The IT security market is booming in the US. There are many good reasons why it should be, not least of which is the on-going escalation in IT security breaches. However, something interesting is happening. There have been compliance initiatives and various bits of legislation in the US which could and should have stimulated companies to invest more in this area, but there is only one so far that has made much difference to the buying impulse – the Sarbanes-Oxley Act.

This piece of legislation was passed in the wake of the corporate scandals that began with the collapse of Enron. It demanded that CEOs and CFOs took responsibility for the accuracy of, and signed off, the company’s financial results. As such the security (and thus the IT security) surrounding financial systems suddenly had the best sponsors that any IT product could want – the guys that can sign off just about any order. This happy situation (happy for IT security vendors at least) is made even happier by the fact that auditors in the US now ask questions about the IT security in these systems.

IT security was already on the radar screen of the senior execs to the point where a good few US companies had appointed CSOs (Chief Security Officers) or CISOs (Chief Information Security Officers) and thus in such companies there were specific budgets for IT security and an easily identified buyer. Sarbanes-Oxley has simply pumped up the budgets and IT security companies are prospering accordingly.

For the health sector there may also be a similar driver with the US HIPAA legislation which protects the privacy of patient records. The legislation only comes fully into force in 2005, but the penalties for abuse are draconian. Thus far (according to IT security companies) it hasn’t had much of an effect but one high profile case may change all that.

For CIOs (IT Directors in the UK) and IT Managers, innovation matters. Usually they have two primary responsibilities; to support or promote business innovation and to keep the IT operations running efficiently and economically. In time I’ll cover both of these wide areas of activity, but today I’m more interested in the first.

As information technology embeds itself ever more deeply in the activities of a business, IT executives are increasingly finding that IT is no longer their sole domain and their department needs to partner with the other departments on an equal footing. IT projects become business projects and IT skills intermingle with various business skills. Things aint what they used to be. A sea change occurred which began with the advent of the ubiquitous PC and accelerated with the Internet. So the days of the IT fiefdoms gradually came to an end.
In many organizations, IT now needs to repeatedly demonstrate its relevance and it can only do this effectively by delivering business benefit. In operational matters, it is likely to be on the defensive, even if it is doing well. People only tend to notice how well systems are managed when there are problems. However when new business capabilities are prompted and successfully implemented by IT, everyone notices. IT executives are quite capable of making contributions in this way and sometimes do.

Let me give you an example. Pinnacle Insurance PLC, sells unemployment insurance along with other insurance products. When the Internet became ubiquitous, the IT Director of the company, Tony Piper, saw an opportunity. The thinking was simple. If you reduce the time between becoming unemployed and getting employed then you reduce the cost of claims. So Tony set up and built a web site specifically designed to assist policy holders who had become redundant to get jobs. It was a simple idea, although not entirely simple to execute, because it involved aggregating information from many job sites.

Neither is this the only innovation he has introduced. He noticed, from statistics of policy holders that about 20 percent of them had provided mobile phone numbers. Also he was aware that a good percentage of calls to the Pinnacle call centre were simply a customer request to know when a claims payment was to be made. He has therefore implemented a project to pre-empt some of the call centre traffic by notifying customers about the progress of any claim through SMS messaging. The benefit is a simple cost reduction. An SMS message costs about 5 pence and calls to the call centre cost about £2.50. The potential cost saving is high.

Both of these ideas are ‘obvious in retrospect’ but far more likely to come from an IT executive who was keeping his eye on the needs of the business than any other member of the management team. Neither of these projects involved a large investment and they stood a chance of delivering business benefit quickly. This is the kind of thing that IT directors can do to gain positive visibility.

IT executives are far better placed than other members of the management team for coming up with ideas like this, as long as they keep an eye on the way that the IT industry is evolving. Despite the dot com collapse, new ideas and products still appear regularly both from the US and in Europe. For the sake of credibility, the IT executive needs to be well informed about them. However, I would advocate that he or she needs to become a direct channel for helping fellow executives to understand what is and is not possible with current technologies. To be proactive rather than reactive. The major business projects for most organizations will rarely originate in the IT Department, and the IT Department cannot afford to be seen as a barrier to such initiatives. Better that it keeps other departments well informed than it has to oppose ideas that are sound in business terms but immature in technology terms.

In future columns, I will be reviewing a variety of technologies with the specific idea of highlighting their business relevance. It should prove interesting, it may even prove useful.

It was always going to be interesting to see how IBM would respond to SCO’s gadfly legal and business tactics over Linux. If I were in IBM’s shoes I’d be a little annoyed. Mounting a legal case is one thing (after all, like it or not, it can be a viable competitive tactic), but writing to large corporations – presumably many of whom got Linux through IBM – and asking them to pay SCO a license fee – that’s not cricket. (Perhaps it’s baseball).

