Trends Aug2007

Trends in IT 2007/2008 Each year The Standish Group determines the Top 10 trends/ issues for CIOs. We start with calls to CIOs and IT executives to compile a list of possible subjects. We then execute our monthly Demand Assessment Requirements Tracking Studies (DARTS). We review the DARTS results and further consider our list. We make some more calls and then we brainstorm. Finally, as we do with all Standish research, we then form our educated opinion. The end result is this report, Trends in IT 2007/2008. The research unveiled in this report is based on our DARTS surveys and other research instruments. All DARTS participants must satisfy a qualification process and join our Standish User Research Forum (SURF). All data and information in this report should be considered Standish opinion, and the reader bears all risk in the use of this opinion. The first trend IT organizations and CIOs are facing is security – protecting the corporation against danger or loss. Trend two is readiness – ensuring that the corporate computing assets are available, and preparations are in place in case of disaster. Trend three is investment – making use of the IT budget in ways that are most beneficial to the business. The fourth trend is compliance – meeting government or industry-mandated regulations, whether they are vertical or horizontal initiatives. Trend five is project management leadership – guarding against CHAOS. Trend six is service delivery – finding the best ways to deliver services to the customer, which may mean augmenting in-house staff with outside resources. Trend seven is optimization (the Holy Grail of IT) - ensuring that the whole organization functions at its highest level of service and productivity. Trend eight is standard infrastructure – driving faster delivery of services through standard components. This leads right into trend nine, service-oriented architecture (SOA) -- loosely coupling software components to avoid dependencies on underlying technology platforms. Trend 10 is green computing – reaching a higher level of social consciousness and responsibility to the environment.

AU G U S T 2 0 0 7

Introduction

Trend 1: Security Trend 2: Readiness Trend 3: Investment Trend 4: Compliance Trend 5: Project Management Leadership Trend 6: Service Delivery Trend 7: Optimization Trend 8: Standard Infrastructure Trend 9: Service Oriented Architecture (SOA) Trend 10: Green Computing A trend is a general direction or movement to new technologies, standards methodologies, processes, and/or performance. Trends result from one or more drivers. A “driver,” the way Standish defines it, could be a government mandate, market-driven events, business fads, a new discovery, or vendor-led initiatives. The Trends in IT 2007/2008 report is based on the DARTS (Demand Assessment Requirements Tracking Studies) and other research instruments. All DARTS participants must satisfy a qualification process and join our Standish User Research Forum (SURF). All data and information in this report should be considered Standish opinion and the reader bears all risk in the use of this opinion.

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.

Trend 1: Security

The Trends in IT 2007/2008

“There is no security on this earth, there is only opportunity.” ~ General Douglas MacArthur IT assets are critical to business success and they must be secured. Assets can be physical, such as servers, PCs, and storage subsystems, or intellectual property, such as customer information, patents, formulations, etc. Intellectual property is, of course, much more essential than the physical assets. One of the major security drivers is the need to maintain critical information electronically, often in multiple physical locations. Another driver is the need to secure information that commonly moves across networks via e-mail, backups, transactions, and other interactions, thus complicating security. In implementing a security policy, organizations must first prioritize the assets’ required security level. They must also determine the current risk exposure for high-priority assets. Then, solutions and processes that reduce the risk should be implemented. The process can be very complex as organizations commonly deploy hundreds of assets.

The latest figures on skills spending make sense when we take into account our further findings showing that most security services are performed by internal personnel (81%). These figures additionally coincide with an industry-wide trend toward skills improvement across several technology areas. Despite the focus on internal staff with respect to security, the outsourcing trend has also affected the security environment Last year’s research results found that 57% of companies outsourced at least some of their security activity (an average 7% of security activity). This year that number has increased to 68%, with the average service usage per company at around 12% of security activity. For those companies that do outsource a portion of their security services, domestic offerings are favored at a ratio of 3:1 over international services. Standish Definition “Security” is the condition of being protected against danger or loss. This means IT assets that are critical to business success, both physical and intellectual property, must be secured. In the general sense, security is a concept similar to safety. IT is generally responsible for preventing breaches of computer security.

