down involves moving the application to a less powerful server.

With IaaS, the predominant form of elasticity is scale-out and scale-in. Scale-out happens when an application utilizes additional servers to increase capacity or maintain performance as demand increases. Scale-in happens when the application releases unneeded servers as demand declines. Applications must be designed and wri� en speci� cally to take advantage of scale-out and scale-in for elasticity.

� ere are certainly other IT o� erings that share some—but not all—of these technical capabilities. Cluster computing, for instance, depends greatly on resource pooling. However, clusters have traditionally been built with a relatively small number of tightly integrated, high performance servers that run one CPU

intensive application at a time. Compute clouds, on the other

hand, are typically built with larger numbers of loosely

integrated, commodity servers in order to run

many di� erent types of applications at the same time. In other words, clusters generally lack multi-tenancy and cluster

applications are not typically elastic.

It would be incorrect to equate

cloud computing to cluster computing. While other forms

of computing may share some common technical a� ributes, IaaS remains

fundamentally di� erent.By now, even strong skeptics should

understand that cloud computing—and IaaS in particular—really is something new. Of

While cloud computing has come to the forefront of IT industry discussions in the last year or so, not everyone has bought in

to the concept. In fact, many IT professionals remain blatantly skeptical. Web searches for “hate cloud computing” and other similar terms reveal many forms of distaste. A comment posted to Twi� er expresses the sentiment quite well: “For the record, I hate cloud computing and I think it’s fake.” Even Larry Ellison, fabled CEO of Oracle, has bashed cloud computing by calling it “water vapor.”

In direct opposition to the skeptics are the fanatics who suggest cloud computing is the one and only best approach to delivering IT. Some cloud enthusiasts claim that cloud computing provides in� nite capacity. Others assert that it is the least expensive approach to IT delivery. Still more conclude that cloud computing is quickly making the traditional IT organization obsolete.

For most companies, the truth can be found somewhere between these two extremes. How-ever, since no two IT departments are alike, there is no single best approach to cloud com-puting. Di� erences in IT organizations include size and complexity of the managed environ-ment, level of automation, process maturity and more. What works for one company may miss the mark for others.

In order to make rational decisions about cloud computing, each IT organization must make its own determination of the value—or lack of value—o� ered by cloud computing. To do this, IT leaders must � rst understand how cloud computing is di� erent compared to traditional forms of IT.

� ree primary cloud computing service models have emerged: infrastructure as a service (IaaS), platform as a service (PaaS) and so� ware as a service (SaaS). While each of these approaches have key di� erences relative to their predecessors in traditional IT, understand-ing the unique characteristics of IaaS is founda-tional to the entire notion of cloud computing.

� is may be a di� cult starting point for the most extreme skeptics. A� er all, their primary ba� le cry is simply that there are no signi� cant di� erences o� ered by cloud computing. Yet without recognition of the fundamental di� er-ences, there would be nothing le� to discuss.

TECHNOLOGY DIFFERENCESWhen IaaS is boiled down to its technical essence, resource pooling, multi-tenancy and

elasticity are the remaining elements. Taken together in the context of application resource provisioning, these elements demonstrate how IaaS really is something new and di� erent.

Traditionally, each application is assigned a � xed set of dedicated servers. To ensure high levels of performance during periods of peak demand, more server resources than needed on average are allocated to each application. By regularly over-provisioning in this manner, IT costs become excessive even while resources are underutilized.

� rough resource pooling, individual servers are brought together in a single logical pool to be shared by multiple applications. � e idea is for each application to use only the amount of compute resources it actually needs at any given time. In this way, unused capacity becomes available for all applications to share. Since applications tend to encounter peak demand at di� erent times, the total number of servers reserved for peak usage can be reduced.

With a su� cient number of applications sharing a pool, the available excess capacity can be far more than any single application could ever use by itself. Some fanatics refer to this as in� nite capacity. Even though this may appear in� nite from the perspective of any given application, the resources are not actually in� nite.Resource pooling provides the foundation for multi-tenancy. At a high level, multi-tenancy simply means sharing resources by more than one entity. In the context of IaaS, multi-tenancy can have a variety of meanings with subtle distinctions.

To simplify, the most common case is used: a public cloud computing environment where IaaS is o� ered to multiple customers through a shared pool of physical servers that have been virtualized. In this case the shared resource is not just the overall pool, but the individual servers that make up the pool. In other words, multi-tenancy allows applications from separate

55

“… IaaS can deliver strong value and game changing

economics when applied appropriately.”

54-56 Neovise.indd 55 10/3/10 13:52:38

ANALYST FEATURE ■ CLOUD COMPUTING

Neovise is an IT industry analyst � rm that uniquely adds business perspective to technology. Paul works closely with executive leaders from vendors and service providers to understand, evaluate and provide input on their solutions.

Paul has nearly 25 years experience in the so� ware industry, driving strategy for enterprise so� ware solutions through product management, competitive analysis and business planning. He has held a series of leadership positions in marketing and R&D, and spent two years as Research Director/Senior Analyst at another � rm immediately prior to founding Neovise. Paul also writes articles for industry publications and speaks at industry events. He earned both B.S. in Computer Science and M.B.A. degrees from Colorado State University.

Paul BurnsPRESIDENT AND FOUNDERNeovise

Diagram 1 - Unit Cost Curve for IT

course, all good skeptics know that being new or di� erent in the world of technology is not always the same as being good or useful. Fortunately, the key di� erences with IaaS (resource pooling, multi-tenancy and elasticity) also carry with them some additional bene� ts.

IAAS BENEFITSAs with the technology di� erences, it is most helpful to skeptics if the unique bene� ts of IaaS can be separated from the more common bene� ts. � is can be challenging since every technology available is ultimately meant to o� er some form of advantage. Generic technology bene� ts o� en fall into the categories of be� er, cheaper or faster. All of those are valuable, of course. But how o� en does a new technology or business model make a sizeable positive impact to the underlying economics of IT?

Simply raising this question is sure to put skeptics on the defense. � at initial response is reasonable because there have been too many claims in the IT industry where the latest and greatest technology over-promises and under-delivers.

Take a look at the IT unit cost curve in Figure 1 to see how shared, public IaaS environments begin to change the economics of IT infrastructure delivery. � e x-axis represents how many units of IT are delivered in a given scenario.

For example, with a virtual server hosting scenario, units of IT represent how many virtual servers are delivered. � e y-axis represents the average unit cost for the number of virtual servers given on the x-axis. � e blue curve shows a traditional IT environment where unit costs are very high in low-scale environments. It also shows how large scale traditional IT environments result in low unit costs. In other

words, for traditional IT environments, higher scale drives lower costs.

Now consider the red curve which represents the cost of obtaining di� erent numbers of virtual servers from a public IaaS provider. In this case, the cost to the IT organization is the price paid to the IaaS provider. Notice that this “curve” is really a � at line where unit costs do not vary based on scale. Whether using one server or 100 servers, the unit cost remains the same from the buyer’s perspective.

Also notice that the IaaS provider curve is much lower than the traditional IT curve for small scale environments. � is is because � xed costs represent a large portion of total costs when the IT environment is small.

On the other hand, the IaaS provider has a huge advantage and can o� er a single unit of IT to a small customer for a very low price. � is is because the IaaS provider is able to spread its � xed costs over many customers. � en

the provider only has to add a small amount of variable cost (the small additional cost of providing one more unit of IT) and a pro� t margin to arrive at its selling price.

CONCLUSIONSimply put, cloud computing provides new and unique technical capabilities that provide key economic bene� ts when applied to the right scenarios. Unfortunately, some skeptics have become disenchanted with cloud computing without understanding its potential. � is has happened in part due to fanatics making claims that are, at the least, not accurate in all scenarios.

Contrary to what some fanatics say, cloud computing is not the one and only best approach to delivering IT. However—through a combination of resource pooling, multi-tenancy and elasticity—IaaS can deliver strong value and game changing economics when applied appropriately.

56

“What works for one company may miss the mark for

others.”

54-56 Neovise.indd 56 10/3/10 13:52:42

What’s New What’s Next see it at INterop

Don’t miss the leaDing business technology eventSee the full range of IT solutions, learn what’s new and identify technology must-haves for your business.

Interop is the only event to give you a comprehensive and unbiased understanding of the latest innovations—including cloud computing, virtualization, security, mobility and data center advances—that will help position your organization for growth.

exhIbItors INclude:

save 30% or get a Free expo pass Register with priority code CNJXNL01www.interop.com/lasvegas

* 30% off discount applies to Flex, 4-Day and Conference Passes. Discount calculated based on the on-site price and not combinable with other offers. Proof of current IT involvement required. Prices after discount applied: Flex: $2,306.50 | 4-Day: $2,026.50 | Conference: $1,606.50 ©2010 TechWeb, a division of United Business Media LLC.

coNFereNce tracks:• application Delivery• Cloud Computing• Data Center• enterprise 2.0• Governance, Risk and Compliance• Green it• it security and Risk Management

• Mobile Business• Networking• storage• Video Conferencing• Virtualization• VoiP and Unified Communications

ilv10_ad-ETM.indd 1 12/3/09 3:43:10 PMads repdf.indd 4 10/3/10 16:59:22

Looking for one identity and access management solution that reduces cost, strengthens security, improves productivity and addresses compliance requirements? JOE SKOCICH (IBM TIVOLI) talks to ETM’S ALI KLAVER about his take on identity and access management and how IBM can help you.

HEAD TO HEAD ■ IDENTITY AND ACCESS MANAGEMENT

Simplifying IAM

AK: JOE, FOR THOSE IN OUR AUDIENCE NOT ENTIRELY FAMILIAR WITH IBM’S DEFINITION OF IDENTITY AND ACCESS MANAGEMENT, CAN YOU GIVE THEM YOUR DEFINITION AND PERHAPS ITS IMPORTANCE IN THE MARKET?

JS: Identity and access management is really the process of verifying and trusting identities, managing what they can do, when they can do it, where they can do it from, and

most importantly, what they do it to. If an organization doesn’t have a good

grasp on identity and access management then they signi� cantly increase the risk of a security breach from those people that have access to their systems.

AK: I THINK FROM WHAT I’VE SEEN AT ETM A LOT OF PEOPLE STRESS THAT THE MANAGEMENT SIDE IS ONE OF THE MOST IMPORTANT PARTS.

WHAT DO YOU THINK ARE THE MOST IMPORTANT ASPECTS OF IDENTITY AND ACCESS MANAGEMENT TODAY? AND WHAT WOULD YOU SUGGEST THAT COMPANIES FOCUS ON WHEN THEY’RE LOOKING AT A NEW SOLUTION?

