Latest news on the Fedlet

Posted at 01:50PM Apr 24, 2008 by Mark Herring in Application Infrastructure  |  Comments[0]  |  | |

CIO Priorities 2008

I was reading Larry Dignan's blog on ZDNet this morning and the found the discussion on what Business are expecting from their IT really interesting.

This really mirrors what I have been hearing from our customers around cutting costs, but at the same time attracting and retaining customers. Quite a tough act to follow since fixing business processes, and attracting and retaining customers probably are on the "increase cost" side of the equation. So then how do these CIO's reduce cost?

Speaking to our customers they are looking at Sun to create disruptive technologies that allow them to reduce costs while providing increased functionality -- one tough requirement to follow. We continually innovate to make this requirement a reality. Consider Java Enterprise System -- where we take a complete pre-integrated middleware stack and price it on a per-employee basis -- yes, no machines to count, sockets to count, etc. -- Disruption of pricing models. Or consider our GlassFish Application Server -- where we provide a complete Java EE application server that is freely deployable.

So if you like the CIO's cited in Gartner's study are trying to reduce costs but gain and retain new customers, I recommend you consider Sun's portfolio.

Posted at 08:32AM Apr 10, 2008 by Mark Herring in Application Infrastructure  |  Comments[0]  |  | |

Stop Treating Your Customer as Sibel!

I have just had quite a fight with my financial institution who did not think it appropriate to contact me to tell me my stock sale had not been completed as I had requested. The customer service representative didn't know that I had other dealing with the bank and treated me, I suppose like they do with all new customers, with a high degree of "who cares!" and told me that it must be my mistake. I escalated to the management and when they realized that I had other dealing with them -- mortgage, investment, savings, etc. they were suddenly all apologetic and refunded me the difference between what the stock was sold incorrectly for and what it should have been sold for. Maybe in the initial rep had known all my relationships they would have done a better job at making me happy

Straight after this episode, I was standing in line at a security gate at my local airport where they allow frequent flyers from one particular airline the ability to bypass the security line. Again I was astonished that this airport didn't see my business across multiple airlines important to them, the fact that I travel almost weekly didn't seem to matter, but because I wasn't on some super-elite status of a particular airline I was relegated to the "standard line."

These although trivial examples brought home to me the business need for a single view of the customer. Harrods had exactly this problem until they implemented Java CAPS. Now they can view their customer as one.

Not seeing the customer as one entity sometimes have dire consequences. There has been much written about drug interactions and patients dying because the doctor and the pharmacist didn't know about other medications that the patient was on. I am glad there is a solution to this as well, and Cleveland Clinic is a great example of an organization who had implemented a technological solution to address these needs.

I urge you all to consider making your customer happier by ensuring you see one 1 customer -- not the 24 isolated interactions you currently have. If you need help, check out the white paper on what we can do to help.

Posted at 07:00AM Apr 08, 2008 by Mark Herring in Application Infrastructure  |  Comments[0]  |  | |

Accenture and Sun Unveil New Solutions for Enterprise-Wide Security

If you have not read the news, better read it now!

Sun has partnered with Accenture to develop pre-built solutions that make it easier and less costly for businesses and governments to protect their information systems from growing security threats. Built using Sun's identity management and service-oriented architecture (SOA) technologies, these solutions help provide stronger security, improve compliance and risk management, and offer a simplified deployment method to speed implementations, and reduce cost and complexity.

If you want more details listen to his great podcast on the topic.

-Mark
 

Posted at 05:00AM Apr 02, 2008 by Mark Herring in Application Infrastructure  |  Comments[0]  |  | |

Obama Passport Breach

I was reading the news yesterday and this morning on the case of certain contractors accessing Obama's passport records and the firing of certain individuals involved. What was really interesting to me, as we consider the case as it has been reported, is that the individuals involved had the correct access levels to get this information. So in technical parlance they had been authenticated to the system, they were authorized to access passport records, but it was a business policy that was violated -- no data access for non-official business. 

I wonder how many businesses have not even considered this a potential risk and compliance issue? The good news is that with Sun identity offerings and our latest product Sun Role Manager we can help customers address these needs.

 Update: Now it seems that it is all candidates... I wonder what else these contractors were doing? Mmmm...

-Mark

Posted at 09:36AM Mar 21, 2008 by Mark Herring in Application Infrastructure  |  Comments[0]  |  | |

Solving Real Business Needs

I have spent the last few weeks traveling the country speaking to customers, prospects, and industry analysts.  Discussing the trends they are seeing, what they are doing, and the problems they are facing.

What was amazing about this was a consistent theme I hear from all of them -- "How do I expand my reach while mitigating my risk?"

What is Reach and why do companies care?

Most companies are trying to reach out to more customers, partners, markets, and gain opportunities. They are looking at ways of expanding their relationships with their suppliers and their entire value chain.

Consider the following examples:

• The Government of Norway has undertaken an amazing project to enable their 4.5 million citizens to seamlessly access over 200 services over the web.
• Or consider the Cleveland Clinic where they provide their 2.6 million patients access to their 2,000 service providers and provide authenticated access to prescription data for the thousands of retailers that might dispense this medication.

These are not isolated examples, but rather a growing trend where businesses seek competitive advantage by extending their reach.

The other side of REACH.. .RISK!

Unfortunately expanding the reach can have a nasty side effect, expanded risk. These two trends or business forces, reach and risk are in opposition to one another.  Consider "Zero-Reach" systems such as those dramatized in the movie Mission Impossible, where Ethan Hunt has to break into a physically secure location to access a machine. Almost no reach and very low risk.  This is in contrast to the opposite end of the spectrum.  The Internet where there is almost infinite reach, but
almost infinite risk.  The business reality is that most customer facing applications live in this infinite reach/infinite risk arena.