Percent of Security Services Performed By… Internal Personnel External Service Provider Software as a Service (SaaS) Provider

81% 17% 2%

None

Less than 10%

10% to 25%

26% to 50%

Over 50%

Domestic

49%

21%

16%

12%

2%

International

84%

7%

6%

4%

0%

Percent of Security Activity Being Outsourced Domestic

AUGUST 2007

About one-third of companies this year plan to increase their investment in security-related services and technologies. The Standish Group’s latest research shows the biggest area of spending is on skills, where 59% will spend heavily to moderately. Services come in at a close second (58%). Fifty-six percent of companies plan to spend heavily to moderately on security-related software, and 43% plan to invest similarly in hardware.

= within your country International = Outside your country

Although these two charts may seem contradictory, they are in actuality very supportive of each other. While 81% of security services are performed by internal personal, more than 50% of the organizations outsource some aspect of security. However, of the 75% of the firms that outsource some security services, more than 75% of that activity is done internally. This is in part due to internal corporate IT staffs handling most of the applications security, while a high degree of WAN management, intrusion detection and firewall security is being outsourced, particularly by those organizations that have many global locations.

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.

Trend 2: Readiness

The Trends in IT 2007/2008

“Doubt is not a pleasant condition, but certainty is absurd.” ~ Voltaire The most challenging transformation taking place during the last few years is the movement to uninterrupted business operations. A large part of the burden in making readiness possible falls on the shoulders of the IT organization. Today’s IT organizations are looking to be more fault-preventive and agile in their responses to problems. Uninterrupted operations means that the organization must always be in a state of readiness in order to deal with a network, application, or infrastructure failure, or a natural or man-made disaster. Most organizations have implemented some level of disaster recovery and high availability for one or more critical applications. The current challenge is to act with an enterprise view. A readiness program is based on a comprehensive approach. When fully implemented, a readiness program covers systems, people, processes, applications, data, and interdependencies. Standish Group research tells us that most IT executives feel fairly confident about their organization’s ability to maintain critical systems for high availability and disaster recovery. Twenty percent of companies categorize themselves as “highly skilled” in this regard, with another 73% considering themselves as skilled to moderately skilled.

Internal Operations

55%

Software as a Service (SaaS) Provider

26%

External Service Provider

13%

Other

5%

When it comes to disaster, the answers were not quite as certain. Over half of our respondents indicted their IT organization is not ready to somewhat ready to deal with incidents of disaster. Numbers are slightly better when it comes to specifics such as networks. In focus groups we often find that for many business executives, disaster considerations only become a priority once a catastrophe has occurred. And at that point, there is typically much head scratching and amazement at how they were not better prepared. Like life insurance, it’s something many would rather not think about, hoping that death, or in this case information disaster, never occurs. Standish Definition “Readiness” programs are based on a comprehensive approach to uninterrupted operations and “never having to never say you’re sorry.” When fully implemented, the program covers systems, people, processes, applications, data, and interdependencies (such as vendors). It is enterprisewide, including not only IT, but also business operations. A readiness program should cover natural disasters, manmade disasters, and run-of-the-mill mishaps and mischief.

AUGUST 2007

Given this, it’s not surprising that 55% of IT executives surveyed rate internal operations as offering the highest level of application availability. We do find, however, that 26% of companies rate Software as a Service (SaaS) providers as offering a higher level of readiness, and 13% give external service providers the crown.

Who Offers the Highest Availability?

Readiness in Case of Disaster

With all the money and effort going into disaster recovery and business continuity planning, you would think that our SURF members would rate themselves highly, but only 7% said their IT organization is extremely ready for a disaster, while 56% said they are not ready to somewhat ready. Couple that with the 45% who think that someone else can provide greater availability. We saw the most dramatic increase in general disaster recovery numbers in 2002/2003. These numbers are steadily increasing each year, but the increase is slower than expected as we move away from the impact of 9/11.

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.

