Look before you leap. "You don't go buy a box of Web services," says META's Ferengul. Though rapid progress has been made during the past year to define standards, there is still a list of problems dogging Web services, and it's often up to the IT department to figure out how to solve them. "People who really need advanced Web servicessecurity, transactions, reliable messaging, routingare also the people who should want to take a wait-and-see approach," says Adam Sohn, product manager for Microsoft's .NET strategy group, which is developing Web services software and tools for business.
On the security front, where Web services aimed at easing company-to-company communications may threaten sensitive corporate data, companies are using Virtual Private Networks and other add-ins to create a security shield. But that's a patchwork approach that can be quickly stretched beyond the point of practicality, analysts say. "We advise companies to expect that they will see substantial security failures in their Web services implementations," says Gartner's Andrews.
What to do? Focus your Web services projects on applications that are already protected by the corporate firewall, and, over time, phase in your Web services exposure to partners and customers as security applications develop.
If you're planning any kind of large-scale rollout, you'll also have to decide how you'll manage your Web services. Watch how they perform and make sure that nothing breaks as you load up on transactions. These services are increasingly used in a production environment, which can mean cobbling together third-party applications, such as TeaLeaf Technology Inc.'s IntegriTea, which is designed to help spotlight a potential Web services failure.
But given the lack of management standards for Web services, it's best to assume that pieces will be missing. "Right now, Web services management, while critical for a strategic Web services implementation, is really something for the adult swim period," says Gartner's Andrews. "The most visionary enterprises today are thinking about managing Web services before managing a problem."
Does it help to bet on one vendor's platform, such as those from IBM, Sun Microsystems Inc., or Microsoft? "There are too many choices in the marketplace," says Deloitte's Danylyszyn. Each vendor, he says, has a different approach and a different infrastructure for Web services deployment. "There's no right answer," Danylyszyn says, "because there's no one-size-fits-all." Also, not all vendors are providing the right kinds of links between Web services and legacy applications. "We are still using batch mode communications with our back-end systems because the vendor hasn't provided the Web service capability for us to call them directly," says JTC's Yap.
Therefore, if you want to resolve all of these issues quicklywhile hoping new standards will become rapidly infused into productsyou may need a healthy dose of patience: Analysts say you shouldn't expect to see an end to the standards race for at least another two years.
Ask your development team:
How far can we stretch our security scheme to safeguard Web services?
Ask your management guru:
What problems could Web services create for us?
Ask the major web services vendors:
What switching costs might I incur if I choose to migrate from your platform later on?