tag:blogger.com,1999:blog-76419282024-03-16T17:53:42.691-04:00The Grey LinesPractical Observations, Discussions and Random Musings on Computing.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.comBlogger299125tag:blogger.com,1999:blog-7641928.post-34940371852074684992016-12-26T15:22:00.000-05:002016-12-26T15:22:28.208-05:00The Curious Case of the MarblesI haven't penned a blog post in a few years but the coming wave of change in the way software is developed, run and managed warranted a few thoughts. The article linked below cover's some of the impact of open source software on traditional
software vendors in this case Oracle but limiting the scope to Oracle would not be prudent. The article is a year old but still applies and I would argue the acceleration which appears on the surface to be fast is actually faster in reality.<br />
<div>
<br />
Article on Oracle's eroding sales - <a href="http://www.bloomberg.com/news/articles/2015-06-11/oracle-sales-eroded-as-startups-embrace-souped-up-free-software" target="_blank">Oracle Sales</a></div>
<div>
<br />
I
like this quote I found on Simon Wardley's<span style="background-color: white; color: #6a6a6a; font-family: "arial" , sans-serif; font-size: x-small; font-weight: bold;"> </span><a href="http://blog.gardeviance.org/2013/01/intertia.html" target="_blank">Bits or pieces?</a> (A great article on Inertia by the way) using an analogy to explain the
impact of exponential growth and the illusion of the time it takes to
reach critical mass. <br />
<br /></div>
<div>
<div style="text-align: justify;">
<blockquote class="tr_bq">
"To explain this, I’ll use an analogy from a good friend of mine, Tony
Fish. Consider a big hall that can contain a million marbles. If we
start with one marble and double the number of marbles each second, then
the entire hall will be filled in 20 seconds. At 19 seconds, the hall
will be half full. At 15 seconds only 3% of the hall, a small corner
will be full.<br />
Despite 15 seconds having passed, only a small corner of the hall is
full and we could be forgiven for thinking we have plenty more time to
go, certainly vastly more than the fifteen seconds it has taken to fill
the small corner. We haven’t. We’ve got five seconds."</blockquote>
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br /></div>
</div>
We
don't really know all the variables to the equation we are playing with
here so the exact time frame is a guess but the outcome is not. It's reasonable to
say that the erosion is going to continue for legacy vendors and we may be just around the corner from critical mass. It makes it quite challenging for corporate IT departments to select the right partners/vendors/providers
along the way while at the same time constructing applications in a way that does not inhibit the ability to stay nimble.<br />
<br />
It may sound a bit gloomy for the traditional players and it is. It gets worse. The public cloud combined with open source, containers and new architectural patterns, things like Microservices, have given rise to a whole new set of tools, platforms, vendors and partners. A natural evolutionary pattern albeit at a brisk pace. But there's a problem with this evolution, it's not going to last even a fraction of the time the traditional vendors enjoyed, remember the marbles? The next new wave? It's Serverless.<br />
<br />
A good treatment of Serverless can be found here by Mike Roberts - <a href="http://martinfowler.com/articles/serverless.html" target="_blank">Serverless</a>. An interesting item about this article is the date is was published - 04 August 2016. It article points out several issues with the current state of Serverless with the current major player, AWS. Within two and half months AWS released new features for it's Lambda service that addressed several of the major drawbacks mentioned in the article. Does that mean Serverless is ready to take over all of your workloads? No not yet, but it's getting really close. Remember the marbles.<br />
<br />
So what does it all mean? What are some take aways for corporate IT? <br />
<br />
First forget about all the cloud acronyms like IaaS, PaaS, SaaS and more recent FaaS. They are meaningless now in this new journey. The public cloud provided by AWS, Azure and GCP are the platforms and those platforms are rapidly evolving to Serverless. <br />
<br />
Second, there is still plenty of room and growth potential for third parties to play in that space with value added enhancements and capabilities. But for corporate IT the selection of those must be done with some care. Are they open? If not how are they licensed? What kind of eco-system/community is around them? How often do they release and can they reasonably match pace with the big three? Do their releases introduce lots of breaking changes? Are their releases major or minor surgery to implement? Is there a shared vision?<br />
<br />
Third, corporate IT is not going to shrink because of the public cloud but it's going to have to go through some retooling in people. Corporate demands on capability are increasing and the pace is picking up so having the right skill sets in place will be critical to success.<br />
<br />
Fourth, be pragmatic. Data centers and legacy vendors are not going away entirely. There will be data centers and legacy vendors in some shape and form for the foreseeable future. That's going to create some strain on corporate IT as it has to live in two different worlds for a good while. A strategy for dealing with that will be absolutely critical for success. There is no one size fits all solution for corporate IT so be a bit wary on that one.<br />
<br />
An exciting time to be in corporate IT where delivering business capability is just a limit of imagination but also realizing change is afoot in both skills and organization as the way software is developed, run and managed.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com3tag:blogger.com,1999:blog-7641928.post-447436600160023042013-12-15T10:00:00.000-05:002013-12-15T10:04:41.487-05:00Application Security: An Afterthought for Most Organizations<!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:DontVertAlignCellWithSp/>
<w:DontBreakConstrainedForcedTables/>
<w:DontVertAlignInTxbx/>
<w:Word11KerningPairs/>
<w:CachedColBalance/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><br />
<!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
<div class="MsoNormal">
My comment on this article from <a href="http://www.infosecurity-magazine.com/view/34222/the-ponemon-institute-most-organizations-are-woefully-behind-in-application-security-/#!" target="_blank">Infosecurity - The PonemonInstitute: Most Organziations are Woefully Behind in Application Security</a> <span style="mso-spacerun: yes;"> </span>was too long for LinkedIn where I found the
original link so I stuck it out here.<span style="mso-spacerun: yes;"> </span>A relevant and I think fairly accurate assessment
when it comes to corporate IT application developers and security
practices.<span style="mso-spacerun: yes;"> </span>A generalization but a lot
application developers are not adequately educated when it comes to application
security practices.<span style="mso-spacerun: yes;"> </span>Security is seen as
a checkpoint item somewhere in the project lifecycle (if at all) versus
integrated into the SDLC.<span style="mso-spacerun: yes;"> </span>Another force
at work is the relationship between the application developer and the security
team.<span style="mso-spacerun: yes;"> </span>It's not always a healthy one
where application developers perceive correctly or not the security team's
mission of just saying no.<span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The other big elephant in the room is that the current security
practices installed in most of the corporate world is the perimeter based
defense approach to security, i.e. firewalls, proxies, dmzs etc.<span style="mso-spacerun: yes;"> </span>This gives the application developer a false
