Confluence of trends ups ante for improved IT governance to prevent costly business 'glitches'
Headlines these days are full of big, embarrassing corporate and
These complex snafus cost a ton of money, severely damage a
company’s reputation, and most importantly, can
hurt or even kill people.
From global auto recalls to bank failures to exploding oil rigs,
and cyber crime that can uproot the private information from
millions of users, the scale and damage that
technology-accelerated glitches can inflict on businesses and
individuals has probably never been higher. So what is at the
Is it a technology run amok problem, or a complexity spinning out
of control issue—and why is it seemingly worse now?
A new book is coming out
this summer that explores the relationship between glitches
and technology, specifically the role of software use and
development in the era of cloud computing.
It turns out the role and impact of governance over people,
process, and technology comes up again and again in the new book.
BriefingsDirect's latest podcast discussion then focuses on the
nature of, and some possible solutions for, a growing parade of
glitches. We interview the author of the book as well as a
software expert from IBM to delve into the causes and effects of
glitches and how governance relates to the problem and fixes.
Please join guests, Jeff
Papows, President and CEO of WebLayers, and the author of
Glitch: The Hidden Impact of Faulty Software, and Kerrie Holley,
IBM fellow and Chief Technology Officer for
IBM’s SOA Center of Excellence. The discussion
is moderated by Dana Gardner, principal analyst at Interarbor
Here are some excerpts:
Papows: What we're actually seeing is the
confluence of three primary factors that are creating an
information technology perfect storm of sorts.
The first is a loss of intellectual capital. We saw, between 2000
and 2007, the first drop in computer science graduates. The
merger and consolidation activity—the other side of the
recession of 2008—has created massive complexity in these
giant corporate IT mash-ups and critical back-office systems.
The third factor is just the sheer ubiquity of the technological
complexity curve. It’s the magnitude of
technology that’s now part of our social fabric,
whether it’s literally one million transistors
that now exist for every human being on the planet or the six
billion network devices that exist in the world today, all of
which are accessing the same critical back-office structures.
You take those three meta-level factors and put them together and
we're making the morning broadcast news cycles now on a daily
basis with more and more of these embarrassing things coming to
light. They're not just inconvenient, but there are monumental
economic consequences—and we're killing people. Look at the
recent glitches you have seen at places like Toyota.
One of the most heartbreaking things in the research for the book
software that controls the radiation devices in our hospitals
for cancer treatment. I ran across a
bunch of research where, because of some software glitches
and policy problems in terms of the way those updates were
distributed, people with fairly nominal cancers received massive
overdoses in radiation.
The medical professionals running these machines—like much
of our culture, because something is computerized—just
assume that it’s infallible. Because of the
problems in governance or lack of governance policy, people were
Holley: Jeff brought up some excellent points.
If we look at a lot of what businesses are trying to accomplish
today, whether it’s a new business model,
differentiation, or whatever they're trying to do compete, what
we are finding is that the complexity of that solution is pretty
If we look at a lot of technologies that are out in the market
place, unfortunately, in many cases they are siloed. They repair
or they help with a part of the problem, but perhaps they're not
holistic in dealing with the whole life-cycle. ... We just have
an explosion of technologies that
we have to integrate.
Secondly—this is a point-in-time statement—we're
seeing rapid improvements in the technology to solve this. It
hasn’t caught up, but I think it will. ... Along
with that comes some of the challenges in terms of how we make
this agile, and how we make it such that it doesn't break.
Papows: We've grown up for decades now where we
just threw more and more bodies at the problem, as the
technological curve grew.
There was always this never-ending economic rosy horizon, where
you would just add more IT professionals and you would acquire
and you’d merge systems.
In 2008, the economic malaise that we’re
managing our way through changed all of that. Now, the only way
out of this complexity curve that we’ve created
is to turn the innovation that has been the hallmark of our
industry back on ourselves.
That means automating and codifying all of the best practices and
human capital that’s been in-place and learning
for decades in the form of active policy management and inference
engines in what we typically think of as SOA and design-time governance.
Really, all that means is automating those best practices and
turning them inward, so that we’re governing
ourselves as an industry in the same way that we would automate
or govern many things. But now it’s no longer a
"nice to have."
I would argue that it’s critical, because the
complexity curve and the economics have crossed and there is no
way to put this genie back in the bottle. There is no way to go
There are lots of examples in the book [of what can go wrong]
that may not be as ubiquitous as Toyota, but there are many cases
of widespread health, power, energy, and security risks as a
consequence of the lack of policy management or governance.
... We all need to say, "I am a computer science professional. We
have reached a point in the complexity curve where I no longer
scale." You have to start with an admission of fact. And the
reality is that the demands placed on today's IT organizations,
the magnitude of the existing infrastructure that needs to
continue to be cared for, the magnitude of application demands
for new systems and access points from all of this new
technology, simply is not going to correlate without a completely
different highly automated approach.
Holley: One of the nice things that the
attention to SOA has brought to our marketplace is the
recognition that we do need to focus on governance. I
don’t know of a single client
who’s got an SOA implementation who has not, as
a minimum, thought about governance.
They may not be doing everything they want to do or should be
doing, but governance is clearly on the attention span of
everyone in terms of recognizing that it needs to be done.
... That governance is not only around the technology.
It’s not only around the life-cycle of services.
It’s not only around the use of addressing
processes and addressing application development. Governance also
focuses on the convergence that’s required
between business and IT.
The synergistic relationship that we seek will be promoted
through the use of governance. Change management specifically
brings about a pretty significant focus, meaning that there will
be a focus on the part of the business and the IT organizations
and teams to bring about the results that are sought.
... A lot of what IBM has been talking about from a Smarter Planet
standpoint is actually the exact issues that Jeff has talked
about, which is that the world is getting more instrumented.
There are more sensors. There is a convergence of a lot of
different technology, SOA, business process management, mobile
computing, and cloud computing.
Clearly, on one end of the spectrum, it’s
increasing the complexity. On the other end of the spectrum,
it’s adding tremendous value to businesses, but
it mandates this attention to governance.
My book, that’s going to be out later this year,
100 SOA Questions: Asked and Answered. What my co-author
Arsanjani] and I are trying to accomplish in the book, which
distinguishes us from other SOA books in the marketplace, is
based on thousands of questions that we’ve
experienced over the decade in hundreds of projects where
we’ve had first-hand roles in as consultants,
architects, and developers.
We provide the audience with a hands-on, prescriptive
understanding of some of the more difficult questions, and not
just have platitudes as answers, but really give the reader an
answer they can act on.
Papows: If we don’t police our
own industry, if we don’t get more serious about
this governance, whether it’s IBM or WebLayers
or some other technological help, we run the risk of seeing the
headlines we’re seeing today become completely
There's an old expression, "Everybody wants governance, but
nobody wants to be governed." We run the risk, and I think
we’ve tripped over it several times, where we
get to the point where developers don’t want to
be slowed down. There is this Big Brother connotation at times to
governance. We’ve got to explore a different
cultural approach to it.
Governance, whether it’s design-time or
run-time, is really about automating and codifying best
practices, and it’s not done generically as was
once taught. It can be, in my experience, very specific. The
things we see Ford Motor Co. doing are very different. They're
germane to their IT culture and organization.
What you need is a way to automate what you are doing, so that
your best practices are enforced. I'd argue that rather than
making distinctions between design and run-time governance,
companies simply, one way or another, need to automate their best
The business mandates of the corporations need to be reflected in
an automated way that makes it manageable across the information
technology life-cycle—or you exist at your own peril.
Listen to the podcast. Find it on
a full transcript or
download a copy.