HP's New ALM 11 to Boost Services, Security

With the release of its new Application Lifecycle Management (ALM) 11 technology, HP is further enabling its services team to pursue new service and pricing models, and also making its security team take notice.

BARCELONA, Spain - As HP places its stake deeper into the software business with its new Application Lifecycle management (ALM) 11 offering, the company also is making a stronger play with its services component, branching into the cloud and beefing up its security solutions.

HP announced its new ALM 11 software suite at the HP Universe 2010 conference here on November 30.

In an interview with eWEEK, Robin Purohit, vice president and general manager of HP's Business Technology Optimization (BTO) offerings for HP Software, said, "HP is taking a very business solutions focus for the enterprise business, by re-engineering applications to the enterprise world." Purohit said HP is doing this by delivering "modern consumer-like experiences" and using modern application software technologies, such as Web 2.0 technologies and protocols like HTML5.

In addition, Purohit said HP's Enterprise Services group, which is essentially, the name HP gave the EDS services business after acquiring it for $13.9 billion in 2008, will be using the ALM 11 technology and best practices in its services engagements.

"One of the most exciting things about timing is that when we acquired EDS we got a really great asset," Purohit said. "So the consulting group is completely standardized on this method [ALM 11] and that's a huge leverage point for us."

Also in an interview with eWEEK, Anand Eswaran, vice president of Global Professional Services for HP Software & Solutions, said, "We have a pretty large services business and given how big ALM and applications are in general, I look at us doing a great deal in this space. ALM 11 advances our capability to test automation dramatically. We can have testing as a service, with a very specific business outcome to a customer."

Moreover, Software-As-A-Services (SAAS) has long been a core part of the HP services strategy, Eswaran said. "So with ALM 11 that will also be an option. We can do it on-premise, or manage it as a service, or host it ourselves and run it all. So the way we deliver is based on the needs of the client."

With testing as a service, there are basically two elements, Eswaran said. One is cloud-based, and the other is on-premises. The capabilities enabled by ALM 11 and the move to the cloud better enable HP to do true "solution selling," he said. Because first HP is selling products and then services to its customers who need IT help and want to limit infrastructure costs.

"This moves us closer to our end goal, which is to do outcome-based pricing, where we can say to a customer: -If we can save you $5 million you pay us a certain percentage of that," he said.

Eswaran said this outcome-based pricing is now possible with ALM 11 because it gives end-to-end insight into applications. "One reason we could possibly do outcome-based pricing is this is the first time we have had an end-to-end view of the application lifecycle. And another reason is we have a full view of the workflow with the test automation capability."

Purohit also said he believes HP's ALM 11 solution will enable HP's services teams to deliver value to customers much faster. "The time to value [from new or modernized applications] will be accelerated by 15-20 percent off the bat, but our goal is to reach 40 percent," he said.

"ALM 11 is a key product for us that allows us to do a few things," Eswaran said. "It is an end-to-end solution that drives automation and better workflow. It allows us to deal with clients from a flexible, hybrid standpoint. We can go to outcome-based pricing, and we can promise and commit to a business outcome."

Meanwhile, HP is beefing up its security solutions by combining technology it acquired in buying Fortify Software with technology from its SPI Dynamics acquisition.

Raffi Margaliot, senior director of products for Applications Management at HP said HP got into security from a "black box" perspective and with the Fortify acquisition the company has gotten into protecting the internals of applications. "And now we're combining the SPI Dynamics and Fortify product lines into Hybrid 2.0."

Subbu Iyer, senior director of products in the Applications Automation Solutions group at HP, said, "We always believed that as more business processes got implemented and given a web front end - as you expose more apps to a web front end - they become more vulnerable. It was very clear to us that just looking at it from an outside-in perspective was not enough. That's what got us interested in Fortify."

Thus the Hybrid 2.0 technology will combine both static and dynamic testing. And although vendors have traditionally done a good job of protecting the network and storage layers of systems, applications have gone unguarded. "We always believed apps are the most exposed part from a security perspective," Iyer said. "This is the next real big area that customers are looking to address. The real big opportunity is to build security into the applications. Look at cars, at first safety wasn't built into cars; it was an afterthought. Now it is central to car production. Long term, we think security will be a big deal and will be built into applications."

Hybrid 2.0 enables teams across the application lifecycle to improve visibility into security risks, increase test accuracy and produce more secure web applications through new advances in correlating static and dynamic testing results, HP said. Using advanced correlation techniques, Hybrid 2.0 connects penetration test results directly to source code analysis results revealing hidden vulnerability relationships and exposing their root cause within the application source code, HP officials said. This allows security professionals and development teams to more accurately identify and prioritize vulnerabilities, and more productively investigate and remediate security defects in the source code.