Can we, should we, attempt to control enterprise mashups?

'The mashup seems to be very much like a Wild West, almost like rapid application development was 15 years ago'

Can we, or should we, attempt to control mashups in the same manner as composite applications? That's the issue that was front and center of the most recently published SOA BriefingsDirect, led by ZDNet colleague Dana Gardner. The answer seems to be, for now, keep mashups on a long leash. (Summary and transcript here.)

'The mashup seems to be very much like the Wild West, like rapid application development was 15 years ago'

I had the opportunity to join IT analysts Steve Garone, Tony Baer, Jim Kobielus, and Dave Linthicum in a rousing discussion of mashups as they fit into the SOA view of the world.

"The mashup seems to be very much like a Wild West, almost like rapid application development (RAD) was 15 years ago," Dave Linthicum said. "As people are mashing these things up, the SOA guys, the enterprise architecture guys within these organizations are coming behind them and trying to figure out how to control it."

Dave says mashups are already proving their mettle in companies that are actively supporting these types of applications. He points to a client "that has done a really good job in mashing up their existing sales tracking system, inventory control system, and also delivery system with the Google Maps API." The mashups provide routing for delivery, as well as traffic reports, to drivers and delivery agents. "Productivity has gone up 25 percent," Dave relates. "Over a year, that is going to save them more than $1.5 million. And, that’s just a simple mashup that was done in a week by a junior developer."

That sounds like real money. Will attempting to control and channel these efforts within a governance structure kill the goose that lays the golden eggs?

The current challenge for the company, in fact, is "trying to legitimize that and put it back into their SOA project, as well as other external APIs," Dave says.

Jim Kobelius had some thoughts on how to address balancing the creative impulses that Enterprise 2.0 facilitates, versus the need to keep things from getting out of control:

Tell your end users, "'We want you to be creative in putting things together, but here is a tool, an environment, or enabling technology that you can use to quickly get up to speed and begin to do mashing up of various resources. We want you to use these particular tools if you wish your mashups to be used far and wide within the organization. If you wish to freelance it internally, go ahead, but doesn’t mean we are necessarily going to publish out those mashups so that anybody can see them. It means we are not necessarily going to support those mashups over time.'"

Panelists agreed that there is little difference between mashup applications and the composite applications that have been part of the Web services/SOA scene for the past decade.

"Governance is a loaded word," Dave said, adding that "you really need a rudimentary notion of governance when you deal with any kind of application or service that works within the organization." That includes mashups as well as composite application, he adds. However, governance is not "only about control, but it is about productivity." As he notes:

"I can find services. I can leverage services, and they are managed and controlled on my behalf. So, I know I am not using something that’s going to hurt me. The same thing needs to occur within the mashup environment. For mashing up, there are lots of services that we don’t control or that exist outside on the Internet. It's extremely important that we monitor these services in a governance environment, that we catalogue them, understand when they are changed, and have security systems around them, so they don’t end up hurting productivity or our existing IT infrastructure. We don’t want to take one step forward and two steps back."