This eWEEK: July 14, 2003

If you want something done right, do it yourself.

If you want something done right, do it yourself. Just ask Jerry McElhatton. MasterCards president of global technology and operations says the global payments companys information technology is too strategic to outsource. "Our products and services are so key to us that we have to control them," he told me in an interview.

The reason: The use of a credit card is a personal experience. "If you try [a card] and it doesnt work, youre going to stick it to the back of your wallet." That principle dictated MasterCards long journey, now complete, to rebuild its IT systems, the focus of this weeks special report.

McElhattons stand is in stark contrast to that of General Motors CIO Ralph Szygenda, eWEEKs cover subject on June 23. Szygenda, whose company must be the worlds largest user of outsourced IT services, insists he can outsource yet retain control. Which approach is correct? Theres no simple answer. Both. GM has been wringing costs out of its IT budget for several years; MasterCard has been gaining significant ground on rival Visa.

Contrasting approaches are also the rule on the takeover battlefield. The acquisition of the week, EMCs deal with Legato, is logical on several levels: As Senior Writer Evan Koblentz reports, Legato was for sale, and EMC needs to transform itself into a software company. Oracles hostile bid for PeopleSoft, meanwhile, is fraught with tension, as Senior Writers Renee Boucher Ferguson and Lisa Vaas report. Fear, uncertainty and doubt reign as PeopleSoft users wait to see if their applications have a future.

Vulnerability assessment is a product category that is not, well, vulnerable. eWEEK Labs Senior Analyst Cameron Sturdevant tested two leading products and one service in his review—and awarded his Analysts Choice honors to the service, Qualys QualysGuard Enterprise Intranet Scanner. Cameron offers sound advice: Vulnerability assessment tools must go hand in hand with a good inventory management tool. Further, vulnerability assessment is an inexact science. None of the wares tested was perfect in finding all vulnerabilities.

Finally, check out Technology Editor Peter Coffees Port Scans column on the well-intentioned but flawed California Security Breach Information Act.

Till next eWEEK, send your comments to