Monday, February 02, 2015

If You Want It, Here It Is

If you want it
Here it is, come and get it
Mmmm, make your mind up fast
If you want it
Anytime, I can give it
But you better hurry
Cause it may not last
    - From "Come And Get It", written by Sir Paul McCartney and originally recorded by Badfinger

I'm watching changes in the SaaS world...some people are keeping up with the changes, and some people are not.  The approach is selling SaaS subscriptions is an area that stands out in my mind where the market players have not all quite wrapped their brains around a new reality.

In the old days of selling on-premise applications (also lovingly referred to now as "fat apps"), the initial sale was the key battleground between applications vendors in their quest for customers.  That's because switching on-premise apps was hard.  Ask anyone switching from Oracle to SAP for enterprise apps...a very tough, very expensive, and very long process.

In the SaaS world, switching is quicker, easier, and much less expensive.  No technology footprint to switch out.  Get my data from the current SaaS vendor, map and convert to the new SaaS applications, train my workforce, cut off the old SaaS vendor, start paying the new SaaS vendor.  While it's still not a small undertaking, it's a comparative drop in the bucket.

Oh, what about hybrid platforms?  Still easier to switch out the SaaS portion of your system.  And so far as integrations:  well, the commonly used integrations are fast becoming commodities.  That's what Cloud Integration platforms from providers like Oracle, Sierra-Cedar (yeah, that was a plug - pretty slick the way I slipped it in there, huh?), Boomi, Workday, etc...providing highly-reused application integrations as a managed cloud service.

So what does this mean?  It means that as SaaS becomes more prevalent in the enterprise applications world, it won't be about making the deal as much as it will be about keeping the customer while concurrently enticing other players customers to switch while concurrently hunting for customers just entering the enterprise applications customer space.  In other words, we'll soon see huge churning of accounts from Brand X to Brand Y.  And we'll also see vendors attempting to protect their own patch of accounts.  And, at the same time, we'll see more offerings geared toward the SMB space...because that's where the net new growth opportunities will exist.

We're entering a great time for buyers...vendor lock-in in the enterprise apps market will become a less predominant factor.  And, frankly, vendors will be treat each customer like the "belle of the ball".

Watch for SaaS vendors to begin singing Sir Paul's tune:  "If you want it, here it is..." - on very customer-favorable terms.

Wednesday, January 21, 2015

Patch Now!

So two guys walk into a bar.  They're both talking like pirates and dressed like pirates.  The bartender asks...




No, wait, that's not the kind of patch we're talking about today.  Sorry, folks.  We're talking about a patch for your software...a fix or an update for software you already have in place.  Did you know Oracle puts out Critical Patch Updates ("CPU"s) for all their project on a regular basis?  You can read about Oracle's CPUs here.  Clicking on the link for any CPU listed will give you more information about the contents of that patch.

Now there's one important point you need to know.  It's that word "Critical" that Oracle uses in the term "Critical Patch Update".  Folks, when Oracle says "Critical", they're not kidding around.  Both important and urgent.  Security improvements, bug fixes, compatibility upgrades, new functionality...any and all can show up in a CPU.  So, in terms of applying patches, time is of the essence.  This is especially true with security fixes.  Note Oracle's language on the subject:

Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.

Just yesterday, we saw a timely example demonstrating the urgency of applying a CPU as soon as it is released.  David Litchfield (@dlitchfield) is a pretty brilliant security researcher when he's not taking pictures of sharks.  He recently spotted a pretty significant security hole in the Oracle database.  Requires certain circumstances and certain versions of the database, but it's still pretty significant.  So...David turned his find into Oracle.  The fix was issued in the Oracle CPU released yesterday, January 20.  You can read David's analysis of his find and the fix, along with the 160+ other security patches in this latest CPU, here.  A great perspective in addition to the description Oracle provides.

Now, y'all have read or heard me say in the past that I consider the Oracle database to be the most rock-solid, reliable database available.  Period.  This recent incident does not change my opinion on that one iota.  At the same time, it reinforces my opinion that software is complex stuff that requires continual improvement...this is just another example of that.  In order to use the stuff, you have to stay current...at least on the CPUs.

