You’ve probably seen the term, or heard it bantered about by geeks, or maybe your head is in it… but you may not fully understand the term “cloud” or “SasS” (software as a service) or perhaps just think its another catchy marketing acronym like MOSS (Microsoft Office SharePoint Server).

The “cloud” refers to cloud computing that at the risk of over-simplifying is simply hosting – computer, server, software, and other hardware and infrastructure hosting. You’re already a cloud customer, probably many times over (someone is hosting your email, website, blog, etc. In fact, 56% of internet users use webmail services such as Hotmail, Gmail, or Yahoo! Mail – hosted email in the cloud).

In short, hosting is provided as a service over the Internet. SaaS is simply hosted software that could include your website content management system, search engine, CRM (Salesforce.com), etc. The cloud is merely a metaphor based loosely on those computer network diagrams that so cleverly depict little computers with wires running between each other, servers, firewalls, etc.

I was recently pressed on the subject of a “hosted intranet” and why an organization shouldn’t outsource their intranet to “the cloud.” God forbid we let professionals who know what they’re doing maintain our second-rate, after-though, cost-center of an intranet!

It is baffling to me that the intranet isn’t hosted externally for more organizations. Well, I’m well versed with clueless executives with knee-jerk reactions around “security”, privacy, and “the way things have always been done” but I guess I’m naïve to have faith that more would start to embrace the 21st century. If these dolts can Facebook then surely there’s hope, right?

The biggest obstacle blocking the migration of more intranets to the cloud is culture and fear of the ‘unknown’. If the host has proper security does it matter if it’s hosted elsewhere? We do our banking online now – we can’t access the intranet over the Internet?! Most of our benefits and compensation systems are now hosted elsewhere in the cloud – we’re talking about people’s pay, insurance and benefits!

In fact, if it costs me less money and I don't have to worry about the maintenance then you better believe I choose hosted – and I have told clients the same. Its one of the reasons the "cloud" is expanding so fast. It would be 10 times the size if people would just get beyond the knee-jerk reaction to have everything in-house where it costs more, and probably enjoys less security than the top of the line that many hosts employ.

The downside to avoiding the cloud can be far more expensive: I have one client (identity protected) who spent well more than $1 million on a new intranet design and platform and it crashed in the first few minutes, never to go live again because the organization didn’t have the proper infrastructure. One-and-one-half years later, the intranet is still not live. This would never have happened had it been turned over to a host. Instead, millions of dollars have been lost, and countless thousands of employee hours.

Has your organization embraced the cloud, or are you wasting valuable time and skills on hosting and maintenance?

--

NEXT WEBINAR:

What do the best intranets look like? What are the best practices and principles for redesigning an intranet? Having designed and re-designed dozens of intranet sites (and websites), Prescient Digital Media’s Toby Ward and Catherine Elder will draw on their experiences to provide best practices in approaching intranet design.

Reserve your spot for: Intranet Design – A Business Approach to a Winning Design

Technorati Profile

It’s not a virus, Trojan, or a denial of service attack. The latest threat to your browser, computer, and network is click-jacking. Click-jacking is the result of a visit to a malicious web page that allows the attacker to take control of your browser. Specifically, it can force your browser to click on any link it wants.

THE THREAT

According to the latest Wikipedia definition:

“Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.”

Read my entire blog post Clickjacking threatens your security (Content Matters)

It wasn’t enough to infiltrate your computers with Trojans, disable your website with denial of service attacks, and completely crash your hard drive with worms, now hackers want your printers too – via the intranet.

According to an article in Dark Reading (see The Coolest Hacks of 2007 – Part II) a new breed of nefarious loner has figured a way to hack your intranet and assume control of your printer. Not does the infectious script in through the intranet and take over network printers, they start wasting reams of paper by print spamming – or if it’s also a fax machine, faxing names in your databank!

"Printer spam isn’t something you worry about every day, but one researcher has released a proof of concept for a printer hack using JavaScript that lets an attacker remotely "own" an intranet printer for spamming or other nefarious purposes. (See The Five Coolest Hacks of 2007.)

 

"This kind of added insult to injury: We saw that intranet hacking was possible, and now [attackers] can go after printers to make them perform printer-spamming," says Jeremiah Grossman, CTO of WhiteHat Security, who has done some intranet hacking research of his own.

 

The attack requires that a user visit a malicious Website that contains the "bad" JavaScript. Then the attacker can use an HTTP Post command to print to the victim's internal networked printer, and even send faxes. "Since most printers don’t have any security set, it is possible to print anything, control the printer, change the print settings and even send faxes," Weaver writes in his paper on the hack."

