Enterprises are displaying a great hunger for using a public cloud to host business process management (BPM) software, argues Gartner vice president Michele Cantara. As concerns about security persist, few have taken the plunge so far. But Cantara claims to be seeing early signs that firms are losing their inhibitions over security. In the meantime, the use of BPM in private clouds is already growing at a fast pace.

BPM software allows enterprises to model applications and technologies after the way their business is organised, for instance ensuring that a new order is signed off by a manager before it is passed on to a supplier that will ship the goods.

Often used as part of a service oriented architecture (SOA), BPM lets firms quickly adapt their applications and processes to business changes.

Within cloud computing, one can differentiate between a private cloud, public cloud and SaaS delivery. The difference between cloud computing and Software as a Service (SaaS) is essentially determined by the rate at which outsourcing comes into play: a SaaS provider such as EnterpriseWizard offers a working BPM platform that is accessed through a browser window. With a cloud platform, the enterprise installs the software on a series of networked servers which it either owns (private cloud) or rents from a provider (public cloud) such as Terremark or Rackspace.

Cost is often cited as the main benefit of using a cloud based BPM solution. But other factors do come into play. "One of the greatest benefits of the cloud delivery model is the speed with which the system can be deployed," says Colin Earl, CEO of BPM provider EnterpriseWizard. "Not only is there no need to provision hardware, but the application is jointly available to both the vendor and customer during the initial deployment, the testing and the fine-tuning phase, without having to deal with firewall issues."

EnterpriseWizard offers its software in a choice of on-premise and SaaS delivery. Each model has its advantages, Earl argues: "The business manager may prefer to deal directly with the vendor, without having to depend on their IT department. Or the data may be so sensitive that the company does not want it to reside anywhere outside the firewall."

When it comes to security concerns, Cantara cautions that technology is only part of the problem. "Psychology plays into this. There's a reluctance to trust another organisation." But this reluctance is bound to fade. "We had the same thing a few years ago with outsourcing. Initially, there were many concerns about outsourcing, and then outsourcing came into the mainstream. We're seeing the same process now", she points out. One of the factors that has changed the situation is the way that particular applications tend to be embedded in the cloud these days. These are applications that are usually very industry-focused and specific to vertical markets - but that has led to wider acceptance.

EnterpriseWizard's Earl agrees that security remains a problem. "We have met these concerns in a number of ways," he says. "We have extended the security infrastructure to provide fine-grained access control at both the record and field level; we subject the application and hosting environment to extensive internal testing; and finally we engage a third-party security firm to conduct an external review every 18 months and publish the results."

Any company that is looking to implement a BPM solution - within the cloud or not - needs to have a firm idea of what it's trying to achieve. EnterpriseWizard's Earl notes that although this seems obvious, it is not always the case. "A large part of our customer base are companies that initially purchased another BPM package on the basis of the vendor's claims that 'It can do everything that you need'. They then found out that the costs of actually customising the software to meet real business requirements were so exorbitant, and the implementation times so long that the project went nowhere. One well-known Silicon Valley company spent 7 years implementing a BPM system from a major vendor and never finished! The entire project was cancelled, and with it the careers of the managers involved."

The other factor to bear in mind is the cost of the entire project: this not only includes the cost of the software, but also the cost of the hardware, development costs, maintenance and further development.

To prevent costs from getting out of control, Earl recommends negotiating a fixed fee. "This not only helps keep costs under control, it can make for an illuminating discussion when a salesman will not commit to doing the project in three months on a fixed-price basis."

There are two other factors, Earl says. "Does the vendor offer some kind of money-back guarantee if the implementation fails? And will the customer be able to modify the system themselves as their needs evolve, or will they always be at mercy of $200+ per hour consultants?"

Response Summary

Is BPM just hype?

Engineering an approach to BPM: CIO UK Debate part 4

BPM without busting the budget: CIO UK Debate part 3

Full Response

Get involved

Express your views on the role IT has in business process management and redefinitions around technology

To get involved, contact the CIO UK LinkedIn community.