The bottom line here is that as SaaS grows in importance, offshoring becomes an easier decision. After all, if the service is being hosted anyway, what does it matter where it is located?

What will foster the growth of SaaS delivered solutions? Compliance. A recent Forrester study predicts one compliance issue alone, e-discovery, will be a $4.8 billion industry by 2011, due to the new Federal Rules of Civil Procedure. SaaS providers will take the lion’s share of that. In short, compliance regulations will be backing up like a plugged drain pipe onto the IT floor, and companies looking to have someone clean up the mess and manage these issues will turn to hosted solutions such as SaaS.

Other trends will also play a part in SaaS’s growth this year. A Gartner study written by Allie Young says that by  2008, more than 70 percent of utility offerings will be targeted toward business units or line managers rather than IT organizations, with more than 30 percent of new software purchasing delivered in the utility model.

If Gartner’s right, that trend will mean a serious degrading of IT influence in the enterprise in the near future.

—Ephraim Schwartz

Cisco buys AV smarts
Successfully predicting that Cisco Systems will buy a security firm isn’t much of a feat. The networking giant, based in San Jose, Calif., averaged almost an acquisition a month in 2004 and 2005 — a good number of them security firms. It’s a good bet that 2007 will bring news of more security buys. I’m guessing that one of those will be an anti-virus software firm.

Why anti-virus? First, Cisco needs what an anti-virus firm has to offer. The vision of a “Self Defending Network” that integrates security intelligence with Cisco’s core switching and routing gear is key to Cisco’s future. Up till now, the Self Defending Network vision finds its best expression in Cisco’s Network Admission Control (NAC) program, which allows firms to vet the security posture of hosts attempting to connect to LANs or WANs.

But client-screening isn’t a silver bullet, as became clear at this year’s Black Hat conference, when security researchers  showed how hackers could use spoofed MAC and IP addresses to pose as known systems on networks, and others postulated that rootkits could be used to manipulate reports from third-party security products.

Those kinds of threats mean that Cisco will need to own the researchers, malware signature databases, and next-generation security IP to spot threats, not rent them. Software- based AV and threat intelligence can then become a service consumed by its increasingly service-oriented networking architecture. 

— Paul F. Roberts

New Java, same as the old
A year from now, what exactly will be the impact of an open source Java? I’m betting that by Christmastime 2007, people will not have noticed much difference at all. In fact, the Java open sourcing might parrot the Year 2000 switch: much talked about and much feared by some, but in the end, it registered a resounding thud and life went on as it always had.

After all, Java in its so-called closed implementation already had spawned open source projects ranging from the Spring Framework to Apache Jakarta and the Eclipse project. Open source Java application server vendor JBoss also built quite a business model without needing an open source Java.

So, in 2007 we might have to look to the Microsoft camp for excitement in the application development space, because Java’s big splash won’t amount to much.

— Paul Krill

Mashups Meet SOA
Some predict the trend of big software companies devouring small pure plays will continue to dominate the SOA scene in 2007, but that reasoning is faulty – mainly because there are so few independents left to buy.

The real action in SOA will be on the ground, not among vendors, as more and more IT organizations embrace mashups.

Are enterprise mashups really SOA? Absolutely, provided the services available for mashups are properly provisioned and managed, and if services inside the firewall map to an organization's business processes. Some of the most successful SOA initiatives line up services on one side and AJAX clients on the other -- and that's it. No nasty complicated orchestration or heavy duty middleware. Just useful apps that can be programmed in a matter of weeks or even days.

If the selection of services for enterprise mashups is more ad hoc, that may not fit the canonical definition of SOA, but so what? The great thing about mashups is that they offer a shortcut to the value SOA is supposed to deliver -- lightweight, quick-to-market apps that leverage existing assets. Will some mashups be toylike or brittle? Sure. But nothing convinces skeptics of the power of SOA faster than, say, a glitzy Google maps app mashed up with internal sales data.

The long tail of mashups may also wag the dog of governance, the details of which constitute the biggest obstacle to SOA adoption. Governance -- that is, the development and enforcement of policies for building and running an SOA – entails the creation and maintenance of design-time and runtime policies for services. Governance is the biggest hump to get over, because it demands a big chunk of everyone's bandwidth. And it also carries a risk that too many locked-down rules, policies, and procedures will kill SOA's highly touted agility.

By default, mashups tend to involve services that are content-based rather than transaction-based, which means governance policies can and should be tolerant. In 2007, enterprises that indulge in mashups will realize that such services constitute their own service class -- and deserve their own lightweight set of rules. At the other end of the spectrum, the closer you get to transactions, the more you need to screw down the rules -- and the fewer people should gain access them.

In other words, mashups will drive services classification, which may not be a panacea, but will certainly help sort out the governance mess. And looser rules for content-based services will ensure that many parties across the organization start reaping the benefits of SOA sooner rather than later.

— Eric Knorr