Trend 3: Investments

Currently the vast majority of IT money is going toward maintaining the status quo or legacy systems. This leaves little money to radically change the business of IT. The drivers that will change this are commodity hardware, open source software, and enterprise licenses. It is certain that for the next few years we will see greater virtualization, consolidation, and centralization. Further savings will come from service consolidation and elimination of marginal services. This will free up money for more projects and stakeholder education. However, more focus will be put on the total cost of ownership (TCO), return on investment (ROI), and risk to justify investments. In Maxims for Revolutionists, George Bernard Shaw says of reason: “The reasonable man adapts himself to the World; the unreasonable one persists in trying to adapt the World to himself. Therefore all progress depends on the unreasonable man.”

If prioritization is the key to getting software projects approved, restructuring is the key to increasing capacity. Companies are realizing that the easy solution (throwing more hardware at the problem) is not always the best and certainly not always the most cost-effective way to handle resource needs. Centralizing and restructuring internal IT infrastructures can allow for on-demand capacity for vital applications. Likewise on-demand grid services can offer relief for intermittent processing peaks. Doing more with less and prioritization are essential elements of strong IT investment management going forward. Standish Definition “Investments,” in the context of IT, are the actions of putting resources into solutions to enrich the organization through increased services. IT investment is one of the fundamental decisions of IT management, and it drives most of all other decisions throughout the IT organization. IT is more and more focused on the TCO, ROI, and risk to justify investments versus technology capability.

Have you centralized and restructured your internal IT infrastructure to pool resources so you can offer ondemand capacity for important applications? Yes, and I am glad we did Yes, and I am sorry we did No, but we plan to in the future No plans

28% 7% 22% 43%

Have you ever used an on-demand grid (such as Sun’s or IBM’s) to provide resources for a temporary peak in processing? Yes, and I am satisfied with the service Yes, and I am not satisfied with the service No, but we plan to in the future No plans

AUGUST 2007

When budgets are tight it’s all too easy to get sucked into the assumption that whatever the project may be, it will be faced with an immediate “no.” Yet if the story is good and the return is clear, the funds may just materialize. Standish research shows that if a new project shows a good ROI, 68% of respondents find they can get new funds to support it, 21% can divert funds from other projects to support it, and 2% will cancel other projects to make it happen. Prioritization is not just a buzzword; it’s the new mindset of those in charge of IT investment dollars.

The Trends in IT 2007/2008

“You create your opportunities by asking for them.” ~ Patty Hansen

15% 8% 16% 61%

Thirty-five percent of organizations centralized and restructured their internal IT infrastructure to pool resources to offer on-demand capacity for important applications. Eighty percent of these organizations that centralized and restructured their internal IT infrastructure to pool resources are satisfied with the outcome. The other 20% are sorry they did. On the other hand, only 65% of organizations that use an on-demand grid provider are satisfied. When digging deeper into these results, the majority of the 35% that are not satisfied have issues with costs for on-demand capacity and the training of staff to partition workloads appropriately.

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.

Trend 4: Compliance

While the overarching driver for compliance is government mandates, there are others as well. Standards compliance may be fueled by the company’s desire to work with government agencies, which either require, or look more favorably at, compliant companies. It can also be a credibility positioning tool when competing for funding. Certainly the American Institute of Certified Public Accountants (AICPA) needs to improve its damaged credibility through tough enforcement of compliance rules, leaving little to no wiggle room. And software vendors are adding more and more features to help firms become compliant with various regulations. Many firms have found advantages in complying with new rules, such as improved processes and accountability. This has spread to other firms voluntarily adopting compliance standards. Start-up firms, for example, are looking to be compliant from inception so they do not have to go back and restructure the organization to meet new rules.

Compliance projects sometimes also offer a chance to update aging computer systems (such as the case with Y2K), or to procure additional storage and/or server space (often needed for Sarbanes-Oxley). In 2004, Standish research found that only 22% of those organizations required to be SOX compliance were compliant. That figure is now up to two-thirds and should by close to 85% by the end of the year. Eleven percent of those organizations know they will not pass certification.

