Survivor's Guide to 2005: Business Applications

Process Is King

That means automating these processes both inside and outside the enterprise. The data center challenges will be familiar--deploying software to support these initiatives--but implementation will also require interacting with your colleagues on the business side of the cubicles.

BPM (business process management) and its cousin, BAM (business activity monitoring), will be important next year. BPM automates the processes; BAM provides a view into a process. Shipment tracking, for example, illustrates how BAM can be layered atop a strong BPM implementation. BPM lets the data flow from one system to another--as when a customer enters an order over the Web and that order gets routed to an order-fulfillment system, which reduces the stock to reflect the order. The order then gets routed to a system that schedules actual shipment of the package. BAM, meanwhile, tells a customer-service representative exactly where the package is at any given time during the shipment cycle, making it easier to resolve problems.

BPM requires you to become intimately familiar with your organization's business processes. If you're lucky, you'll be able to streamline those processes during implementation as well (does Sue really need to see that PO twice?), making the transition, as well as subsequent BAM initiatives, go more smoothly. A well-oiled BPM initiative can boost operational efficiency and customer satisfaction--priorities on any CIO's list.

Since it's nearly impossible to provide the monitoring capabilities without a process in place, BPM and BAM continue to converge. Nearly every BPM vendor has a complementary BAM solution, such as Microsoft's BizTalk 2004 and Tibco's OpsFactor and BusinessFactor products. BAM is about "right-time" access to data, but not necessarily real time. Right time means access at the time the user actually needs it. The ability to analyze and act on sales data in minutes or even hours is a huge business edge.

On Governance and Supply Chains

Governance may be a scary-sounding word, but it's simply a process for ensuring that IT objectives align with business strategy. Implementing governance isn't easy: Most of the available tools, such as balanced scorecards, change management and portfolio management, come as part of a suite of tools for IT project and portfolio management, including those from Artemis International, Niku, PacificEdge and Troux.Expect to hear the term governance thrown around a lot next year, and be prepared to implement a product that supports and manages governance initiatives. Executives and board-level types typically use these tools, but as always, it's up to IT to implement the infrastructure to support these apps.

Rounding out the process-oriented initiatives for 2005 is supply-chain management. SCM is all about connecting the dots from the warehouse to the channel. Because it requires the participation of dozens, if not hundreds, of external entities, SCM implementations will be fraught with integration woes. An SOA initiative is one approach used to minimize integration hassles, but it's no panacea.

RFID (radio frequency identification) is perhaps the most recognizable technology in the SCM game today, with software developers like Manhattan Associates, SAP, Sun Microsystems, Tibco and WebMethods having already jumped into the RFID middleware arena. But while some consider RFID ideal for handling the granular tracking of goods through the supply chain, others are skeptical. Consumer advocates, for example, worry that RFID's ability to track goods from the corporate data center into consumer's homes could invade privacy. Security is another concern: Once an RFID-tagged item enters the wild, just who can read the information stored on it? But with the big-name software vendors on board, and IBM, Microsoft and Oracle possibly releasing RFID middleware next year, RFID implementations could pick up steam in 2005.

An entire software market has emerged with a single goal in mind: to assist organizations in complying with myriad regulations. Two years ago, it was the Health Insurance Portability and Accountability Act (HIPAA); today it's Sarbanes-Oxley (SOX) and California's 1386 (CA1386) initiative. The PATRIOT Act still quietly holds sway over customer lists and interactions within the finance and trade industries. SOX and CA1386 have moved to the forefront of compliance-driven initiatives and will continue to be a hot button throughout 2005.

It isn't just about relational databases, though by nature they become the focal point of compliance-based projects. E-mail and IM (instant messaging) are also being targeted, especially in those organizations where they're commonly used to conduct business. You'll need to do detailed logging here in case the auditors come digging for records--SOX requires that every change and access to financial data, for example, be logged, and in some cases the entire SQL statement as well. That's a heavy burden on the enterprise, since sometimes it means modifying custom applications or agents/plug-ins for databases.To ease that burden, technology for logging and archiving corporate communications is rapidly evolving. Implementing products like IMScribe and MessageRite will likely be on your to-do list next year.