sense of security for their internally hosted applications and as result
internal breaches account for some of the more devastating security breaches.<span style="mso-spacerun: yes;"> </span>It's possible that the emerging thoughts
around zero trust networks will help address this but it's certainly in the
early stages.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
From my viewpoint in the enterprise architecture world I
think seeing security as a strategic enabler versus a defense or checkpoint can
give an organization the ability to innovate at a far faster pace than those
that do not.<span style="mso-spacerun: yes;"> </span>Those that perceive
security as a necessary evil or a drag on their efforts will struggle to keep
up.<span style="mso-spacerun: yes;"> </span>The great challenge of course is elevating security to that strategic enabler role and getting application developers to understand the importance. Again an excellent article and a
must read for CIOs and Enterprise Architects.</div>
Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com8tag:blogger.com,1999:blog-7641928.post-52142328562254858792013-11-03T13:13:00.000-05:002013-11-03T13:17:30.869-05:00Revisiting "The Cloud" and rise of the "uber developer"The past year has seen some rapid advances in cloud computing adoption and advances in offerings. The competition has heated up, Amazon is still the clear leader but Microsoft Azure and Google are starting to make some real noise and have the pocketbooks to do it. Pretty much everyone else is in serious catch up mode and will have some major mind share as well financial obstacles to overcome, not impossible but definitely an uphill climb.<br />
<br />
Most of you at this point, except the vendors in catch-up mode, are probably nodding your heads thinking yes we know this tell us something we don't know. What you may not know or see clearly yet is that the cloud model is giving rise to the concept of the "uber developer". The rest of this post will explore the "uber developer" concept and why it may be the catalyst to your business and technology innovation.<br />
<br />
Forrester released some research back in June looking at the state of public cloud platforms. Here is a <a href="http://www.forrester.com/pimages/rws/reprints/document/86441/oid/1-MNNSJD" target="_blank">link to the article</a> . One key take away from the Forrester article was the classification of the types of developers present in a typical business IT shop. Before we jump into that it is important to understand what a business IT shop is <u>from my perspective</u>. A business IT shop is one found in the typical corporation where technology is not the primary business of the corporation ie not Google, Amazon, Netflix but rather corporations like Sears, Bank of America, American Express etc. <br />
<br />
To paraphrase Forrester's definitions there are existentially three types of developers in corporate IT shops: "coder", "rapid developers", "DevOps pros". Coders are willing to write complex programs but don't want the burden of having to deal with the underlying infrastructure. Rapid developers like all the complexity abstracted away and normally using the declarative GUI's, drag and drop coding if you will. DevOps pros want to write the complex programs but also want complete control of the infrastructure as well. They want all the knobs available to them, very little abstraction. This DevOps pro is what I would classify as the "uber developer".<br />
<br />
It is highly likely and preferable that you have all three types of developers within your organization. Heavily loading up on one type can create an imbalance in your organization's capability to both sustain and to innovate. The rest of this post however will focus on the uber developer, innovation and the cloud. <br />
<br />
The uber developer is not a new concept and have existed since the beginning of the IT. Uber developers are the developers constantly learning new stuff and wanting to learn and in a lot of cases control the entire stack of their applications including infrastructure. It's important to distinguish uber developers from hackers or cowboy coders, uber developers are usually thoughtful and pragmatic about their solutions. Uber developers know a lot about networks, hardware, operating systems,
databases etc. They have an absolute passion about understanding the
entire application stack.<br />
<br />
The majority of the traditional business IT shops don't have a lot of these types of developers for two primary reasons. First, uber developers are attracted to start-ups and technology companies because the willingness to embrace new technology or solutions is high. These types of developers are pragmatic risk takers, they are not afraid to press the button. Second, business IT groups are heavily laden with compliance issues, legacy software, technology debt and extreme bureaucracy. Uber developers and traditional IT business shops go together about as well as matter and anti-matter.<br />
<br />
So what has changed? Why are we seeing the rise of this type of developer starting to exist for more than a brief moment in the traditional IT shop and what does this mean to your organization? The answer is simple, it's the public cloud combined with open source software. All the power and technology of modern IT is now available via a control panel and a credit card to anyone who has the desire and capability to use it. It is the world's largest sandbox in the eyes of the uber developer and it's a match made in heaven. And if you don't have any of these developers the tread marks on your forehead are you competition. Innovation will be driven at the most successful companies by pairing these uber developers with capable business architects.<br />
<br />
How do you know if you have any uber developers? It's pretty simple since these developers have already figured out the power of the cloud. Poll your development group and simply ask, how many of you have a private cloud account(s) with AWS, Google, Azure or other cloud provider? If the answer is zero you are in trouble. If the answer is we really don't know what the cloud is well RIP. Simply having a private account is not the only indicator but it's a good starting point to getting to know what you have. <br />
<br />
The modern IT landscape is changing at a velocity unprecedented in the modern era. This rate of change is not only driving IT to figure itself out, it is also driving the velocity of business change. Business leaders and architects now have information available to them and the ability to disseminate it at the speed of light. The uber developer will be the link that drives innovated solutions that meets the demands of business. The future IT shop will look much different in just a few years with uber developers being the dominate innovation engine and mainstay within the IT shop. <br />
<br />Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com2tag:blogger.com,1999:blog-7641928.post-49472519093426688452012-02-19T09:23:00.000-05:002012-02-19T09:23:52.597-05:00Cloud FUD on MultitenancyA recent blog post from Eric Lai titled <a href="http://www.zdnet.com/blog/sybase/multitenancy-cloud-computing-platforms-four-big-problems/2559" target="_blank">Multitenancy and Cloud Platforms: Four Big Problems</a> (Note: the post also appeared on <a href="http://www.wired.com/cloudline/2012/02/multitenancy-and-cloud-problems" target="_blank">Wired.com as well</a>) had some big problems itself. I wouldn't normally write a blog post on something like this as the entry was an obvious sales pitch for a new Sybase product however...... the article just got a little to much air time. To summarize the article: PaaS vendors have issues with security, globalization/localization, developer productivity and inflexibility. I'll walk through the "Four Big Problems" as presented by Eric and give you the perspective of a corporate IT architect versus a vendor.<br />