JS: For the most part, organizations understand the importance of managing identity and access, and most have some idea of

58

h� p://www.GlobalETM.com

58-60 IBM.indd 58 10/3/10 13:55:43

FACT FILE Tivoli Access Manager for Enterprise Single Sign-On:

>Reduces password-related help-desk costs by lowering the number of password reset calls

>Strengthens security and meets regulations through stronger passwords and an open authentication device interface with a wide choice of strong authentication factors supported out of the box

>Facilitates compliance with privacy and security regulations by leveraging centralized auditing and reporting capabilities

>Improves productivity and simpli� es the end-user experience by automating sign-on and using a single password to access all applications

>Enables comprehensive session management of kiosk or shared workstations to improve security and user productivity

>Enhances security by reducing poor end-user password behaviour

>Extends IBM Tivoli® Access Manager for e-business’s � ne-grained authorization and entitlements for web applications by fully addressing single sign-on across all types of applications

>Enables end-to-end identity and access management by integrating the centralized identity management functions of IBM Tivoli Identity Manager with Enterprise Single Sign-On and access automation

>Operating systems supported: Windows.

To access a demonstration of Tivoli Access Manager for Enterprise Single Sign-On, go to: www-01.ibm.com/so� ware/tivoli/library/demos/tam-overview.html?S_CMP=rnav

IDENTITY AND ACCESS MANAGEMENT ■ HEAD TO HEAD

Simplifying IAMwho has access to their systems.

But today, regulatory compliance is governing many businesses and organizations, and those regulations are creeping more and more into the world of IT security.

For example, the payment card industry standard, or PCI as it’s known, is a great example of that. � ere are very speci� c IT security requirements in that set of regulations that we know in the industry as the “digital dozen”. Also, many of the money laundering regulations are requiring further background checks on who an organization does business with.

So I would say that reporting, and the ability to report based on compliance, is a very important aspect when considering an identity and access management solution. � e reporting should not just be on what users have access to, but the identity and access management system needs to report on what users—and privileged users—are doing with that access.

Once the governance process is in place to properly manage the identities and access, organizations must then recertify that access on a regular basis. � is recerti� cation needs to be out of the box in terms of capabilities, just like one would � nd in basic provisioning and de-provisioning capabilities.

Finally there needs to be a closed-loop capability in the identity and access management solution. What I mean by that is that there must be a constant and automatic reconciliation of the way things are, compared to the way things should be. � is prevents the insiders and privileged users from circumventing the policies and procedures that you’ve worked so hard to put in place.

AK: YOU’VE BROUGHT UP SOME REALLY IMPORTANT POINTS, AND PCI IN PARTICULAR CAN BE REALLY TRICKY. I’VE HOSTED QUITE A FEW PODCASTS RECENTLY WHERE PEOPLE TALK ABOUT BEING COMPLIANT AND TICKING ALL OF THOSE BOXES, BUT THEN STAYING COMPLIANT IS A COMPLETELY DIFFERENT MA� ER.

AND OF COURSE, IDENTITY AND

ACCESS MANAGEMENT IS A FORM OF SECURITY, BUT IT ALSO TOUCHES OTHER ASPECTS OF THE BUSINESS ACROSS THE BOARD SUCH AS BUSINESS INTELLIGENCE; GRC; IT SERVICE MANAGEMENT, AND MANY MORE.

I’M SURE THIS IS AT LEAST CONFUSING FOR THOSE SMBS OUT THERE WHO ARE JUST STARTING TO LOOK AT IMPLEMENTING RELEVANT TECHNOLOGIES, BUT DO YOU THINK THERE’S AN EASIER WAY TO LOOK AT IT, AND HOW WOULD YOU COUNSEL THEM?

JS: First and foremost I think the important thing for SMB organizations to understand is that SMB organizations and large organizations share a common thread. � ey must adhere to the same regulations, and also have risks of identity and access management.

So what SMB customers do in identity and access management is critical to the objectives they have in Governance, Risk and Compliance and IT service management. � e solutions that are out there are priced such that very small organizations spend the same in proportion to the large organizations.

But where I think the SMB organizations have an advantage

is that it’s probably a lot easier and a lot quicker

for them to tackle a complete identity

and access management deployment because there are generally fewer moving parts to

deal with.

AK: OF COURSE, THAT’S A GREAT

POINT AND IT IS EASIER FOR AN SMB

ORGANIZATION TO START OUT AT LEAST.

NOW THAT OUR AUDIENCE HAS A PRE� Y GOOD G� SP OF THE BASICS, CAN YOU TAKE US THROUGH THE STEPS THAT YOU THINK AN ORGANIZATION NEEDS TO ACHIEVE TO MAINTAIN SUCCESSFUL IDENTITY AND ACCESS MANAGEMENT?

JS: At the � rst level, an organization needs to understand which systems are most sensitive and critical to their well being. We’ve seen a

“We have many examples of where user

provisioning has reduced the human errors.”

59

58-60 IBM.indd 59 10/3/10 13:55:45

HEAD TO HEAD ■ IDENTITY AND ACCESS MANAGEMENT

number of these “boil the ocean” identity and access management deployments end up going south because it took too long.

My advice has always been to start with your basics and the ones that are most sensitive and then add accordingly, a� er you have a complete identity and access management system in place—one that has exactly the kind of detailed reporting to help you achieve your compliance objectives.

� e components one would expect to see in a complete identity and access management solution would be user provisioning, single sign-on, federation, web access controls, as well as a security information and event management reporting, or SIEM, tool. Get this in place with your most sensitive applications and then add the others as you go along. � at would be my advice.

AK: THANKS JOE, SOME GOOD POINTS THERE. NOW I THINK IT’S A GOOD IDEA TO GET DOWN TO SPECIFICS. A LOT OF ETM MEMBERS LOVE HEARING ABOUT CASE STUDIES, SO CAN YOU PERHAPS GIVE SOME EXAMPLES OF GOOD IDENTITY AND ACCESS MANAGEMENT AT WORK?

HOW DO YOU THINK IBM HAS REALLY CHANGED THE WAY ORGANIZATIONS SEE THIS ASPECT OF SECURITY?

JS: Well � rst of all, identity and access bene� ts to the organization should include an improvement in operational e� ciency. � ere should be a reduction of risk, and overall improvement of service. � is is what we are seeing from our customers.

We have large and small organizations telling us that a single sign-on solution has given them big returns on that investment in a short amount of time.

� ey’re seeing two to three less calls to the helpdesk per year per employee. � e savings they see are half of what they pay per employee for the single sign-on solution. We have many examples of where user provisioning has

reduced the human errors. � e customers that are using our security

information and event management solution have reported a signi� cant reduction of risk because they can easily identify the parameters and the scenarios to look for that put the organization at risk.

We’re also hearing about big improvements of service from our customers using our single sign-on and federation capabilities. It’s no secret

that if an employee is happy with the systems that they use, that

mood is passed on to the customers they serve.

Last April IBM made the identity

and access management solution much easier and cheaper for customers to put

in place. Today, a customer can get

one solution from IBM called Identity

and Access Assurance, that comes complete with user

provisioning, single sign-on, federation, access control and reporting. All of these are available in one package for less than half of what it would cost if a customer went best-of-breed on these solutions.

AK: I LIKE YOUR POINT THAT IF AN EMPLOYEE IS HAPPY WITH THEY SYSTEMS THEY USE IN THE WORKPLACE, THEN THAT IS PASSED ON TO THE CUSTOMER.

FOR OUR FINAL QUESTION, LET’S LOOK TO THE FUTURE. TELL ME,

Joe has been providing identity and access management solutions to large complex organizations for the last 12 years. At IBM, he has been tasked with bringing new security technologies to market since 2002. � ese include those coming by way of acquisitions as well as those developed organically by IBM.

He is currently the IBM Tivoli Executive responsible for global sales of Tivoli Identity Management and Tivoli Access Manager for Enterprise Single Sign-On.

Joe SkocichWORLDWIDE IDENTITY AND COMPLIANCE STRATEGIST, TIVOLI IDENTITY MANAGEMENT AND TIVOLI ACCESS MANAGER FOR ENTERPRISE SINGLE SIGN-ONIBM Tivoli

WHAT WILL YOU BE FOCUSSING ON THIS YEAR, AND WHERE DO YOU SEE THE FUTURE OF IDENTITY AND ACCESS MANAGEMENT GOING?

CONSIDERING THAT NEW TECHNOLOGIES ARE REALLY ALLOWING US TO BE A LOT MORE MOBILE, BOTH IN WORK AND PERSONAL LIFE, DO YOU THINK THIS HE� LDS A NEW AGE FOR TECHNOLOGY?

JS: Well certainly, pervasive computing represents one of the biggest challenges for security professionals. � is notion of data anywhere and at any time could become the CIO or CSO’s nightmare.

But the improved methods of collaboration also help an organization to operate more e� ciently and e� ectively. Because the data is what the bad guys are a� er, we must continually improve how data security and identity and access management complement one another.

IBM has focussed on making improvements here, with integration between technologies in our Information Management brand and Tivoli’s identity and access management solutions.

Unstructured data, data classi� cation and identity management will work hand-in-hand with IBM. Bringing together the intrusion detection and intrusion prevention technologies and web access technologies is another area that we’re focussing on.

We’re combining the best of the technologies from the IBM Internet Security Systems and the Tivoli brands so that we create secure connections so users can use whatever device they choose. � ese are just some of the examples of what we’re doing that are improving how we view security today.

“My advice has always been to start with your basics and

the ones that are most sensitive...”

60

58-60 IBM.indd 60 10/3/10 13:55:46

www.infosec.co.ukRegister free* to attend now at:

Working smarter has never been so important andsecurity so crucial when it comes to safeguarding andgrowing your business.

• Smart spending to justify and get value from budgets• Smart optimization of your technology, processes and resources• Smart people – education, training and awareness

INFORMATION SECURITY –ARE YOU BEING SMART ENOUGH?

Organised by:

* Register free before 23rd April at 5pm. Onsite registration £20.

27 – 29 April 2010

Earls Court

London | UK

CELEBRATING 15 YEARS AT THEHEART OF THE INDUSTRYEUROPE’S NO.1 INFORMATION SECURITY EVENT

ETM 280x216mm:Layout 1 10/2/10 09:47 Page 1

ads repdf.indd 4 10/3/10 17:01:05

ASK THE EXPERT ■ CYBERCRIME

Fighting back on cybercrimeThe threat of cybercrime is a risk most organizations deal with on a daily basis, but is there anything we can

do about it? ED ROWLEY (M86 SECURITY) tells ETM’S ALI KLAVER that it is possible to stay safe, and within your budget.

h� p://www.GlobalETM.com

62

62-64 M86.indd 62 10/3/10 17:03:04

CYBERCRIME ■ ASK THE EXPERT

AK: TELL US ABOUT THE STATE OF CYBERCRIME TODAY. WHAT DO YOU THINK MOTIVATES CYBERCRIMINALS?

