This was a must read title of a piece in Information Week that gave a considered view of the wisdom of mixing Enterprise IT and the Internet. It’s a longish piece totalling seven pages, but well worth reading, and contains several polls of Information Week readers to provide breakdowns on what is happening. It’s the interpretation of these polls that I want to draw attention to as I am not sure that I agree with some of the interpretations that the author Andy Dornan made, though overall this is, to me at least, an excellent piece of work. The fundamental point behind the title is the question concerning whether mixing Enterprise IT and the Internet is a recipe for disaster, with the key question being should MashUps, beautifully described as the ‘long tail’ of SOA, be built, and used, by ordinary employees beyond the visibility / control of enterprise IT. Well put it that way to any CFO, or CIO, and I think we can guarantee that the answer is going to be NO! But hang on a minute, what’s the enterprise attitude to spreadsheets? After all aren’t spreadsheets just a form of MashUps, only limited to numerate data? Yet CFOs unflinching run their business upon them, and the degree to which they are both checked for the validity of the data in the cells, integrated into the ERP systems, even backed up, is shall we say often slightly dubious. The answer is probably the degree of risk is understood by the CFO, where as with MashUps the risk is not understood. Even more fun is to probe to find that many CFOs were the ‘problem children’ who first caused problems to their enterprises by introducing the disruptive influence of PCs and Spreadsheets. Who today are the prime users driving the use MashUps? My experience suggests that it is front line staff working to understand complex information from multiple, and usually, external sources about the market. Not very often, if ever, are these MashUps currently intended to be connected to the precious transaction procedures that the CFO and CIO are naturally concerned to protect. I would therefore argue that MashUps based on external views are, and should be, disconnected from internal enterprise IT to make sure that the perceived risk doesn’t even exist. Seems that quite a few of those polled in the article were thinking this way with 15% saying they already had end users using MashUps, and a further 26% planning, or considering, allowing this. Add in the question of developing internal web based applications that make use of data from publicly accessible web sites, (not necessarily MashUps of course), and 26% say they already use such applications with another 41% developing, or planning, these developments. So seems that there is a strong consensus for the need to use external content internally, and the question is how, i.e. should it be part of IT controlled applications, or in user controlled MashUps. Unfortunately this nice simple segmentation is just about to be broken apart by IBM with its message of ‘second generation SOA’ meaning users able to build MashUps based on the extraction of content and / or process reporting from internal SOA systems. At first look this is equally safe as IBM is offering highly controlled access to approved internal content so again the risk is contained. However the danger point is what happens when someone figures out how to combine the internal use of MashUps with the external use of MashUps, or as feeds into the carefully developed internal Web Apps, now we have something to worry about! Not a problem that’s going to go away if we ignore it either. IBM is just the first mainstream vender to formally announce this capability. There are start-ups out there already able to offer this and expect to see all the mainstream vendors doing the same. Now is the time to make it clear to your users what is permissible and what is not, and using network based tools to see what, and who, is going on in your Enterprise.