Increasing payments fraud highlights rules-based processing benefits
The recent AFP report (Association for Financial Professionals) on payments fraud in 2008 makes grim reading for financial institutions…
…especially compared to the previous 2007 one. 30% of respondents said they experienced more payments fraud attempts in 2008 than 2007, and incidence accelerated throughout the year with 38% saying that fraud increased in the second half of the year, probably due to worsening economic conditions.
From an IT point of view, this just reinforces the need to have systems that are easy and cost-effective to change. Lustratus developed a detailed report in 2008 about the shift in the area of IT payments processing solutions, where it outlined the key elements of the new, ’2nd generation’ approach to payments processing as follows:
…the 2nd generation payments processing model needs to be based on the following key design points:-
-An extensible, service-oriented approach featuring plug-in capabilities
-Enterprise-wide, consolidated and centralized, real-time visibility and control of all payments processing activities, from anywhere to anywhere, based on a generic, standards-based payments model
-A business rules-based architecture governing payments processing functionality
- And, of course, the continued provision of reliable, efficient and repeatable payments handling as provided by 1st generation systems
The two key features that apply to thispayments fraud example are the extensible approach with plug-in capabilities, and in particular the rules-based concept. The idea behind having a business rules-driven payments processing infrastructure is that when changes are needed in the way payments are handled, these can be implemented quickly, safely and verifiably with rules as opposed to having to change program internals with all the associated implications. For example, rules could be used to enforce the use of separate accounts for handling checks or ACH payments, or having different accounts for every different payment type. In addition, rules when combined with events processing can provide an easy way to detect out of line situations and raise a red flag.
Payments fraud is only one of many examples of the need for systems to be able to respond quickly to change – and rules-based processing combined with an extensible, service-based approach to delivering functionality provides the ideal environment to tolerate that change quickly, safely, cheaply and effectively.
Steve
What use is technology without flexibility?
I was reading a post today from mainframe integration vendor GT Software…
…about its support of IBM’s mainframe speciality engines, and I was suddenly hit by the realization that in order to really add value for users, technology almost always has to be accompanied by flexibility. The two need to go hand in hand if returns are to be maximized and business risk minimized.
The specific example discussed relates to an IBM mainframe invention called a speciality engine. For the uninitiated, think of a logical processing box within the overall mainframe environment where processing is much cheaper, with different boxes being aligned to specific activities such as running LINUX operations, data access or Java-type activities. What this basically means is that if part of your workload is doing something that is supported by one of the speciality engine types, then you can choose to run it more cheaply by moving it into this engine, and in fact this can often improve performance too.
This is neat technology, offering the opportunity to reduce costs and improve effectiveness, and various mainframe software suppliers have jumped on the opportunity this offers by moving eligible workloads onto these specaility engines. However, as with any new technology development, things are not quite as simple as they seem. In the IT industry there is a terrible tendency to jump for a new technology and push everything onto it, without appreciating the implications. But, in this example, as pointed out in the referenced post,
There are many use cases where it is much more efficient to NOT shift workload to a specialty engine. Why — because, there is overhead associated with moving workload
This is typical with just about any new technology. It is great in SOME circumstances, but loses out in others. iPODs are great for listening to pop music, sounding little different to CDs and being very much more convenient, but try them on classical symphonies and you will wonder what has happened to the color and magic of the piece. The key is to use new technology for WHAT MAKES SENSE, as opposed to what is possible. There is another angle to this flexibility too. IT vendors often ignore the fact that users are not starting from a clean sheet of paper; they have existing investments and technologies that cannot just be written off. Therefore, it is important to have the flexibility to operate with whatever is in place rather than demand a specific new technology component. This is not a static need, but a dynamic one – it may be that a company might change its approach further down the line, and a rigid, inflexible technology implementation can cause terrible future headaches.
While new technology may promise a lot, it is only when coupled with flexibility over which technologies to use, for what, and when that technology can REALLY deliver its full value.