Yes, fully Yes, with help from finance No, finance is taking the lead

25% 46% 29%

How much additional storage are you using or will you require for meeting Sarbanes-Oxley compliance? Zero Under 10% 10% to 25% Over 25%

AUGUST 2007

Given that most data is managed electronically, IT is often a driving force toward ensuring that compliance measures are in place. Still, for those IT departments struggling to be recognized as a key asset to business, compliance projects are often viewed grudgingly as something that “must” be done. It’s true that compliance projects may not be an exciting way to show the value of IT, compared with a new business service that increases competitiveness. However, compliance projects can be used to show how vital IT is to the corporation through the many ways financial data retention, collection, integrity, security, and authentication can be automated.

Has your IT organization taken the lead in implementing IT services to meet Sarbanes-Oxley compliance?

The Trends in IT 2007/2008

“...with love and sweet compliance, which declare unfeigned union of mind...” ~ John Milton quotes

21% 52% 24% 3%

Standish Definition “Compliance” generally means federally regulated compliance to government mandated regulations such the Sarbanes-Oxley (SOX) Act or the Health Insurance Portability and Accountability Act (HIPAA). IT is then responsible for building systems to ensure that employees and other people or organizations comply with the current relevant laws and regulations. There are typically other compliance needs for organizations as well, such as state, local, and industry rules and regulations.

The top chart shows that in 71% of the organizations, IT will be leading or co-leading the effort to implement and maintain compliance. Certainly IT is in the best position within most organizations to provide this leadership. Twenty-nine percent of the organizations claim finance will lead. This is like having the “fox” guard the “hen house.” IT is in the best position to be the guardian of financial information, which is what SOX is all about. The IT organization holds the keys to process change, application and network security, and financial transactions.

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.

Trend 5: Project Management Leadership

The main driver for project management leadership comes from project failure. This has caused more and more organizations to require Project Management Institute (PMI) certification to manage projects. Project Management Offices (PMOs) are becoming more the norm than the exception. There is a growing conflict between PM processes and agile processes, however. These trends will converge around a process to manage agile projects. The big PM trend over the next few years will be the education of the non-PM people within an organization to understand the role of the project manager and to improve the overall project management ecosystem and management of project portfolios. Standish Group research tells us that 84% of project management services are performed using internal personnel. Organizations often may struggle to train and then retain effective PMs. The most common troubles are in the areas of team building, detailed tracking, and interpersonal communications. Areas that cause the most pain have to do with thorough leadership, project ownership, and PMI certification.

Under 3 3 to 6 Over 6

48% 45% 7%

We know from our CHAOS research that sometimes a really good project manager can save even a really bad project. The number of companies requiring PMI certification or the equivalent has steadily been on the rise in recent years. Standish DARTS data shows us that while in 2004 only 16% required such certification, in 2006 that number had risen to 29%! Standish Definition “Project management leadership” goes well beyond the basic project management skills as outlined in the PMI’s PMBOK. The entry fee for project management leadership is qualified PMPs (Project Management Professional). Organizations that want to be leaders in the profession of project management invest corporate resources in education, training, research, and development. Project management leadership advances the profession and creates an environment where such expertise is recognized, valued, and rewarded. Project management leadership requires the knowledge to communicate bad news along with good, and the sense to know when a project should be killed.

AUGUST 2007

With the drive toward more agile methods of project management, those organizations that are moving in this direction face the additional problem of retraining experienced PMs toward a more flexible and less structured approach then they may be used to. A wise person once said, “Weeks of programming can save hours of planning.” Being agile doesn’t mean throwing out all the hard lessons learned about proper planning and the rewards of sound project management principles, but it does mean applying them in different ways.

Optimal number of simultaneous projects that one project manager can handle:

The Trends in IT 2007/2008

“The key to being a good manager is keeping the people who hate me away from those who are still undecided.” ~ Casey Stengel

Percent of companies requiring PMs to have PMI certification or equivalent.

Our respondents were almost evenly split regarding the number of projects a project manager can support: 48% said fewer than three, while the rest said three or more. Correlation of this data shows that those who said fewer than three tend to have larger projects and more failures and overruns. Those who said over six have very small projects and enjoy greater success. We also find that those firms that require PMP certification have a 12% greater success rate. However, even a great PM can fail without executive sponsorship and backing, proper resources, and good user participation.

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.

