The clichéd comment on standards organisations is that old chestnut trotted out by unimaginative marketing directors from vendor companies: "The great thing about standards is that there are so many to choose from!" Of course, as with most clichés, there is more than an element of truth in that. It is the most politically correct tick-box item on any procurement document. Is the technology standards-compliant? Even in an industry as bandwagon-driven as IT, the unseemly rush by vendors to clamber on board any form of standards-based organisation and thus flag up their standards-friendly nature, is evidence enough of the importance of being standards-supportive.
But it is debatable how important they are. And with so many standards to choose from, how do users decide which ones are more important to adhere to than others? Do you assume that because big hitters like Oracle and IBM are backing one that this gives it credibility? Or should you buy into the one that Microsoft's involved with on the grounds that sheer marketing power alone is going to ensure that it dominates in the end? It is a thorny issue and one to which great lip service is paid. And such is the political correctness of it all that it is not exactly career enhancing to be candid about it.
Blowing the whistle
But one IT director at a leading manufacturing firm was prepared to be - on condition of anonymity. "We have the standards box on the tender documents to be ticked by the vendor, but in reality we know they're all going to tick it, so it's pretty meaningless," he reveals. "But if I said that too loudly in public I'd be shot. Having the standards question there makes us all feel happier - but if you look at it too closely, there are no guarantees. Most standards groups are vendor dominated and about what vendors want. We buy based on proven track record from vendors like SAP and Microsoft and their standards credentials are taken as read."
So are standards organisations merely vehicles for vendors to enforce their own product direction on the market under a guise of collective responsibility and mutual interest for the good of all? If that is the case, can users play a bigger part in the formation of standards rather than sitting back and waiting to see what they are given?
"Standards are important, but they're only one factor and not a knock-out factor," suggests Mike Wright, group IT director with UK-based insurance giant Willis. "The problem is that standards are always evolving and never complete." He sees vendors trying to use adherence to and compliance with standards as a competitive positioning weapon, but with little success.
"The real challenge is to get vendors to realise that competing on standards is a waste of time," he says. "If in its marketing a vendor says it goes beyond the requirements of a standard, then it is undermining and negating that standard because it's not actually meeting its requirements."
It is important to start with an overview of the different types of standards - there is unfortunately no universal standard. There are de jure standards, which are drawn up and devised by working parties as part of a standards organisation. These are then offered out to the industry to adhere to in future product development.
And there are de facto standards, where a particular technology becomes so prevalent that its use becomes a standard by default. This latter type is almost entirely driven by user adoption, whereas the former tends to be more vendor-dominated.
Wright gives as much credence to de facto standards as de jure. He argues the fact that many technologies are a de facto standard means that no one should attempt any de jure standards efforts in relation to them. "I don't want anyone to talk to me about office application standards," he says. "There is already a Microsoft de facto standard in Office. Word, PowerPoint and Excel are the de facto standards. There isn't any point in having a debate about this."
The vendor role
The role vendors play in standards groups typically follows a well-trodden path. First there is the frenzy of enthusiasm for work ahead, followed by a period of cooperation and collaboration while the standards specification work takes place. But once the first specs are in place, all thoughts of the common good are replaced by commercial self-interest and the previously happy band of cooperative vendors start to fight like a bag of cats in their rush to be the first to market with a money-making product.
In some respects this is understandable. Getting 40 vendors in a room to agree to work together is hardly credible. It is the United Nations. Or worse, it is The League of Nations. At some point shareholder responsibility and fiscal necessity are going to kick in. The question is how long that moment can be postponed. This is where a significant degree of user involvement can become an extremely useful checking mechanism.
The Object Management Group (OMG) is a good case in point. Established in the early 1990s to set down specifications for the then emerging object-oriented software industry, the OMG began life with an almost 75 per cent vendor representation. Within around two years, the balance between users and vendors was about equal - with beneficial results all round.
"It became much more collaborative," recalls Richard Soley, chairman and CEO of the OMG.
"There is no way that only vendors or only users can develop workable standards. There is no value to a standard that is not going to be implemented by vendors in their products; equally there is no value in a standard for a product that isn't going to be bought by the users.
"A balance has to be achieved between what the users are looking for and what the vendors can realistically deliver. You need the vendors involved so what you do is bound in by what is possible. If you write requirements that are not bound in by reality, then it is not going to result in workable standards."
The OMG now has what it feels is healthy and active user involvement in its ongoing standards processes. "Vendors respond to our work with implementation specifications while users respond with their needs and comments," explains Soley.
