James Governor's Monkchips

Microsoft: Why Not Engage on Compliance/Hat tip to IBM on Data Governance.

Share via Twitter Share via Facebook Share via Linkedin Share via Reddit

A long while ago I was excited to hear that someone from Microsoft was working on compliance architecture. This seemed like really good news, because RedMonk strongly believes in taking a systematic, integrated approach to the related problems of performance, compliance and governance.
I think I asked the analyst relations group to broker a chat but nothing ever happened.
Nothing that is, except John Evdemon criticizing our approach, apparently without ever looking at it. John didn’t respond to a comment from Stephen on his blog, which said:
My frustration with this acronym [COA] is, like all other acronyms, it doesn”t serve any purpose other than to act as a “verbal shortcut” to make one look reasonably intelligent (although this is open to debate.)
Ad hominem attacks eh? Sometimes we even get called insightful… I do appreciate dialogue around how to help enterprise solve problems. Microsoft had its own compliance architecture theme though, so perhaps we just touched a nerve. I know that John can be civil, as his comments here demonstrate.
On that note though: isn’t “loosely coupled” a buzzword somewhat like the acronyms you criticise?
Microsoft wants us all to think in “loosely coupled” fashion, and understand what it means, even while it continues to release tightly coupled, unmodular, products. How is Microsoft’s behaviour any different from competitors or other information sources in the market? Language matters because it drives behaviour.
Anyway, this blog wasn’t meant as a criticism, but rather an invitation.
It is my contention that Microsoft, like RedMonk, was a little ahead of the market.
Next week is going to see the publication of some very interesting research from our partner Freeform Dynamics, which will show that an architectural approach to compliance problems is now on the cards at the majority of UK financial services firms polled.
RedMonk is certainly seeing grassroots interest from the community now in compliance oriented architecture, and we’d appreciate some input from Microsoft, and anyone else that want to participate for that matter. 
COA is not an acronym to try and make us look intelligent. Its a solid piece of research based on scores of interviews with a range of players, from investment bankers to lawyers to software developers to vendor vice presidents. Stephen worked bloody hard to pull it together. COA is an attempt to drive loosely coupled thinking into the performance, governance and compliance space using a shared intellectual property model.
The time wasn’t right in late 2004, as organisations were working heads down on SOX fixes. But maybe it is now. We’re currently updating our model, based on market interest, and the fact it badly needs updating.
Anyway – we don’t need input from Microsoft. Other major vendors, and some enterprises, and even sortof-competitors like the Gilbane Report are interested in the approach. Lets face it – James McGovern from the Hartford, one of America’s biggest insurance companies, explicitly asked you to work with us. Mr McGovern saw the opportunity to extend the framework into operational risk management. If we helped The Hartford at all with its compliance initiatives then that is something to be proud of. Frankly, taking an IT architectural approach to performance and governance marks the Hartford out as an industry leader, not a follower….
James says:
Today more than ever, it is vital that senior executives and board members have all the information, tools and answers they need to fulfill their fiduciary duties. Enterprises shouldn’t put full faith into insulting firms who audit IT systems with personnel who have never written a single line of code in their life. The only thing that can protect an enterprise is architecture!
Architecture–doesn’t Microsoft have some useful experience in that regard?
RedMonk doesn’t need Microsoft’s participation for COA.. but we’d like it.
So if you can get beyond criticising other people’s acronyms (just another form of the NIH disease, imho), and look at the substance of the work, lets have a dialogue about the current state of the art. 
One final point to concentrate the mind: IBM’s Data Governance Council was formed to help companies manage data more effectively. The council is growing fast, and RedMonk has worked with program lead Steven Adler on compliance, governance and privacy issues. The DGC is a community of ridiculously smart, but generally very polite people.  
Does IBM get it? Evidently so – check out page 45 of its latest corporate social responsibility innovation report:
Data governance requires the collaboration of disciplines that have not traditionally worked together before, including security and privacy, regulatory compliance, data management, operational risk, and IT.
Cross-cutting concerns. That’s a core COA concept: it is about dialogue not dismissal.

One comment

  1. If John wants to say that the world doesn’t need another acronym, then he’s in the wrong industry whether he’s right or not. Acronyms are natural fall-out, a bit like the mess chickens make – but its better to focus on the eggs. Does he speak for Microsoft? “The views and opinions stated in this blog are mine and may not necessarily reflect those of Microsoft.” – so, no, but anyway. The criticism here was more about the use of an acronym, than the substance of the report, so its a moot point really.

    Considering the report, the COA research is a bloody good piece of work, and was in the back of my mind when I said (in some other, long lost comment) that one of the defining characteristics of a good analyst is that they should publish. It doesn’t matter whether we see it as considering compliance architecturally, or building an archtecture that can support our compliance requirements. In either case we end up with an architecture which possesses some pretty key elements in terms of auditability, accessibility and so on, across a range of loosely coupled (thought I’d throw that in) systems, services and apps.

    One of the big issues with compliance is that (inevitably) it has been treated as a bandwagon onto which anyone can jump. As I understand it, the COA report came about as a direct response to these tactical attempts at providing compliance features. All strength to it.

Leave a Reply

Your email address will not be published. Required fields are marked *