Trend 6: Service Delivery

The options for delivery keep expanding. If you live in San Jose, you might think the only method is SaaS, but there is much more. However, when we asked SURF members “What percent of your strategic business applications are managed by an SaaS provider?” The response in 2006 was 8%, but in 2007 it when down to 6%. Internal services are the preferred method for most organizations, but most of these organizations do hire out some portion of their IT services. Many have contractors who write code. Others have consultants who do requirements or specialized implementations. And still growing rapidly are Third World outsourcing organizations in India, China, and Eastern Europe. Basically, no one does it alone any longer. Rather, the question is, just how much do you hire out versus do yourself? This trend is a seesaw; and our upcoming in-depth report on service delivery covers this phenomenon at length. Percent of your staff reduced due to outsourcing: None Less than 10% 10% to 25% Over 25%

47% 37% 12% 5%

Limitations in resources, funds, skills, and time all drive companies to seek the unlimited availability of outsource services available in the market today. When companies face the choice of hiring and training new staff or diverting existing overworked staff, or sending work outside the company to be done on their behalf, the attraction is clear. Still, outsourcing is not a panacea. Domestically, issues regarding project management style differences, requirements and design communication, and cultural barriers can all come into play. When working with international resources these issues can be compounded by language barriers, security concerns, and quality control. Organizations must carefully weight the risks versus rewards, have a clear plan for concise communication and, of course, realize that some trial and error can make all the difference. Standish Definition “Service Delivery” is the use of different delivery methods from various organizations bundled into relevant groups for the convenience of customers and stakeholders. These methods may be internal services, SaaS, outsourcing, contracting, and consulting. Services may be performed in a combination of different methods or a single delivery method.

AUGUST 2007

Using our latest research findings, The Standish Group estimates that, on average, 12% of an IT budget is spent on outsourcing domestically and another 5% on outsourcing internationally. The money is being spent, on average, to outsource 11% of overall IT activity to domestic resources and another 6% to international resources.

The Trends in IT 2007/2008

“A man cannot be comfortable without his own approval.” ~ Mark Twain

Percent of savings from overall IT budget by using outsourcing: None Less than 10% 10% to 20% Over 20%

27% 36% 30% 6%

Fifty-four percent of organizations that outsourced saw some reduction in headcount. However, for 69% of these organizations it was less than 10%. Overall the IT budget faired much better, with 73% of organizations saving money through outsourcing. Further, 50% of the organizations have a greater than 10% savings over the entire IT budget.

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.

Trend 7: Optimization

The goal is to provide the best value for the highest level of service and function. IT optimization comprises procedures used to make these systems, applications, processes, and people as effective and functional as possible, at the best possible value, with the least possible risk. Optimization combines maximizing service-level agreements (SLAs) and generally increasing the value of IT. Today, IT organizations are trying to optimize their server utilization through virtualization, using specialized services, and taking a hard look at project requirements. In our June research report, Trends in Optimization, we identified 10 drivers in the optimization process. A complete overall optimization approach may comprise several different methods, and brings with it a mindset to view opportunities across the breadth of IT. This may include server and application consolidation, the reduction of underutilized resources, project prioritization, and the use of outside resources.

What percent of your budget has increased to deploy optimization tools? Under 10% 10% to 15% Over 15% No Increase

50% 13% 10% 27%

The consequences of performance problems can vary. In general, when application performance degrades, employee productivity and/or customer satisfaction suffer, affecting the bottom line. Further, when performance is poorly managed, organizations are not well po¬sitioned to deal with rising demand (volume). Therefore, performance management is important for improving system resource efficiencies, maintaining quality of service (QoS), meeting SLAs, and aligning resources with business priorities. Companies are realizing that fostering a mindset toward optimization often requires a bit of encouragement. In 2006 Standish research found that 10% of companies tied staff performance evaluations and salary increases to the continual optimization of applications and infrastructure. In 2007 this number rose just to 26%. Standish Definition “Optimization” is a complete approach that, when fully implemented, covers systems, people, processes, applications, and data – in other words, the whole IT organization. IT optimization comprises procedures used to make systems, applications, processes, and people as effective and functional as possible, at the best possible value with the least possible risk.