<br />
Big Problem #1 - "It's inflexible"<br />
<br />
The example used here mixed up PaaS and SaaS. Google's email system was the target of the inflexible which doesn't allow the user to specify where their data will be stored potentially violating industry or governmental regulations. It also goes on to mention Coke not wanting to store their secret formula within the same instance of a something as Pepsi. PaaS is then brought up as not being flexible enough to handle these situations.<br />
<br />
Google email's system would be an example of a SaaS and not PaaS as implied. Localization of data has absolutely nothing to do with multitenancy. Google's email system is a bad example to use when discussing PaaS because it's not one however for the sake of argument let's just say that localization of data would be an issue in a dedicated hosting scenario as well. Multitenancy does not preclude you from directing where your data will be stored, the geo-locations of your cloud provider may or if you went the dedicated hosting route, same issue.<br />
<br />
By the way Pepsi and Coke both use Azure which is a PaaS offering from Microsoft. I doubt they store their secret formulas there or anywhere else that has network access. Not a multitenancy issue either, just common sense. To sum this up most PaaS providers have regional datacenters across the globe and have extremely flexible ways of directing where your application and data spin up.<br />
<br />
<br />
Big Problem #2 - "It's less secure"<br />
<br />
The big example used here is a common one which is if a hacker manages to get into a multitenant database then all the data is compromised. I would encourage anyone contemplating PaaS solutions to do their due diligence when selecting a provider. Ultimately you and your security folks have to be comfortable with the safeguards put in place by the vendor. But there is a lot of FUD here so let's address some it.<br />
<br />
If you have discussions with the PaaS vendors and compare their security protocols and procedures you will mostly likely find that they are light-years ahead of what you are doing or would be capable of doing. It's really a fairly simple concept, a vendor such as Amazon or Microsoft or Google can afford and do hire the very best security personnel available. It does not mean they are incapable of making mistakes but the odds are with them versus you. Do your homework on this one but you will be impressed and more secure.<br />
<br />
The second thing to keep in mind is that there is more to multitenancy than the article would leave you to believe. There is more separating your data from Pepsi in a multitenant database that a username and password. There are multiple layers of protection to isolate you from the other users in those multitenant environments. Your data is not more or less secure because of multitenancy. PaaS does a lot to help you out and abstract away some of the complexity but it's still up to you to make sure your data is secure and that would be the same for a single isolated hosted instance.<br />
<br />
Big Problem #3 - "It's less powerful"<br />
<br />
This one was a little strange. It really didn't explain why a PaaS would be less powerful than a standalone instance of an application or database other than say Database.com doesn't use standard SQL and Microsoft might not have a datacenter in your region. I think common sense would suggest otherwise. How elastic can your standalone application or database be? How easy is it to deploy your standalone application or database to multiple datacenters/regions around the world taking into account globalization and localization issues without specific version of your application to handle each? Somehow a standalone instance of something wouldn't have scalability issues? Or wouldn't have localization issues?<br />
<br />
<br />
<br />
Big Problem #4 - "It may be more costly"<br />
<br />
ROI is always a tricky one and the point made by the author here is that you may have to rewrite you application to run in a PaaS space. I happen to agree with the author on this one. You have to weigh the benefits versus the cost of any application you do. If the cost benefit does work out ten you have to question the project. This however has absolutely nothing to do with multitenancy.<br />
<br />
To summarize I think the author missed a chance to promote his product with more rational set of arguments. PaaS has some issues but multitenancy isn't really one of them. When comparing a potential cloud solution for an application you are really looking at IaaS, PaaS and SaaS. They all have their benefits and drawbacks. The big one I think the author missed his chance on was the potential vendor lock-in with PaaS which could be a very real issue. IaaS, PaaS and SaaS all have degrees of lock-in but that's the subject of another post.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com10tag:blogger.com,1999:blog-7641928.post-75920172682479837542011-06-28T21:20:00.000-04:002011-06-28T21:20:25.139-04:00The Rise of The CloudThere is an interesting read over at eWeek on<a href="http://ht.ly/5sdM2"> what McDonald's</a> is doing in the cloud. Okay so I know most of you don't think of flexibility and IBM toolsets in the same sentence but that's what the article is about(Just joking IBM, you have very nice tools). I was more interested in this quote in the article from an IT Manager at McDonald's:<br />
<br />
<blockquote>“McDonald’s is a hamburger company; we don’t want to be in the IT business,” Farnum said. “We want to focus on what we do best.</blockquote>What seems to be a simple and obvious statement is not at all what it appears. How many IT managers can walk down the line and directly tie their employees day to day activities with what the company is trying to achieve? How many employees are constantly on thought, what am I doing today to help make better X and sale more X?<br />
<br />
By now some of the more astute of you are trying to figure out the blog title and how it is related to this post. The rise of the cloud has surfaced an ugly truth within some IT departments. There are a fair number of IT employees if not whole departments engaged in simple self preservation in response to the rise of the cloud. The irony in this is that they should be doing just the opposite. You know how Anakin went to the dark side in order to save Padme but that very act is what caused her death, it's just like that.<br />
<br />
The cloud if used correctly can provide the IT department with the tools to be the responsive agile group it's business partner so desperately wants it to be. There are a few basic things one should know before embarking on this journey. I'm not going to cover the hard stuff, you'll have to figure those out for yourself just like I did, have fun.<br />
<br />
-First thing, it's a journey you have to take. If you ignore the cloud you will be consumed by lava and forced into a life on the dark side. Seriously don't let your business users get out ahead of you, they will create a mess and leave you behind in the process.<br />
<br />
-Don't ignore and take for granted your data privacy policies. The big cloud guys are likely to be more secure than you but don't take their word for it. Understand the issues, know what you can and cannot let into the cloud.<br />
<br />
-Don't just try and port your crappy architecture into the cloud. Ha Ha I know you don't have crappy architecture but seriously there are ways of doing stuff in the cloud that will let you take advantage of all that elasticity. Moving your applications/infrastructure to the cloud doesn't relieve you of understanding the architecture, be sure to know what is going on behind the curtain.<br />
<br />
