The Bloor Perspective: Governance checklist, back-up for utility computing and Nauticus

By common consent, regulatory compliance will be an important application area for 2004. As can be expected at this early stage in the hype cycle, there are two schools of thought about what this means to the IT department.

The first considers IT governance to comprise the tasks of managing IT plans and resources in activities such as portfolio management, service management, architecture control and so on. These activities allow IT management to plan, execute, measure and manage IT strategies, to keep them aligned with the business and to minimise the programme risks.

The second definition of IT governance describes how the IT function supports organisation governance. In the words of colleague Bob McDowall: "IT governance relates to the way in which information technologies are organised and managed to support the 'corporate governance' standards of the corporation."

These activities include the management of high quality business reporting processes and the secure storage and assured retrieval of high quality data and unstructured documents. Organisations planning governance applications need to distinguish clearly between these two definitions of IT governance and develop solutions accordingly.

The three important management activities in internal IT governance are planning, information and control. The planning activity creates a programme of the IT projects and services that are aligned to the business, the information activity measures and monitors the progress of the programme and the control activity provides the organisations structures needed to address problems with the programmes.

Organisations seeking to establish IT governance in the second definition of the term, namely in support of corporate governance, must develop an IT capability to manage and control key processes and important documents. Organisations will need to define compliance-reporting processes, document them and ensure that staff consistently use them. Change control is as important for these processes as it is for the documents, as processes that change arbitrarily cannot be satisfactorily audited.

Organisations will need to maintain detailed records of the activities carried out by compliance processes. This means that key reporting documents have to be identified, classified and captured. These documents will need to be stored in unchangeable form for the required legal period, retrieved quickly and easily and discarded according to well-defined rules when they are no longer needed.

Although many process tool vendors are jumping on the bandwagon of providing regulatory compliance solutions, vendors with the best opportunity appear to be those who are in the enterprise content management space.

Although software vendors and consultancies offer a variety of solutions to support this second definition of IT governance, organisations will have to expend the bulk of their effort improving their core management processes rather than applying a quick technology fix.

*Bye-bye tape…*

Bloor Research recently visited a back-up and disaster recovery, outsourcing company called Live Vault. There were two interesting points that the company had to offer, beyond the fact that it offers a quick to install service.

The first is that the cost equation is just about ready to squash the use of tapes for back-up. We've heard this form other sources too, so suspect it is true. The problem with tapes is that many of them fail. The statistics seem to suggest that in well-managed data centres the failure rate of tapes is in the region of 20 per cent, while in less centralised environments the failure rate is more likely to be 50 per cent.

It is easy to understand why data centres get a lower failure rate. They probably buy more reliable media and they also probably test the media. However, we’re not sure we believe the figures - at least not on an individual tape basis. It would suggest that any back-up that involved more than five tapes would be likely to fail no matter what the site was. However we can believe that in a given percentage of back-ups there are tapes that have failed.

Anyway, to some extent it doesn't matter. The situation is that disk is fast becoming a better back-up option from the point of view of cost and outsourced back-up is also looking like a good business area because if the service provider has enough customers, economies of scale kick in.

It seems that at the most the cost equation for this service favours mid-sized organisations that do not have sophisticated IT departments. The larger companies tend to have some kind of full-blown disaster recovery capability which is likely to be well organised and likely to achieve significant economies of scale. But as the cost of disk continues to fall and the availability and the cost of bandwidth falls too, an outsourced back-up service becomes more compelling.

This trend is interesting in respect of the move to utility computing. As with all such changes in infrastructure policy, utility computing is destined to happen by increments. First one thing, then another, until outsourcing becomes the preferred solution for most problems. It is becoming a well-established trend and it will alter the face of the computing - probably taking root first among mid-sized businesses.

*Coverging on Nauticus*

IT industry giant Sun Microsystems has announced its plans to acquire Nauticus Networks. Sun positions the purchase of the privately held company as strengthening its ability to provide solutions that advance the unification of compute and network services. Sun believes that such convergence will allow organisations to better manage the overall throughput of their computing environments while supporting the development of new network services.

So what exactly will Nauticus be bringing to Sun? The company supplies hardware-accelerated security and application services to support the deployment of web-enabled computing. Targeted principally at large enterprise networks and IT outsourcers the tools work with web applications that require end-to-end security coupled with performance optimisation.

The core technology goes beyond packet-level inspection and analyses the actual application data transiting the switch. In this way organisations can enhance their Attack Protection, mitigate against denial of service attacks and employ URL and application-level filtering with load balancing. The switches operate at layers four to seven and make use of Secure Socket Layer (SSL) acceleration.

On the face of it the acquisition fits well with Sun's well established, and recently re-energised, network computing/thin client systems. If Sun succeeds in closing the acquisition and if the company can manage the integration process, there is plenty of scope for attractive new offerings to be created.