Steve
The internal market approach to SOA investment
I was reading a blog post from my good friend John Schmidt, Chairman of the Integration Consortium…
…and now with a day job at Informatica, about trying to get funding for integration initiatives (in his case he was focusing on funding for an integration competency centre, a personal hot button), and I was very taken with John’s view of using an ‘internal free market’ approach to getting funding approved.
John points out that while 70% of IT budgets are non-discretionary, just keeping everything running, most companies have at least some budget for investment, but that the problem is the investment portfolio is spread across many different parts of the business, greatly reducing any individual department budget to the point that walking in asking someone for $1M of their own budget is going to be a serious impact to that budget holder. But John advises a creative approach:
So why not look at the portfolio of internal projects in an enterprise as a “market”. Why not apply some of the concepts that have proven so successful in the free market economy to the internal operations of an organization. Since everyone needs integration, if you could simply get a good understanding of the demand in the internal market, you could build a business around it.
This made me think of the Lustratus report I wrote recently on justifying integration investment in an economic downturn, by putting a laser-beam focus on ROI. Adding John’s internal market approach seems to provide another dimension to the ROI focus I was recommending. In other words, while the ROI paper looks at how to justify operational budget investment for SOA, the same problem that John describes may rear its head, and it may be impossible to find someone to slice their own investment budget even though the business case is strong. But by combining the ROI focus with an internal market business case, success is much more likely. Effectively, the running costs can then be covered by a small chargeback to each project to reflect the improved productivity they will all experience, or whatever other gain each department saw as part if its internal market needs.
Steve
Data – the forgotten element of SOA
Now and then on this blog I have my ritual little moan about data – how it seems that SOA people just want to talk applications, and no-one cares about the data (apart from the USER of course!).
So I was delighted to see that the Integration Consortium is holding a webinar one week today (September 18th) specifically on data considerations for SOA. It should be a good session – I know John Schmidt (one of the speakers) well, and the experience he has built up from Best Buy, Wells Fargo and BofA should have given him lots of good insights into this important subject.
Steve
Don’t be afraid to ask for SOA help
While the number of SOA success stories grow, there are a lot of companies that are finding SOA a struggle.
As often happens when something gets heavily hyped, managers are almost embarrassed to admit that they are having trouble. But the truth is that for many, getting outside help may be the best way forward and end up giving great returns.
There seem to be three common SOA ‘failure’ scenarios.
- This SOA-based project is blowing its schedule/budget/SLAs
- We are diligently implementing SOA, but we just aren’t getting the returns we expected
- Everybody agreed SOA was a great idea, but now nothing is actually happening
It is easy to feel that these scenarios must reflect badly on management or technical efforts, since other companies seem to have succeeded with no problems. But in fact, it is perfectly natural to find SOA difficult. In essence, SOA is REALLY different – it is a different way of working, the tools are different, programming is different, design is different…..and so on. However, an important corollary of the success of SOA in other companies is that there is a growing pool of knowledge around SOA procedures and best practices. Already, there are some professional services organizations that have embraced all this accumulated knowledge and developed service offerings specifically designed to unblock the SOA logjam – getting projects moving again, finding why the SOA strategy is not delivering, and clearing up any organizational or procedural blockages.
Companies should not feel bad about asking for help. It really can be worth it, even if there is an initial investment hit. And fortunately, once IT and business professionals get the hang of SOA, they wont need the outside help, so the cost hit does not have to be an ongoing one. The key is to make sure companies choose the right partner. This is a subject that is discussed more in a recent Lustratus Report, “A little help goes a long way”, that can be downloaded for free from the Lustratus web store.
Steve
Message-driven SOA – what goes around?
Starting from when I was running IBM’s MQSeries business, in the 1990s, I learnt a big lesson about seeing things from the user point of view.
We had a great messaging product, and it started the EAI (Enterprise Application Integration) market rolling. Soon, vendors were pitching the wonders of business integration through an all-encompassing EAI framework….and users started moaning about it being complicated and too hard. Vendors brushed off these concerns and just shouted louder, and I was an evangelist in this….and then I started actually listening to users. I remember pitching for all I was worth on the strategic value of EAI, and then a user saying to me, “Steve, we believe you. But we can’t get there in one jump – at the moment, what we really need is to hook this application up with that one, that’s all”.