-Don't be afraid, remember fear is the path to the dark side. I took a cloud development class a while back for a certain vendor and was amazed at how many developers would not sign up for the free account. Microsoft's Azure, Amazon, Salesforce (if you want to try some SaaS) all have developer programs that will cost you nothing to next to nothing. Jump in and try it out.<br />
<br />
Get out in front of this and make your IT department the hero of the business and not the slow moving self-preserving Luddite.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com2tag:blogger.com,1999:blog-7641928.post-13430373233899239602011-03-22T19:08:00.000-04:002011-03-22T19:08:19.362-04:00The Cloud ArchitectDavid Linthicum had a very good post over on <a href="http://tinyurl.com/4tv3aq5">InfoWorld about</a> cloud architects versus enterprise architects. I'm summarizing David but in a nutshell the article is about the need for SOA skills to be a cloud architect. While I totally agree with the need for SOA skills in the cloud space, I think cloud architecture may encompass more than one type of architect. <br />
<br />
The uber architect generally just doesn't exist in corporate IT. There generally is a conglomerate of architects that make up the "virtual" uber architect for a corporate IT shop. The cloud really expands on this need because of the different areas of expertise needed in more detail i.e. security, infrastructure and SOA (for sure). Let's also throw in parallel computing for kicks and grins so that we can take advantage of the potential elastic nature of compute nodes. A SOA Architect would have the best chance of having most of the skills in various levels of depth but I think finding all of these in one architect is going to be difficult. SOA itself requires a broad range of skills difficult to find in one person.<br />
<br />
Remember the ICC? Integration Competency Center. I'm seeing a future for the CCC or C3 (Cloud Competency Center). In all seriousness it's going to take several architects to screw in the cloud powered light bulb.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com178tag:blogger.com,1999:blog-7641928.post-8808696221093345002010-12-30T10:12:00.003-05:002010-12-30T18:34:35.930-05:00End-Users Are Getting SmarterWe know that the end-user is getting smarter. The exposure to computing and applications at a very early age is at an all time high. That knowledge brings different expectations.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWu3TpChoiNtM59_Wks8yjh5WqONqHVgIiebCe3SwX8bQNGMMqXpW-68WrKRpH3WwwraOJlPFbNkLlN4zh4UEMJChKd2YuP0LJvjq-Lt0jt0Lg4qzA6egJfZjopsLeLU7oxLsp/s1600/baby-using-laptop-computer.jpg" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="249" width="350" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWu3TpChoiNtM59_Wks8yjh5WqONqHVgIiebCe3SwX8bQNGMMqXpW-68WrKRpH3WwwraOJlPFbNkLlN4zh4UEMJChKd2YuP0LJvjq-Lt0jt0Lg4qzA6egJfZjopsLeLU7oxLsp/s400/baby-using-laptop-computer.jpg" /></a></div><br />
Image by <a href="http://www.free-stockphotos.com" title="Free Photos">Free-StockPhotos.com</a><br />
<br />
The question becomes how does the modern IT shop deal with this? The answer is drum roll please ...... Cloud Computing. Ha just kidding with you. The answer is actually there isn't any one answer.<br />
<br />
The issues facing the modern IT shop due to the increasing intelligence of the average end-user are multifaceted. There are data issues, security issues, interaction issues, privacy issues, usage issues, maintainability issues and the list goes on. Certainly some of the traditional ways of dealing with these issues will still apply but I think new ways of thinking are needed for the "IT Shop" to stay relevant. <br />
<br />
First it's important to understand that we are dealing with evolution and not revolution. The evolution we are discussing is happening but not overnight. This is not a dinosaur extinction event yet. Here are a few thoughts on not only survival but on thriving as an IT community.<br />
<br />
-IT quit using the term "the business". I cringe every time I hear someone in "IT" say "the business" wants this or "the business" needs that. You are the business, start acting like it.<br />
<br />
-End-users aren't dumb, stop treating them that way. Talk to them, listen when they speak and realize you are all in the same boat wanting the same thing.<br />
<br />
-Waterfall is dead, it was hit by an asteroid. Stop trying to use it and move on for Pete's sake.<br />
<br />
-Cloud computing is for real but it's not for everything. Learn how to leverage it for the right things and make sure your end-users aren't leveraging for the wrong things.<br />
<br />
-In a complete contradiction to the above suggestion, you will almost certainly lose control of your data at some point. Figure out how to deal with that eventuality.<br />
<br />
-Social networking is not only not going to go away it's going to get a lot bigger. The key point here is that it really doesn't matter whether you get it or not, the end-users do and they are going to want more of it. Learn to deal with it least you become a target of that asteroid.<br />
<br />
-Security has to move out of the I hate to have to deal with security to being at the forefront of all things. End-users even though smart have to be educated even more on data security.<br />
<br />
-IT Developers, you going to hate this but you are more valuable the less code you write. Learn about SOA, embrace reuse. Learn and use tools that help you achieve this. There are jobs out there for code jockeys but the IT shop generally isn't it anymore.<br />
<br />
The modern end-user is smart and very comfortable with technology. To keep up the "IT Shop" must embrace this.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com4tag:blogger.com,1999:blog-7641928.post-34602155545167489212010-12-21T20:01:00.000-05:002010-12-21T20:01:09.657-05:00Cloud Stuff - Did you get the source code?David Linthicum's <a href="http://tinyurl.com/2w2ndn8">recent post on cloud providers</a> dropping either user sites or applications reminded me of the old vendor source code negotiations. The basic premise is before purchasing a really expensive piece of software you got the vendor to agree to give you the source code in the event they go out of business. This was suppose to alleviate some of the fears of the big check that was about to be written. The vendor goes out of business you still have working software plus the source code(No I don't know what you would do with it). <br />
<br />
The cloud has changed the game. Not only do you not get the source code, the vendor can turn you off in an instance leaving you with no working software at all. As David points out, getting vendors to sign SLAs that help you more than them is pretty tough. This obviously is cause for concern with a lot of IT organizations consider moving applications, services and infrastructure to the cloud. Of course there are tons of ways to mediate all of this and still take advantage of what the cloud has to offer. Things such as SOA, Governance, EA and even the old EAI(Practice not the platform) standby all still apply when designing for the cloud(location independence takes on a more significant role). <br />
<br />
The take home message is get out in front and don't throw good architecture practices out the window because there is something shiny and new out there. The cloud demands your architecture be more sound than ever.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com1tag:blogger.com,1999:blog-7641928.post-11698636026830479452010-11-29T08:31:00.002-05:002010-11-29T08:31:00.754-05:00The Future of IT<a href="http://www.zapthink.com/">ZapThink</a> has an interesting article out on the <a href="http://tinyurl.com/2wmz44h">looming Enterprise App Vendor Crisis</a>. The article is really a continuation of several thoughts that ZapThink has on the state of the IT organization and its role in the modern business world. The overall underlying theme is that IT organizations are undergoing a major change that will result in a substantially different appearance in the next few years.<br />