AUGUST 2007

The number of servers, databases, applications, and networks that IT organizations deploy has been growing. Further, application complex¬ity has increased with parallel, multitier, and heterogeneous platform implementations. Moreover, organizations are expected to deliver more, with decreased budgets. As a result, more and more applica¬tions experience degraded performance on a regular basis.

The Trends in IT 2007/2008

“He who will not economize will have to agonize.” ~ Confucius

What percent of your budget has or will decrease by deploying optimization tools? Under 10% 10% to 15% Over 15% No Decrease

30% 11% 7% 52%

Considering these numbers, we estimate that it is costing organizations 5% of their budgets to deploy optimization tools, while they are only saving 3%. This equates to a negative 2%. Optimization tools and their uses will need to improve quickly for this trend to continue. If there is no improvement, IT budgets will begin to suffer as organizations purchase and implement more of these tools.

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.

Trend 8: Standard Infrastructure

The Trends in IT 2007/2008

“The true mystery of the world is the visible, not the invisible.” ~ Oscar Wilde Here the standardization process is around more commoditization and enterprise software licenses. Drivers in this trend include new applications, application migration, application consolidation, and technology leadership. There is a big push to adopt more open source software and reduce the number of vendors. Voice over IP (VoIP) can help consolidate and lower the cost of communications while further reducing the number of vendors. Then there are the big three: virtualization, consolidation, and centralization. More and more organizations are looking to decrease the operating costs and staff supporting the infrastructure. However, the largest benefit to a standard infrastructure is the reduction in project effort and the ability to do micro projects and adopt SOAs. The move toward a standard infrastructure is by no means new. The Standish Group has been touting the benefits of this approach for many years. Cost, time, and resource savings are all driving forces toward standardization, as is decreased risk. When it comes to software, the problem for many companies is that with the industry “standards” changing all the time IT executives can feel like greyhounds chasing the tasty looking white rabbit.

Highly Skilled Skilled Moderately Skilled Poorly Skilled

19% 42% 24% 14%

Building on top of a standard infrastructure with open source components and taking advantage of outsourcing makes the process of delivering new applications faster and less painful than ever before. Doing less really is more. The latest Standish Group research indicates that, on average, 18% of software, including server applications and infrastructure, desktop applications and infrastructure, and networks and database infrastructure, will be open source by the end of 2007. This shows a 2% increase over the previous year and indicates a rising trend. Standish Definition “Standard infrastructure” means having the same set of IT components throughout the organization. You may have multiple sets of different types of activities, but they are generally vertically specified. The vertically specified components will include such products as server platform, database, and middleware. There are also horizontal standard infrastructure components such as management systems, storage solutions, and network appliances.

AUGUST 2007

Open up the covers of many of the “new” standards approaches, however, and the contents may look very familiar. You can change the name, and put a fancy collar and a hat on the rabbit, but the rabbit is still a rabbit underneath it all. Most of today’s products marketed as SOA servers are built on the standard middleware products of yesteryear. Those organizations that went through the process of building up a standard software infrastructure years ago can therefore more easily adapt to new standards-based products as they arrive to appreciate new benefits.

Standard Software Infrastructure

Open Source Focus Highly Skilled Skilled Moderately Skilled Poorly Skilled

2% 23% 36% 39%

The top chart shows the SURF members response to the question “How would you rate your organization’s ability to maintain a standard software infrastructure?” The bottom chart shows the response to “How would you rate your organization’s ability to focus on maintaining open source standards?”

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.

Trend 9: Service-Oriented Architecture (SOA)

The Trends in IT 2007/2008

“We are what we repeatedly do.”

~ Aristotle

IT is under enormous pressure to deliver business solutions faster and faster. That, in a nutshell, is the main driver for SOA. Not having to create and recreate the same code over and over again speeds up delivery. The other driver is the ability to take advantage of the existing applications and services that traditionally have been stovepiped by cutting across these applications and services through the use of SOA. SOA is all about velocity. Many vendors, including BEA, HP, IBM, Oracle, and Sun, are pushing SOA to sell more software, hardware, and professional services. Ask 10 IT users what the definition of SOA is and you are likely to get 10 different answers. Ask 10 industry vendors what the definition of SOA is and you might get twice that many answers. One thing that we can all agree upon (we think) is that SOA is an architecture that supports the invocation of services through automated logic. Like all good software infrastructure designs, the goal is a loose coupling of logic to avoid dependencies on underlying technology platform variances.