For a moment my strategic eye was offended. How could you take this wonderful, clever, strategic software and then just hook two applications together? What a waste! But of course, I then learnt the practicalities of life, and the imperative to focus on the business need. If the business needs Application A to talk to Application B, then that is what it will fund, and that is what it wants to achieve. Sweeping frameworks are all very well, but for most companies practical considerations come first.
Now I am having deja vu, all over again. I believe in SOA – I am an evangelist. I can see the huge benefits it promises as a strategic platform for business agility, business visibility and cost-efficiency. And yet, talking to users it has finally sunk in that while some of the more lucky companies have the funding and resources to go the whole hog with SOA, there are a large number of users who ‘just want to link A to B’, but want to do so in a way that is consistent with a goal of enterprise-wide SOA some time in the future.
The new Lustratus report, free from the Lustratus web store, discusses a more tactical approach to SOA – “message-driven SOA”. It points out that even for those companies who are terrified by the prospect of having to work out their process implementations and flows, change the way they work and deal with business transformation issues, there is a way to leverage SOA ideas in a tactical, simple way that is at least a step on the road to overall SOA adoption. Message-driven SOA is almost a reprise of the tactical use of messaging in the 1990s, but with an SOA spin on it. So, message-based flows loosely couple applications and programs together, delivering the benefits of business integration without necessarily having to get tangled up in full-scale process re-engineering and modelling. And yet, the reuse concept of SOA is also leveraged, together with the ability to expose these message-based integrations as SOA services.
Message-driven SOA may not be the answer to every problem. As a rule of thumb, it will be most attractive for integrations that are primarily of the application-to-application kind, where human interaction is limited and tasks are of short duration. But it is well worth a look to see if this simpler approach to getting tactical SOA benefits might be useful.
Steve
Will Intel’s attack on appliances work?
At the recent Gartner SOA show in London, I was surprised to see a stand from Intel.
Turns out Intel are striking back at the burgeoning SOA Appliances market. The Intel claim is that its ‘software appliance’ performs at least as well as Appliances, and is therefore a better option.
The Intel argument is based on the fact that when you buy an appliance, you are locked in to the platform eg the box. So, as time passes, your appliance misses out on latest hardware or chip developments since it is hard-wired. In contrast, if the same performance can be obtained in pure software, then this has the advantage that it can be moved onto a platform with more power if needed, or as platforms are upgraded it can benefit. And Intel claims that its sexy software can match or exceed appliance speeds because it is so highly optimized.This optimization is apparently all around the XML parser. This makes sense in the SOA Appliance space because most SOA Appliances are seployed to deal with high volumes of XML conversions. The Intel claim is that it has a super-slick parser and that is how it can beat the Appliance.
This certainly throws up a new consideration when looking at the case for appliances, but of course it should be remembered that performance is not the only reason people buy them. Off-loading from the production platforms is another reason, and not having to worry about the platform management is another (install, config, etc). However, the Intel argument is a good one. Perhaps the biggest worry I have, however, is that whatever one company has done in software, someone else can do too, and unless it is patent protected, there would be nothing to stop an appliance maker coming up with a super-fast parser, and then putting it into microcode. It seems to me that in the end hardware will always be faster than software.
Steve
Posted in best practices, EA, enterprise architecture, Imported, Industry trends, SOA, SOA development, Vendor newsBreaking the SOA logjam
One of the 2008 forecasts in the annual Lustratus look ahead is that SOA decision-marking has become fractured in most companies, with clashes between architects / IT who ‘get it’, and business-oriented budget holders who don’t.
In fact, this problem is turning out to be so severe that it is causing SOA adoption to stall at many companies – although enterprise-wide decisions may have been taken to adopt SOA, projects steadfastly refuse to enact this because of the extra costs, at least initially.
The roots of the difficulty here are twofold: understandable cynicism and the need to reach critical mass of SOA deployment before benefits start to show. However, there may be a light on the horizon, as discussed in more detail in the Lustratus Whitepaper, ‘Justifying SOA to the Business’, available for free from the Lustratus webstore. For business audiences, it may be that the enhanced business visibility offered by SOA could be a compelling benefit to justify the extra investment, and this visibility becomes apparent immediately the project is complete – there is no need to wait for critical mass to be achieved before seeing the benefit.
