Monday, March 23, 2009

A Data Base is just another source, a tribute to Molière’s play “le Bourgeois Gentilhomme”


A lot has been said about the convergence between Business Intelligence and Enterprise Search. I've discussed this with many customers and partners wondering if yes or no, like Mister Jourdain who was speaking in prose without knowing it, Sinequa was already doing Business Intelligence. My view is that sometimes we talk about Business Intelligence when it would be more fair to talk about DataBase Offloading.

« Database Offloading » means using a search engine to query and use the content of a database. The database was designed to manage transactions, and not to optimize access to its content in order to rapidly populate third party applications. For example, a database where all the transactions of a bank are stored and managed contains information that could be accessible in order to give an immediate unified view of a given customer's history.

  • The "IT 1.0" solution was to copy the database content in a datawarehouse, then allow querying of this datawarehouse. This solution was the result of technical limitations or hard facts inherited from the past (cost of hardware, databases performance,…). Today this looks too heavy and costly for the job done.
  • The "IT 2.0" solution is to use an Enterprise Search engine to index the database content and therefore facilitate access to relevant information. Some parameterization may be necessary to complete this. The search engine must be precise, robust and scalable, completely designed using Web standards in terms of architecture and technology. Moreover, a next generation Enterprise Search engine will also be able to generate distributions on quantitative criteria related to a specific column. Sinequa allows this approach. A pioneer of this intelligent solution is Jean-Paul Figer, former CTO of Cap Gemini and today running his own IT architecture company; he promotes this in a REST styleJ (cf. sorry this is in French. REST, un style plus qu'un standard). Jean-Paul Figer has been able to take advantage of the disruption brought by search technologies and he can divide the cost of a project by 10 or more; more important he can reduce the time of implementation. A good Enterprise Search engine, like Sinequa, contributes in this case to huge improvements in productivity. However, this approach is not properly addressing Business Intelligence but more specifically « Database Offloading » and application rewriting in REST.

I'll conclude this post underlying that a second step is possible, when a Search Bus with good management of security rights is available: expand applicative possibilities to content beyond the database perimeter, indexing information from less structured sources, and therefore contributing to a 360° vision of the customer (or any other relevant subject). Here again, scalability, security management, connectivity, make all this possible.

The idea of this post came from the post of Adriaan Bloem, Analyst at CMS, who explains that using a search technology to access the content of a database at a lower cost is smart, but has more to do with « Database offloading » than with Business Intelligence.

Thursday, March 12, 2009

Google Docs, Security and respect of access rights: is the possibility of a leak acceptable?

As published by TechCrunch, Google Docs has shared docs without permission. So it seems Google Docs has had a security leak. Some users were able to see what others had produced, despite the sharing and access rules in place. It is true that technology bugs are common, but is this kind of problem serious or not?

I think there are two issues: one is factual and related to what has been unduly shared and the damages occurred. The other is more intangible, it is the lack of confidence generated by the room for error. How can an individual work confidently if the fruit of their labor and their intellectual property rights are likely to be violated? How can we accept from the enterprise point of view, that confidential information is subject to leaks?

The principle of the Enterprise 2.0 is the sharing and exchange of information. This works because there is confidence in the tools available and particularly with one underlying condition: respect for the integrity of all user data. Several CIOs of Sinequa customers, particularly in banking, consulting and administration sectors, have rightly chosen our solution because it guarantees the respect of security rules. Conversely, I know a bank that installed a search solution (that I will not name) for their shared directories: the first day when the service went live, an employee searched for "executive bonus" and got the list of the bonuses of the executive team...

When it comes to security, we must demand zero risk. If for example the search solution is not designed to manage security at both the application and document levels, if the user access rights are not taken into account at the heart of the index, but "a posteriori", we are in danger. This is one reason that led Sinequa to develop its own application connectors. If the search solution does not permanently refresh user access rights in conjunction with new security rules (user profile changes, a public document that is now confidential...), there will always be a security risk leading to periods in which users can ask a question and get information that they should not see...

Personally, I think that non-compliance with user access rights and the risk of security leaks is unacceptable. And you, what is your opinion?