If you use an Oracle database, you really should apply this CPU.  Like now.  Same rule applies to all Oracle CPUs. Patch now!

Monday, January 19, 2015

Enterprise Apps on SaaS

It's really, really early on a Monday morning as I write this:  "zero dark-thirty".  Some ideas just refuse to allow sleep until you share them.  So, while shivering in the pre-dawn cold, I offer the following for your consideration...

Picture if you will, just for a moment, the idea that your enterprise applications system is like an iceberg.  There are the system costs that you can see.  Then there are the costs below the water line, those that you can't quite see.  Well, at least those nobody talks about when selling you an enterprise system.

Hanging with the iceberg simile, this is your IT system:


This is your enterprise applications system on SaaS:


Any questions?


Sunday, January 11, 2015

Resilience

re·sil·ience
rəˈzilyəns/
noun
noun: resilience; plural noun: resiliences
  1. 1
    the ability of a substance or object to spring back into shape; elasticity.
    "nylon is excellent in wearability and resilience"
  2. 2
    the capacity to recover quickly from difficulties; toughness.
    "the often remarkable resilience of so many British institutions"

My parents were children of the Great Depression here in the U.S.  The experience influenced how they approached their lives - stability over all else.  Even though they never quite realized the goal of stability, it is still one of the characteristics passed down by their generation to those that followed.  That's why society tends to idolize successful risk takers; they broke the self-imposed limitations that come from the focus on stability.

My own experience in working with NASA taught me that stability is not the key to preserving the viability of any system.  The key is resilience.  With all the hooey happening recently both in the IT world and in real life, I thought the idea of resilience might be worth a brief post here.

Let's consider a very narrowly-focused, basic statistic.  The U.S. Navy is the target of, on average, 30 cyber-attacks every second - every minute, every hour, every day over the course of a year.  That's over 1 billion attacks in a 12-month period.  Common sense alone says they can't stop them all.  Some attacks succeed, some data is lost, some damage is done.  Stability can't be preserved.  So, for the U.S. Navy, the focus is on system resilience.

Resilience in IT systems essentially embraces the following idea:  bad things will eventually happen to your system, and you can't prevent it.  Make every effort to defend against hackers.  Build earthquake-ready systems to house your data center.  Keep your patches and maintenance up to date.  In my little corner of NASA, we used a floating iceberg analogy and referred to this as the "above-the-waterline" stuff...things we could see or foresee.  

But it's the things below the waterline that hold the most risk: a new hacking approach, a natural disaster of massive proportions, a unique anomaly, etc.  To address these risks, you design system architectures that can bounce back quickly from attacks and damage.  

So it's not a matter of preventing all the bad things from happening (you can't), its a matter of how quickly your system can adapt and bounce back from the bad things that happen.

Then following is a direct quote from the Rockefeller Foundation's work on resilience:

Resilient systems, organizations, or individuals possess five characteristics in good times and in times of stress. They are:
  • Aware. Awareness means knowing what your strengths and assets are, what liabilities and vulnerabilities you have, and what threats and risks you face. Being aware is not a static condition; it’s the ability to constantly assess, take in new information, reassess and adjust your understanding of the most critical and relevant strengths and weaknesses and other factors on the fly. This requires methods of sensing and information-gathering, including robust feedback loops, such as community meetings or monitoring systems for a global telecommunications network.
  • Diverse. Diversity implies that a person or system has a surplus of capacity such that it can successfully operate under a diverse set of circumstances, beyond what is needed for every-day functioning or relying on only one element for a given purpose. Diversity includes redundancy, alternatives, and back-ups, so it can call up reserves during a disruption or switch over to an alternative functioning mode. Being diverse also means that the system possesses or can draw upon a range of capabilities, information sources, technical elements, people or groups. 
  • Self-Regulating. This means elements within a system behave and interact in such a way as to continue functioning to the system’s purpose, which means it can deal with anomalous situations and interferences without extreme malfunction, catastrophic collapse, or cascading disruptions. This is sometimes called “islanding” or “de-networking”—a kind of failing safely that ensures failure is discrete and contained. A self-regulating system is more likely to withstand a disruption, less likely to exacerbate the effects of a crisis if it fails, and is more likely to return to function (or be replaced) more quickly once the crisis has passed.
  • Integrated. Being integrated means that individuals, groups, organizations and other entities have the ability to bring together disparate thoughts and elements into cohesive solutions and actions. Integration involves the sharing of information across entities, the collaborative development of ideas and solutions, and transparent communication with people and entities that are involved or affected. It also refers to the coordination of people groups and activities. Again, this requires the presence of feedback loops.
  • Adaptive. The final defining characteristic of resilience is being adaptive: the capacity to adjust to changing circumstances during a disruption by developing new plans, taking new actions, or modifying behaviors so that you are better able to withstand and recover from a disruption, particularly when it is not possible or wise to go back to the way things were before. Adaptability also suggests flexibility, the ability to apply existing resources to new purposes or for one thing to take on multiple roles.
Resilience is all about making systems and the components of those systems stronger:  hardware, software, people, communities, etc.

From an IT perspective, the next time you design a solution or a system, stop and think about how your solution or system could be designed for greater resilience.  You'd be amazed how simple and inexpensive it can be once you invest a little brain power.

And what I just wrote about the IT perspective?  It applies to real life situations too.  How's that for a pearl of wisdom?

Your thoughts?  Love to hear 'em!  Comments...

Monday, January 05, 2015

Plus ça change, plus c’est la même chose

plus ça change, plus c’est la même chose.
        -- Jean-Baptiste Alphonse Karr,  Les Guêpes, January 1849 volume

Translation:  the more things change, the more they stay the same.

------------------------------------------------------------------------------------------------------

It's been an interesting first year with Io Consulting...uh, I mean Sierra Cedar, Inc.  I've had the opportunity to dig deep into the unique Higher Education marketplace, and to help spread the message about Oracle's Cloud Application Services within that marketplace.

For me personally, it's been a great learning experience as I've tuned in to the typical conversation patterns.  Conversation patterns?  Let me play out a few scenarios to explain what I mean.

Scenario 1

Higher Education Institution:  we need to eliminate the ever-growing drain on money, equipment and people required just to maintain our back office applications.

Me:  could we spend a few minutes talking about Oracle Cloud?

Scenario 2

Higher Education Institution:  we need to keep control over certain business processes, but we'd like to lessen the maintenance load on everything else.

Me:  could we spend a few minutes talking about hybrid cloud opportunities with Oracle Cloud?

Scenario 3

Higher Education Institution:  my current applications vendor has been acquired.  The new owner has put our key applications into a mode of maintenance development only.  We need to switch vendors in order to keep up with student, faculty, and administrative expectations.

Me:  could we spend a few minutes talking about user experience in Oracle Cloud?

Scenario 4

Higher Education Institution:  we already use Oracle products:  Peoplesoft HR and Campus Solutions.  Why switch to a cloud?

Me:  could we spend a few minutes talking about how to advance your institution's mission by leveraging Oracle Cloud while protecting your current investment in Oracle products?

There are a few more typical patterns, but this is enough for you to get the idea.  The interesting part of all this?  These are essentially the same conversations I had and continue to have with organizations that exist outside the domain of Higher Education.  Different use cases, same patterns.

So, what's this long-winded blog post all about?  I've picked up a pearl of wisdom over the past year...the concerns of customers and potential customers remain the same.  Those concerns cross the boundaries of vertical market divisions.  It boils down to this:  help me do what I do better, faster, or less expensively.  The trick is in recognizing the patterns to apply to specific use cases and communicating those patterns clearly.  

The more things change, the more they stay the same...