Being a good software infrastructure design approach, SOA promotes reuse through a high level of abstraction. Business requirements can be met by combining services without the need to know (or care) about what technology is underneath. If that sounds eerily familiar, it should. Many modern infrastructure design models had/have similar goals. DNA, CORBA, .NET, and EJB all promised many of the same benefits, which they all can deliver. SOA, however, is one layer higher of abstraction – in an SOA model a .NET application and an EJB application can join together as web services. Imagine service invocation across companies for chain management without security concerns; imagine merged companies being able to share applications written to different infrastructure standards through web services, etc. The rabbit just got a fancy gold chain around its neck. Standish Definition “SOA” is a business strategy to achieve business agility through the ability to recognize, precisely document, store, categorize, discover, and increase the efficiency of the organization’s business processes. SOA depends on business process management and modeling. SOA is not a technology, it is not a service bus, it is not the new “object technology” – though software can help implement the strategy. Done right, SOA can achieve efficiencies both within organizations and across enterprise lines.

No Savings – more expensive Savings under 10% Savings from 11% to 30% Savings over 30%

12% 51% 32% 5%

AUGUST 2007

In general terms, the SOA design model is about creating applications through combining services. Services know how to interoperate with each other through the use of an interface definition language (like WSDL) that is independent of development platforms, standards, or language specifics.

SOA Savings 2007

SOA Savings 2006 No Savings – more expensive Savings under 10% Savings from 11% to 30% Savings over 30%

23% 34% 36% 7%

According to DARTS, only 6% of organizations implement SOA for operational cost savings. The major motivation is either an integration solution for disparate applications or an increased responsiveness to business requirements. A little less than 20% said it was for faster development. However, looking at the data from 2006 and 2007, we see a marked increase in organizations claiming a savings.

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.

Trend 10: Going Green

The Trends in IT 2007/2008

“It’s not enough that we do our best; sometimes we have to do what’s required.” ~ Sir Winston Churchill Reducing power consumption is high on the list of concerns for IT executives. Right now it is more of a budget issue than an environmental one, but to quote former United States Secretary of the Interior Bruce Babbitt, “We’ve proven that you can protect the environment, use it wisely, and grow the economy, and that there is no conflict between the two.” Very few CIOs today have “going green” as a top priority, but we think this will change as both economics and saving the planet converge. Look for more and more IT organizations to have a formal green plan for using fewer resources and to recycle more. Living green and computing may not seem synonymous, but the evolution toward greener computing is here. Enviro-computing is about using computing resources more efficiently and, when feasible, making use of more environmentally friendly products. Leading technology vendors such as IBM and HP already have green initiatives and policies in place and are now expanding them. Major vendors are offering credits on new purchases when trading in old equipment, and new boutique “green” vendors are starting to sprout up offering refurbished pre-owned (read as recycled) products.

Government agencies are encouraging green computing through incentives as well as standards and regulations. In the United States, the Federal Electronics Challenge (FEC) is a voluntary program to encourage federal agencies to purchase green electronic products, reduce the impact of said products during use, and dispose of used products in a responsible way. And President Bush earlier this year signed an executive order requiring the use of products that meet EPEAT (Electronic Product Environment Assessment Tool) standards for 95% of purchases. The United Kingdom this year took a step toward recycling with the Waste Electrical and Electronic Equipment (WEEE) directive, which brings new legal requirements to minimize the impact of electrical products on the environment. The move will affect IT product vendors and their business customers by enforcing vendors to be responsible for the collection, treatment, and recovery of electric and equipment waste.

Domestic Outsourcing None Less than 10% 10% to 25% Over 25%

21% 47% 23% 10%

AUGUST 2007

Standish research shows that for a typical corporation, commodity hardware products such as laptops, desktops, printers, servers, etc., have a shelf life of about three years (and less). This high turnover of equipment results in countless tons of hazardous waste every year. When it comes to power usage, IT is a leading power user and the electric bills prove the point. Higher electric prices coupled with increased awareness about environmental issues and the marketability of greater corporate awareness have many companies evaluating their options for going green.