One cannot stop risk, but the goal of any organization it to balance these forces of risk and reach to an acceptable level.  Every organization, or potentially every system in every organization has to
consider the balance and determine what makes business sense.

"Only those who dare to fail greatly can ever achieve greatly." -- Robert F. Kennedy

This difficult balancing act isn't easy, consider the billions of dollars lost by Jerome Kerviel from Societe Generale. Arguably they gave Jerome too much reach!

It seems that one cannot read the news without hearing about the effects of this reach/risk:

• Banks failing to manage IT risk study
  A new survey by Ernst & Young has found that the majority of global banks are failing to align IT risk management practices within more general enterprise and operational risk frameworks.
  http://www.finextra.com/fullstory.asp?id=18159
  
• Top Banks Named in New Identity Theft Study
  Report Examines Incidents at Major U.S. Financial Institutions.Shockwaves rumbled through the US banking industry this week with the release of a new report estimating the annual incidents of Identity Theft associated with the nation's top banks.
  http://www.bankinfosecurity.com/articles.php?art_id=724&rf=022908

Just like investing money, there is no silver bullet or optimal balance around these forces, instead businesses need to determine their "Risk/Reach tolerance level". Most organizations are forced to have a minimal risk/reach ratio by government and SEC requirements like Sarbanes-Oxley. 

How does Sun help?

Sun's Software Infrastructure products and solutions are designed to help with this careful balancing act.

Consider General Electric. GE has a reach of over 300,000 employees and contractors that need access to a wide variety of telecommunication assets. Naturally this pool of people are in a constant state of flux and this creates business and financial risk. GE needed a way to ensure automated provisioning and perhaps more importantly automated de-provisioning of users access as users joined and left the company. Sun's Identity Manager was deployed  to manage the risk/reach ratio by creating a system that automated the provisioning and de-provisioning of users. This helped GE reduce risk posed by terminated and contingent workers accessing email and application accounts.

We welcome the opportunity to help you solve your specific risk/reach tolerance issues and encourage you to look at our recently announced acquisition of Vaau to see how we are extending our portfolio to help you solve these issues.

Posted at 06:00AM Mar 17, 2008 by Mark Herring in Application Infrastructure  |  Comments[0]  |  | |

Customers...

I have just returned after spending 3 fantastic days at our Customer Advisory Council, in Florida. Let me start by saying how humbled I was that very senior executives would take 3 days out of their excruciating schedule to be away from family and their jobs to meet with us. Thanks just doesn't do justice to the gratitude and respect we at Sun have for these invaluable customers.

We covered a lot in these 3 days, from product roadmaps and tactical plans to strategic directions and portfolio gaps. We had some really frank discussions that cannot be captured in this blog, but I thought it might be interesting to discuss the trends I saw at this meeting...

• Open Source -- Every customer is committed to open source, not because of any religious zeal, but rather that this is the way that adoption occurs. They see, like Sun does, that open source is a means to an end. By open sourcing products it increases their adoption by users, partners and perhaps more significantly for this audience by service providers that will be doing more and more coding. It really is about building a robust and thriving community that will increase adoption and knowledge of the product. For the customer this is key to them finding resources that know and can use the product.

• Paying for Open Source -- every customer at the CAC without exception wanted to pay for the open source offering for support. Not for simple "brake-fix" support, but for patch support and indemnification. They saw Sun standing behind the product and being there 24x7 to help them with any problem they had as a huge value add.   This was additional proof that the open source strategy that we at Sun have embarked upon is the winning strategy. Those vendors who ignore the open source trend will be left behind polishing that proverbial proprietary apple till it is rotten inside.
• Offshore Development -- another interested trend. Most of the customers used offshore development for coding. They either used Sun's, another service provider or their own skilled resources as architects for their product, but they used or wanted to use "cheaper" resources for coding.
• Information Risk Management -- every customer had either already deployed or where in the process of deploying an identity solution. The acquisition that we just did of Vaau was particularly interesting on how that bolsters Sun's leadership position in the Governance Risk and Compliance Arena.
• Consolidation -- most of the customers were in the process of consolidating data centers to simplify operations and reduce costs. Sun's new xVM strategy was very interesting since it allows not just consolidation but increased utilization.
• Service Oriented Architecture -- All customers had embarked down a SOA route, but few viewed this as a technology issue. They really viewed it as a new way of development (or perhaps a new discipline that created reusable services) The hype of SOA had not influenced their development, indeed some of them had not even implemented an Enterprise Service Bus (like OpenESB) but were ensuring that point to point SOA integration occurred. Others had gone further down the SOA route, but only when there was distinct business benefit.
• Buying Stacks not Point Products -- Another interesting trend that again validates Sun's strategy is that most of these customers were sold on Sun's products to fix a particular problem, be it Single Sign-on, Identity Management, Single Customer View and the like, but they bought into Sun's application infrastructure they purchased Java Enterprise System (JES). The JES model and philosophy of simple pricing, the sum is greater than the parts, and complete stack is what made the deal.
• Vendor Assessment=Replacement! -- Some vendors go into their customers and make them spend endless hours and resources documenting where software is being used and how many licenses they are bough. They are really like vultures hoping that they can extract a few more dollars from their customer base. Luckily at Sun we don't do this, and it was this exact practice that inspired the JES model of simple subscription pricing. What was enlightening is that as soon as a vendor starts this assessment the customer looks for ways to replace them. Why waste time with a "vulture vendor"

There was much more that we learned from this invaluable event, but unfortunately a lot of it cannot be shared on a public blog, but rest assured that the advice and direction given will find it into our products and our strategy... Thanks again to our customers for giving us the opportunity to listen.

Posted at 04:00AM Mar 11, 2008 by Mark Herring in Application Infrastructure  |  Comments[3]  |  | |