Monday, December 29, 2014

2015 - Less, But Better

Life is really simple, but we insist on making it complicated.
                                                        - attributed to Confucius

It's the end of 2014.  2015 is staring us in the face.  And as we celebrate the ending of a trip around the sun and kick off yet another one, many of us are predicting what the new year will bring.  Sorry, you won't get that here.  My crystal ball never has worked all that well, so I don't see much value in sharing my woefully inaccurate predictions.

What I will share is my lone resolution for 2105 and some of the actions I'll be taking as a result, in the hopes that you'll find some value you can apply in your own endeavors.

The motto:  Less, But Better.  (Yes, I'm a fan of Dieter Rams).  The idea is to simplify, eliminating the obtrusive, while improving the end result.  Some thoughts on applying this idea.
  • Experience Design:  Seems as though everyone is into the Experience Design game these days.  User Experience, Customer Experience, Student Experience ... it's a longer list than I'm able to quote here.  But I also see that many of these efforts miss the point.  Experience Design is not just about things look ... icons, colors, interface layouts. Experience design is about providing simple, elegant solutions to complex problems.  I'll be spending calories voicing this point in 2015, especially in terms of how it applies in the world of Oracle software.
  • Advocating Oracle Cloud Applications:  The big idea behind Oracle Cloud Applications and the SaaS service model is simplification: trade off your in-house maintenance and licensing burdens for a pay-as-you-go service model.  Pretty cool in theory.  But, from my perspective, we'll still dealing with heavily-engineered products.  It's a tough issue for advocates and partners.  Among other things, that means I just can't run Oracle's Cloud Applications on my personal test bench anymore.  Too many moving parts.  Done trying.  At the same time, it seems that Oracle is tightening up the accessibility of Oracle Cloud Applications for players in the Oracle eco-system: their own pre-sales consultants and Oracle eco-system partners.  Tough even getting access through the Oracle Partner Network without jumping through serious hoops (and you know how I love hoop jumping!).  Have to come up with a simple answer for that in 2015.  It may come down to running a demo environment of Oracle Cloud Applications on AWS.  Or possibly running that demo environment on internal Sierra-Cedar servers.  Neither is the simplest approach I can think of, but one or the other may be the simplest approach available.
  • More Use Of Simple Oracle Development Tools:  In the world of enterprise applications, we sometimes limit ourselves with the tools that we use.  We bring out sledgehammers to kill fruit flies.  Forcing those sledgehammers to fit our purpose results in solutions that are less than optimal.  In the spirit of "Less, But Better",  I plan to spend some time researching on ways to use simple tools to extend and enhance enterprise applications - especially Oracle Cloud Applications.  Oracle APEX seems to be one of those tools.  So my plan is to start there.  I also plan to spend more time testing the boundaries of The Oracle Simplified User Interface ("SUI") Rapid Development Kit.
  • Extensions and Integration:  As more customers jump into Oracle Cloud, functional application implementation is becoming more and more of a fungible commodity service.  The lowest price wins the business above all other factors.  With this shift in the market and the impact on per project profit margins, implementation partners are beginning to develop strategies of adding value around the edges of an implementation project: extensions and integrations.  Those partners who can add simple, elegant extensions and integrations to Oracle Cloud Application implementation projects are the partners who will thrive as the market shifts.  This is easier said than done, as many of us in the Oracle eco-system tend to unintentionally sacrifice simplicity by over-engineering our solutions for very specific and unique use cases.  I'll be working to reverse that trend in my own work:  simple integrations and extensions, applicable to a wide set of use cases, that can be applied repeatedly.  I've already mentioned some of the tools I'll use in this effort.  This is really about the design of extensions and integrations:  simple, elegant solutions to complex problems.
So, these are some of the Oracle-specific areas that I'll be working through the "Less, But Better" concept in 2015.  There are more, like reducing the number of personal tech devices I use, but this is the upshot in the realm of Oracle enterprise software.

What about you?  Any inspiring thoughts from reading this?  Or maybe a bit of chortling or laughter?  Whatever.  Share your thoughts in the comments.  And best wishes for a great 2015!

