Are you looking to change your core email, calendar and contacts system in the near future?

Probably not. While there is a little movement in the market if you are a Microsoft Exchange site, the chances are you will remain so for a while to come, and it is the same for Lotus Notes/Domino shops and others. No one needs the disruption, cost and risk associated with switching something that’s so deeply embedded in the business.

But could you be convinced to switch email software brands if an alternative vendor offered you the absolute best set of collaboration and social software add-ons to take advantage of the latest ideas in team coordination, activity management, unified communications, blogs, wikis, etc?

The answer is still probably not, and you would be forgiven for asking why you should have to switch anyway to take advantage of such things. After all, there is no inherent reason why all of the aforementioned leading/bleeding-edge functionality should be a derivative of your email environment, even though much of it is about messaging and communication. In a world of open standards, you should be able to turn to any credible vendor for solutions in this area.

In theory, therefore, when IBM brings to market a comprehensive range of unified communications and social software solutions, it makes perfect sense for it to target Microsoft Exchange/Outlook users as well as its own Notes/Domino installed base, and this is exactly what it is doing.

There is, however, a bit of challenge here, stemming from the fact that the offerings are coming out of the Lotus group in IBM. While there’s nothing inherently wrong with this, giving the latest generation of solutions names such as “Lotus Connections” and “Lotus Sametime” does seem a little bit like IBM is shooting itself in the foot.    

The problem is that if you are a committed Microsoft Exchange shop, you are unlikely to spend more than about a nanosecond considering anything carrying the Lotus label, which conjures up notions of a big-iron corporate email environment with an old fashioned quirky interface that always seemed to be dragging behind in terms of the latest features and third-party solution support. To those in particular that may have used Notes and Domino in the deep dark past and moved on from them into the then “modern world”, Lotus is very much a legacy brand that is not naturally associated with up-beat forward looking ideas.

The reality is, of course, that IBM did indeed fumble the ball with regard to much of what it did in with the Lotus portfolio in the past. While the server components have always been generally superior to Microsoft alternatives, it was everything around them that left a lot to be desired. There was then the confusing and convoluted roadmaps and messaging arising from IBM’s attempts to simultaneously modernise the portfolio while trying not to spook the conservative Notes installed base by suggesting any lack of commitment to supporting their past investments.

Today, however, the vision, roadmap and solutions coming out of the Lotus group are very clear, crisp and potentially compelling to organisations across the board. The service-oriented architecture (SOA) approach that underpins the portfolio means offerings such as Lotus Sametime for unified communications and Lotus Connections for social computing are evolving in harmony with the Notes and Domino product lines but are not dependent on them. The upshot is that even if you are a Microsoft shop, it worth looking at what IBM has on offer if you are exploring options for implementing some of the latest ideas in communication and collaboration.

Whichever way you cut it, though, there is no getting away from the reality that IBM will lose out on some short-term opportunity outside its existing Notes installed base purely because it has chosen to brand everything as Lotus, as many will just ignore or dismiss the offerings as not applicable to them.

From vice=-president level discussions, we got to the bottom of why a fairly hard-nosed business entity like IBM is undermining at least part of its short-term revenue opportunity through this kind of branding decision. The message that came across loud and clear to us is that IBM sees the Lotus brand as a huge asset and is committed to fixing some of the perception problems associated with it outside of the loyal  followers. It is therefore willing to take the short-term hit on the basis that the brand will be refreshed and revitalised in the market as a whole if cutting-edge solutions in line with the latest industry trends are pushed out through it.

Of course this only works if the products themselves really are that good, but early indications are that the significant R&D investment IBM has made in the areas we have been discussing is leading to some very interesting, and in many ways, market-leading results. And with the obligatory focus on standards that pervades most of what IBM does nowadays and the commercial need to interoperate with current IT landscapes, openness and future proofing are almost a given.

On balance, we are optimistic that IBM can pull this off. It is not going to be easy – changing ingrained perceptions never is – but the timing is good from a market evolution perspective and IBM seems to be backing up its visions and plans with some serious substance.

Dale Vile

In the world of IT, we are constantly debating the latest trends and developments. Usually, although granted unsurprisingly, these deliberations revolve almost exclusively around the features of a particular technology, more often than not taking the form of “is technology / solution XYZ ready for adoption by mainstream customers or is it a bleeding-edge solution that is likely to appeal only those in desperate need of its features?” Too rarely it seems do things get turned around to consider whether “ordinary” customers are ready to exploit the solution. 

Consider for example the solution currently described by the acronym SaaS - software as a service. At its base SaaS consists of users sitting at a screen with essentially no special software running on their local device being able to access and run an application. Nothing new here as back in the mists of time this was the method by which all IT services were delivered. Over time things changed and for a period many systems were deployed using some variant on the client-server theme whereby the local access device had to have specialist software for each business application to be run.

This model has now begun to be replaced as it has been found wanting in the areas of cost and flexibility; it takes time and resources to keep distributed software up to date and today very many business applications now utilise the common-or-garden web browser as their front end leaving the bulk of the application code hosted on a server somewhere in the ever expanding "network”. Clearly today in most enterprises, large and small, it is the case that these central servers are located within the business, but given that IT departments are increasingly thinking in terms of service delivery, it is fair to ask whether any application using a web browser as its front end should be classified as being examples of SaaS?

A quick investigation shows that SaaS, both delivered from servers located inside and outside the enterprise, has now matured technically. Base connectivity, Wan optimisation, solution architecture maturity, application availability, web browser acceptance, the ability of servers to deliver sophisticated content to modern browsers using plug-ins, have all developed to a stage whereby their utilisation has almost become invisible.