ER: Let’s start by looking at the state of cybercrime. At last year’s World Economic Forum in Davos, Switzerland, they estimated that online the� cost one trillion US dollars per annum—that’s more than the combined GDP of Australia and New Zealand annually.

� is has resulted from an increase in online business. � e internet has become prevalent in almost all areas of society and business is conducted more and more on the internet and in shorter time. If that’s where the money is, that’s where the criminals appear.

� e state of online crime has also changed with the technology. We’ve all heard of phishing a� acks and hacked websites—this has now moved on to infecting machines with viruses or Trojans that add � elds to forms on banking websites on the PC itself rather than on the website.

We’ve also seen so� ware-as-a-service emerge and there are criminals hiring out their services as a cloud-based technology for other criminals who don’t have the technological capability, but still want to use the internet to perpetrate crime.

In terms of what motivates them—10 to12 years ago the virus writers were a bit like gra� ti artists, they were doing it for notoriety. Now, it’s all about the money. � ere are huge criminal organizations out there that are able to fund an army of very good developers. It’s big business for them and they will follow the money.

AK: I’M SURE OUR AUDIENCE WANTS TO HEAR ABOUT A WAY TO STOP IT. ARE FIREWALLS AND ANTI-VIRUS PRO-G� MS ENOUGH TO STOP AN A� ACK?

ER: Firewalls and antivirus are an integral part of security. � ey need to be kept up-to-date but are no longer su� cient in themselves. We’re seeing socially engineered, targeted a� acks against individuals or individual organizations. � is means the traditional approach of simply relying on � rewalls and antivirus is not enough.

Consider blended threats for example—an email with a URL in it that links to a malicious website. � is email has no a� achment for an antivirus engine to scan, nor should the � rewall block it because as far as it’s concerned this is just an email. � is email will go straight to

the end user, the user will click on the link, be directed to the website, and then become the victim of a drive-by web infection.

Similarly, criminals are not always simply concerned with � nancial transactions. � ey might be interested in the intellectual property of an organization. Companies need to put in place so� ware or technology that will help them protect their content as it moves around the internet.

It’s also important to remember that, above and beyond technology, it’s usually people that are considered the weak point by criminals and are therefore targeted, so it’s very important to educate the end users in an organization. Training people and pu� ing in place a proper security policy that employers can adhere to is vital, and it’s an essential part of a secure network.

Organizations should also keep an eye on the news to understand the nature of the changing threat. Criminal organizations are changing their approach to hacking, or scamming people using technology, so it’s always good to be aware of what they’re doing.Also—consider good old patch management. Quite o� en there are vulnerabilities in operating systems and other products. Organizations need to make sure they get patched because these are exploited very quickly by criminal gangs.

AK: CAN YOU RUN US THROUGH THE MAIN BUSINESS RISKS OF CYBERCRIME?

ER: Primarily there’s loss and the� of money. And let’s remember that cybercrime is still crime, and people are still trying to gain pecuniary advantage from perpetrating it. So loss of money is the principle risk.

However, loss of information or sensitive data is also key. Imagine you’re Coca Cola for example—if your secret recipe gets leaked, that’s your business down the drain. You want to maintain your sensitive, con� dential information, especially if it gives you a competitive edge.

An o� -shoot is that sensitive data may be subject to industry or legal regulations, such as the Data Protection Act, PCI or HIPAA. You’ve got to secure your content at the risk of a � ne. Likewise, if you’re responsible for leaking information, your reputation may su� er. Slightly more obscurely, as cybercrime impacts employees, you might � nd a hit on sta� productivity as they’re trying to work with the e� ects of cybercrime.

Finally, when a virus or security loophole is discovered, there are clean up costs associated

with that—the downtime of the PCs, perhaps overtime paid to IT sta� and so on.

AK: PROTECTING SENSITIVE DATA IS EVEN MORE IMPORTANT NOW AS BUSI-NESSES DEPLOY REMOTE WORKING ENVIRONMENTS AND EMPLOYEES ARE BECOMING MORE MOBILE. SO HOW CAN ORGANIZATIONS PROTECT THEM-SELVES AND THEIR EMPLOYEES FROM CYBERCRIME ON A MOBILE LEVEL?

ER: As network de-perimitization becomes increasingly common, this is something that businesses have to face. However, there is technology that will allow them to ensure that remote users, small satellite o� ces or people on the move can be treated in a similar, if not the same, fashion as in-house employees irrespective of where people are.

Increased broadband speeds and be� er VPN technology means that it is now acceptable for many organizations to force their users to connect to a VPN. Additionally, there are a number of cloud-based technologies out there like Finjan Vital Cloud and so� ware-as-a-service that can ensure remote users have the same level of protection.

Organizations should � nd themselves in the clear as long as they focus on what I call the “three P’s”; people, protection and

Ed has been with M86 Security since April 2007. With over ten years of extensive sales engineering and technical expertise in IT security, Ed plays a pivotal role in Product Management at M86. His main role is to facilitate the inclusion of customer feedback and requirements into the product development roadmap, and he is also the global product manager lead for M86’s email security solution—MailMarshal SMTP.

Prior to M86, Ed held technical and sales engineering positions in Sophos, CipherTrust and Secure Computing.

Ed RowleyPRODUCT MANAGERM86 Security

63

62-64 M86.indd 63 10/3/10 13:56:58

ASK THE EXPERT ■ CYBERCRIME

policy. Train the people. Put in place various degrees of protection at di� erent levels—at the desktop, at the gateway and in the cloud where appropriate—and have a straightforward policy that everyone understands and is trained on.

AK: LET’S DO A QUICK SEGUE INTO THE CURRENT ECONOMIC CLIMATE, BECAUSE I KNOW IT’S AN IMPORTANT FACTOR. DO YOU THINK BUDGET CUTS WILL RESULT IN COMPROMISED SECU-RITY, AND WHAT CAN BUSINESSES DO TO MAXIMISE THEIR SECURITY ST� T-EGY WITHOUT REALLY AFFECTING THE BO� OM LINE?

ER: One big change we’ve seen is that a large number of companies seem to be outsourcing not just their IT security, but their whole IT department.

Also, people have been using cloud-based solutions. Again, they can control their costs and reduce capital expenditure. Cloud-based solutions such as MailMarshal SPE and Finjan Vital Cloud mean that companies can revise how they spend their security budget. Similarly, and this is something I’m a real proponent of, most companies have something like an email gateway that has been brought in for a point solution. I’m really keen for people to realize that these products are capable of doing far more than what companies have ever used them for.

A simple recon� guration, and perhaps reading the manual, will allow companies to maintain a great level of security without spending a single additional penny because they’ve already got a solution in place. Spam is a great example of that. You’ve got

“A simple reconfiguration, and

perhaps reading the manual, will allow companies to maintain a great level of

security without spending a single additional

penny...”

email coming in, and most anti-spam products will be looking at the content of that email, so we’re already doing content analysis. If you’re worried about credit cards or other information leaving an organization, it’s still content within an email, so you can con� gure these products to look for di� erent types of content, and they’re more than capable of doing that.

AK: YOU MENTIONED THE IMPOR-TANCE OF FINANCIAL ONLINE SECU-RITY AND I JUST WANT TO TOUCH ON WHETHER YOU THINK ONLINE BANK-ING IS REALLY SECURE THESE DAYS? WE KNOW CONSUMERS AND SMALL BUSINESSES ARE BEING TARGETED, AND ETM MEMBERS ARE CRYING OUT FOR HELP WITH COMPLIANCE TO VARIOUS REGULATIONS. HOW CAN YOU HELP THOSE PEOPLE AND ORGANIZATIONS CONCERNED ABOUT THEIR ONLINE SE-CURITY, AND BANKING IN PARTICULAR?

ER:Well, as prime targets, banks are extremely aware of the security issues surrounding online business, so they’re probably more secure than most. � e problem really lies with cybercriminals targeting banks’ customers. Good old phishing a� acks with links to a fraudulent website have been causing problems for many years. Pharming a� acks followed that, where legitimate requests would be directed to a fraudulent website. Similarly, there have been reports of cleaning sta� that have been paid to install key loggers onto machines and record information.

To be really secure people need to know what to look for. It comes back to training people to understand what a phishing email looks like. It’s hard to believe, but some people still fall victim to lo� ery scam emails—if it sounds too good to be true, it probably is.

From a compliance perspective—PCI, HIPAA and the Data Protection Act—

most of it is li� le more than having in place a basic set of good security

practices. Having antivirus, using a � rewall, pu� ing in place gateway protection with some content � ltering that will search for credit card information, and so on. It’s really straightforward and usually requires a lot less

work and investment than people expect.

From a banking perspective, businesses and consumers alike

should never be afraid to contact their bank. And always remember that a bank

will never ask you for your account password by email or phone.

� en it’s down to the simple things like making sure your antivirus is up-to-date, understanding what to look for, looking for that padlock in your browser and using gateway products to control tra� c. It may well be worth investing in something like that. M86 Security deals with looking at and identifying fraudulent applications or websites as they’re accesse

AK: LET’S LOOK TOWARDS THE FUTURE. HOW DO YOU THINK CYBERCRIME CAN BE STOPPED? WHERE DO YOU SEE THE FUTURE OF CYBERCRIME GOING?

ER: When speaking about cybercrime I tend to drop the cyber part of it and just call it crime, because that’s what it is. And as long as people are performing � nancial transactions on the internet, the cyber criminals will � nd a way to take their share.

� at said, it’s encouraging to see police forces responding to the growth in cybercrime. � e Association of Chief Police O� cers (ACPO) recently put out a statement commi� ing to a more uniform strategy towards combating e-crime in the UK. � at’s certainly welcome, but it’s also the problem. From a UK perspective they’re commi� ing to a strategy, but the international nature of cybercrime makes it very di� cult for enforcement agencies.

Criminals based in China, Russia and North Korea are maybe using zombie PCs do� ed around the world in order to perpetrate crime in other countries. It’s di� cult to � nd the criminals, but it’s even more di� cult to successfully prosecute them. Until there’s more co-operation between countries, wiping out cybercrime is not going to happen.

Recently, we’ve seen the shu� ing down of some service providers who have been turning a blind eye to cybercriminals, particularly spammers. � at’s been quite e� ective on a short term basis, but they soon bounce back, and spam reached new highs a� er having a brief hiatus.

From an M86 Security perspective, we’ll continue to develop new tools for our customers—behavioural analysis techniques that will identify cross-protocol or blended threat a� acks of the type that I mentioned earlier that target both email and web users. And of course our Security Labs will follow the criminals, see what they’re doing, identify new threats and predict what’s going to happen next.

We’ve got a very strong Security Labs team based around the world looking at a vast amount of tra� c, both web and email, and that’s how we’ll address future problems.

64

62-64 M86.indd 64 10/3/10 13:57:02

Cybercriminals: Masters of StealthYou can't stop what you don't know is coming.