So it looks like IBM has decided to swat the gadfly. It took its first swipe at it last week, using a 35 page document (the filing of a counter-suit) and it may have felled SCO in one stroke – we’ll see.

(Note: As it turned out, it didn’t).

In legal terms IBM is trying to dismiss the original suit, alleging that SCO has made false allegations, competed unfairly and infringed on IBM patents – and of course it is seeking compensatory and punitive damages. While SCO was claiming billion (a nice headline figure) from IBM, IBM has not named a figure for compensation. This is probably because its primary goal is not to grab headlines, but swat a gadfly.

Strike One

IBM is claiming that SCO has created the false impression that SCO holds the rights to Unix that permit it to control not only all Unix technology but also Linux. I think the point here is that many versions of Unix include code from SCO Unixware, which was after all the foundation Unix that was licensed to all and sundry. Legally it is difficult to know the likely resolution of this point, as it is hard to believe that SCO Unix code has not been passed to Linux given what SCO is doing but it is also likely that bits of SCO Unix code are in HP-UX, Solaris, et al.

There is something interesting here. I have heard rumours several times of code being stolen from its point of origin and being used by another vendor or even used to start up another software business. It is actually difficult to prove, because the victim of the theft cannot easily get to see the source code of the offender. That’s why nobody sees copyright as an effective protection for software, and instead tries to register methods and algorithms.

With Open Source it is different. The source is on display and everyone can know instantly if it was stolen (illegally donated). Indeed if SCO code is in Linux, SCO must have known for a quite a long time. It never did anything, I guess, because nobody came up with the idea of making money through the courts, or if they did, they thought they’d quickly becoming a pariah – which is what is happening to SCO. For SCO, now, it’s win or bust.

IBM is also accusing SCO of violating the Linux GNU General Public License. As it happens SCO is a Linux distributor and the act of trying to charge license fees for already installed Linux does appear to be a direct violation of the Linux License. It is certainly against the spirit of it.

So this is interesting too. IBM is acting on behalf of the Open Source community, in a way, but doing so – in legal terms – to protect its interests that are being damaged by SCO’s hassling for a license fee of IBM customers. This doesn’t look too good for SCO in my view. I get press releases from SCO every now and then which claim that SCO is happily gathering license fees from worried Linux users but. Like most press releases – methinks they do exaggerate.

The Third Strike

IBM’s final accusation is probably the coup de grace. IBM is accusing SCO of violating at least four IBM patents. SCO response to this appeared panicky. It said SCO has shipped these products for many years, in some cases for nearly two decades, and this is the first time that IBM has ever raised an issue about patent infringement in these products. So how does it feel to be ambushed?

SCO dancing around on the moral high-ground and waxing lyrical about intellectual property suddenly discovers that its own IP is tarnished. Just as I have little doubt that there is some SCO Unixware code in Linux, I’m also sure that if IBM says SCO has violated its patents, then it has. IBM tolerated the violation of its patents without action, in the past, because of – do you remember – the IBM antitrust action. IBM believed it could not afford to appear to stifle other companies, especially start-ups, by grinding them into the ground with patent infringement law suits – but it could always appear later on and request a few royalties, if it chose to.

But this case is different, so IBM is pitching a curved ball and SCO is certainly not going to hit this one into the crowd. It’s three strikes and you’re out. Take your bat and walk.

“Prediction is very difficult, especially of the future.”   Niels Bohr
And so, with tongue lodged firmly in cheek…

2004 will be the year of Linux on the desktop. What I mean by that is that Linux on the PC will become a respectable alternative to Windows in the business world. The breakthrough deal for desktop Linux occurred last year when the local government in Munich opted for thousands of Linux desktops running Star Office and other deals have followed. However, the trend has not yet gained momentum. In 2004 it will. Continuing its server success, Linux will continue to grow server market share at the expense of both Windows and other versions of Unix, but it will not overtake Windows on the server until 2005.
2004 will be the year in which the idea of the “appliance PC” is finally established. By “an appliance PC”, I mean one that is intended for a given well-defined purpose. Games machines such as the Play Station and X-Box are appliances of a kind. Sun’s Java Desktop is an appliance PC aimed at the business market. By “established” I mean that the “appliance PC” concept will at last get into the heads of the marketing forces in the PC market. The paradox of the PC market is that even though over 100 million PCs are sold each year, the PC has not become a commodity. As such, it is defying normal economic logic. As it is currently sold, it is a far more complex-to-use product than, say, a car, but as yet no-one has managed to do a good job of packaging it simply, say, with browsing and home office capability and little else. I expect this to start happening (with success) in 2004.

Last Year, I suggested that Apple would continue to teach HP the meaning of the word “invent” and indeed they did, successfully inventing the iTunes download music service and successfully releasing the powerful G5 machines, resulting among other things in the Virginia Polytechnic Institute and State University building one of the largest supercomputers by assembling 1100 G5s. The Panther release of OS X improved the UI and Apple is the first PC company to embrace RSS. In 2004 Apple will continue to teach HP and others about invention and it will grow its share of the PC market, dominating the high end of the market.

