|
Sun looks outside the enterprise for IT services
 Hello again, Sun Inner Circle readers. Regular readers may recall that in May 2007, I argued that IT as we know it is coming to an end. Instead of continuing to build and service applications, it seemed to us at Sun that large enterprises would adopt a model in which most business/application services would be managed by outside vendors.
I had struck a nerve. How, asked many readers, could I be so misguided? Didn't I understand that I was suggesting something unworkable? Wasn't I aware that my suggestion would open the enterprise to new security and operational risks?
If there's an alternative, other than more of the same, I'd like to hear about it. No one has yet to quarrel with my observation that the endless building and maintaining of applications, datacenters, and networks means that IT organizations just can't keep up with user demand.
Sun has been aggressively assembling the pieces for the new IT model. We call this approach "enterprise computing in the open network," which will eventually close the door on most of the old processes for delivering IT services. We believe that eventually our IT organization's primary responsibility will be to manage the data, the service interrelationships, and relationships with technology vendors whose offerings will be delivered through the Internet instead of private networks.
Owning Enterprise Efficiency Takes Software Tenancy
Sun is already putting an end to traditional IT provisioning with select projects. But to ensure that the new model will be implemented throughout the company, our roadmap starts with defining what services are.
I understand that many are still skeptical about the benefits of this model, often citing security as the "impossible" hurdle to overcome.
IT services in the open network are not the same as outsourcing or offshoring. These activities typically involve merely having a service provider run existing applications. In the new model, IT services and their applications are accessed through subscriptions. As a buyer of these services (or subscriptions), we should be agnostic to the hardware, or even the applications, that the service provider is using.
I understand that many are still skeptical about the benefits of this model, often citing security as the "impossible" hurdle to overcome. In response to that, I often ask a simple question: Who runs your payroll? Think about it, I'll say. I'll bet it's someone outside of your company. And what's more, you're not the only subscriber to this particular service.
Do you have security concerns about your payroll provider? Do you know or care which application it uses to generate your paycheck? True, there are some IT services that add differentiated value to a company, and these services shouldn't be shared, but services such as payroll typically have no business being created or managed in-house.
Perhaps it's the idea of sharing software services with other companies that makes many IT people nervous, even though cost reductions make people paying the bill sigh with relief. In a services model, organizations can pay only for the services they need for a specific number of employees (as in the payroll example). Most enterprises today build applications as though every employee will use them, which usually results in the company spending vast amounts of time and money creating very large systems and applications.
The setup costs for building services in-house aren't the only expenses. Most organizations end up using more computing and electrical power than needed for massive applications that not everyone uses. This makes as much sense as turning on every light in the house when you plan to read a book in the living room.
IT Services in the Open Network
It's a bold model for some, but Sun is committed to a new IT model in most business/application services will be provided by outside vendors. Click for details on the subscription services and foundational elements we've identified.
|
Subscribing to a multi-tenant IT services provider can increase an organization's flexibility and resiliency. In most IT shops, if the CIO needs to grow services quickly, the most immediate challenge is figuring out ways to acquire more server and storage capacity. This is followed by wondering how to justify the cost of burdening the datacenter further.
In the meantime, employees wait for the services they need. But with the subscription model, employees can remain productive. One of the goals of Sun's new services model is to get to the point where managers order the right services for employees from a list of vendors, rather than ringing up IT for provisioning.
The New Services Model Rests on Foundational Elements
To get closer to an environment where IT services are simply ordered from a menu of options, my colleagues and I identified 10 services critical to Sun operations that could be handed off to other parties. These services ranged from desktops for users to datacenter activities and security matters.
In the process, we came to the conclusion that many services share similar dependencies — what we called foundational elements. For example, a workforce collaboration element might include services such as instant messaging and social networks, while wireless voice and data elements might support e-partner integration and data management.
We ultimately identified 15 foundational elements encompassing items as diverse as virtualized datacenter capabilities to mobile client backups. On their own, these 15 items aren't too exciting, but as we map them to the definition of service requirements, Sun gets a clearer idea of how it can hand off services to other parties.
With these foundational elements in place, Sun will not have to rebuild or replace infrastructure for the sake of a particular vendor — or need to rely on a particular vendor for elements that other services require.
So what does an organization do if the service it requires cannot use foundational elements? The organization can wait for technology to mature, but fortunately, many mature technologies are now available as subscription services, such as payroll, email, and voice services. As for newer services, ultimately they will mature, too. But instead of waiting, my team has concluded that it may make sense in some cases to subscribe to two or more services — and use the attributes that work in delivering added value to customers now.
Reassessing Risk Becomes a Services Assessment Tool
IT services in the open network also require a fresh look at risk and security, which bothers many technologists. Traditionally, IT shops assign the same degree of security to all services. Our risk model assumes different levels of security for each service and assesses risk and security on a cost basis.
IT services in the open network also require a fresh look at risk and security, which bothers many technologists.
Finance, for example, must have ironclad security or the consequences can be catastrophic. But other services, such as social networking, don't carry the same consequential price tag. This is often a hard concept for many IT people to swallow, but I'm hard-pressed to understand why my organization would want to place as much emphasis on the security of a public-facing wiki as a financial services software package.
When it comes to choosing vendors for services, security must be part of their service offerings, but to ensure that information can be shared among Sun employees and partners, the new model requires a strong authentication framework. At Sun, this is based on the Liberty federation framework, which is fairly well understood in the industry.
Standard interfaces also help in managing risk with services vendors. Thanks to a little push from the development of Web 2.0, these providers increasingly understand the importance of standardization between services. This makes security easier to handle with multiple vendors, so that it doesn't become necessary to reauthenticate users each time they log into a separate service.
Other risk assessments in choosing vendors generally require the same sort of common sense used for other business arrangements. Reputation and reliability, along with clearly defined service level agreements and prices, form the basis for service vendor risk assessments in the new model of IT provisioning.
The Future Is Already Here
As I write this, Sun is transitioning from conceptualizing how service agreements will work to laying the foundation for the new IT model — and a key foundational element is already up and running with our open network delivery mechanism. This has allowed all Sun employees, as well as customers, partners, and visitors, to have mobile access to the applications and services they need, and we expect it to be used as a primary foundational element for a number of services.
And in other areas, such as our call center services environment, we're moving into a hosted and global interactive voice response (IVR) environment that will provide Sun with a number of options in choosing providers for numerous services.
But perhaps most importantly, Sun's global authentication service will be used for most applications by the end of this year, which will ensure that services can be accessed in the open network model. By that time, the door to traditional IT will have closed significantly, and there will be no going back to the way it used to be. I can't wait.
Bob Worrall
CIO, Sun Microsystems
cio@sun.com
| 