<br />
The article offer a lot of insightful and rational points in its trek back to 2004 and back to present day. For those of us who work in <a href="http://tinyurl.com/2bb6rfr">"The IT Shop"</a> I think we can see the reality of the predictions in small doses. It's probably a reasonable assumption to make that most understand these type of predictions are generally made with a broad stroke. There are literally thousands of IT shops and businesses so sweeping generalizations must be applied when making predictions.<br />
<br />
One issue I think most analysts have is that they generally are interacting with the facade layer of a given organization. The guts of an organization and how it really operates is generally hidden from external view. Of course this is a generalization as well on my part but I think a fairly valid one based upon my experiences. This really isn't the fault of the analyst.<br />
<br />
There are a significant number of analyst engagements that are initiated by senior level staff within either the IT group or a line of business within an organization. The reasons can vary for these engagements but a common theme is usually checking your direction/thoughts on strategy, projects etc with that of an expert(s) external to your organization. It's really not a bad idea when you think about it however the problem develops in your presentation of yourself.<br />
<br />
This leads us back to our external analysts. Analyst engage and work with an organization based on a highly filtered view of that organization. Organizations just like the people that work in them tend to present themselves in a very favorable light. ZapThink's predictions resonate with me and have logical progression. The issue I think is that the predictions are based upon a state that in most cases is actually not known.<br />
<br />
IT still has a very bright future in the modern business world. It will change over time as ZapThink suggest but that rate of change will be much slower and will probably fork off the predicted path many times just as evolution tends to do.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com1tag:blogger.com,1999:blog-7641928.post-53788040459248129222010-08-18T08:00:00.001-04:002010-08-18T08:03:46.517-04:00Random Thoughts on Enterprise ArchitectureEnterprise Architecture (EA) is getting a lot of press lately some of which is good and some not so good. There seems to be a lot of disagreement on what EA is and isn't. There is also disagreement on the value of EA. I'm not attempting to address either of those items just jotting down some observations as I monitor these conversations.<br />
<br />
-How come it take so long for us IT folks to get a definition of something locked down? SOA, Cloud Computing, EA all are still debated on simple definition. This just serves to confuse others and generally hurts the overall progress.<br />
<br />
-EA is evolving into distinct camps: Traditional EA which is IT based and heavy on the frameworks, business based which wants to evolve EA into the entire enterprise with IT just another component of that and a hybrid camp which is trying to bridge the gap.<br />
<br />
-All of the EA discussions appear to still be IT based. I haven't seen a lot of business leaders jumping into the discussions. Some IT folks want to evolve EA beyond IT but have the business folks bought into that? Are the business schools focused in or have any discussions on EA at all?<br />
<br />
-To much focus on the EA Frameworks can hurt the overall effort of EA. EA's become paper pushers and not architects.<br />
<br />
Those are some random thoughts/observations I had while monitoring these ongoing EA conversations. The scope of EA seems to be the most hotly debated. EA is obviously focused on the business but at what level? I think that one is going to be tough to answer without business leaders joining in the conversation.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com4tag:blogger.com,1999:blog-7641928.post-10229081989663357072010-04-29T21:22:00.001-04:002010-04-30T08:34:24.824-04:00Software QualityA few thoughts on software quality which seems to be a topic coming up more frequently these days. The first I'm throwing out there is software quality can be a fairly complex topic so a simple blog post is not going to attempt to do it justice. The next thought is software quality means different things to different businesses or organizations. The expectations of the space shuttle crew of their software is different from the folks who need an internal web page to track office supplies. Although it may seem like the folks who need the web page are in fact launching a space shuttle, that is not the case and the same rigor cannot and should not be applied.<br />
<br />
Two areas in particular that I'm ranting a bit about are SOA and Agile(as in the development methodology). I read <a href="http://advice.cio.com/jasmine_noel/10202/does_soa_agile_programming_crappy_business_agility">this post over at CIO.com</a> on the issues that SOA and Agile bring out when it comes to software quality. I'm going to answer the question it's posing up front - no SOA and Agile do not lead to crappy business agility. I think most would agree that have had successful practices established around SOA or used the Agile development methodology correctly that the end result are more agile applications. <br />
<br />
Organizations that skimmed the service of SOA or Agile could have implemented complete disasters for software. Does that make SOA or Agile the culprit? I think not and in fact I think those same organizations would struggle within any architecture or methodology. SOA and Agile don't shed the traditional principals of good software development practices, they simply enhance them to insure business needs are met in a timely manner. Like any architecture or development methodology if implemented incorrectly SOA or Agile can lead to bad results. If you have any thoughts on why SOA or Agile in particular lead to poor quality software, I'm all ears.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com4tag:blogger.com,1999:blog-7641928.post-29499941481287998212010-04-01T08:42:00.000-04:002010-04-01T08:42:57.237-04:00CERN Discovers "God Particle"And its name is Fred and lives in Topeka, Kansas. Happy April Fools.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com0tag:blogger.com,1999:blog-7641928.post-76431885773705728592010-02-19T15:38:00.001-05:002010-02-19T15:38:20.035-05:00Upcoming Topics - The Cloud, SOA Revisted, and Open Source Updates<div class=Section1> <p class=MsoNormal>I know it’s been a while since I’ve posted anything. It’s been a crazy few months for me with work. There are several topics I’m going to be covering in more depth over the next month or so. <o:p></o:p></p> <p class=MsoNormal><o:p> </o:p></p> <p class=MsoNormal>The Cloud – I’ve been giving a lot of thought to this topic especially from what I call a practical in the trenches kind of viewpoint. There is a ton of hype around “The Cloud” out in the media world right now. Making practical sense of all the hype can be a bit challenging. Heck just getting folks to agree on what “The Cloud” is has proven to be challenging.<o:p></o:p></p> <p class=MsoNormal><o:p> </o:p></p> <p class=MsoNormal>SOA – Not to beat this horse to death but I hope to share some more practical experience from what I have found to actually work. One thing to throw out there is that we have made this subject much more complex that it has to be. Again this is real world experience not just talk.<o:p></o:p></p> <p class=MsoNormal><o:p> </o:p></p> <p class=MsoNormal>Open Source – No secret that I’m a big fan of open source software although not for some of the “traditional” reasons. I hope to share some insight on a comparison I’m doing with Microsoft’s new MVC framework compared to some open source ways of doing the similar thing such as CakePHP. Yes I know Microsoft has “open sourced” the MVC framework but I think you will get the point when I get more into it.<o:p></o:p></p> <p class=MsoNormal><o:p> </o:p></p> <p class=MsoNormal>That’s what I’m thinking about right now so hope to have more in-depth discussions soon. Stay tuned.<o:p></o:p></p> </div> Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com1tag:blogger.com,1999:blog-7641928.post-80088063828732319982009-11-29T19:32:00.001-05:002009-11-30T08:08:16.917-05:00SOAP vs RESTOkay it's a bait and switch tactic. I'm not going to attempt to answer the SOAP vs REST question. It just degenerates into a religious war and ultimately serves no point. IBM's recent announcement about more REST in its Websphere product line <a href="http://blogs.zdnet.com/service-oriented/?p=3486&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+zdnet%2Fservice-oriented+%28ZDNet+Service-Oriented+Architecture%29&utm_content=Google+Feedfetcher">prompted some conversation about it</a>.<br />
