The Bloor Perpsective: Shell goes ASP, Compaq faces services challenge, passwords for the people

Shell is a clever company, one that has generally had a good reputation for how it uses and manages its IT. Its latest move is just one more step in that direction.

The company last week stated that it proposes to use the ASP model in-house.

The frequent predictions of success for the ASP model all seem to have fallen on their face.

Two supposedly key selling points of the ASP model have always been at issue. The first is the idea that software would come cheaper that way and the second is that applications would be hassle-free. I couldn't believe that either of these propositions would be true, except in very exceptional cases.

The cost argument fell down, for me, in its reliance on software being cheaper to use through the ASP route. If software was to become cheaper per use, it would need to find large numbers of new uses or users to achieve the same or greater revenues.

The hassle-free proposition suffers from similar problems of fantasy. It has implications for software design and implementation and for excellence in support. Design and implementation are unaffected by the ASP model. But, if ASPs are to provide excellence in support, they will have to make this cost explicit, since they will have to recover it; and making it explicit makes it unacceptable to most users.

If, however, the ASP model is brought in-house, these issues disappear. You have the same situation as with software provided the conventional way by an in-house IT Department and subject to service level agreements between users and the IT Department. That is to say, you have more or less the same situation, because there are also some advantages.

The germ of truth in ASP viability, but not one promoted as it didn't affect potential customers, is that there are some efficiencies and economies of scale to be gained at the supplier end. These were never looked at enough to sustain an ASP business but would be useful gains for an in-house IT Department.
In essence, the gains come through increased consolidation and centralisation of IT. But, in business circles, centralisation is a highly political and often dirty word. Call it bringing the brand new and exciting ASP model in-house, however, and there's a good chance business units will happily accept it as a move from Head Office to modernise itself (and about time too!).

Will Compaq makes services work?

For some time now, much of the innovation in the IT market has been about managed services. The latest offering is Compaq's 'Computing on Demand'. Can we create better enterprise IT capabilities by deploying services rather than products?

Hosted solutions are typically being operated from purpose-built centres that boast strong physical security, defences against natural hazards such as fire, diverse routing of communications facilities and almost unlimited backup for power supplies.

Given the high cost of such facilities, systems are packed in as tightly as possible. Vendors such as Compaq have found a growing market for servers that will fit in 1U of rack space or even less. The recent launch of Oracle 9i had obvious appeal in this market by virtue of its ability to run across several servers. This lends itself to implementation on standard servers that can be multiplied in number rather than being scaled up.

If we continue with the example of databases, a provider running many Oracle databases spread across numerous standard servers should be able to deploy Oracle skills to better effect than most organisations.

There is also the difficult issue of the track record of many of the large service organisations. Internet service providers have generally acquired a poor reputation. While all the theoretical benefits of specialisation should apply, too often it has seemed that complex support services do have single points of failure.

Compaq's latest offering is led by the company's services organisation, although the aim is clearly to pull through equipment sales. Compaq must have looked carefully at the finances, because on the face of it the company is made more vulnerable by giving the customer flexibility to increase or decrease computer facilities.

It must be right for enterprises to look for ways to buy IT at higher levels than basic hardware, to concentrate on buying the services that are needed. The ingenuity that differentiates the organisation needs to be at a higher level than database administration. Yet until service organisations can demonstrate a better record of delivering on service level agreements, it will be wise to listen to the pessimists.

Password palaver

People choose awful passwords when looked at with "security" in mind. A recent survey on user selection of passwords by CentralNic, a UK based registry for eu.com and us.com domain names, produced worryingly familiar results.

The findings indicated that some 47 per cent of respondents used either their own name or a nickname with a further thirty-two per cent picking the name of either a celebrity or their favourite football team. While these options are marginally better than the equally traditional "password" or "nothing" alternatives, it is disturbing that nearly four people out of every five use such easily broken passwords.

These results indicate that many organisations have still to get the notion of security really understood by their staff. Alternatively they may lack either the processes or the will to enforce adherence to adequate password standards. Is there an answer?

Handing out assigned passwords offers little assistance, as users tend to write them down on post-it notes stuck to the side of the screen. Unfortunately, the solution has not changed over the past ten years. New technologies will arrive to strengthen security, but it will not be widely deployed for some time yet. Even when biometric verification and authentication systems are commonplace, we will not be able to rely exclusively on technology. We will do well to remember that people and processes lie at the heart of all systems.