The new weapon in the cybercriminal's tool kit is a blended threat and it can look like just about anything: • A credit card alert.• An online shopping confirmation email.• A prize notification.• Even a customer service survey from a well known retail store. Blended threats are spam attacks; stealth like and covertly disguised to look like something else — something familiar — until they attack. And when they do, the damage can range from compromised personal or corporate data, to the “recruitment” of computers into a network of bots, to keystroke recording that collects passwords and other information. Prepare for combat and protect your network and data from ambush. What you can’t see can hurt you.

Download the “Fighting back on Cybercrime” podcast today: www.m86security.com/ETM

www.m86security.com

ads repdf.indd 4 10/3/10 17:04:44

ANALYST FEATURE ■ GRC AND IT SECURITY

GRC and IT security —where is the link?GRC is an essential element of your IT strategy, but how does it work with security? MARTIN KUPPINGER

(KUPPINGERCOLE) tells us that they work hand-in-hand and that a GRC view helps in optimizing investments in IT security.

66

66-68 KuppingerCole.indd 66 10/3/10 14:04:31

risk is associated with an IT risk. � at’s especially true for strategic risk, but also for some operational risks—the tra� c jam which leads to a delayed supply of goods, and breaks in production, is at least only very indirectly associated with IT.

But for most operational risks, there is an associated IT risk. � e risk of abuse in trading on derivatives is directly connected to access controls and SoD rules or, from a risk perspective, the access or authorization risks.� e good thing with risk is that there are established methodologies, proven concepts and experienced people at least on the business side. � e other good thing is that key concepts of risk management are easy to understand and therefore easier to adopt, for example, for IT and in particular IT security.

� ere are many examples of KPIs or KRIs (key performance/risk indicators) that might be used as a foundation for de� ning risk controls in IT security. Beyond that it isn’t rocket science to describe IT risks and their relationship to business risks in a structured way. A few days in an intensive workshop should deliver signi� cant results.

FROM IT SECURITY TO INFORMATION SECURITYIt might be a good idea to move a step forward and focus on information security. IT—information technology—is about information, and business is interested in information, not in

technology. � is means that information, not systems, should be in the

centre of what is done. Is the information

secure, regardless of where it resides? At

rest, in transition, in use? Across di� erent systems and even beyond the boundaries of the organization in case information

is allowed to leave the (diminishing)

perimeter of the organization?

In fact, the question is whether information is at risk. And

if we look at any regulation, it is about information, not technology. � e transition from a technology-centric view towards an information-centric view has to be understood in the context of the broader evolution of

Virtually every organization has an IT security department. Few have clearly de� ned responsibilities for GRC (Governance, Risk

Management and Compliance). But GRC is becoming increasingly important—and GRC approaches might be what help organizations in improving what they’re doing for IT security.

GRC became one of the really hot topics in business and IT, especially in larger organizations, over the course of the last few years. However, there is a lot of confusion about the terms associated with GRC. In many organizations, few people have a clear view of what GRC involves and requires, and few organizations have an organizational structure for GRC with clearly de� ned responsibilities. Of these organizations, many have limited their GRC initiatives either to some aspects like “business only”, “risk only” or “IT only”.

Very seldom will you � nd organizations that have a well-de� ned GRC strategy and roadmap, covering the organizational as well as the IT aspects of GRC, and supporting an evolution towards an integrated GRC approach including the organizational structures and processes, control frameworks, supporting technology and so on. Despite the current lack in that area, we clearly observe that GRC initiatives are maturing—however slowly.

Like with most evolutions, beyond that “top-down” approach where frameworks like COSO and COBIT might be helpful guidelines, GRC also has to be understood at all levels of the organization. “Bo� om-up” approaches are thus required using GRC principles and methodologies to improve the daily business in di� erent parts of the organization.

One of the most logical starting points for bo� om-up GRC approaches is IT security. IT security is still driven mainly from a technical perspective in most organizations. IT security experts are experienced technicians. But IT security is not a green � eld for technicians—instead it is a required element to support successful businesses. We are convinced that IT security can bene� t from a GRC view through be� er focus and optimized investments.

COMPLIANCE AND IT SECURITY� e most obvious link between IT security and the broad � eld of GRC is the “C” in GRC—compliance. � ere are many regulations that explicitly or implicitly require speci� c actions in the � eld of IT security. While several of the US regulations are more explicit, European

regulations tend to be more implicit, frequently being � lled by formal guidelines for auditors or speci� c practices of auditors.

Data protection and privacy laws are good examples of where IT security is in fact driven by regulatory compliance. Access to speci� c information has to be restricted. And IT security has to take action to ensure that part of regulatory compliance.

But does IT security really know how to do that? To some extent, yes, but many employees in IT security departments are acting without explicit knowledge of the regulatory context of their actions. One might argue that this isn’t relevant as long as they are doing their job, and that it is the responsibility of management to ensure that regulatory compliance is met.

However, given that compliance is enforced by operative people it appears to be a good idea to strengthen the connection of speci� c actions in IT security and compliance requirements. � us, the risk of failure and gaps will be reduced. People know the reason they are doing speci� c things and usually do a be� er job than the ones operating without that context.

RISK AND IT SECURITYCompliance is just one (and, from my perspective, minor) element in the relationship between GRC and IT security. Risk is far more important and—usually implicitly—something that has a� ected IT security since its very beginning. IT security is performed to mitigate risks, nothing else.IT risks are tightly connected to business risks. Every IT risk is associated with a business risk. � at might be cost risks for penalties, lost customer relationships, lost data or recovery. It might be performance risks with respect to the time-to-market, when applications aren’t ready in time. Every IT risk can be easily associated to related business risks. � at’s particularly true for IT security.

On the other hand, not every business

“… focus today should be on using risk

as a key concept and building GRC

strategies.”

GRC AND IT SECURITY ■ ANALYST FEATURE

67

66-68 KuppingerCole.indd 67 10/3/10 14:04:31

IT towards more consistent approaches of information management.

In any case, when applying GRC principles it is a good idea to have an information-centric perspective and to de� ne risk as “information risk” instead of “technology risk”. Information is the value for business, and information is at risk.

RISK AS A KEY CONCEPTActions in IT or information security can be controlled using risk indicators. Risk indicators are metrics that show the level of risk and can be associated with other metrics like the potential business impact—and thus be valued.

On the other hand, knowing risks allows you to identify actions (organizational or technical) to mitigate these risks. Based on the costs of these actions and the valued business impact, decisions can be made.

� e � rst is always about whether it makes sense to mitigate a risk or not. Some risks are too expensive to mitigate or it is just impossible to mitigate them. In fact, that is the same decision when insuring yourself, but based more on facts (the KRIS, the business impact and so on) and felt risks than in personal life. Probably the best example for the limitation of risk mitigation is life insurance. � ey don’t mitigate the risk of dying; they only mitigate the impact on family and relatives. Beyond that basic decision the questions are about how to mitigate risk and what risks to mitigate in what order.

Risk awareness in information security supports the decision making, starting from IT security strategies down to building the speci� c project portfolio. A risk ratio is probably the best criteria to decide about your strategy for information and, as the foundation, IT security.

MULTIPLE LAYERS OF GRCA big threat with all approaches that start partially top-down and partially bo� om-up is to end up with a consistent solution. � ere is always the risk of having several incomplete, incompatible approaches at the end of the day. � at’s even truer with GRC, where we have somewhat inconsistent technical approaches at several layers.

Starting at the top, there is what vendors claim to be “enterprise GRC”, with “enterprise” for “business”. � e term “enterprise GRC” is wrong at least for most of these solutions because they cover only some aspects of the entire GRC topic—mainly some business controls with usually pre� y limited ability to

support automated IT controls. � e la� er are not only

relevant for IT but for business as well—the most relevant information for the business is held in IT systems. However, most of these systems focus on manual controls which are of somewhat limited value—having a risk a� ested a� er the problem occurred isn’t su� cient.

� e layer below might best be described as CCM (Continuous Controls Monitoring), even while there are several other terms used by vendors. Overall this level of GRC is about business-process and business controls mainly, even while some tools might explicitly support IT controls as well.

� e layer below are speci� c GRC tools for speci� c types of business applications, like the ones focussing on access controls in ERP systems or the growing market of tools for Access Governance. But there are several other tools which aren’t commonly understood as part of the GRC landscape.

SIEM (Security Incident and Event Management) and IT Service Management tools (ITSM) are examples of this—tools which support the implementation of speci� c IT controls. � at becomes obvious once you look, for example, at the broad range of controls de� ned in the COBIT standard.

� e lowest level consists of speci� c tools at the system level which, for example, extract speci� c data for the higher level tools.

When focussing on the relationship of GRC and

IT security, the areas of SIEM and Access

Governance are of particular interest. While the notion of risk is part of several Access Governance tools, it is widely missing

in SIEM tools. However, working on

a consistent strategy which, over time,

integrates the di� erent layers of GRC tools de� nitely makes

sense. Interestingly, there is currently only

one vendor who at least started with such integration. � e acquisition of Archer by EMC (the RSA division of EMC) will lead to some integration of an Enterprise GRC tool with SIEM solutions, hopefully complemented over time by other elements of the bigger GRC picture.

FOCUS ON RISK, FOCUS ON GRC ST� TEGIESFrom an IT management perspective, focus today should be on using risk as a key concept and building GRC strategies. IT security is something which is much be� er to manage when looking at it in the context of business risks.

One short term impact will be that decisions about IT security investments can be made on a more solid foundation—and tactical investments (like many of the ones currently done in the DLP or Data Leakage Prevention space) might be reduced.

“IT security is performed to mitigate risks, nothing else.”

ANALYST FEATURE ■ GRC AND IT SECURITY

Martin established KuppingerCole, an independent analyst company, in 2004. As founder and senior partner he provides thought leadership on topics such as Identity and Access Management, Cloud Computing and IT Service Management.

Martin is the author of more than 50 IT-related books, as well as being a widely-read columnist and author of technical articles and reviews in some of the most prestigious IT magazines in Germany, Austria and Switzerland. He is also a well-known speaker and moderator at seminars and congresses.

Martin KuppingerFOUNDER AND SENIOR PARTNERKuppingerCole

68

done in the DLP or Data Leakage Prevention

66-68 KuppingerCole.indd 68 10/3/10 14:04:34

Our award-winning products integrate visual data exploration and interactive dashboards to make BI analytics fast, easy and fun.

Create interactive reporting dashboards with drag and drop ease.

+ Combine different databases into a single view

+ Publish interactive dashboards to the web

+ Link and filter all of the charts simultaneously

+ Create reporting dashboards based on live data

Tableau is changing the way companies are analyzing and sharing their data. Learn more at www.tableausoftware.com/etm

Copyright © 2010 Tableau Software. All rights reserved.

