Translation
Spanish version
Spanish version
French version
German version
Italian version
Korean version
Japanese version
Chinese version
Second Life Anonymous: Sponsored Advert
Dutch version
Arabic version
Greek version
Texas version
Russian version
Norwegian version

ALL Site Visitors

IT Users

IT Companies

IT Analysts

Journalists & Press

Investors & VCs

Recent Posts

Popular (Recent)

Popular (All Time)

Should Enterprises Use Mashups?

July 24th, 2008 robinbloor Leave a comment Go to comments

It isn’t a fair question really, because some developers or IT users within enterprises surely will use mashups for the same reasons that men climb mountains, because they’re there. And by the way I’m not just thinking here of mashups in the strict definition of the idea – a module of code that joins and combines other capabilities of other pieces of code – I’m talking about external software components and plugins of all varieties. If you’re interested in a complete list of all the possibilities read The Mashup Landscape: 7 Kinds of Component, but to summarize, I’m taking about mashups, plugins, downloadable goodies and free services

The real question is “what can we do to control this?”

There are two different situations:

  1. You use some source code provided free out there on the web, probably under an Open Source license of some kind.
  2. You simply link to an executable or, possibly, download it and install it on some computer.

In the first situation the downloaded code will (or should) go through all the proper governance procedures, including quality control, eventually emerging with some IT Department “seal of approval”. The main worry then is whether you have the legal right to use the code. There’s no easy way to be sure of this without using an automated capability – from one of the 3 vendors; Black Duck, Protecode or Palamida who operate in this area. There are postings on Black Duck and Protecode.

Basically, such software identifies the origin of source code and from that you can determine exactly which license you need to obey and whether you can obey it, given what you intend to do with the software. You can ignore the problem if you like, but it’s probably not a good idea. In this area, “laissez faire” is a difficult policy to defend to auditors.

The second situation is far more complex because you are either using a service or implementing an executable, with no means of examining source code. For the sake of simplicity, in what follows, I’ll deal assume you’re using an external service, as it also covers all the points you need to worry about in using a downloaded executable. Here are the issues:

  • Availability: How available will the service actually be? Free services make no promises and their availability really is variable. Even if the service is not “mission critical” in the way that the company intends to use it, you need to assign a service level and include actuall availability in it. After that you can monitor it to see if it meets the targets.
  • Performance: Will it perform? The same approach naturally applies to performance. All you can do is set a service level and measure it. It is particularly important that you do monitor performance because web traffic loads can be so variable. Note that if you had contracted for a service and paid real money, this is exactly what you’d do anyway.
  • Failover: What happens if the service disappears? Then its game over, of course. So you also need to ascertain that the service/web site is popular enough to have longevity or that there are other alternatives if it disappears. Consider for example, FedEx, UPS, DHL. Imagine you use them all through the web. If one fails completely, you’d continue, because you use them all. Failover is built in. Many free services also have alternatives like that.
  • Operational Support: What about Backup and recovery? Again, free services promise nothing. Failover is a nice idea, but you also need to think in terms of backup and recovery. Maybe the service has your data, in which case you better take care of backing that up yourself – along with the metadata so you can use it elsewhere if need be. Maybe you also need to keep control of the transaction situation i.e. which transactions have been processed and which not, at any prticular point in time. Without doing that you wont know exactly what you lost in the event of a ‘disaster’ and you wont recover properly.
  • Security: How do you know the software is secure? You don’t and you never will. The only way to deal with this is to put a ring fence around the service and never pass any data through it that needs to be secure or private. If you can’t do that, don’t use the service (or software component).
  • Software Support: How will you get software support? You wont get any beyond what the software author (or authoring company) tries to provide through web-based support forums. If you want changes to the software then either dream on or engage directly with the author. If the software is important enough, to you, then paying for support makes eminent sense. In any event there needs to be an IT policy that relates again to service levels. Such a polcuy needs to state exactly what software support criteria need to be met.

For the sake of good governance, imho, a business should formulate its policy clearly here and let everyone know that there are very definite rules to using mashups, plugins, downloadable goodies and free services. As long as everyone understands that, then there’s no reason not to take advantage of what the web now offers in abundance.

Categories: Commentary Tags: , , , , , , , , , , Subscribe to RSS feed
  1. No comments yet.
  1. No trackbacks yet.