Filtering traffic is the next step toward regulatory compliance. You already filter for malicious content coming from the outside, but what about from within? Because disgruntled or misguided employees can easily leak confidential information, you'll need to find an automated solution, such as Vidius PortAuthority or Vontu Protect. That beats plugging the holes yourself, as if the firewall were a leaky dike in some Dutch fairy tale.

You've Got (Bad) Mail

Although e-mail remains a vital business tool, it's also becoming a source of serious business headaches as spam impedes productivity and drives up hardware expenditures. Luckily, there are some strong spam-filtering products available, such as Barracuda Spam Firewall, BorderWare MXtreme Mail Firewall Appliance and Vircom ModusGate.More recently, phishing and spoofing have highlighted some security concerns inherent in SMTP. Help is on the way: Microsoft has integrated its SenderID with SPF (Sender Policy Framework, developed by Meng Wong of Pobox.com); and Yahoo is promoting DomainKeys (antispam.yahoo.com/domainkeys), the only other proposal with widespread traction at this time. It will be a few years before we get the full benefit of these technologies--they first need to get through the standards process, and the hundreds of thousands of insecure SMTP mail servers in operation today must be updated. For now, find a good antispam product and keep your eye on these new mail security initiatives in the works.

SOA What?

Integration is still an issue, but Web services are slowly but surely circumventing the need for specialized EAI (enterprise application integration) tools. Four in 10 Web services developers say Web services "absolutely" or "probably" diminish the need for EAI tools, according to a recent survey by Evans Data Corp. And EAI platform providers such as IBM, Tibco and WebMethods appear to agree, as their platforms last year added support for Web services as a method of integration.

Most enterprises have multiple disconnected islands of Web services, partly because of the SOAP interfaces in enterprise-class applications such as PeopleSoft, SAP and Siebel. These easily accessible data sources have raised security concerns. Security will be an even bigger challenge in 2005 as organizations try to get a handle on these services as well as those that support other initiatives, such as integration with trading partners and distributors.

Web services are catching on at midsize companies. A recent Yankee Group study found that among surveyed companies with 1,000 to 1,999 employees, 59 percent plan to deploy Web services in 12 months (see "At Your Service," at right).Standards for security and reliability, meanwhile, are popping up faster than lawsuits over business process patents. Standards such as OASIS' WSDM (Web Services Distributed Management), WS-Policy, WS-ReliableMessaging and WS-Trust are all poised to solve the business problem of cross-domain communication over Web services--with interoperability among platforms. These service silos will converge in the next year, though, as tools enabling SOBA (service-oriented business applications) emerge. These tools will provide a cut-and-paste mechanism for developers to build business applications from disparate services.

The other big change with SOA is the move toward asynchronous Web services. Synchronous, or request/ reply-based services, have been the primary method of SOA implementation thus far. But as process-oriented projects move to the forefront of IT's responsibilities in the next year, you'll need asynchronous services to support them. A request to HR for vacation time, or to IT for a new laptop, for example, doesn't typically get an instantaneous response. Asynchronous services would add a quick reply of "We have your request" to the process while the request goes through the proper channels.

While many tools for automating your H2H and B2B processes will be at your fingertips next year, keep in mind that the most important part of automating those processes and integrating enterprise apps is communicating with your business units. You can't get increased productivity and optimized business processes unless IT and the business side work together.

Lori MacVittie is a Network Computing senior technology editor working in our Green Bay, Wis., labs. Write to her at [email protected].

Business Applications

1. I understand the impact of regulations on IT and have a clear plan to achieve compliance.

2. We've implemented a business process management system.

3. We have a strong supply-chain-management initiative in place.

4. We have a plan in place to combat spam.