<br />
It probably doesn't really matter which way you go but I do think there are a few points that need clearing up and some further explanation. First there is this comment I got off of Joe McKendrick's post about it (Believe the comment is from Lorain Lawson) - <br />
<br />
"However, IBM’s growing support of REST is “too promising to ignore.” That’s because the REST architectural approach opens up the door to potentially stronger SOA deployments – “with easier integration and more reuse of services (read: more agile) than you’ll get from an SOA built on an ESBs or the SOAP-based WS-*.”"<br />
<br />
That really hasn't been my experience. I think when a comment like that is made more explanation as to why that might be true should be given. SOAP style Web Services are actually pretty easy to work with in most cases. REST has easier integration? More reuse? Why would that be? How many folks when using SOAP style Web Services have to worry about or get into the details of SOAP? How about REST style? Little more involved isn't it?<br />
<br />
Easier integration? REST lends itself to more tightly coupled integration especially in the wrong hands. That's not the intent of the REST style architecture but I think it lends itself to that. I think developers will read about REST and end up just embedding URL's every where and call it REST. The end result is a mess. That's kind of what a lot of folks did when SOAP based Web Services came out. It turned out to be just a bunch of tightly coupled RPC calls.<br />
<br />
The REST style of architecture is not bad but there is little tooling for it which means working with raw less than structured data. Most toolsets/platforms present SOAP style Web Services as just another class to the developer. REST proponents might say this is bad and they probably would not be to fond of ORM frameworks as well. That's not an incorrect view just different which is okay.<br />
<br />
Another quote from Joe's post (Again from Lorian) -<br />
<br />
"“it’s unlikely IBM’s shift to REST will settle the whole REST versus SOAP debate, since SOAP has a heavyweight of its own: Microsoft and its popular SharePoint.”"<br />
<br />
Microsoft has REST embedded pretty well with their WCF framework which is part of .Net Framework 3.5. Not a big deal but Microsoft has obviously not ignored REST.<br />
<br />
I'm personally not against the REST style of architecture. My issues have always been the way it's presented. Simple, easy to do, it's just the web right? No it's not and the web by the way is not an example of REST architecture contrary to popular belief. Go forth and get some REST or use some SOAP, it really doesn't matter just know what you are getting into.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com0tag:blogger.com,1999:blog-7641928.post-87910921468366343802009-10-26T21:04:00.000-04:002009-10-26T21:04:36.954-04:00Bashing EAIA bit of<a href="http://blogs.zdnet.com/service-oriented/?p=3205&tag=trunk;content"> EAI bashing</a> going on <a href="http://blogs.informatica.com/perspectives/index.php/2009/10/16/eai-and-data-integration-like-fitting-square-pegs-in-round-holes">these days</a>. I suspect a lot of people, myself included, who have successfully implemented an EAI style of architecture are probably scratching their heads going hmm what did I do so wrong? Answer: nothing. <br />
<br />
SOA is the latest new kid on the block (actually Cloud Computing is but we are not going there) so the natural tendency is to bash everything that came before it. The practice of EAI had and does contain a ton of good architectural principles. Those are being thrown out and replaced with the notion that EAI and it's evolution the ESB style of architecture are all about products and not architecture. It's simply not true.<br />
<br />
Don't get me wrong, SOA is a very good thing. My issue is the stark contrast being drawn between it and EAI. Yes there are differences but they share more in common that is being explained by the bashers. Abstraction, loose coupling, common data types, composibility, discovery and yes even standards all existed in the EAI world.<br />
<br />
EAI, ESB's, SOA and even Cloud Computing all have their place in the modern enterprise. Understand your architecture which means what works and what doesn't, evolve where needed but don't throw your successful practices out with the bath water because of the latest buzz.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com2tag:blogger.com,1999:blog-7641928.post-43513166600947295372009-10-26T11:15:00.002-04:002009-10-26T21:05:28.134-04:00S0A-Manifesto<div><font face=Arial size=2><span class=182271612-26102009>A group of very smart and respected folks have put together a SOA-Manifesto. You can find the Manifesto - <a href="http://www.soa-manifesto.com/">http://www.soa-manifesto.com/</A> . Overall it's pretty high-level stuff but good stuff. I have one big issue however with one of the principles. "Intrinsic interoperability over custom integration". If just glanced at it sounds like something that makes sense but the devil is in the details.</SPAN></FONT></DIV><div><font face=Arial size=2><span class=182271612-26102009></SPAN></FONT> </DIV><div><font face=Arial size=2><span class=182271612-26102009>Intrinsic means in this context that services using some sort of standards should do the talking between your existing applications versus doing "custom integration". This concept is going to be confusing to an average IT shop. The question will arise what's the difference between putting in a service and putting in a custom integration solution? How do I get to the last mile of the interface with a third party application? Or do you mean my services should contain all the business logic? But isn't that custom because you had to write it? Standards based stuff is fine but it's still custom if you have to write the service. Sounds like a lot of academic semantics I know but I think its important to understand some important principles.</SPAN></FONT></DIV><div><font face=Arial size=2><span class=182271612-26102009></SPAN></FONT> </DIV><div><font face=Arial size=2><span class=182271612-26102009>Unless your entire business portfolio is going to be made up of custom services that you write then you are going to have to do some integration. It's just the nature of most businesses. My problem with "Intrinsic interoperability" is that I believe it will lead to a spaghetti set of custom integrations. The very thing it was trying to avoid. Custom is custom. In other words if you didn't buy it then it's custom. Whether it's "standards based" or not has no bearing on whether it's custom or not or whether it becomes spaghetti or not. I think well defined distributed services that have "Intrinsic interoperability" are going to be beyond the grasp of a lot of IT shops both to develop and certainly to maintain/govern. If you are going that route be sure to go over to Todd Biske's site - <a href="http://www.biske.com/blog/">http://www.biske.com/blog/</A> and study up on governance (Going to need governance regardless, but for distributed "Intrinsic interoperability" you really going to need it).