Expect more from your business intelligence dashboards

ETM_Print_Ad_216x280.indd 1 3/8/2010 3:09:19 PMads repdf.indd 4 10/3/10 17:07:35

ASK THE EXPERT ■ ENDPOINT DATA PROTECTION

Safety fi rstSAFEND’S EDY ALMER talks about a fully integrated, single server, single

agent data protection solution and shows ETM’S ALI KLAVER why they are the leaders in endpoint data protection.

h� p://www.GlobalETM.com

70

70-72 Safend.indd 70 10/3/10 14:05:42

ENDPOINT DATA PROTECTION ■ ASK THE EXPERT

AK: EDY, CAN YOU TELL US A LI� LE BIT ABOUT SAFEND’S HISTORY?

EA: Safend is the leader in endpoint data protection. � e company was founded in 2003 and we released our � rst product in 2004, available through retailers globally since 2005. We added Lenovo as a global distributor in 2006, and then we also released the � rst extensions to our anti-hardware key logger protection—anti-network bridging.

Our � rst partners joined in 2006. First of all Websense, then Fujitsu BSC in Japan and another large encryption vendor. In 2008 we added additional common criteria certi� cation for EAL2, and released Safend Encryptor and Safend Reporter. � is was the year we reached the 1000 customer mark, and in 2009 we reached in our 2000 customer mark.

Right now we’re close to 2.5 million installed endpoints. � is year we also released Safend Inspector. Today we are 65 people strong, our MD is mostly in Israel, and we have a global presence both in Europe and the US.

AK: IT SOUNDS LIKE YOU’VE GOT SOME REALLY STEADY GROWTH THERE WHICH IS FANTASTIC.

EA: We’ve been growing very nicely and have been recognized by Deloi� e in Israel as the seventh fastest growing company. We’ve grown 1700% in the past � ve years and we’re doing very well on the European lists as well. Our growth is primarily in the UK and Germany, Italy, France and elsewhere in Europe.

AK: CAN YOU RUN US THROUGH THE TYPES OF SOLUTIONS YOU PROVIDE AND GIVE SOME EXAMPLES OF HOW THEY’VE WORKED FOR YOUR CUSTOMERS?

EA: All of our solutions are part of one single product, run by a single management server, with a single endpoint installation. Anything we do is enabled by license only and doesn’t require any additional management beyond initial deployment.

Our � rst product is Safend Protector. Safend Protector is port and device control. It controls which devices can be connected to which computer for which users. � e product is very granular and it allows you to have complex policies that would allow the people who need to connect these devices to connect them, while blocking those that don’t from leaking sensitive data.

� is is a product that instantly gives you a big leap in your level of security because it limits both the number of devices and the number of people/computers that can access sensitive data in the � rst place.

To augment that, we can encrypt the level of storage you are using inside your organization. So not only will it limit the number of devices that are being connected, it can also enforce their being encrypted. Even if you’re transferring sensitive data to a device, you make sure it is either encrypted by us, or pre-encrypted in hardware, and we allow only those devices.

� e same is true also for encrypted CDs and DVDs. � is is a feature that’s very popular with our helpdesk customers who need to distribute test results to their stations. We give them an encrypted CD/DVD that is created on the spot, and even when it leaves the premises and is no longer their responsibility, it’s still protected.

In addition, we have wireless control on Protector and hardware key

logger protection. � e second component of the suite is Safend Encryptor. Whereas

Safend Protector encrypts the external and removable storage devices, Encryptor enforces encryption on the internal drive. � is is primarily used for laptops to ensure that if the laptop is lost the data on it is still protected, so the risk is now limited to the cost of the laptop.

Safend Encryptor is di� erent from most other products because it doesn’t require any change in the way the organization works, not for the helpdesk, and not for the end user. Everything is completely transparent while still being very easy to use, and the encryption is industry standard.

Our third and newest component of the three, released recently, is Safend Inspector. Safend Inspector basically rounds up our suite and a lot of the data from all aspects on the endpoint.

Inspector does data classi� cation—not just decisions based on user, machine and device, but the actual data content. You can stipulate that no customer data is to go out the organization in any way except if it’s sent by email to a known partner, or even to a known distribution inside the organization. � is is transferred to a maximum of 100 customers at a time to

a USB because a sales person may need it on the road. We’re controlling all of those channels—email, IM and web. We’re controlling transfer to external storage and

printers. As a corollary to that, we have Safend

Discoverer. Safend Discoverer relies on everything that Inspector knows how to do, but is for data tracking. Inspector controls data being actively transferred or used by an application.

Safend Discoverer can scan the entire drive for each and every endpoint in the

organization and come back with a map of all the sensitive data. � is will allow you to

do a very thorough, up-to-date risk assessment without investing a lot of e� ort. And this will allow

you to be� er decide what steps you need to take to protect your data.

AK: THAT’S AN AMAZING � NGE OF SOLUTIONS EXTENDING ACROSS A VARIOUS INDUSTRIES, BUT HOW DOES SAFEND COMPARE WITH THE OTHER DATA LEA� GE SOLUTION PROVIDERS OUT THERE? WHAT WOULD YOU SAY IS THE SAFEND POINT OF DIFFERENCE?

EA: Our main point of di� erence is the fact that we developed all of the components in-house and they’re working together, tightly integrated. For example, we can de� ne a policy that would say if the removable storage that’s connected to your computer is encrypted, you are allowed to transfer to it—let’s say a hundred records of customer data. If it’s not encrypted, we’ll allow you to transfer one record at most, which would probably be your own or another person’s, and that’s a risk we’re willing to accept. Any other device we do not provide you with as an organization is completely blocked.

� is kind of integration between the encryption or device control and content inspection is unique to us because we’re the only product that has all those components under one roof and one policy.

Our product has been recognized as best-of-breed at point product as well, not just as a whole � eet. Safend Encryptor, for example, won a best-buy from SC Magazine this year, competing against the largest in the business. Safend Protector has been recognized as a leading product both on functionality and ease-of-use, and we expect Inspector to be recognized in a

“… we developed all of the

components in-house and they’re working

together, tightly integrated.”

71

70-72 Safend.indd 71 10/3/10 14:05:45

similar way.For an end user, the ability to quickly deploy

Encryptor and Protector so they reduce risk in a short time, and then adding on Inspector without any additional deployment and only � ne-tuning the policies in the process, is a unique o� ering that none of the other players in the industry can mimic.

AK: SO SAFEND SOLUTIONS ARE MANAGED BY ONE SYSTEM WHICH ONLY MAKES IT EASIER FOR YOUR CUSTOMERS. LET’S BE A BIT MORE SPECIFIC—HOW WOULD YOU COUNSEL THOSE COMPANIES LOOKING AT COMPLY-ING TO HIPAA OR SOX REGULATIONS, FOR EXAMPLE, BUT THEY’RE NOT QUITE SURE WHERE TO START? WHAT WOULD BE THE BEST SOLUTION FOR THEM?

EA: � ere are more than just those regulations today. Protecting customer data, employer data and credit card data is a form of concern across the US, Western Europe and Japan. And it’s now extending beyond that as well.

South Africa has a legislation in process as a preparation this summer for the large number of visitors they’re going to get for the World Cup. Australia has some nice legislation going on, and the awareness around personal data is rising everywhere.

� e number of very high pro� le cases, such as HMRC and MBTA, went well beyond just security and IT press to global coverage because of the importance and the severity of losing this type of data. So people are using our solutions to comply with PCI and to make sure that credit card data is protected. But they’re also using it for a large number of local, state and federal regulations that have been springing up in response to this threat.

� e UK’s Data Protection Act has speci� c directives for local councils called the GSCX (GovernmentConnect). � e US has legislation in 46 of the 50 states dictating the protection of customer data, or else you have to step up and tell those customers every time you lose their data.

When you look at laptop the� , it’s not a question of accepting the probability that this will happen. � is is something that invariably, if you allowed deregulation, happens once a month if not once a week if you’re a very large organization.

Similarly, emails sent by mistake to the wrong address, or somebody being over-zealous and taking work home on their removable USB device, are all breaching compliance for various regulations.

If you’re encrypting that data, and you’re making reasonable e� orts to protect it when compared to your peers in the industry, then you’re considered to be in compliance with them. You don’t have to step up and announce a breach which is a very, very expensive process.

Our solution ensures that you don’t have to do that, even if somebody loses a backup tape or laptop, or if someone accidentally tries to send an email with an excel � le that has customer data in it.

AK: YOU’VE USED SOME VERY SPECIFIC AND DAY-TO-DAY EX-AMPLES. I’M SURE A LOT OF OUR CUSTOMERS ARE SEEING AND EXPERIENCING THE SAME THINGS IN THEIR BUSINESS LIVES. FOR OUR FINAL QUESTION, WHERE DOES SAFEND SEE END-

POINT SECURITY GOING, AND HOW ARE YOU POSITIONING YOURSELF TO HELP PROTECT COMPANIES IN THE FUTURE?

EA: As I said before, when we’re looking at regulations, and the compliance requirements in many

vertical industries and for many di� erent governments in the world, the awareness is there.

When we started � ve years ago our toughest problem was to explain why people and organizations needed to solve a problem in the � rst place. Maybe a laptop will be lost, maybe it won’t. If it is lost, who knows whether the person who stole it is actually interested in the data? � ey could

only be interested in selling the hardware. All of this made it very hard to quantify how important data

protection was. I think that we’ve come a very long way in the past

� ve years, and now when we reach out to organizations they understand very well the importance of protecting data.

So this is a place where we see a lot of adoption, and the bulk of the curve is now moving into adopting data protection which means

they’re not leaking data where they shouldn’t be. Going forward, we have just rounded up all the di� erent components

of our suite and we expect 2010 to be an execution year. We will grow even faster than the 60-70% rate we’ve had to date, because this is a year when everything turns together.

� e product is now fully ready for the market, and we’ve been working with our customers for the past � ve years and adding those components on request. � e requirements are there, the awareness is there, and we’re expecting this market to grow at a tremendous rate.

If we’re looking beyond 2010, we’re expecting to continue to add additional components and possibly integrate beyond the endpoint so that we extend our range and make sure we’re protecting the data not just inside the organization; not just with its partners which we can do today; but all the way down to the individual consumer. � is is one of the areas where we expect to see additional things coming from Safend.

ASK THE EXPERT ■ ENDPOINT DATA PROTECTION

“… the bulk of the curve is now moving

into adopting data protection which means they’re not leaking data

where they shouldn’t be.”

Prior to joining Safend, Edy managed the Encryption and Endpoint DLP products in the Endpoint Security Group at Symantec. He managed the memory cards product line at M-Systems prior to its acquisition by Sandisk and previously drove the launch of several � agship projects at Orange, Israel’s fastest growing cellular operator, resulting in 100,000 new 3G customers one year a� er launch.

As the CTO of Partner Future Comm, Edy charted the strategy for potential venture capital recipient companies. He holds a Bachelor’s degree in Electrical Engineering from Technion, and an MBA from Tel Aviv University.