Silver bullets that solve all your problems are rare in life; and nearly non-existent in the intranet world. Far from being a silver bullet, enterprise intranet portals are extraordinarily and exceedingly powerful, but are also complex, pricey and pose many, many challenges for large organizations.

There are few enterprise applications that, when implemented properly and maximize the value of the cost, are more complex than the enterprise intranet portal. Enterprise resource planning (ERP), business intelligence (BI), and customer relationship management (CRM) are all complex and costly endeavors, but the optimal enterprise intranet portal (EIP) has a bigger scale and scope that involves and engages all employees and can (should) include composite application integration of all of the above.

PORTAL VERSUS PORTAL PRODUCT

Now let’s be clear (at the risk of further complicating an already complex solution), you don’t need a portal product to have a portal. A portal is a door or gateway of importance. Your custom-built or content management driven intranet home page may be a portal. However, the enterprise portal solution is a multifaceted piece of software that has some distinguishing features from an average intranet home page. The enterprise intranet portal solution has three distinguishing characteristics:

• advanced user personalization capabilities;
• security (authorization and authentication); and,
• enterprise application integration (EAI, the software and processes that link together or integrate an organizations many applications (e.g. ERP, CRM, HR applications).

PORTAL APPLICATIONS

Now, if those concepts are not complex enough to understand for non-techies, the typical EIP delivers a lot more bells and whistles than the above distinguishing characteristics. Some solutions like the powerful Oracle Portal or IBM WebSphere Portal come with hundreds of portlets, many, many bundled applications, and a bevy of plug-in suites and additional solutions with some big and complex tools unto their own including:

• Search
• Content management
• Document management
• Web 2.0 tools (blogs, wikis, etc.)
• Collaboration suites (e.g. team pages)
• Analytics and reporting
• Development platforms, toolkits and ‘factories’

These and other powerful enterprise portal products from Sun, Vignette, SAP, BEA, Microsoft and others, have wicked horse-power capable of solving complicated business requirements. The catch: it comes at a price, and an opportunity cost.

For starters, most of the above functionality, often referred to as utility applications, are ‘thin’ versions of stand-alone products. The robustness of most portal search engines and content management systems (CMS), for example, are far less than the individual versions. Often, many organizations don’t use the search engines that come with a portal, they plug in Google, Autonomy or Endeca which are almost always far more powerful than their portal brethren.

PORTAL AND CMS

In addition to offering bundled applications like those listed above, many of the portal vendors sell separate content management systems – and vice versa. A traditional CMS vendor, Vignette has also become a leading portal vendor. CMS vendors Day, Interwoven, and others also have portals.

While the CMS vendors roll-out portal products, the portal vendors now sell content management systems – not only included in the portal solution, but also as separate products. Oracle not only has a portal product, Oracle Portal, with two different CMS packages, it also owns and sells the Stellent CMS separately. IBM WebSphere Portal has different CMS options, but also recently bought and now sells FileNet which has separate CMS and document management products. To complicate things further, FileNet now OEMs the Day content management system, and IBM and Interwoven have a long standing partnership that allows for easy integration of the TeamSite CMS into WebSphere portal.

But wait: it gets more complicated. Some of the portal vendors now have multiple portal products, and multiple CMS products. BEA sells the AquaLogic portal (formerly known as Plumtree) and the WebLogic portal. OpenText is known for document management and has a portal offering, but it recently bought Hummingbird and its products, which bought RedDot and its CMS offerings. Oracles sells the Oracle Portal, and a second portal product, the new WebCenter portal – in addition to its CMS solutions, and a wide array of complex middleware products to complex to address in this article.

And since this article was first published... Oracle has bought BEA, and merged the BEA portals into its new WebCenter portal solution, while continuing to support the original Oracle Portal solution.

“The distinction between portal and CMS is not that meaningful… users shouldn’t have to buy separate products,” says portal analyst Matthew Brown of Forrester Research. “If I’m a user, I should be able to construct a page and I should be able to run static content or incorporate a portlet or gadget. There is so much that overlaps between the two.”

But there’s a good reason to have separate stand-alone products – for some organizations – while others require an integrated solution. “Portals and CMSs still peacefully coexist,” adds Brown, who intimates the need for separate products, all the while having the option for integrated solutions. It all depends on the requirements of the buyer.

Microsoft is leading the challenge for a single, integrated solution. No longer does MS offer a separate CMS and portal product, the new Sharepoint Server 2007 combines the two. There are of course pros and cons to this – too many to go into in this space – but this is a solution that works for some organizations, and not at all for others. Unfortunately though, as described by Janus Boye on CMSWatch.com, Sharepoint has yet to share its plans for Sharepoint (see Still no official roadmap for Sharepoint 2007).