</SPAN></FONT></DIV><div><font face=Arial size=2><span class=182271612-26102009></SPAN></FONT> </DIV><div><font face=Arial size=2><span class=182271612-26102009>Ultimately I believe the "Intrinsic interoperability" piece was put in to kind steer folks away from ESB's and the older EAI model of integration. While I understand this from a pure academic view, I think in the actual wild it has issues. It has the same issues that ESB's and EAI had because of lack of understanding of the methodology that went along with successful implementations. </SPAN></FONT></DIV><div><font face=Arial size=2><span class=182271612-26102009></SPAN></FONT> </DIV><div><font face=Arial size=2><span class=182271612-26102009>Overall the SOA-Manifesto is a good set of guiding principles. Having a set of principles like this that everyone in the organization understands and embraces can go a long way to developing and maintaining a successful SOA style of architecture.</SPAN></FONT></DIV>Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com1tag:blogger.com,1999:blog-7641928.post-74735831409869890802009-10-23T10:49:00.001-04:002009-10-23T10:49:40.647-04:00Windows 7<DIV><FONT face=Arial size=2><SPAN class=331462614-23102009>I upgraded to Windows 7 on my laptop yesterday. Overall the upgrade went smooth but it was time consuming (About 3 hours, of course I have a lot of stuff on my laptop). I think the average home user will probably not upgrade to Windows 7 but rather acquire it through a new PC purchase. That's probably a good thing for the end user.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=331462614-23102009></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=331462614-23102009>Here are few things I noticed during the upgrade. The first thing that jumped out is that the upgrade process is still not geared towards the average end user. The upgrade process is going to do a compatibility check before allowing the upgrade to proceed. If it finds things that are not compatible it's going to ask you to uninstall them. While not an issue for an IT person like myself, I suspect an average home user is now confused. Especially when it asks you to uninstall your wireless network card. I did like the fact that it tells you iTunes is probably not going to work correctly anymore. Nice marketing play there Microsoft. Of course it works fine after the upgrade.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=331462614-23102009></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=331462614-23102009>On the positive side, Windows 7 takes up less memory and runs a bit faster. On the downside they got rid of their little built in mail client which is a bummer. I liked that client, really don't like web mail interfaces, sorry Google but I like to work disconnected sometimes. Plus I don't like a million things on my screen other than the email when I working on email. I know there are a million email clients out there to be had but I liked that one, it was simple and efficient.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=331462614-23102009></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=331462614-23102009>It did detect all my hardware and configure it correctly which is a step up from the past. The interface is clean and seems to be pretty logical. <SPAN class=331462614-23102009>Overall I'd give Windows 7 a thumbs up. I'll post back any observations as I get more accustomed to it in the coming weeks.</SPAN></SPAN></FONT></DIV>Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com0tag:blogger.com,1999:blog-7641928.post-61606196477200655212009-10-04T08:01:00.004-04:002009-10-05T07:33:03.609-04:00The Value of Enterprise ArchitectureIt's always kind of interesting when you have to explain and justify what seems like common sense. But like SOA, Enterprise Architecture seems to need constant justification and explanation. Why is that? Is it because we make what should be fairly straightforward concepts overly complicated? I tend to think so. Take a look at many of the EA frameworks available and your eyes will probably roll back in your head and you will lose consciousness. <br /><br />I think keeping things simple tend to lead to more success. A major medical institution that will go unnamed spent millions of dollars on an automated medical scrubs dispensing system. It was going to save lots of money, folks wouldn't be allowed to take home and keep extra scrubs. After installing and testing the system, all things were go. Unfortunately there was one major flaw, a human being still had to load the machines each day with the clean scrubs. <br /><br />As you might imagine, scrub machine loader is not the top end of the job spectrum. Scrubs are not one size fits all and each machine was responsible for dispensing the correct sizes. You can see this train wreck coming yes? After only a few months and tired of not ever being able to get the right size of scrubs, the employees figured out how to defeat the machines and keep out more scrubs than was suppose to be allocated. Millions spent and nothing gained.<br /><br />When I was a young Army officer many years ago, I learned a very valuable lesson. Everyone needs to understand the mission. And by understanding it I mean be able to execute it. It seems like common sense doesn't it? If the leader becomes unable to perform his or her duties it falls to the next in line to carry out the mission. <br /><br />In my simple world EA is also very simple. Define the destination, show everyone how to get there and then help them along the way to make sure they stay on course. Of course the downside to simplicity is that things don't tend to fail in such a grandiose way like when they are over engineered and over architected. Still it is important to realize that simplicity is not easy to achieve. Complex systems tend to form naturally.<br /><br />Ultimately I think one of the keys to achieving simplicity is constant vigilance. How you get this working state of vigilance is the topic of another post. The hint is, there is not one answer for all.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com0tag:blogger.com,1999:blog-7641928.post-40661512529789221742009-08-24T18:10:00.002-04:002009-09-01T20:58:07.125-04:00Life as a Corporate Software Developer and ArchitectI really haven't had time to blog lately just to busy to be completely honest. Being responsible for numerous development projects, by responsible I mean design, develop and deploy, has really placed an interesting challenge out there for my other assignment which is architecture. One of the benefits with working in a small software shop is the requirement for lots of hands on, one of the disadvantages is the requirement for lots of hands on.<br /><br />Small software shops don't have the luxury of dedicated architects. Multiple roles have to be assumed in order to meet all the demands. Of course the big benefit I think is more usable and realistic architecture which tends to come from this type of environment. At any rate I hope to have some more technical post out here sometime in the near future as time permits.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com0tag:blogger.com,1999:blog-7641928.post-39489562440525906872009-07-24T14:39:00.002-04:002009-07-24T17:31:46.584-04:00Random Musings on Software Architecture<DIV><FONT face=Arial size=2><SPAN class=537153616-24072009>Many many years ago I was a young Army executive officer(XO) in a tank company doing some training at Ft. Bragg, North Carolina. My CO and I were conducting some tactical training exercises for our tank crews. We were using parachute signal flares to signal the tanks to do certain things during the exercise. As luck would have it one of the flares came down on what appeared to be a small patch of grass several hundred yards away from our position. We saw some smoke rising from the patch of grass but we chose to ignore it and continue with the exercises. To make a long story short, the small patch of grass was actually much bigger than we thought. We spent the next several hours in 95 degree heat putting out the rather large fire (We had no water, only shovels).