Edy Almer VICE PRESIDENT OF PRODUCT MARKETINGSafend

72

the way down to the individual consumer. � is is one of the areas where we

70-72 Safend.indd 72 10/3/10 14:05:49

ads repdf.indd 4 10/3/10 17:09:13

EXECUTIVE PANEL ■ SECURITY INFORMATION AND EVENT MANAGEMENT

SIEM— Spiralling Out

DEREK BRINK (ABERDEEN GROUP) moderates a panel discussion on security information and event management and addresses the main issues in the market with the help of TOM TURNER (Q1 LABS), PAUL STAMP (RSA, THE SECURITY DIVISION OF EMC) and RICK CACCIA (ARCSIGHT)

h� p://www.GlobalETM.com

74

74-80 SIEM.indd 74 10/3/10 14:07:00

DB: I’D LIKE TO BEGIN WITH A QUICK OBSERVATION FROM MY OWN RESEARCH AT ABERDEEN. WE CONDUCT BENCHMARK RESEARCH, AND IN THIS PARTICULAR AREA ABOUT HOW ENTERPRISES ARE LEVE� GING THEIR SECURITY-RELATED LOGS AND INFORMATION IN EVENTS. WHAT WE FOUND WAS THAT ENTERPRISES ARE REALLY DOING THEIR BEST TO ADDRESS THREE THINGS AT A TIME REGARDING THEIR IT INF� STRUCTURE.

THE FIRST THING IS TO ENHANCE THEIR SECURITY. THE SECOND IS TO ACHIEVE AND SUSTAIN REGULATORY COMPLIANCE. AND THE THIRD THING, IF THEY CAN GET TO IT, IS TO TRY AND IMPROVE THE EFFICIENCY AND THE COST-EFFECTIVENESS OF THEIR ONGOING OPE� TIONS. SO THERE’S THE SECURITY ELEMENT, THE COMPLIANCE ELEMENT, AND THEN THE OPE� TION ELEMENT.

ANYONE WHO DOES A QUICK REVIEW OF YOUR RESPECTIVE WEBSITES, GENTLEMEN, WOULD SEE THAT YOUR COMPANIES ARE IN PRE� Y SOLID AGREEMENT WITH THESE USE CASES AND YET, AT THE SAME TIME, I THINK EACH OF YOU HAS A DIFFERENT TAKE AND SEES THE MARKET IN YOUR OWN UNIQUE WAY.

AS I INVITE EACH OF YOU TO MAKE SOME INTRODUCTORY REMARKS OF YOUR OWN, PLEASE ALSO INCLUDE YOUR THOUGHTS ABOUT HOW YOUR COMPANY SEES THE EVOLUTION OF USES CASES, THAT IS THESE THREE, PLUS WHAT ELSE? LET’S BEGIN WITH RICK CACCIA FROM ARCSIGHT.

RC: I think these use cases make a lot of sense, and we certainly see them in the customer base.

First, I think security is de� nitely a big concern and that’s both in traditional network security scenarios, hackers, worms and so on, and also in new scenarios such as data breaches from fraud, bots, social engineering, and the� from malicious insiders.

Second, it’s hard to separate security and compliance—they’re two sides of the same coin. You can improve security to comply with regulations protecting data and transactions, and then in turn by demonstrating compliance, you’ve likely taken steps to improve your data security. We de� nitely see that these are linked and have created products to help customers.

Finally, one thing we hear from customers very o� en is that the threat and the risk landscape is growing faster than our department, head count and budget. Given that the only way to keep up is to dramatically improve operational e� ciency, as you indicate in your survey, the only way to do that is automation.

We see a world of new security threats piling on top of old ones, new regulations piling on top of old regulations, and customers looking to manage that with a set of products to automate security, data protection, user monitoring, risk management and compliance reporting.

We believe that security is one area where it pays to have the very best, and it’s basically pointless to have anything other than the best. So if you can’t see and manage a risk, what’s the point of spending the money?

From ArcSight’s perspective, we focus therefore only on threat and risk monitoring in its di� erent forms.

PS: I think those three use cases are certainly bang on. But rather than

expanding the use cases, I feel like customers are ge� ing savvier about what they want and need from their solutions in each of these places.

If you think about achieving security, achieving compliance and improving e� ciency—they’re goals, and they’re enabled by a set of processes that you’re pu� ing in place. I think customers are coming to the conclusion that these goals are made more e� cient by technology, and SIEM is just one of those.

So there are three things to look at. First, I think people are coming to the conclusion that SIEM is a fact-base for these sets of processes. Any of the programmes they have in place around enhancing security, compliance or e� ciency should be able to exist without SIEM.

Second, they’re starting to see that SIEM needs to be fed by other elements of the IT infrastructure, but those elements need to be fed as well. Whether that be IT service management—EMC has a product, there’s Peregrine, and BMC Remedy—whether it be compliance management—RSA just made an acquisition of Archer in this � eld—or whether it just be internal ticketing systems for those processes that can be dealt with within the small con� nes of the team. We’re really looking to see if SIEM is able to

feed those other processes. � ird is that people are beginning to need the ability to incorporate content that is relevant to addressing the

needs of each of those use cases. For example, on the security side, we work very closely with our Anti-

Fraud Command Centre in Herzliya, Israel. We also work closely with other parts

of EMC, for example VMware, around the operational and security aspects of virtualization, and in Ionix with the wider aspects of IT service management.

I think rather than looking at widening those use cases, it’s more a case of a concentration on

the process aspect of them that we’re seeing as the real change.

DB: THANK YOU PAUL, AND IN BOTH CASES WE’VE HEARD THE EXAMPLE OF F� UD WHICH IS

SOMETHING THAT WE’RE HEARING NOW THAT PERHAPS WE DIDN’T HEAR 12 TO 24 MONTHS AGO.

� : Yes, I think the three buckets have been accurately identi� ed here—security, compliance and operational e� ciency. I also think there’s an evolution in those very big buckets.

If you look at security, we see across our customer base much greater sensitivity and concern about being a “target of choice” as opposed to previously being a “target of opportunity”. � at’s exactly the fraud use case—the ability to monitor the activities of your users or consultants.

We have a large retail chain whose problem statement was that they had a very large consultant group that they wanted to be able to monitor. � ey were concerned about being a target of choice.

Now, I think this point has probably already been made, but there’s a growing understanding by all customers that compliance can’t just be solved by logging and reporting in and of itself.

Compliance is very tightly twinned to security, and there are very concrete examples of this such as in the energy and utility market where the NERC standard demands greater sophistication around the ability to discover assets on your network and pro� le, and to be able to monitor the protocols that are traversing the network.

Utility and energy companies facing the NERC requirements are equally concerned about their role as part of the critical infrastructure as they are about meeting an auditor’s requirements.

SECURITY INFORMATION AND EVENT MANAGEMENT ■ EXECUTIVE PANEL

“... you’ve got to be able to aim for

what you want your organization to look

like.”

75

74-80 SIEM.indd 75 10/3/10 14:07:04

EXECUTIVE PANEL ■ SECURITY INFORMATION AND EVENT MANAGEMENT

Operational e� ciency used to be neatly bucket-ized as something a mid-market company would care about. Large companies demand intelligence, complexity and � exibility, and in the past have been prepared to sacri� ce e� cient operations in order to get the � rst two. But the reality is that the largest organizations in the world need operationally e� cient security operations, and now demand technologies that are e� cient to implement.

To give another customer example, we have a large auditing and consulting � rm whose services arm will go out and do implementations and recommend � rst generation SIEM technologies because of all the high-dollar services associated with them. But that consulting company and their worldwide SOC for incident management uses our technology, because their requirement is to be able to do worldwide incident response without adding additional head counts.

So those are the buckets, and I think we see the evolution of use cases in those as customers become more concerned about being a target of choice than a target of opportunity, and they demand an e� cient response.

DB: IN SOME WAYS WE’VE TALKED ABOUT EVOLUTION IN ALL THREE BUCKETS—THERE’S EVOLUTION IN SECURITY IN TERMS OF RISK AND THREATS, AND F� UD CAME UP IN EACH ONE OF YOUR COMMENTS. THEN THERE IS THE CONSTANT CHANGE IN THE REGULATORY LANDSCAPE AND THE NEED, I GUESS PARTLY DRIVEN BY COST MEASURES AND THE ECONOMY, TO GET MORE VALUE OUT OF THESE RESOURCES THAT WE HAVE IN LIMITED QUANTITIES. SO THE EFFICIENCY ASPECT CAME THROUGH LOUD AND CLEAR.

MY SECOND QUESTION IS ABOUT THE LIFECYCLE ASPECT OF INFORMATION AND EVENT MANAGEMENT. IT’S T� DITIONAL TO USE A KIND OF LIFECYCLE MODEL TO DESCRIBE THESE THINGS FROM C� DLE TO G� VE, AND IN THIS CASE IT GOES FROM THE INITIAL IDENTIFICATION AND INTEG� TION OF DIFFERENT DATA SOURCES—THE FEEDING OF THE SIEM THAT I THINK PAUL MENTIONED—TO THE MANAGEMENT OF THE COLLECTED DATA, AND FINALLY THE INTERPRETATION.

I THINK WE’RE ALL AGREED ON THE MOST IMPORTANT THING WHICH IS TAKING SOME KIND OF ACTION ON THE IMPORTANT DATA, LEARNING, REPORTING, PRIORITIZING, AND FEEDING THE OTHER SYSTEMS IN THE ENTERPRISE.

SO MY FIRST QUESTION WAS REALLY ABOUT TAKING ACTION USE CASES, AND I WANT TO ASK ABOUT HOW WELL YOU ALL APPROACH THE IDENTIFICATION, INTEG� TION AND THE SOURCES OF THE DATA THAT YOU MIGHT DIFFERENTIATE YOUR OFFERINGS BY. TOM, COULD WE BEGIN WITH YOU FROM Q1 LABS FOR THE FIRST COMMENT?

� : I think that in order to be able to satisfy those use cases we must all be very good at the integration of a customer’s data sources, which change all the time. I normally break it into two main areas of focus.

� e � rst part is the more traditional log sources, and there is a constant need to respond to customers who want to be able to integrate new and

diverse logging sources into a security intelligence platform. It isn’t just the ability to integrate, they also need as much of this automated as possible.

For example, we have a retail customer who’s got 50,000 devices going into our product. � e need to be able to recognize and start to normalize those sources automatically is pre� y critical because manual associations wouldn’t satisfy them.

� e second part is broader surveillance data, because that’s really what enables being able to satisfy some of these more discriminatory use cases.

In addition to logs and host data, we see customers increasingly asking for: intelligent use of their vulnerability information from their vulnerability scanners; visibility into the network and its behavior, and what applications are doing in areas of the network that lack security devices to provide visibility or have hosts that they are unable to log from.