Of course each product comes with different editions and versions which can further confuse buyers. Oracle has some incredibly powerful offerings, but following the different versions, editions and products can also flummox even the most intelligent minds. To quote portal aficionado and analyst Janus Boye, author of the Enterprise Portals Report (version 3 has just been released) from CMW Watch: “Most Oracle documentation labels the current version Oracle Portal 10g Release 2. This reflects the current version of the appserver where 10g Release 2 is the same as 10.1.2.0.2. This review (the review in the Enterprise Portals Report version 3) covers Portal version 10.1.4.1 which is an update to 10g Release 2, but unfortunately the old version naming is still used. The 10.1.4.1 maintenance pack is the current release which came out in June 2006. If you’re an existing customer, you need to first upgrade the application server to 10.1.2.0.2 and then upgrade the portal repository.”

Huh?! What version does what now to whom?! Hey, it is not Janus’ fault, nor is it Oracle per se, this is complex stuff. Powerful solutions come with a certain degree of complexity, and rich technology.

COSTS

With the rich technology comes, rich prices. Power solutions cost money. Many of these products only run on proprietary application servers, and databases (e.g. Sharepoint, WebSphere, WebLogic, and Oracle Portal to name a few). So you’re not just buying a portal, you’re making a bigger financial commitment than you think – you’re either buying additional solutions or you’re further locking yourself into current platforms.

Price however is more than just the list price. The price of these solutions are more than just the advertised price found on these vendor websites and supporting materials. Oracles Portal costs a mere $10,000 per CPU. BEA AquaLogic is priced at $396/user for Application Suite + $38,000 per processor for the ‘process module’, and IBM WebSphere Portal costs $51,500 per processor; $67,000 per processor for the new Dashboard Accelerator. Note that these costs are per user, and per processor. In a large enterprise, these multiply dramatically.

These costs are on top of the databases and application servers. But wait, if you act now there’s more: service and support. Are you going to buy the product without service and support? Oh my, that would be brave. Over a few years, the total cost of ownership now can be in the millions. For some, its less, for others there’s still more…

Are you planning to launch the portal out-of-the-box with no customization, and no uniquely designed home page? Do you have, like all organizations, custom integration needs? Uh-oh – I forgot to mention the implementation costs. That’s right the software licensing alone can represent less than 10% of the total price. Yes, customization and implementation can be extraordinarily expensive involving highly-specialized and pricey developers.

“It is easy to blame the vendors, but in this case most organizations actually misunderstand the interface provided by portal vendors,” cautions Boye. “Portlets or web parts (what you refer to as cookie-cutter layout) is a good idea, but only an appropriate interface for very few and specialized used cases. All organization invests in the layout for their new intranet or Web site, but for portals this is rarely the case. Instead organizations assume the interface provided by the vendors, and don’t spend time changing. It’s always the problem when vendors provide samples, that organizations adopt it for everything. In this case, organizations should also invest in changing the layout and design.”

YOU NEED HELP

I don’t mean to scare you, or sound disparaging about portal solutions, I’m merely trying to manage your expectations about these great systems. Enterprise portal products are robust and potent solutions for very challenging requirements. The portal vendors have spent hundreds of millions of dollars developing these solutions to cater to your very complex needs, and they deserve to charge what the market will bear.

Additional requirements beyond the technology:

• The business case that documents the value of the portal
• An iron-tight governance model to manage the people and politics
• A taxonomy to govern the classification and publishing of content
• A people-content personalization map (who gets to see what content)
• Employee engagement and research
• Documentation of applications for integration

Finally, really do your homework – read lots, research everything, and tread slowly. And for god sake’s hire some help. Unless you intimately know the portal products, the vendors and the pros and cons of the technology – and the political, people and process challenges for implementing these juggernauts – you better hire help.

If you’re going to spend hundreds of thousands, or millions of dollars on a portal, then you’re putting your career on the line. Hire an outside firm to support you and make you into a hero, instead of a zero. Caveat emptor.

ADDITONAL READING:

The future of portals

Portals found lacking

The promise of benefit portals

  Digg this         Post to del.icio.us       Post to Slashdot   

  Add to Technorati Faves

Technorati Prof

A new poll from a vendor shows that nearly 50% of UK organisations could be leaving themselves open to litigation through managing their corporate policies primarily on the intranet (see Businesses warned over use of intranet).

I could not find the actual poll results and the company that conducted the poll, NETconsent, does not make it readily available on its website. This sounds like another marketing exercise masquerading as scientific research... but regardless the information is worthwhile.

The marketing states that the “poll reveals that many organisations have a passive and potentially dangerous attitude towards managing their policies. Intranet implementations that grow organically can prove challenging to manage and might no longer meet the increasing compliance requirements for such processes.”

