Web 2.0 Service Assurance – or Insurance

In his latest post Stu discusses an interesting approach to resolving some of the assurance issues that we are going to face when Enterprises use Web 2.0 services. I briefly discussed some of these assurance issues in my post about Enterprise IM.

Stu’s idea is that services could be ‘insured’ by an external party that is already trusted. It’s an interesting approach and there is some precedence for it. When I deal with a small retail organisation online I look for some form of assurance before putting in my credit card details – safebuy is a good example of this. It’s easy to get into a cycle of “but who assured them?” but there is no ultimate assurance it’s just about building trust.

I don’t need quite the same level of assurance from a larger, well know, organisation because I know that they are trustworthy already. They have already built trust and aren’t going to risk it, it’s the new people who have a problem. Flickr being bought by Yahoo makes it more trustworthy. Services delivered by Microsoft or Google already have a level of assurance.

Anyway, I’m off at a slight tangent here. getting back to the subject at hand.

If an enterprise is going to place its corporate data into a web service what assurances do they need? Well it’s a sliding scale, and that helps the new starters. Enterprises can build trust over a period of time, trusting them with the low value, not so sensitive information first and then building up to the more sensitive stuff.

It helps, of course, if the service doesn’t actually need to keep the data, it’s only there for a short period of time – webex being a good example.

Another way of building assurance is through audit; being able to come along and to check. How do you know if the service provider is following good security processes? The only real way is to go and see. But if some external, trusted organisation, undertook the auditing for everyone things would be so much better. It wouldn’t please everyone, but it would please most.

Perhaps that’s where the traditional service providers come in. I see two ways of them getting engaged.

They could partner with a specific set of services and build a set of ‘branded’ (and hence assured) services. Adding a layer of integration to make it even more compelling. In this model you would go to the service providers site and use what appears to be their service, but  really it’s just a collection of other peoples services. In terms of functionality there would be very little to choose between this and the collection of services that someone could put together themselves, the difference would be in the services (support, contractual, assurance, financial) that is provided. While this sounds like a nice idea, it also has loads of problems. The major problem being that this model is effectively the model that we have today, a model that people aren’t happy with because it restricts flexibility and adaptability too much. The service providers would have to be able to move very rapidly.

The other way the service providers could add value would be to just be service assurers. The level of assurance would depend on the service. People wanting to use ‘assured services’ would gain a level of trust in the service being provided but would still have all of the flexibility and adaptability. The challenge here is that as the market matures around the services the need for an assurance agent becomes diminished. Why pay for assurance if you have successfully used a service for several years without problems.

The other issue to layer onto this is the changing nature of enterprises and the move towards evermore independent working – but that’s a World is Flat discussion which I’m not quite ready to launch into yet.

Tags: Web 2.0, Web Services, The World is Flat, Service Providers