Cutter Paper: look out IT, here come the mashups

Mashups have taken over the web, allowing websites to extend applications such as Google Maps. It can also be used within enterprise applications. But what are the risks?


Mashups have taken over the web, allowing websites to extend applications such as Google Maps. It can also be used within enterprise applications. But what are the risks?

The latest Web 2.0-related developments to move into the corporate world are mashups. Just to make sure we are all on the same page, Wikipedia defines a mashup as "a web application that combines data from more than one source into an 'integrated experience.'" Data and content used for mashups is typically acquired from a third party via public interfaces or APIs. Other content sourcing methods include using RSS and other web feeds, web services, and even screen-scraping techniques. The aim of using mashups is similar to other Web 2.0 technologies: ease application development so that even end-users can assemble applications, thus sparking innovation, increased productivity, and a reduction in development costs.

I am excited about the possible uses of mashups in the enterprise. However, I also have some reservations. Thus I thought I would make enterprise mashups the topic of this week's Advisor to elicit some feedback from readers who are using - or are considering using - mashups to support their company's business needs.

Mashups have been popular in the consumer web world for some time now, typically for applying mapping techniques (Google Maps, etc.) to a particular problem for example, to help users determine driving directions or for locating a convenient store or some other business.

While some of the first mashups to enter the business world were borrowed from consumer-oriented Internet sites (eg. Google Maps, Yahoo! Pipes), new suppliers such as Coghead, Denodo, Extensio, JackBe, and Kapow Technologies, as well as long-time enterprise players such as IBM, BEA, and Microsoft, are offering mashup servers and tools designed specifically for corporate use.

Businesses are applying mashups in several ways. One of the most common application is data mashups, which are used to combine multiple data sources into a single source - typically to feed a front end to some business application. This might be as simple as an intranet portal. On the other hand, it might be to enable a more focused application for example, I've encountered mashups used to add mapping capabilities to CRM applications to plot concentrations of customers.

Another use for mashups involves getting data out of ERP applications and into desktop productivity tools. For instance, Extensio offers a SAP connectivity option for use with its mashup server that enables Microsoft Office users to interact with SAP data from within Excel, Outlook, Word, and other Office applications. Information services from SAP and mySAP repositories are delivered in read/write/refresh modes on Office interfaces. As an example, business users might access SAP data from within Word, update employee leave records from within Outlook, receive SAP reports as periodic Outlook e-mails, and get fresh SAP data without resorting to cutting and pasting into Excel.

Companies are also using mashups for more complex tasks that can require integrating different applications. For example, Coghead offers mashup tools intended to enable tech-savvy businesspeople to develop applications for common business problems such as task management and for tracking issues and their severity (issues can be related to almost anything from packages, software, or people).

While all this sounds great, my gut feeling is that mashups are being oversold. First, it seems that the idea of enabling end users to create applications is over-hyped. Different vendors have talked for years about enabling non-IT users to create applications (I remember the expert systems folks pushing the idea with rule-based systems in the 1980, as did the early object-oriented proponents). But how many non-IT end users out there can really "assemble" (i.e., develop) applications on their own without having first received some amount of training? For that matter, how much training is required?

My next concern has to do with security -- and security on at least two levels. First, "combining data from multiple sources" really means accessing data and potentially sharing data. With not a day going by in which some company isn't making headlines because of a customer data breach, the idea of non-IT users accessing and sharing data tends to make me cringe. The second level of security concern I have has to do with malware risks. The same technologies that make it easy to do Web-based, drag-and-drop development can also make resulting applications susceptible to potential hacking as well as viruses, spyware, and other malware.

So, am I dead set against the use of mashup in the enterprise? No. In fact, I think that mashups hold great potential for business uses -- especially for applications involving data analysis or applying mapping and other visualization techniques to add clarity to complex issues. However, for the widespread use of enterprise mashups to become a reality, I think it's essential that IT organizations implement - and enforce - rigid policies designed to ensure their (consistent) safe use.

However, I may be overstating concerns about the use of enterprise mashups. Therefore, I'd like to get your opinion on their use in the enterprise. In particular, is your organisation currently using mashups or considering their use? Why or why not? What do you see as their greatest benefits and drawbacks? As always, your comments will be held in utmost confidentiality. Send them to [email protected] or call me at +1 510 848 7417.


Curt Hall, Senior Consultant

Business Intelligence Practice

[email protected]

Read more on Business applications