However, as stated at the beginning of the article it is worthwhile spending a little time pondering the social and business issues that have developed alongside the maturation of SaaS-enabling technologies. The cost of delivering IT services has never been more visible whilst the pressure to reduce such costs has never been greater. A quick scan around any office or place of work (including the desk at home, kitchen table, internet café or WiFi hotspot) illustrates the fact that people, and thus in turn their business, want to access business applications wherever they happen to be located. Thus is born acceptance of SaaS as a delivery mechanism. In this respect, at least, it is more than apparent that the mainstream has already adopted the fundamental mechanics that underpin SaaS, but probably subconsciously given the wider definition of SaaS.

This therefore really only leaves the question of whether mainstream businesses, that is, everyone out there, is ready to utilise as part of their daily operations “archetypal” SaaS services, namely those provided by service providers outside the enterprise. The sophistication of solutions directly offered by suppliers of hosted email systems and application providers such as Salesforce.com, Oracle, SAP and a host of others has certainly reached a level whereby technically they are suitable for use by very many businesses.

One might still question whether the cost models are pitched at quite the right level, especially as most organisations may not be ready, willing or able, to eliminate or even significantly reduce their internal, frequently invisible, IT support costs.  Whilst use of external SaaS offerings is clearly growing rapidly, it is from a very small base. However with all of the major software providers apparently ready to back SaaS, it is certain that the numbers using SaaS will continue to increase. Indeed, the movement of the likes of Google and Yahoo to offer web desktop tools is likely to hasten user acceptance of SaaS.

By and large it is fair to say that users really do not care what model is used to give them access to their applications as long as it works when they want it. Business managers of course have other concerns but these should focus around levels and cost of service along, perhaps, with questions of security. They, like the users, should not have to concern themselves with questions of IT service delivery architecture. Perhaps the question of whether the Mainstream IS ready for SaaS should really now target the IT support community. SaaS may not be appropriate everywhere, but the solution delivery mechanism is not going to go away.

Thus far SaaS has had many of its greatest successes in smaller businesses where dedicated IT skills are notoriously rare, along with individual departments or functions in larger enterprises who make their own arrangements independently, often to overcome the perceived drag of central IT. Either way, SaaS has tended to be a business rather than IT-driven phenomenon. Like PCs when they first entered business use, SaaS is easy for individuals and groups to bring into the organisation without the blessing or even the knowledge of corporate IT. 

In terms of simplicity and usability the SaaS model for delivering IT services is here and it has been accepted by the mainstream user base. IT departments need to recognise this and work out, logically and transparently what place it holds today in their operations and where it will be utilised tomorrow, for services hosted inside the company and for those that can / should / should not be hosted outside it. The mainstream is more than ready for SaaS.

By Tony Lock

Watching the evening news, we are constantly reminded of how dangerous the world is. Stories about terrorism in particular dominate the headlines at the moment, but anything to do with political controversy or instability, significant changes in the financial markets, corporate scandals, cyber crime, natural disaster, public health emergencies, and so on, also tend to get prime-time coverage. 

Against this background, we might assume that the average organisation is sitting there constantly worrying about the risks that arise from all of these potential threats to their business. But in a recent Freeform Dynamics study looking at business attitudes and practices in the area of risk management across Europe and the Middle East, we found that some of the more prominent threats highlighted by the media are not given that much consideration at all. In fact, businesses are generally much more concerned about information loss and downtime of IT systems than they are about terrorist activity, bird flu, earthquakes, floods or the antics of stock market investors or politicians (see chart below).

Of course it could be argued that some of the potential problems at the top of this list can be caused by those at the bottom, but it is interesting that organisations are generally not explicitly considering the latter that much during the business planning process.

But should they?

Well, that depends. When considering any particular risk, it is necessary to assess three things – the probability of an incident occurring, the impact of an incident if it does occur, and the cost of either preventing an incident or dealing with its consequences. When we think in these terms, the above picture starts to make a lot of sense. While natural disaster in a particular geographic area can have a devastating impact on the local business community, the majority of businesses across Europe and the Middle East are just not located in high-risk areas. Similarly, while we all hear and read so much about terrorism, few regard the probability of being directly affected as significant. And, how sensitive is your business, really, to the ebb and flow of the financial markets, short of a major recession that you can do little about anyway?

Clearly most businesses figure that these things are not worth losing sleep over because they are so unlikely to be touched by them.

At the other extreme, the chances of very damaging IT-related issues occurring if you neglect to pay proper attention to operations, security, and so on are very high. Furthermore, the impact of critical data loss and downtime of key operational systems is potentially very significant in terms of damage to the business, which is clearly why these items are at the top of the risk consideration list.

We do, however, need to be careful not to generalise too much, as both perceived and actual risks are highly dependent on specific situations and scenarios. Looking behind the overall view of priorities we have been discussing, for example, we find that financial services organisations not surprisingly take the performance of financial markets and potential regulatory exposure very seriously from a risk management perspective. Oil and gas companies, on the other hand, with the nature and diverse geographic spread of their activity, pay a lot more attention to accidental damage (think fire) and natural disaster related risks.

These are a couple of high-level industry examples, but if we drill down again, we can get even more specific, for example financial services companies based in the City of London stand out in the degree to which they worry about terrorism, and any organisation that interacts electronically with the general public tends to be quite jumpy about the risk of IT systems downtime.

Beyond this, there is the question of balancing the three dimensions of probability, potential impact and cost of mitigation, which plays out not just at a macro level, but when, for example you are assessing very specific security or operational risks, considering how much time, resource and money it is worth spending trying to deal with a particular threat. We’ll be picking up on this balancing act during future discussions as we revisit the area of risk management in the context of different domains, particularly looking at how technology advances can open up new ways of dealing with some of the same old threats as time goes on.

In the meantime, if you are interested in more details of the risk study mentioned in the above discussion, the report is available for download here .