International Outsourcing None Less than 10% 10% to 25% Over 25%

56% 21% 16% 6%

Standish Definition “Green computing” or ”enviro-computing” is making environmentally responsible decisions when it comes to the purchase, use, and disposal of electronic equipment. The goal is reduce the use of energy, encourage the purchase of products that adhere to environmental standards, and promote Earth-conscious initiatives throughout the corporation. But going green isn’t just about adhering to government regulations (although that may become part of it). It’s also about promoting the protection of the environment through multiple means.

One way of going green is to outsource the function. We asked SURF members, “Please estimate what percent of your overall IT activity is being outsourced?” (Domestic = within your country. International = outside your country.) As initiatives to go green increase, we will see a metamorphosis of how outsourcing and SaaS will impact IT organizations. This may not affect personnel, but it will certainly affect where and how hardware and applications are deployed.

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.

The Trends in IT 2007/2008 report is based on the DARTS (Demand Assessment Requirements Tracking Studies) and other research instruments. All DARTS participants must satisfy a qualification process and join our Standish User Research Forum (SURF). All data and information in this report should be considered Standish opinion and the reader bears all risk in the use of this opinion. Future reports include: Trends in Service Delivery, Trends in Health Care and Life Sciences, Trends in Readiness, Trends in ECO-IT, and Trends in Service-Oriented Architecture. Current reports include Trends in Optimization and Trends in SOX Compliance.

Summary The Standish 2007 Top 10 Trends in IT are indicators of change that is taking place. Trend one is security. Protecting the corporation against danger or loss is critical in this global environment, where businesses are interacting with each other and opening portals into each other’s networks for sharing of information. The second trend, readiness, is about ensuring that the corporate computing assets are available and preparations are in place in case of disaster. Let’s not forget lessons learned from 9/11, and the consequences of having an entire company on one floor. The third trend, investment, involves making use of the IT budget in ways that are most beneficial to the business. More than ever before, IT must provide value and spend its dollars wisely to be able to support the users’ demands to do more for less. Trend four, compliance, is a cousin of security. Governing agencies, from local, state, and federal governments, to vertical industry groups, make rules of engagement that organization must adhere to. Trend five, project management leadership, helps guard against CHAOS. CHAOS exists; it is real. You must have good to great project management (and managers) to succeed and compete in today’s global economy. Trend six, service delivery, involves finding the best ways to deliver services to the customer. This may mean augmenting inhouse staff with outside resources. It is important to create a balance of in-house and outside resources to have the right skills in the right place at the right time. Trend seven, optimization, is the Holy Grail of IT. It ensures that the whole organization functions at its highest level of service and productivity. Mediocrity does not exist in today’s IT world. Efficient IT operations are paramount to being competitive and successful. Trend eight is standard Infrastructure, which can drive faster delivery of services. It allows for providing more for less. Commodity hardware and virtualization require less training to understand the spider’s web of mixing and matching technology. Trend nine, service-oriented architecture, is being used heavily by vendors like HP, IBM, and Sybase for the development of their own products. SOA enables developers to get products to the customer faster. However, IT organizations are not sure what it will do for them, so they are adopting it slowly. This will be a game of wait and see. Trend 10, green computing, will be moving up the priority ladder over the next few years. It is hard to measure what the impact of green computing will be. Here’s what we do know: It will reduce IT budget facility allocations. It will reduce floor space. It will reduce energy consumption. It will lesson our dependency on oil. Standish will be questioning, monitoring, and reporting on this trend in the IT community as we go forward.

The Standish Group International, Inc. 60 State Street, Suite 700 Boston, MA 02109 www.standishgroup.com

The Trends in IT 2007/2008

Copyright © 2007 The Trends in IT 2007/2008 Report is protected by copyright and is the sole property of The Standish Group International, Incorporated. It may not under any circumstances be retransmitted in any form, repackaged in any way, or resold through any media. All rights reserved.