Add onto that third party intelligence feeds—the collective security intelligence that exists out there—whether it’s geographical information

about IP address ranges, lists of black IP’s or other threatening subnets, should become part of pre-built content that’s of

value to a lot of our customers. � ink of how someone monitors a 911 network

or a 4G wireless cell phone network—it’s a combination of a variety of things; knowledge of the individual; hosts within that network; the control towers; the servers and call managers that enable that infrastructure to run; the ability to bring in the security telemetry that protects that network, and also the network

information itself about how hosts within the network are behaving.

We spend a lot of time making sure that we do the traditional logging well for customers because

that will always be one of the core values of a SIEM technology to the customer. But then we need to address

how we can supplement that with much broader surveillance to provide a more intelligent response to these use cases we talked about earlier.

RC: I think Tom’s point about things changing is a good one. And I think that because of it, identi� cation and integration are two great ways of looking at the problem.

In practice, identi� cation comes in phases and what we’ve seen is that in the � rst phase the customers know what kind of data sources they want to pull in, and then it’s really just a ma� er of having the connectors for these sources. If they do—great, let’s get moving. � en you do the project and the customer can do their basic monitoring and everyone is happy.

� e bigger problems start to arise in the follow-on phases—the customers monitoring their Cisco � rewalls, their Linux servers and their Windows desktops. � en management says OK, phase two, now we want to pull in our customer order processing apps. We want to pull in the DLP logs from Symantec or McAfee—di� erent vendors than you maybe bought the SIEM from.

We want to pull in the badge reader logs into the data centre, we want to pull in users from oracle identity management, and now suddenly you’ve got a di� erent set of feeds, not quite in the mainstream, and then you’ve got an integration problem.

We believe that the ability to collect from those follow-on rings, the second, third and fourth rings of data sources, without requiring vendor engineering to get involved, is a key di� erentiator.

One of the biggest complaints we hear when we replace a competitor’s product is: “� e other guys quoted me four to six weeks and they needed

“There is actually

an analogy here between the business

intelligence market and what we would call the

security intelligence market.”

76

74-80 SIEM.indd 76 10/3/10 14:07:06

25+ years in the business.

34,000+ customers in over 50 countries.

Ranked #1 out of 100 vendors(CIO Insight, 12/08).

For an enduring solution to your enterprise security and compliance needs:

Find security in RSA.

www.rsa.com

©2009-2010 RSA Security Inc. All rights reserved. RSA and the RSA logo are either registered trademarks or trademarks of RSA Security Inc. in the United States and other countries. EMC is a registered trademark of EMC Corporation in the United States and other countries.

Security Information and Event Management | Data Loss Prevention | Identity & Access Management

ETM_full_page:Layout 1 1/11/2010 9:47 AM Page 1

ads repdf.indd 4 10/3/10 17:10:28

EXECUTIVE PANEL ■ SECURITY INFORMATION AND EVENT MANAGEMENT

engineering to get involved to get the next three data connectors built.”� e way we look at it from an ArcSight perspective is that we don’t

know what the hot security device is going to be in a year, but we know you’re probably going to want to monitor it. And so as you’re looking at these problems you be� er pick an architecture that lets you pull in these new sources easily. I think sometimes the inability to look at that causes customers to trip up down the road.

PS: When you talk about identi� cation you’ve really got to see that knowledge is key. Common infrastructure, as Rick said, are the second and third layer of things that you want to incorporate into your SIEM.

You also need knowledge of your own organization and the ability to adapt what you’ve got, or to create new things that are speci� c to your organization. I think it’s absolutely true that you do need to be able to customize this to the organization’s requirements, but it’s still key to have that inbuilt knowledge.

One thing that we believe is that there’s been far too much reverse engineering in this space so far. � at was � ne when there were dozens of things that you needed to monitor, but now there are many hundreds of di� erent event sources that we need to monitor. We as an industry do need to keep up with that—we can’t expect the customer to have to do it themselves and to deal with it when those di� erent infrastructure components change.

� at’s why we’ve been pu� ing in place a partner project which is akin to the RSA Secured programme which really is the big di� erentiator in the token market. It’s not so much that our tokens are be� er than anybody else’s, but the real di� erentiator is what our tokens work with.

We’ve got to put in place a much more sustainable programme; from being able to talk to these di� erent people that you’re going to collect information from, and to be able to make sure that when they update we’re right with them, we’re in lockstep with them, and we’re not ages behind. And that’s di� cult to do.

� e second thing is that customers still need a lot of guidance—and not just in navigating the product, pulling in information and interpreting it—but guidance on what they actually need to look for. � ey need relevant, timely content.

We’ve got a research team that’s based out in Herzliya, Israel, that’s part of our Anti-Fraud Command Centre that I was talking about earlier, who are involved on the front line of security research, and are then being able to feed us rules, watchlists, mappings between vulnerabilities, and di� erent things they’re seeing on their network. We’re able to feed those into rules that are able to be put into our product.

So, it’s � rst of all being able to get in that information and being able to interpret it, but also being able to give the customer that guidance as to what to actually look for. And I think that’s really where we think di� erentiation is going to occur going forward.

DB: ONE OF THE CORNERSTONES OF THE BENCHMARKING STYLE OF RESEARCH THAT ABERDEEN USES IS THAT WE’VE LOOKED NOT ONLY AT THE TECHNOLOGIES, BUT AT THE ST� TEGIES AND THE CAPABILITIES THAT COMPANIES HAVE TO HAVE IN PLACE TO HELP THEM BE SUCCESSFUL.

WE’VE ALL HEARD IT SAID A HUNDRED TIMES—PEOPLE, PROCESS AND TECHNOLOGY—AND THAT’S WHAT I’M TALKING ABOUT HERE. EVERY STUDY I DO I CAN SHOW YOU TWO DIFFERENT USERS OF THE SAME SOLUTION FROM THE SAME VENDOR, AND ONE OF THOSE WILL BE AMONG THE LEADING PERFORMERS, AND ANOTHER ONE WILL BE AMONG THE LAGGARDS.

SO MY THIRD QUESTION IS REALLY ABOUT THIS VERY IMPORTANT ISSUE OF NON-TECHNOLOGY CAPABILITIES AND SUCCESS FACTORS, IF YOU WILL, THAT YOU WOULD IDENTIFY FOR OUR LISTENERS—ESPECIALLY THE THINGS THAT THEY MIGHT WANT TO HAVE IN PLACE EVEN BEFORE THEY GET INTO THE TECHNOLOGY PURCHASE DECISION WITH YOUR COMPANIES. LET’S PUT THIS ONE FIRST TO PAUL STAMP FROM RSA.

PS: When you talk about people, process and technology, I think there’s a big reason why technology is last in that li� le triumvirate.

First of all, from a people perspective, you need to know where you want your programme to be and where you want your roles and goals to be.

Derek joined Aberdeen Group as a senior high-tech executive experienced in strategy development and execution, corporate/business development and product management/product marketing. Prior to Aberdeen, Derek’s industry experience includes postions with RSA (now a division of EMC), Gradient Technologies (new Entegrity) and Transarc (a subsidiary of IBM).

Derek earned an MBA with honors from the Harvard Business School and a BS in Applied Mathematics with highest honors from the Rochester Institute of Technology.

Derek Brink - ModeratorVICE PRESIDENT AND RESEARCH FELLOW, IT SECURITYAberdeen Group

Rick Caccia is a vice president in the products group at ArcSight, a leader in the SIEM industry with clients in all aspects of the federal and state government. Rick has spent over � � een years designing, implementing and managing security and identity infrastructure so� ware.

Earlier in his career, Rick led product management at Oblix, an identity management leader, and was later Senior Director of Product Management at Oracle. Prior to ArcSight, he led product management for the Messaging and Web Security business unit at Symantec.

Rick CacciaVICE PRESIDENT OF PRODUCT MARKETINGArcSight

78

74-80 SIEM.indd 78 10/3/10 14:07:07

SECURITY INFORMATION AND EVENT MANAGEMENT ■ EXECUTIVE PANEL

It’s unlikely that you’re ever going to be able to get there before you start making the technology decisions, but you’ve got to be able to aim for what you want your organization to look like.

An executive sponsor would be nice, but you realize that that’s not necessarily going to always be the case. When you’ve got this “roles and goals” kind of approach in place then you’re able to sta� this appropriately, whether it’s to be able to put the right resources to maintain the infrastructure—some products have more moving parts than others—there’s a certain amount of e� ort involved there.

� ere’s a kind of business rule maintenance; the ports, event sources, and rule sets that are more SIEM-speci� c, but as you put a SIEM in place you are going to spot more policy violations and threats that are inherent in your infrastructure, so you have to be able to sta� towards those.

But in order to do that you need the right set of skeleton processes de� ned around your threat management—what do we do when Microso� issues a new bulletin with 1500 critical security vulnerabilities? What do we do when we spot something on our network that we really don’t like to see? What do we do when the auditor � nds something that they don’t like? What do we do when we’ve created these reports out of our systems and we need to distribute them to the di� erent people to get them reviewed and alerted?

As we said, you should be able to take your SIEM out of the equation. Your SIEM is just simply the fact base that feeds those processes. But you have to have at least an idea of what those processes are going to be before you really put your technology in place.

If you have those roles and goals sorted out, if you have those processes put in place, then I think you should be set to go to put in the right technology.

� : I actually don’t disagree with anything that Paul just brought up. If you think about the things that should go into the preference and awareness stage before a customer starts to go out and think about buying a product, I think Paul has highlighted the process part of it very interestingly.

� is is a big enough market now where being able to talk to people in your industry, with the challenge you have, should be an important part of your diligence. � ose of you that have been in technology long enough

know that vendors have become very good at running very tight proof of concepts that don’t always meet the true goal of your project.

A protection against this is the information that can be found from the trusted parties you already rely on—your reseller partners, analyst � rms, even on LinkedIn. � at’s a key thing that I think people should do more of.

One thing that perhaps Paul didn’t touch on was that ultimately you’ve got to have agreement between the people who evaluate the product, and those who end up being the eventual users. I o� en see that as a disconnect in customer scenarios where the evaluation team isn’t actually going to be the operational team for the SIEM, and that’s some upfront work that can be done before you even start to think about vendors.

� ere’s also the diligence that goes into looking at a solution, beyond needing to run an evaluation as you would use the product in your network, which is ensuring that your manufacturer of choice supports you. What is the professional services engagement going to look like? What do other users say about the support capability of the vendor in question? � ese are all the things that ultimately can help as upfront work to lead to a much more satisfactory choice.

Ultimately there is the time to value. Once you embark on a SIEM project your head is up above the fox-hole in terms of making the project successful. I think that’s very good upfront work you can do that’s not even tied to vendor selection in any way, shape or form.

RC: I think the success factor question is an easy one. I think the biggest success factor is understanding what you want to do, when you want to do it, and then having a clear plan to get there.

