Web2.0 in the enterprise: what about reliability?

I’m just following a presentation on SAP TechEd07 by Craig Cmehil via ustream.tv. Craig is demoing an ABAP application that reads Twitter feeds and does stuff according to the content of the tweet.

I’m trying to help him (and sneak into te session) by sending the kind of command that he needs, but suddenly we’re all sitting there waiting for stuff to happen, as Craig’s Twitter feed refuses to update.

And here we’re going to have the same kind of discussion that we had with OpenSource: who can we sue if stuff breaks? If you’re going to use Twitter, Dopplr or what have you to manage your personal stuff, it’s all well and dandy. Once your ERP system relies on the functionality of those apps, you’re at the mercy of the application providers, i.e. quite a wild bunch of people right now.

Will we see Web2.0 apps with SLA agreements any time soon? What do you think?

Web 2.0: Enterprise Security

(I originally wanted to do a post called “Six degrees of SOA”, linking the security challenges of chains of services across enterprise boundaries to the familiar “six degrees of separation”; how do you create trust in such an environment?)

Craig is thinking along similar lines:

“SAP is not likely to just tell their customers to open their systems up to the public internet like I have done for the demos (shhh don’t tell) but rather that some serious thought will have to go into the topic of security especially data security and introducing that data into a collaborative environment allowing for multiple editors and modifiers of the data that is still control by the overall system to ensure data integrity.”

This is a HUGE issue. As a SAP security consultant I’m dealing with enterprise customers on a day to day basis, and their challenges are driven not only by their own concerns, but also by auditors and regulators coming up with stuff like SOX, data protection acts and countless other regulations. Basically it’s about making sure nobody messes with corporate assets (which quite often rightfully belong to shareholders), and being able to prove that the controls they put in place cover the risks adequately.

The big topic is Enterprise Risk Management, and that is already hard to do in todays environments.

Enterprise SOA and Web 2.0 apps open up a whole new can of worms, and I’m not sure enterprises are willing to tackle this right now. This is something Web 2.0 companies need to consider if they’re aiming for the enterprise (which I think they should: there’s a legitimate market which could immensely benefit from that kind of technology). My bet is that the first vendor to actually do that will be miles ahead.

Let’s talk.