</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=537153616-24072009></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=537153616-24072009>Software architecture in the corporate IT landscape is very much like the small grass fire that turns into a very real wildfire. We tend to either ignore it completely or over indulge it. Neither of which is very good for the primary business and usually gets out of control pretty fast. There is a delicate balancing act that has to occur on a daily basis in a corporate IT shop. The needs of business have to be met. There really isn't any arguing with that. It's how you meet those needs that is the question.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=537153616-24072009></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=537153616-24072009>There really isn't a one size fits all answer to that question. Despite opinions coming from analyst, bloggers(including myself) and others, there isn't one correct way. What works for each individual organization is going to vary. Finding the middle path which balances good enough architecture with the dynamic needs of the business is really the key. These are the two two questions you should be asking in my opinion; Am I delivering the value to the business that the business wants? Is my architecture or lack there of negatively impacting the business? If you are delivering the value, by the businesses measurement not yours, and your architecture is not causing issues for the business then you probably have found the middle path.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=537153616-24072009></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=537153616-24072009>The last piece of advice is do not ignore the small smoking grass fires.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=537153616-24072009></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=537153616-24072009></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=537153616-24072009></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2></FONT> </DIV>Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com0tag:blogger.com,1999:blog-7641928.post-84498916637806465302009-07-14T18:16:00.002-04:002009-07-14T18:20:34.556-04:00Bernard MadoffAh my claim to fame. I'm originally from Butner, a small town in central North Carolina. <a href="http://news.yahoo.com/s/ap/20090714/ap_on_re_us/us_madoff_behind_bars_4">Welcome Bernie!</a>Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com0tag:blogger.com,1999:blog-7641928.post-17019691620987703172009-07-04T07:01:00.002-04:002009-07-04T07:19:52.971-04:00Oracle 11gOracle just recently announced it's 11g monster. Here is <a href="http://blogs.zdnet.com/service-oriented/?p=2343">Joe McKendrick's take on it</a>. My take is that it's great for consultants, there will be lots of money to be made trying to implement this beast. It's bad news for companies trying to implement it.<br /><br />The corporate IT mantra is keep it simple, keep it quick and deliver a lot of value to the business. There is nothing simple about 11g and with the Sun acquisition things will only get more complex.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com0tag:blogger.com,1999:blog-7641928.post-11147341931664411472009-06-22T19:31:00.002-04:002009-06-22T19:39:20.383-04:00SOI and A Very Dead HorseZapThink <a href="http://www.zapthink.com/report.html?id=ZAPFLASH-2009622">put this out on SOI(Service Oriented Integration)</a>. We kind of have been beating this horse to death for a while but after reading the article I see we are still not completely there yet. This question in particular got me - <blockquote>is SOA's purpose to solve integration problems, or is it more of a business transformation approach centered on implementing agile business processes? </blockquote><br /><br />I go back to this post - http://www.thegreylines.net/2009/01/soa-versus-soi-continued.html . Agile business processes? How exactly would you do that without bringing systems together (integration)? You would pretty much just have to have the one system. Anybody work in enterprises like that? We are not talking about moving data from point a to point b, again see previous post.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com0tag:blogger.com,1999:blog-7641928.post-61948547814560261412009-06-04T17:46:00.002-04:002009-06-04T18:32:23.407-04:00Designing Services in the SOA WorldThe Grumpy Architect has appeared and <a href="http://www.ebizq.net/blogs/bda/2009/06/grumpy_architect_week_there_is.php">apparently it's Brenda Michelson</a>. What's making Brenda so grumpy? The state of software design especially as it relates to services. I'm not going to rehash the great points Brenda makes, please go read her <a href="http://www.ebizq.net/blogs/bda/2009/06/grumpy_architect_week_there_is.php">post</a> it's loaded with goodness.<br /><br />I don't think there is any one reason why the state of service design is where it's at. Here are a few of the causes in my opinion:<br /><br />*It's not taught or emphasized in CS programs. That's a generalization of course because some programs do but if you do a quick survey of undergraduate CS programs you will find very little emphasis on it. It does show up more in the grad level programs. <br /><br />*We are to tool centric. We judge someone's competence in software design by how well they know the platform or tool. Give me someone who understands abstraction and loose coupling over someone who knows ever class in the .Net framework any day but produces 8000 line methods.<br /><br />*The business, the business, the business. Don't underestimate the extreme demands placed on corporate software developers to churn stuff out. Developers and their managers take what they perceive to be the easy way out in order to meet the demands. That environment is very difficult to work in sometimes and the software design is usually what suffers.<br /><br />*Time and motivation. Well if you didn't get it in school, you now have to learn it on the job. Some folks are self starters and some are not. Mentors and architects can help but they can only do so much.<br /><br />*Short-sighted. Designing brittle, difficult to maintain and ultimately unsustainable software is actually really easy. We do tend to take the easy path.<br /><br />I think one of the issues with the current state of SOA is that a lot of folks made the assumption that developers understood all of this and the software side of SOA was going to be the easy part. If you worked in a corporate IT environment you know nothing could be further from the truth. I have noticed especially in the past year that the amount of available information on the technical side of SOA is finally starting to catch up with the hype.Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com0tag:blogger.com,1999:blog-7641928.post-90412681877723509132009-06-03T12:26:00.001-04:002009-06-03T12:26:49.064-04:00Larry at JavaOne<DIV><SPAN class=450361916-03062009><FONT face=Arial size=2>And so the long arduous process of Oracle messing up another acquisition begins - <A href="http://www.theserverside.com/news/thread.tss?thread_id=54827">http://www.theserverside.com/news/thread.tss?thread_id=54827</A></FONT></SPAN></DIV> <DIV><SPAN class=450361916-03062009><FONT face=Arial size=2></FONT></SPAN> </DIV> <DIV><SPAN class=450361916-03062009><FONT face=Arial size=2>Seriously, he's really focused on JavaFX?</FONT></SPAN></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV align=left><FONT face=Arial size=2> <DIV> </DIV></FONT></DIV> <DIV> </DIV>Mark Griffinhttp://www.blogger.com/profile/06696309270838259732noreply@blogger.com0