I know that sounds a bit like a truism, and kind of hokey, but you’d be surprised how o� en we encounter new customers who either try to do everything at once, with no good idea of how to use the data they’re integrating, or else they just want to do some monitoring, and then they can’t show a lot of value to management. So I think the point is to understand where your big impact comes from.

Maybe the � rst step is to make sure you can detect bots, if you’re a bank. Maybe the second step is monitoring your admins to protect your con� dential data. Perhaps then your third step needs feeds from badge readers or video cameras if you’re in a di� erent industry.

Paul is responsible for reinforcing RSA’s position as a market leader in the Security Information and Event Management space. Paul has been active in the information security industry for the past 11 years and is regularly featured in the media.

Prior to joining RSA, Paul was Principal Analyst for Forrester Research, covering security information and event management and data security, and a security architect with Unisys Corporation. Paul holds an MA (Oxon) in Mathematics from Oxford University.

Paul StampSENIOR MANAGER OF PRODUCT MARKETING, INFORMATION AND EVENT MANAGEMENT GROUPRSA, � e Security Division of EMC

As Senior Vice President of Marketing and Channels, Tom is responsible for all product management e� orts, demand-generation programs and channel marketing initiatives at Q1 Labs.

Prior to joining Q1 Labs he served as director of marketing for endpoint security at Cisco Systems where he helped elevate the company to number two in the host-based, IDS/IDP market. Tom holds a Bachelor’s degree in English and Spanish from the University of Newcastle-Upon-Tyne, United Kingdom.

Tom TurnerSENIOR VICE PRESIDENT MARKETING AND CHANNELSQ1 Labs

79

74-80 SIEM.indd 79 10/3/10 14:07:09

EXECUTIVE PANEL ■ SECURITY INFORMATION AND EVENT MANAGEMENT

So you � gure out what you want to protect, then which types of rules help you do the detection you need, which data sources are needed to feed those rules, and then you � gure out if you do it all at once or in phases, and if it is in phases, what is in each phase. And this isn’t rocket science.

ArcSight did over $150 million in SIEM sales last year, and we have most of the Fortune 500 as customers. And nearly half of our new revenue each quarter comes from existing customers buying more.

We learned in that process that helping those customers make the most of what they’ve spent and how to get more and more leverage from what they’ve already bought is the key to success. And I think as Tom and Paul also mentioned, you don’t just dump a bunch of technology on someone and say: “Go � gure it out, good luck to you”.

DB: I AGREE WITH THE COMMENTS THAT YOU ALL MADE, AND WE FIND THAT IT’S VERY CRITICAL FOR THE ULTIMATE SUCCESS OF THESE PROJECTS TO DO THE KIND OF THINGS THAT YOU’RE TALKING ABOUT.

WE’VE COME TO THE LAST CHANCE FOR THE PANELLISTS TO MAKE SOME BRIEF CLOSING REMARKS. I’D JUST LIKE TO ASK YOU TO TALK ABOUT WHAT YOU SEE FOR THE SECURITY INFORMATION AND EVENT MANAGEMENT MARKET GOING FORWARD IN THE NEXT 12 TO 24 MONTHS. LET’S BEGIN WITH RICK CACCIA FROM ARCSIGHT.

RC: We see two trends happening. First, I think log management will expand and be seen as an enterprise-wide function, and you’re going to see log architectures span the whole organization, not just in security, another one in IT, and so forth. We think log management will be seen as a fundamental piece of enterprise architecture.

Second, the basic user cases that were done � ve years ago will remain, but the big steps now are being taken around expanded scenarios—privileges of monitoring, data privacy and protection, fraud detection—I think we all mentioned fraud detection. New cu� ing-edge malware detection, catching new zero-day a� acks and so forth are also there.

I think customers will � gure out how risky these areas really are and they’re going to demand new solutions to address them, so we expect SIEM to be seen as something broader, something along the lines of enterprise level risk and threat management, and not just network security.

� : � is is a vibrant market. It’s growing fast and it represents a demand that customers have to hit those three big buckets we talked about at the beginning. Certainly we as a company have added over 500 customers last year using our product.

I think where SIEM goes from a technology or a solutions standpoint is that it is more than just network security monitoring—ultimately it’s an aggregation platform for intelligence.

� ere is actually an analogy here between the business intelligence market and what we would call the security intelligence market. � e change in the threat landscape, and the increasing requirement from a much broader set of customers to get intelligence, integration and automation (which honestly used to be the preserve of the top 500 companies in the world), are going to drive that convergence.

We think that SIEM’s have always done a good job at responding post-incident, and now SIEM’s will start to look at what can be done prior to the incident. So there is de� nitely a convergence between event monitoring and incidence response and risk management that will be occurring in the market.

PS: Whereas I don’t disagree with Rick and Tom, I think there are a

couple of things that need to happen before we really get to the much more expanded use cases.

First of all, the existing data that we’re collecting has to be able to integrate into our strategic processes more e� ectively � rst. We have to incorporate the business relevance of the information that we’re collecting.

� at’s less of a technology problem, but an easier way to be able to map the reports you need to run and why, what the regulations are, the policies, and the business objectives that are impacted by running the report.

In order to make those determinations, the algorithms, the � elds, and so on already exist within the products—it’s just that there needs to be much more of a closed loop process. For example, from a risk perspective, being able to incorporate the results of your business continuity planning process, or to be able to feed your compliance management processes more e� ectively.

I think that that’s where we need to go right now, so then we can start to get the appropriate investment to make these technology purchases to take us to that next level.

One of the big reasons why we went into the GRC marketplace is to help us to do that—to really take the manual process management of the stu� that our products spit out, to actually make them relevant to the business, rather than just trying to spit out more.

80

74-80 SIEM.indd 80 10/3/10 14:07:11

WP052609C

Next-Generation SIEM Solution

www.Q1Labs.com

890 Winter Street | Suite 230 | Waltham, MA 02451 USA | 781-250-5800

C

M

Y

CM

MY

CY

CMY

K

ETM_Full_Page.pdf 1 1/25/2010 10:04:20 AM

ads repdf.indd 4 10/3/10 17:12:23

82

Events and features 2010ETM is focusing on: BI, GRC and Security

EVENTS AND FEATURES ■ 2010

IRM UK DATA GOVERNANCE CONFERENCE EUROPE 2010DATES:19 – 21 April 2010LOCATION: London, UKURL: h� p://www.irmuk.co.uk/dg2010

eCOMM AMERICA 2010DATES:19 – 21 April 2010LOCATION: Burlingame, CAURL: h� p://america.ecomm.ec/2010

RFID WORLD ASIA 2010DATES: 19 – 23 April 2010LOCATION: SingaporeURL: www.terrapinn.com/2010/r� d

TELECOM WORLD CONGRESS 2010DATES: 20 – 22 April 2010LOCATION: Amsterdam, NetherlandsURL: www.terrapinn.com/2010/twc

INTEROP LAS VEGASDATES: 25 – 29 April 2010LOCATION: Las Vegas, USAURL: h� p://www.interop.com/lasvegas

FRONT END OF INNOVATION CONFERENCE (FEI 2010)DATES: 3 – 5 May 2010LOCATION: Boston, MAURL: www.iirusa.com/feiusa

BIO INTERNATIONAL CONVENTIONDATES: 3 – 6 May 2010LOCATION: Chicago, ILURL: www.convention.bio.org

TDWI WORLD CONFERENCEDATES: 9 – 14 May 2010LOCATION: Chicago, ILURL: www.tdwi.org/Education/Conferences/index.aspx

UX Lx: USER EXPERIENCE CONFERENCEDATES: 12 – 14 May 2010LOCATON: Lisbon, PortugalURL: www.ux-lx.com/speakers.html

GARTNER ENTERPRISE ARCHITECTURE SUMMITDATES: 17 – 18 May 2010LOCATON: London, UKURL: www.gartner.com/it/page.jsp?id=1219217

MIT SLOAN CIO SYMPOSIUMDATE:19 May 2010 LOCATON: Cambridge, MAURL: www.mitcio.com

GARTNER SOURCING SUMMITDATES: 30 May – 1 June 2010LOCATON: Tokyo, JapanURL: www.gartner.com/it/page.jsp?id=1267919

GARTNER PPM AND IT GOVERNANCE SUMMIT DATES: 7 – 9 June 2010LOCATON: Orlando, FLURL: www.gartner.com/it/page.jsp?id=1216519

INTEROP TOKYO DATES: 7 – 11 June 2010LOCATON: Tokyo, JapanURL: www.interop.com

GARTNER OUTSOURCING SUMMIT 2010 - LATIN AMERICADATES: 8 – 9 June 2010LOCATON: Sao Paulo, BrazilURL: www.gartner.com/it/page.jsp?id=1188515

GARNTER SOA AND APPLICATION DEVELOPMENT AND INTEG� TION SUMMITDATES: 14 – 15 June 2010LOCATON: London, UKURL: www.gartner.com/it/page.jsp?id=1128412

GARTNER IT INF� STRUCTURE, OPE� TIONS AND MANAGEMENT SUMMITDATES: 14 – 16 June 2010LOCATON: Orlando, FLURL: www.gartner.com/it/page.jsp?id=1219216

CODE GENE� TION CONFERENCE 2010DATES: 16 – 18 June 2010LOCATON: Cambridge, UKURL: www.codegeneration.net/cg2010

ENTERPRISE ARCHITECTURE CONFERENCE EUROPE (EAC 2010)DATES: 16 – 18 June 2010LOCATON: London, UKURL: www.irmuk.co.uk/eac2010

GARTNER SECURITY AND RISK MANAGEMENT SUMMITDATES: 21 – 23 June 2010LOCATON: Washington, DCURL: www.gartner.com/it/page.jsp?id=1180650

2ND ANNUAL CLOUD COMPUTING WORLD FORUMDATES: 29 June– 1 July 2010LOCATON: : London, UKURL: www.cloudwf.com

GARTNER APPLICATION AND ARCHITECTURE SUMMITDATES: 12 – 13 July 2010LOCATON: Tokyo, JapanURL: www.gartner.com/it/page.jsp?id=1267916

GARTNER BUSINESS INTELLIGENCE AND INFORMATION MANAGEMENT SUMMITDATE: 14 July 2010LOCATON: Tokyo, JapanURL: www.gartner.com/it/page.jsp?id=1267917

TDWI WORLD CONFERENCEDATES: 15 – 20 August 2010LOCATON: San Diego, CAURL: www.tdwi.org/Education/Conferences/index.aspx

Interested in contributing?

If you’re an analyst, consultant or an independent and would like to contribute a vendor-neutral piece to future issues of ETM, please contact the managing editor: Ali Klaver: aklaver@enterpriseimi.com.

82 events.indd 82 10/3/10 11:42:05

ads repdf.indd 4 10/3/10 17:14:13