NETconsent highlights the following “dangers of managing policies over the Intranet”:

• No proof – Simply making a policy available for reading on the intranet is not sufficient. In the instance of a legal challenge companies need to demonstrate that an employee has agreed to the policy in question, if not also read and understood it.

• Out of date / inaccurate – Policies need updating on a regular basis. If policies are not kept up to date with company and legislative changes, employees may be reading and agreeing to inaccurate information, leaving the company open to risk.

• Understanding – Without measures to ensure that policies are read and understood, organisations do not know whether their policies are viable and effective.

• Relevance – Many policies will only be relevant to a set group of people. Managing policies through the intranet may make it confusing for employees to identify which policies are relevant to them. Ideally policies should only be targeted at the relevant employees.

• Access – In many organisations not all employees have access to the intranet or use it on a daily basis. This may result in employees being unaware of policy changes or unable to access policy documents.

I believe the use of “danger” to be rather strong here, but I’ll let each reader judge for themselves vis a vis the present intranet environment and culture at their respective organization.

“The research indicates just how many businesses rely on the Intranet to communicate policies,” says Dominic Saunders, NETconsent’s Operations Director. “While it is encouraging that companies are using policies to educate their employees and protect themselves, managing them over the intranet might not be enough.”

“Without evidence of the signed document, employers are leaving themselves open to risk. In the event of a breach of policy, organisations need to be able to demonstrate not only that they have a policy in place but that the employee concerned has seen and agreed to the document.”

How can you tell both lawyers and marketers are involved in this announcement? Fear and legalease can together form a very powerful marketing punch.

I’ve not heard of a company that was sued because each and every employee did not sign-off on an intranet policy. If it’s stated and available through a link on every single page (via CSS template) then that should suffice. I’m not saying that such a lawsuit is not possible, it obviously is possible, but I’ve not seen or heard of one as of yet.  

NETconsent is of course raising the possibility of potential lawsuits under some circumstances in order to sell companies their product – which by no coincidence helps “mitigate risks” by maintaining “full and accurate records of written policies.” Fair enough.

NETconsent Ltd. “is the world-leading vendor of effective policy management software solutions and corporate communications.”

NETconsent’s “Tips for better Policy Management” include:

• Ease of use – The more policies that are managed through the intranet the more updates and changes will be required. To minimise the time spent on managing policies by staff it should be easy to create, update, distribute and monitor responses of new and revised policies.

• Updates – Keep all policies updated and current in line with corporate culture, working practices, legal precedents and legislation changes.

• Record agreements – Maintain records of employee agreement to relevant active policies, whilst retaining a full archive of agreements to previous policy versions.

• Access for all – Ensure that all employees, including those that work from home or remotely, have access to central policy repository.

• Control – Make sure that access of ‘author rights’ to policies is tightly controlled and only nominated persons can make changes to policies and policy records.

• Understanding – Randomly test employees’ understanding of policies to determine whether further education or policy reviews may be required.

• Check – Carry out checks to ensure that any required policy agreements can be accessed for evidence at short notice.

About the poll

“The results were taken from a telephone poll of 100 UK HR and IT managers, working in a range of sectors including technology, government and professional services, across a variety of company sizes.

  Digg this         Post to del.icio.us       Post to Slashdot

The number one most repeated call to your IT help desk relates to a forgotten password. Give your employees the tools to get their own password without having to engage an expensive techie, and you could save hundreds of thousands of dollars.

Some may have read my recent article Dialing for intranet dollars that highlighted one financial services client that was able to reduce employee calls to the internal help desk by one-third, almost 40,000 calls per year (at $18  per call) – yielding an estimated savings of $697,115 per year. Enough to pay for the intranet redesign many times over. A big portion of these help desk savings comes from password retrieval self-service.

Identity management is a solution that helps, among other things, with password retrieval self-service.Just such an identity management solution has saved UPS a bundle.

(Baseline Magazine) By using identity management software, however, UPS has automated some processes involved with giving employees a digital identity and a password for access to its corporate portal or other applications. One benefit: The help desk now receives 24,000 calls a year to reset passwords and update employee profiles, a decrease of 16,000, or 40%, from past years when identity management software was not in place.

Read Tracking Digital Identities: No Holiday for UPS

To measure and increase the value of your intranet, please dowload the free white paper, Finding ROI.

--

Looking to squeeze more time out of your laptop battery while traveling during the holiday season? Here’s some handy pointers from Microsoft: Keep Your Laptop Powered Up Longer.

  Digg this         Post to del.icio.us       Post to Slashdot

For more intranet news visit www.IntranetReport.com

© 2006 Toby Ward - Prescient Digital Media