The OMG itself in its embryonic days was a prime example of what can happen when vendor interests take over at too early a stage. The key technology the OMG worked on at first was the Object Request Broker - which became a kind of holy war, with Microsoft on one side of the schism and basically everyone else in the industry on the other.
More recently many commentators singled out Sun Microsystems' behaviour over the Java standards process for particular criticism. This went through various iterations with Sun intending to hand over responsibility to one international standards body after another, changing its mind over which one depending on whether that particular group agreed to carry out the standards process according to the way Sun wanted it done.
Java was a Sun technology and for all the company's protestations of wider industry good, if Sun wanted to take its ball home then that was exactly what it would do.
Clearly vendor squabbling is not in the best interests of users, but it is always going to be difficult for users to block it.
One way to make sure the user voice is heard is to have a good strong bunch of users coming together in one place. The Corporate IT Forum is not a standards organisation in the strictest sense of the term, but it does influence the direction product and technology developments will take.
"At the time tif was founded, it was not common for people within IT functions to exchange views with one another," explains chief executive David Roberts. "We've got more than 140 IT departments as subscribers, including 50 per cent of the FTSE 250."
"We do have some vendor involvement, but it's user driven. If something arises such as a new solution or product, then our subscribers determine which vendors we might want to approach so that they can lay out roadmaps or explain how it fits together. We're not there to shout at suppliers."
Other standards movements are more forthright, laying down the law to vendors after finding what they are presently offering is not up to the mark.
The UK's CRM national program is a good example of this in practice. User organisations - in this case local government authorities - are giving their suppliers the specifications and guidelines to which their products must be written in the future.
The program has developed a portfolio of 41 support, advice and guidance documents aimed at sustaining local authority decision makers in implementing CRM. These were tested by 83 local councils and 13 of them were released in draft form.
"The program aims to bring clarity and definition to CRM," says Mark Bassham, program manager, CRM national program, Tower Hamlets.
"CRM can transform the ways that local government can deliver services to citizens. The lead councils had a strong vision of what they wanted from CRM and lots of experience to share.
They also knew what they needed suppliers to provide in their CRM offerings. It's about working with them to achieve those needs."
But whereas the CRM national program represents users forcing improved standards on their suppliers, there are also examples of users initiating entirely new movements through frustration with the status quo offered by vendors.
One such movement is The Jericho Forum, a user-led consortium that is attempting to drive through new standards in network security. The approach it advocates is user-defined and known as de-perimeterisation. It is a theory that has met with some scepticism from security vendors and experts, but the sheer weight of the user budgets behind the Forum is enough to guarantee that the concept at least receives consideration.
The Forum sees merit in its communal user-led approach and is ready to make clear to the vendor community what it wants to see in future security products. "If you haven't noticed it yet, we've lost the war on good security," argues Paul Simmonds, global information security director for ICI.
"Ultimately it's up to all of us to stop designing insecure systems. It is as simple as that. We have to design in security from the ground up. We can't keep papering up the cracks. We have to demand secure and authenticated protocols and refuse insecure protocols."
The UK's Royal Mail to establish an informal network of interested parties to explore common security architectures to support de-perimeterised b2b networking. Members include: ICI, BBC, Royal Mail, Standard Chartered Bank, Rolls-Royce, Cabinet Office, HBOS and Barclays.
Organisation for the Advancement of Structured Information Standards (OASIS) is a non-profit consortium to drive the development, convergence and adoption of e-business standards.
The consortium boasts it produces more web services standards than any other organisation along with standards for security, e-business, and standardisation efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 3000 participants representing over 600 organisations and individual members in 100 countries.
Members include: Boeing, Reuters, Wells Fargo Bank, Visa International, Vodafone, IBM, Microsoft, SAP, Oracle. www.oasis-open.org
The Object Management Group
Founded in April 1989 by 11 companies, the Object Management Group was formed to create a component-based software marketplace by accelerating the introduction of standardised object software. The consortium now has approximately 800 members. Members include: Daimler Chrysler, Telefonica, Visa International, Bank of America, IBM, Microsoft, Hewlett-Packard, Oracle. www.omg.org
World Wide Web Consortium
Founded in October 1994 the World Wide Web Consortium (W3C) says its role is to lead the web to its full potential by developing common protocols that promote evolution and ensure its interoperability. W3C has around 350 member organisations from all over the world, including: American Express, Boeing, Vodafone, UK Office of e-envoy, AOL, T-Online, BT. www.w3.org
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.