Hopefully, this angle of attack may succeed in breaking down the SOA adoption log-jam, enabling companies to flow smoothly to widespread SOA adoption.
Steve
Secure mainframe SOA-in-a-box
I was reading the announcement from Layer7 about its ‘SOA-in-a-box’ for IBM mainframe users, and a number of things struck me.
First, I am SO PLEASED to see someone remembering that CICS is not the only mainframe transaction processing environment in use today. A significant number of large enterprises, particularly in the finance industry, use IBM’s IMS transaction processing system instead. With the strength and penetration of CICS in mainframe enterprises, it sometimes seems like these users have become the forgotten tribe, but investments in IMS are still huge in anyone’s numbers and it is a smart move to cater to them. I am sure that the fact that this solution serves IMS as well as CICS users will be a big plus.
The other point that struck me was that I have felt for some time that, with the security/intrusion detection/firewall/identity management market seeing such a shift to security appliances, it was time vendors thought of piggy-backing functionality onto these platforms. Of course, one reason for having an appliance is to provide a dedicated environment to address issues such as security, but in truth these appliances are rarely used to anywhere near capacity. Therefore it makes a lot of sense to optimize the use of the available processing power rather than slavishly locking it away where it can;t help anyone.
Finally, I have to admit my first reaction to this announcement was to worry about how good connectivity would be to the mainframe. Dealing with mainframes is an arcane area, and I was not aware that Layer7 had any special expertise or credentials here, but I see that GT Software is apparently providing the mainframe integration piece. This makes me a lot happier, since this company has been dealing with mainframes for 20 years. In fact, Lustratus did a review recently on GT Software’s Ivory mainframe SOA tool, which is apparently what is included in the Layer7 box.
Anyway, on behalf of all those IMS users out there, thanks Layer7!
Steve
Is ‘Stealth SOA’ the only choice?
Some of our recent research at Lustratus has given me the opportunity to talk to a lot of end user companies trying to get going with SOA, and a range of different roles within these users spanning all the way from the programmers to business people.
As a result, I am beginning to wonder whether the only option for SOA implementation is the Stealth model.
Leaving aside those visionary companies who are able to write off large investments on the latest new idea, or on a belief, most companies are forced to take a pragmatic view. As outlined in the Lustratus 2008 forecasts, there is a definite fracturing of SOA-related decision making between the archtiect bodies that see the value clearly, and the business-driven projects that own the budgets but do not see the need to include SOA costs in their business cases. When you think about it, this attitude from the business side of the house is not unreasonable – after all, what does SOA mean to a business unit? The discussions often go like this.
You will get get business agility and flexibility – the ability to respond faster to market changes.
- Oh yeah? When? How much do I have to invest before this happens? When do we reach critical mass? How long do I have to wait? Prove it!
The P&L will improve because we will reduce redundant code and wont write so much new stuff.
- When? What is the payback time? Why have you guys been building duplicate programs anyway? And how does that increase my project budget now, to cover the extra costs you want me to include?
But it is all for the best – honest!
- Do I HAVE to use SOA? Can I do what my project needs without? All I care about is this project, its allocated budget and the returns.
The problem is that SOA actually asks the business user for a lot of faith, just like other major infrastructure changes fo the past. One way around this impasse that many users have started to employ is the ‘SOA by Stealth’ approach. The first step is to get the SOA infrastructure assembled – ESB, Registry etc. These components can sometimes be slipped into projects without arousing suspicion, usually by claiming that the particular project needs it. Breaking the infrastructure up this way avoids the problems caused by a sudden large investment. Then, as each project is done programmers try to gradually turn pieces of functionality into SOA services – as many as can be done without drawing too much attention and impacting the budget too much.
The idea is that eventually it will become possible for IT to assemble the evidence that SOA is actually delivering benefits, at which point it becomes much easier to convince project budget holders to allocate some investment to it. In other words, the hope is that once the boulder starts rolling it
Steve