Back in the '80s, when your favorite band released an album, without hearing a single track you'd have that vinyl sleeve tucked under your arm en route to a prolonged listening session, lights off, with your ear tucked up to a pair Harman Kardon 60-watt speakers. Shouldn't it be the same with the initial wave of Web 2.0 products that's sweeping into the enterprise market? Yes and no.
1. Build on a SOA framework.
2. Prioritize Access Control.
3. Don't be afraid to rely on your messaging server.
4. Trust your users, but verify.
5. Put your business users to work.
6. You won't need a portal, but they help a
7. Value your users, literally.
Yes, you can now focus your attention on Web 2.0. The big guns (IBM, Oracle, Microsoft, and Sun) have just handed out a fleet of enterprise-ready community tools including wikis, blogs, folksonomies, forums, search, instant messaging, mashup tools, and the like, all built upon a secure, manageable, and integrated software back-plane. And more are on the way from far-ranging companies such as SAP, BEA Systems, Red Hat, Vignette, even Cisco and Intel, which have made key Web 2.0 acquisitions or are readying community software products geared toward the enterprise.
But before you grab the first offering that comes your way and infuse your ERP system with a well-meaning but uncontrollable wiki, consider the following advice -- the Seven Rules of Web 2.0 for the Enterprise:
- Build on an SOA framework. Whether you're a service-oriented architecture shop or not, make sure your Web 2.0 applications can speak SOA fluently via Java Specification Request 168, Business Process Execution Language, SOAP, and Web Services Description Language. Most important, ensure that your solution can make use of or comes with a UDDI, or Universal Description, Discovery and Integration, registry, as this will serve as a single hub, enabling your users to quickly assemble mashups and allowing your developers to integrate those combined applications into broader business processes. It also will help keep them in line with corporate compliance mandates.
- Prioritize access control. We're not just talking about single sign-on here but actual role-based, source-agnostic content and data security. Ensure that your Web 2.0 framework can employ or integrate with a centralized identity and access management solution such as Sun's Java System Identity Server. At a minimum, it must allow security to bubble up from the source (a database, search index, ERP system, etc.). Otherwise, your first mashup may be your last if it exposes intellectual property or Health Insurance Portability and Accountability Act-controlled customer records.
- Don't be afraid to rely on your messaging server. Some solutions are literally built upon e-mail and calendaring solutions like Lotus Sametime. This may sound costly in terms of long-term flexibility -- for example, vendor lock-in. However, the synergies available through such a combination of messaging, calendaring, and Web 2.0 will be worthwhile, though it may forestall or interfere with any plans to migrate away from that messaging platform.
- Trust your users, but verify. Make sure your Web 2.0 software can keep tabs on the composite applications (read mashups) created by your newly empowered users. You must be able to control which assets they are allowed to mash and monitor the usage levels of all application sources for compliance with stated key performance indicators and service level agreements. See Rule #1 regarding UDDI server integration.
- Put your business users to work. Pick software that will empower employees to mashup data sources via RSS feeds, embed instant messaging within their paper to cash workflow, or annotate your applications wiki-style. Sidestepping the typical software development cycle will pay immediate dividends. The trick is to make sure your Web 2.0 solution allows some sort of control over what comes out of those users. See Rule #4 regarding monitoring.
- You won't need a portal, but they help a lot. Look for Web 2.0 solutions that are a part of or able to work with a portal from vendors like IBM, BEA Systems, Oracle, Sun, and the like. These already are able to speak Web 2.0 to some degree and can serve as a delivery platform for much user interface work, particularly wikis, blogs and folksonomies. This will save a great deal of development effort and afford considerable flexibility, as you can export mashups as embeddable portlets, for instance.
- Value your users, literally. Don't just throw up a blog or a folksonomy and hope for the best. Pick software that employs some form of ranking based on usage, assigning value to content, services, and the people interacting with those. Every person has a value and every element can be tagged, creating webs of trust, authority, and expertise -- think Digg.com inside your firewall. This information can then be fed back into the system to prioritize and clarify what will best serve the business process at hand.
Pick your Web 2.0 solution with these notions in mind, and you'll stand a good chance of meeting overall IT governance and risk requirements. You'll be able to impress the average business user, and perhaps you'll truly infuse established business practices with the power of "we." Listen until your heart's content.
Brad Shimmin is a principal analyst covering application infrastructure with Current Analysis.