In 2003, utility computing became an established trend, with many companies both vendors and users moving in that direction. IBM won some big deals on the back of it, justifying its move into that space and VMWare became an industry force because of it. Utility computing is now becoming the order of the day. This is not a stoppable trend. The simple reality is that the chip industry has been slavishly obedient to Moore’s Law over decades and we have finally got to the point where the way that we have deployed computers and software makes no sense. The reality is that companies are obliged to buy ever more storage because of a largely genuine need to cater for ever more stored data, but they don’t need much more processing power (or memory), they need efficient use of it. This is what utility computing is all about right now. It’s about manageability. So what will happen in 2004? I expect to see the one company that has ignored this trend, Dell, be forced onto the band-wagon. It makes eminent sense for Dell to move in this direction and it may have the opportunity to do so because of its partnership with EMC – speaking of whom….

The surprise company of 2003 was EMC, with its acquisitions of Legato, Documentum and VMWare – all, in my view, very valuable assets. I personally do not believe that it will stop there. The company is clearly moving into software in a meaningful way and we can expect to see further acquisitions. One could argue that it had to do this because of strong competition in the SAN market which has now become more and more about storage management. In 2004 I expect to see EMC acquire a system management company, and given its acquisition record so far, I expect it to be another intelligent acquisition. EMC has yet to prove that it can integrate its acquisitions. I believe it will be successful in doing this, from the indications so far.

In a prediction that saw wide syndication last year, (it even made it into the Financial Times), I compared Web Services to Sex with Aliens – “some people say it happens, but no-one seems to be able to produce any evidence”. To be precise, I was excluding internal web services applications that are confined within the corporate network from the picture, where security is usually adequate and early Web Services technology was already being deployed. Anyway 2004 will see the beginning of the deployment of web services. It will be for real – and, this year, it will be like teenage sex – there will be a lot more talk than action. The security issues are being addressed and the development products from BEA, IBM, Microsoft, Progress et al, are much more mature than last year.

In 2004, the IT Security malaise will finally begin to come under control in most businesses. There are several reasons for suggesting this. First, the level of security breaches has got to crisis level with 90 percent of companies experiencing breaches of one kind or another. 2003 was at least 50 percent worse than 2002 which was twice as bad as 2001 and so on. This has released IT budgets to address the issue and prompted some companies to appoint CSOs. On top of this a good deal of legislation has emerged which encourages – but doesn’t mandate – an adequate investment in security (it includes Sarbanes-Oxley, HIPAA in the US and various Data Protection legislation in Europe). This has caught the attention of senior executives, especially in the US and thus helps the CIO or CSO to make a case for security spending. Third, Microsoft, whose Windows OS is all too often the source of security breaches realized in 2003 that it needs to do a lot better, so it is seriously investing. All of this points to a decrease in the IT security problem. But we can also add a 4th point – the IT security technology is both improving and getting cheaper.

In 2004 the spam will finally drop away. I believe the EU legislation on this is focused enough to stop it in Europe. Unfortunately, in the US the legislation was subject to a gradual watering down by marketing lobbyists, so the law there has false teeth. This is a pity because all the big spam operations are in the US. Nevertheless, the US law can still bite – it forces spammers to go completely illegal or identify themselves, which means that blocking them will be a good deal easier. According to several reports the spammers are not making money (they must have saturated the market for Viagra and penis extensions). Some of the spammers will go illegal (using Trojan software planted on home PCs), but it is a desperation tactic that has no long term business future,

I expect 2004 to be the year of RSS. In case you don’t know what it is, RSS stands for Really Simple Syndication. It is technology that allows web sites to push URLs and headlines at you. You may remember PointCast (a similar idea, which delivered news content and died a welcome death at about the time of the millennium, because it saturated corporate networks with traffic). Pointcast was the right idea and the wrong technology. There is a need for aggregated information services and RSS fulfills the need better than email ever will. Email is the dominant medium for now, but RSS is better and spam-proof. RSS has already won the hearts and minds of the geek community. Watch it take off in 2004.

Finally, I believe that 2004 will be the year of the MySQL database. Unlike Linux and Apache, MySQL has not been a publicity magnet, but its use is growing and it stands on the verge of being taken seriously as a database to compete with Oracle, DB2 and SQLServer. It is already eating into their market share through the word-of-mouth marketing that turned Linux and Apache into formidable forces in their own right. This could be interesting to watch as Oracle and IBM have been major supporters of Linux, but both have much revenue to lose if MySQL gains real momentum. Don’t expect to see complimentary comments about it emerging from either of these companies. (and, of course, Microsoft already believes Open Source to be a product of International terrorism).