Monday, December 08, 2014

Treasures From The Road

Reading departure signs in some big airport
Reminds me of the places I've been.
Visions of good times that brought so much pleasure
Makes me want to go back again.
If it suddenly ended tomorrow,
I could somehow adjust to the fall.
Good times and riches and son of a b*****s,
I've seen more than I can recall
                      — From Jimmy Buffett’s "Changes in Lattitude, Changes in Attitude"

I’ve been traveling lately.  In fact, since OpenWorld this year, I’ve been on the road around 75% of my time.  All in the continental USA.  From my viewpoint, that’s lots of travel.  But it’s been good - full of variety, working with lots of customers and partners.  Mobile, SaaS applications, BI, UX (including conducting an Oracle HCM UX workshop for Oracle Partners), keynoting at the East Coast Oracle conference (just got the feedback on my talk, and I’m really pleased with it).  I’m not complaining.  Now that I’m done for this calendar year, I have a chance to reflect on the treasures I’ve learned lately.

A really cool thing in all that travel has been talking and working with many of Oracle’s Higher Education customers.  I’m still getting to know that market, so it’s been an enriching experience.  And I’ve gathered some questions posed, observations collected, and commentary about Oracle Cloud Applications that seems to be pretty consistent across those Higher Education users. In fact, they seem pretty consistent in general.  So I thought I’d share them, along with my own thoughts about each, and see what y’all think.

1.  Comment:  My institution/enterprise/organization/firm really needs to get out from under the maintenance costs of our Oracle applications.  We’re continually burning resources with patching and upgrading.  We’re on a very expensive treadmill.  

My Response:  Software-as-a-Service was made for customers like you. With SaaS, Oracle works the patching and upgrading (on your schedule, by the way).  So your resources are now liberated from operational maintenance to work on projects and tasks related to your core mission, whatever that might be.

2.  Comment:  We have unique needs/customers/business processes and we can’t customize in the cloud.  

My Response:  Keep the things that differentiate you or make you unique on-premise.  Take the things that are necessary to do business, but aren’t part of your core mission, and move them into SaaS.  This allows you to stay unique at your core, but gives the operational headaches of the necessary but mundane things to someone else.  This approach is known as a “Hybrid” or “Co-Existence” deployment.  

Optional “Add-On” Response:  Best-practice business processes are baked into the cloud applications.  This is one of the unsung value-adds in SaaS.  It may be worthwhile to take a look at those best-practice business processes and consider whether they might work for you.

3.  Comment:  I’m worried about security in putting sensitive data out on the cloud.  

My Answer comes in two parts:  A) Is data security part of your core business?  It is part of Oracle’s core business.  As a result, they hire platoons of the best “A-Team” security experts to fend off thousands of attacks every day.  So perhaps your data might actually be better protected in the cloud than it is today?  B) Did you know that Oracle does not commingle customer data?  The data of every SaaS customer is physically and virtually separated from every other SaaS customer.  So, in terms of data separation, you won’t sacrifice anything by moving to the cloud.

4.  Observation:  The position of UX in the applications market has changed dramatically over the past year.  

Rather than being an optional value-add, UX is now a basic requirement for a seat at the table.  Ugly, complicated applications just don’t sell anymore.  Basic, packaged applications must meet the standards of elegant, consistent user interfaces and simple paths to results  just to enter the market.  And end users now expect custom, home-grown applications to meet those same standards.  If you can’t punch your UX ticket, you just can’t play…period.

5.  Question:  What’s the difference between Workday and Oracle Cloud Application Services?  

NOTE:  I knew this one would get your attention.  We're playing with fire now ;)

My Response:  I have a great deal of respect for what Workday is doing.  They’re designing and building elegant, clean, simple applications that have turned the entire enterprise applications market on its head.  I’m a fan.  That being said, I think Oracle has a differentiator with a deeper and richer set of features…you’ll find standard features that only exist in Oracle’s cloud applications.  That’s important because it allows Oracle to address a wider and more complex range of use cases and business processes.  There are other factors for and against both Workday and Oracle.  But, in my mind, that’s the big difference.

So those are the big treasures from my recent travels.  Thoughts? Feedback?  Comments please.