| PROBLEM: After the rapid rate of change in business | | | | METHODS: Now is a very good time to take a step |
| technology over the last ten years, many businesses | | | | toward office automation. New models of |
| and organizations find themselves with a hodge-podge | | | | development theory are making the integration of |
| of databases and applications that work only in | | | | legacy applications into a web-based strategy more |
| isolation. They were purchased or designed to address | | | | viable than ever: |
| a pressing need of the moment, often with little thought | | | | - XML -- Though it has been around for a few years, |
| given to integrating these systems with the existing | | | | XML (Extensible Markup Language) is really coming |
| infrastructure. | | | | into its own as a means of transferring data from |
| Unfortunately, every new application brings with it new | | | | application to application. It can be easily understood |
| access points that must be secured to prevent | | | | and processed by a wide variety of languages for a |
| malicious attacks or the accidental leak of sensitive | | | | wide variety of purposes. Because it is so friendly to |
| information. For applications that communicate with | | | | basic HTML code, it lends itself well to the integration |
| other applications, an intrusion in one system means | | | | of diverse applications designed on a web foundation. |
| every system with which it communicates is also | | | | - Central Authentication Service (CAS) -- In a |
| vulnerable. Integrating and subsequently securing | | | | CAS-based solution for authenticating users, |
| applications in such an environment can feel like more | | | | credentials passed through a web-based login page |
| trouble than it is worth, especially for smaller | | | | are handled in one place for many different |
| businesses with fewer IT resources. | | | | applications. This means logins and passwords need |
| Likewise, replacing existing applications and data | | | | only be maintained in one place, making administration |
| platforms with newer, more secure technologies can | | | | far easier. It also limits the access into any |
| be prohibitively expensive. While retail software can | | | | CAS-integrated application to one point, the central |
| solve some problems for those on a budget, they are | | | | login page, meaning greater security. The |
| frequently too restrictive in their feature set and may | | | | language-nonspecific nature of CAS means it can be |
| still require an expensive migration to be a feasible | | | | used for virtually any type of application. As an added |
| solution. | | | | bonus, the CAS solution developed by Yale University |
| Meanwhile, the expectations of users and customers | | | | is open source; integrating the solution is the only cost |
| have grown to voracious proportions thanks to the | | | | involved. |
| ubiquity of the web. It is becoming truer with each | | | | - Rapid application development (RAD) -- Applications |
| passing year that to compete in business means to | | | | that required hundreds or thousands of man-hours to |
| make your products or services available online. | | | | create initially may be redesigned for the web |
| SOLUTION: As it does so often, however, technology | | | | significantly cheaper thanks to the sophistication of |
| eventually provides solutions for the problems it | | | | RAD platforms such as Visual Basic .Net. While the |
| creates. Recent trends have seen movement in favor | | | | relative ease-of-use of such packages has |
| of standardized communication methods and | | | | encouraged sloppiness on the part of some neophyte |
| centralized security services. | | | | developers, an experienced and professional |
| In addition, an enlightened, incremental approach to the | | | | developer can use the advantages of RAD to keep |
| replacement and integration of legacy applications and | | | | down costs. |
| databases can be used to keep even small | | | | - Object-oriented design -- While not particularly new, |
| businesses from falling behind the curve: | | | | an object-oriented approach to web application design |
| - Efficiency -- No one likes to deal with piles of paper | | | | makes the process of integration and upgrading |
| unless there is no other way. A web-based solution | | | | existing systems far more flexible. Compartmentalizing |
| not only streamlines established business practices, but | | | | business rules within the objects that depend on them |
| makes services and information available from any | | | | means a change in those rules won't require a |
| web-enabled PC. As people become accustomed to | | | | massive amount of coding. Moreover, incremental |
| mobile technology, they will find it increasingly | | | | development is aided by the reusability of objects; |
| unacceptable to be tied to their office in order to do | | | | once a rule has been created for one project, it won't |
| business, or to be forced to make a phone call or send | | | | need to be re-created for the next project that uses it. |
| a paper invoice to request goods and services. | | | | SUMMARY: Advancing to a web-based strategy for |
| - Centralized security -- Providing a single sign-on point | | | | business solutions needn't be the exclusive privilege of |
| for users of diverse applications limits the number of | | | | large corporations and organizations. Indeed, the web |
| access points into a system, thereby limiting the | | | | itself is egalitarian by nature. A multitude of |
| security vulnerabilities. Existing permissions -- such as | | | | opportunities can be found there with an intelligent, |
| those stored for users of a local area network -- can | | | | guided approach to development. Integrating existing |
| be used to permit or restrict access for a user based | | | | systems within a web-based framework maximizes |
| on his or her login credentials, automatically hiding | | | | current assets and increases efficiency, especially |
| applications the user is not authorized to use. Virtually | | | | when done in concert with an incremental upgrade |
| any application can use such a front-end access point | | | | system. Additionally, the centralization of user |
| to control its own access on the back-end. | | | | authentication tasks eases administration challenges |
| - Incremental system replacement -- Too often, | | | | and can be a powerful security tool; it also makes |
| businesses opt for a complete makeover of an | | | | access to applications silky smooth for users. Finally, |
| application that is past its prime when a simple facelift | | | | taking full advantage of emerging technologies that |
| will get the job done. For those that can afford it, a | | | | make integration easier means a solid solution is |
| shiny new system is always nice to have; for the rest | | | | feasible even for the little guy. |
| of us, a piece-by-piece replacement is a great way to | | | | Ultimately, acknowledging and responding to the |
| control costs with more precision, while still getting the | | | | demands of web-savvy users and customers is the |
| most troublesome aspects of the legacy application | | | | first step toward ending up on the right side of the |
| replaced. | | | | increasing divide between the winners and the losers. |