Computer Weekly readers have their say
Successful deployment of SOA is a big challenge
Your article on service-oriented architectures (Computer Weekly, 13 September) highlighted the fact that this technology could help companies achieve the long-term goal of creating applications that reflect the business.
Yet while successful SOA developments can breathe new life into monolithic applications and provide, for the first time, a flexible and responsive IT infrastructure, mining the depths of these rules to find the right components and business rules is a significant challenge.
While the concept is sound, achieving successful deployment is far from a given. Without doubt, SOA is an order of magnitude more complicated than any application development previously undertaken. As with any successful development, it requires the right architectures, standards and methodologies.
However, SOA also requires the integration of multiple diverse application types to reflect the new business model. Rather than changing the entire application or building a new solution from scratch, organisations need to mine the specific services required from each application - for example, inventory and pricing models to support online ordering.
SOA offers potential - but it is the execution that will be the difference between success and failure. Combining these tools with conceptual change and, critically, an incremental delivery strategy will significantly increase the speed of development and, hence, reduce the risk associated with SOA - providing organisations with the opportunity to rapidly align IT and business for the first time.
Scott McCurdy, ASG
End the perception of IT as just a male-only club
The statistics released by the DTI (Computer Weekly, 20 September) concerning flexible working do not provide concrete evidence of a possible exodus from the industry.
Firstly, the survey was conducted among 42 women and although the industry is suffering from a shortage of women, this is hardly a representative sample.
Furthermore, only 25% of women highlighted flexible working as a reason to stay at a company - not exactly a jaw-dropping stat. Most importantly, it should be remembered that flexible working is not just beneficial to one sex.
Retention of staff has always been a challenge for the IT industry as a whole, but it is time for us to address the balance between males and females, otherwise we risk losing important talent.
While I appreciate that these surveys highlight areas for improvement, the entire industry needs to delve beyond the surface and ask itself why we are not doing more to attract women in the first instance. The results, I am sure, will reveal much more than the need for flexible working. Part of the problem is perception. For over 30 years we have been saddled with the reputation of being a male-dominated sector, so a good starting point would be to get across the message that it's not an "old boys club" - and fast.
Offshoring is driven by price rather than quality
While I agree mostly with Corn‚ Human's article (Computer Weekly, 13 September), there are two important myths that should not be allowed into any discussion about offshoring.
First, it is blatantly wrong for any corporation at this time to look to offshoring as a way of addressing a quality problem, as is implied in the article. Offshoring to places like India always was, and still is, motivated by savings in unit labour costs and not by higher quality.
While offshoring countries, through sheer market share, are maturing their software development industries, they still have a way to go before they can genuinely claim to be more attractive than the West on the grounds of quality and project success rate. The failures are still at least as prolific as when one is looking over the shoulders of good Western engineers - they are just possibly cheaper failures.
Second, as is stated in the article, software development, by its very name, is not a "housebuilding" enterprise. Certainty and detail come gradually in a software development project (whether its managers accept this reality or not). If we could completely specify software in all detail before we began to code, the code itself would be a direct translation of the specification - probably automatable and not requiring a large number of skilled developers. But, unlike a house, software is too complex and intangible for even trained analysts to come up with a desirable solution purely on paper, with any efficiency.
Specifications sent to offshore centres to "code up" regularly result in failure. The offshore developers fill specification gaps by making far fewer "educated guesses" than developers working close to the target business.
To those of us who openly accept these inevitabilities, the practice of incremental building with very rapid and direct feedback to the business has proved useful, and this can be extended to include offshore labour if correctly planned.
The right approach, not just the right tooling, is critical to offshore success.
Stephen Clothier, Accurity
Digitised records can help to prevent fraud
It's refreshing to see that the Office for National Statistics (ONS) is taking steps to digitise its records (Computer Weekly, 9 August), but it is surprising that this hasn't been done sooner.
The project will not only provide improved services for the public, but also has the potential to enable businesses to better protect themselves and their customers from ID fraud. For this to come to fruition, the digitised records need to be aggregated into a comprehensive database that can be made available to private companies.
Many banks and retailers are already using ID verification solutions that draw on databases such as the electoral roll, Companies House data and lists of deceased individuals. The availability of the ONS' data will help to make these solutions all the more robust.
Citizen database needs to go much further
In response to the report on the successful trial of a citizen database (Computer Weekly, 6 September)
While the government's trial of a citizen database should be applauded as a positive step forward, I would argue that it does not go far enough. Instead, it should be seen as just one stage in the journey towards information-sharing across all public sector departments.
The onus for the Customer Information System (CIS) seems to be on uncovering benefit fraud and tracing offenders, which is of course important, but is this aim ambitious enough? What appears to have been overlooked is that there is huge additional value to be gained from sharing data across government departments in terms of improving consumer rights.
As well as helping to spot fraudulent activity, the creation of a single citizen view across all parts of the public sector could be massively beneficial in enhancing services to individuals. For example, registration and contact details could be shared across departments and streamline the process of applying for services such as a passport, driving licence or tax credits, to name a few. It would also go a long way to helping the government shake off the image held by some people that any interaction with it is automatically long and painful.
It seems the government is on the right track, but the "holy grail" of completely joined-up services is still a long way off.
Martin Sutherland, Detica
We are all responsible for improving security
In response to the article "Public fearful of online retail fraud" (computerweekly.com)
It's getting boring hearing from the security industry how terrible e-commerce merchants' security is, and by implication how we must all spend money with them. Maybe the question could have been whether the security industry is providing effective protection. I suspect the answer would have been "No".
There is already extensive legal protection for online shoppers. For example, if a credit card holder is charged for goods that they didn't order and didn't receive, they simply contact their card issuer and get the charge reversed. It's as simple as that. Besides, these shoppers must take responsibility too and implement some basic steps in guarding against identity theft - such as the use of anti-spyware and keeping the operating system fully patched.
In the industry, we all have a responsibility to be well informed and to spread this information among colleagues and friends. If we do this, it will actually help to tackle the security issues that confront us. Paying security consultants might be useful, but starting with the obvious is better.
Chris Barling, Actinic
Mobile virus threat must be taken seriously
In response to the article "Users warned of mobile virus threat" (Computer Weekly, 6 September)
I am concerned that despite recent warnings urging IT managers to protect mobile workforces, viruses are starting to penetrate mobile devices and cause damage and disruption.
The Commwarrior-B virus only caused a medium-scale infection, but it won't be long before we see mobile viruses causing more damage and disruption on a network, especially with the use of mobile devices becoming more widespread. Even though mobile viruses are still in their infancy, IT managers should take heed of this story and open their eyes to the kind of damage mobile viruses can cause.
With a staggering 5,838 of PDAs reportedly left in London taxis in the last six months, it is imperative that CIOs know exactly how many new handheld devices are being introduced into the company network and whether or not sensitive corporate data will be stored on them. Employees should also alert their IT department immediately so any new assets can be checked for viruses, recorded and monitored. But in practice, most do not.
Organisations underestimate the importance of securing mobile devices, oblivious to the potential security risks that these small tools can have on their IT environments. If businesses continue to ignore the security implications of not securing handheld devices adequately within the enterprise, they risk exposing sensitive corporate data to hackers who always welcome new ways into the network.
Paul Butler, Altiris