Many IT executives are on the fence about Web services. Find out what one expert has to say about making the decision to implement and the associated risk factors that you must factor in to any ROI projection for Web services projects.

If any company is trying to sell you a fixed formula for return on investment of Web services, throw it out of the window,” said Gunjan Samtani, the divisional vice president for IT at UBS PaineWebber, a financial services firm. That’s because there’s no fixed formula. You must create a unique ROI formula because no one else knows the parameters of your project or understands the business of your company.

Within your ROI formula, you must look beyond what the technology could provide. Samtani explained that you can’t depend on technology alone to produce the benefits calculated in any ROI matrix for Web services. And as with any ROI analysis, the benefits must be weighed against risk factors that will impact the bottom line.

Samtani has identified five risk factors associated with using Web services: quickly evolving technology, immature standards, insufficient support, quality of external Web services, and security.

To risk or not to risk
CIOs and top execs must choose between tried and true technologies with known risks or possibly reap high returns and a competitive edge with new technology.

“If every investment could be precisely quantified in terms of its return, the business wouldn't be taking enough risk, and competitors would gain the upper hand in innovation and value creation for their business partners, customers, and employees,” Samtani said.

Samtani’s theory is supported in the key findings of a study by the Gartner research firm. The report indicates that early adoption will offer organisations “the ability to leverage data integration investments and develop sophisticated customer interfaces, a crucial source of differentiation in highly competitive industries.”

The study also indicates that Web services are emerging as pilot programs in industries where the “structure is increasingly based on a distributed computing environment, requiring intra- and interenterprise-level connectivity.”

Samtani said that companies could limit the risks associated with Web services by implementing regimented project management practices and by testing extensively at regular intervals. He also advocates outlining all anticipated risks as part of step one.

The steps in the road map are illustrated in Figure A. After the pilot project in step five, the risks should be reevaluated during step six, the planning of a firm-wide strategy and phased rollout, he said. Finally, ROI should be measured throughout the phased rollout.

The risk factors
Samtani has identified five risks associated with Web services technology, which should be considered in any ROI model:

• Quickly evolving technology
• Immature standards
• Insufficient support
• Quality of external Web services
• Security

1. Quickly evolving technology
The technology, tools, and servers supporting Web services are still new and evolving. In their current state, Web services can only be used for nontransactional call-and-response scenarios, which severely limits the business value companies can immediately gain, Samtani said.

2. Immature standards
Web services standards such as such as UDDI, WSDL, and WSFL aren't matured or finalised. Further, the tools and servers you use to support your Web services may be upgraded to support the new standards. There is no guarantee that if you implement a Web service today you won't have to modify it when the standards change.

3. Insufficient support
While virtually every big player in the server software industry is providing initial support for Web services, this trend may not continue. Further, the support may not be sufficient to build, deploy, and execute mission-critical Web services, Samtani warned.

-It is worth mentioning that the quality of service offered by application servers and integration brokers platform will rely and depend as much on Web services standards and protocols as it will on the maturity, scalability, and integrity of the application server itself," he said.

4. Quality of external Web services
The goal of Web services for many businesses will be business-to-business integration (B2Bi), in which systems and data are exposed to trading partners and/or customers. It's critical to identify the availability, performance, and security of those external Web services as potential risks, Samtani said.

For example, in Samtani's financial services vertical, he foresees using Web services to -create new products on the fly, dynamically, on a real-time basis in a collaborative fashion with our trading partners." In that scenario, it will be important to protect the data that's used to create or present these products. Likewise, it will be important that the products will appear as requested or promised to maintain good customer service.

5. Security
Regardless of a company's size or industry, security is a primary factor for determining the adoption of Web services. It poses the greatest risk for this technology because secured interoperability holds the key to Web services' success in the long run, said Samtani.

-The key security requirements for the usage of Web services are authentication, authorisation, data protection, and nonrepudiation," he said. -Be alert to potential security loopholes in Web services since they are vulnerable to a wide array of security threats like denial of service and spoofing."

Samtani advised that any implementation should not begin until the security risks are considered, including the security policy and existing solutions within the company.

Looking toward the future
Samtani believes the future holds a culmination of service-oriented architecture visions, where applications will be nothing but an orchestration of business processes. At that point, companies will be able to buy Web services directly off the shelf or get them from any Web services network, he added.

Samtani also noted that this future is -quite far off," and reaching it will depend on multiple criteria: the development of Web services standards; the development of tools, services, and servers that will enable the creation and execution of Web services; and the development of vertical XML standards.

-I think that we are at least five to six years from maturation, but we are moving in the right direction," he said.

TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to fire walls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.

©2001 TechRepublic, Inc.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.