Web Services: Set for Prime time

By Maria Trombly | Securities Industry News | Jan. 6, 2003

Wall Street firms are already enjoying the benefits of Web services for internal integration, but a lack of security standards has hindered use outside corporate firewalls. That situation will start to change in 2003 as standards-setting bodies are expected to agree on methods to ensure that Web services are safe and secure. A standards-based way to connect disparate applications, Web services offer lower costs and quicker deployment than other integration mechanisms. These standards are so important to Wall Street that Merrill Lynch has joined the Web Services Interoperability Organization, an industry group promoting the new technology.

"We want to bring a customer perspective to the technology supply-side firms that are working on these standards," said Merrill Lynch CTO John McKinley.

McKinley said Merrill has been talking with customers and vendors about moving processes to the Web services standard. "Our strategic dialogue with all of our service providers is how they're going to evolve in concert with us," he said. McKinley expects the first implementations to appear in 2003.

"I don't think we're on the bleeding edge anymore when it comes to Web services," he said. "It is ready for prime time."

Security is a big near-term challenge in this process, and so is the lack of standards to ensure transaction integrity. "But the value is so compelling that to sit on the sidelines would represent a huge lost opportunity for an organization," McKinley added.

"Security is the next big standard that people are waiting for," confirmed Jonathan Warmund, VP of Schwab Institutional at Charles Schwab & Co., who is pushing ahead with Web services anyway, either with point-to-point security solutions or in situations where security isn't an issue.

For example, Schwab Institutional's Advisor WebCenter clients are portfolio managers with retail customers who also have financial accounts at other firms. Warmund uses Web services to pull that other account data from account aggregator Yodlee. This information is transmitted using SSL encryption, Warmund said, in a way jointly agreed on by Schwab and Yodlee.

In other cases, the data doesn't need to be encrypted. For example, Warmund plans to offer portfolio analysis tools from third-party vendors such as Standard & Poor's. In those cases, if the data is stripped of all identifying information, then there are no security concerns.

Another company that is moving with Web services ahead of security standards is Fidelity Investments. According to enterprise architect Bill Stangel, the firm's printing facility, benefits group and life insurance group are all using externally facing Web services.

"They do require security, and we have multiple methods on how to do that," he said, though he would not provide details. He added that the adoption of common security standards will help with the deployment of new Web services.

Stangel wouldn't comment on when enough firms will be using Web services to allow for efficient straight-through-processing, but John Knightly, senior director of financial services marketing at BEA Systems, said the first signs will be evident in 2003 and 2004.

"As these standards develop, they'll be able to support end-to-end business process that actually flow to a service provider like a correspondent clearing house, custodian service, concentrator for a virtual matching utility or simply an outsourcer," Knightly said.

Meanwhile, many more of Fidelity's current Web services applications are within the corporate firewall, where security isn't an issue. "Web services is an interoperability technology for us which allows us to integrate our Fidelity businesses," Stangel said. "It reduces complexity."

One prominent initiative that seeks to extend Web services beyond brokerage firewalls is the Financial Services Technology Consortium. Announced last month, the project will apply the developing technology to cash management transactions for corporate customers. Backers of the FSTC include NEC and subsidiary Niteo Partners, Bank of America, J.P. Morgan Chase, Stanford University, Sun Microsystems and Wachovia.

The necessity to deploy point-to-point security solutions means that Web services will first be used externally with "most -favored" customers and institutional clients, said Damon Kovelsky, an analyst at Meridien Research, now part of International Data Corp. (IDC). Meanwhile, internal use of Web services is expected to grow as the economy improves, he added.

In 2002, many companies rolled out prototype Web services and pilot projects. "We'll see really massive deployments of Web services applications in 2003," said Stefan Van Overtveldt, director of technology marketing for IBM WebSphere.

"Business people and marketing people are beginning to understand what this could be and are getting excited about it," Warmund said. "Typically, the experience was that IT waits for business to come to them and one has to have huge budgets for one-off integration projects. But XML, Soap, all these standards enable businesses to get closer to the IT side than ever before. When the dollars do come back over the next three to four years, more and more of them will go to Web services. It's not hype anymore."

One example of a common use of Web services and XML in general is to reuse and recycle research data. Schwab, for example, uses Wall Street On Demand to gather data from S&P, First Call, Reuters and other providers. Today, the data comes in as regular HTML-based Web pages, and then style sheets are applied to make it look the way Schwab wants it to. There's no way to pull the data apart and reuse bits and pieces of it.

"We're not pulling it in XML," Warmund said. "That's our next step. We expect to do that in 2003. We will take that data and use Soap and XML and add more value."

Another example is Oppenheimer Funds, which used BEA's platform to create a research portal that integrates market datafeeds, sell-side research and internal communications with applications that the fund managers need.

Knightly said BEA did a survey of 50 securities firms and found that 40 percent were already using Web services for straight-through-processing implementations. Of those, the vast majority-79 percent-involved internal or private networks, he added.

Merrill Lynch has been a leader in using Web services for back-office integration, recently sending 200 managers to a "Web services boot camp," according to McKinley. There have already been huge payoffs: one project, originally expected to cost $800,000, came in at only $30,000 with the use of Web services.

Creating a Web service isn't a panacea, of course. "Complexity issues increase every time you insert networking between components of an application," said Dan Kusnetzky, an IDC analyst.

Since Web services allow an application to be broken into tinier pieces than previously possible or practical, the resulting flexibility comes with a price: IT managers now have to keep track of all of these pieces, instead of the one big monolithic application they once had. In addition, integrating applications in different vertical silos requires some thought, whether it's done with Web services or an older, proprietary approach. "As you integrate, you get headaches. It's easier integration, but still integration," said Kovelsky.

Meanwhile, after the security standards are straightened out, higher-level management issues will come to the forefront. "Right now, there's no way to keep track of how often a Web service is used, or the billing, or signup," said Van Overtveldt.

IBM is backing the Allegro standard for Web services management, with about a dozen beta customers already using the capabilities. The first products are expected out in the first quarter of 2003.

Similarly, firms can't use standards-based methods to bring together complex business processes, or create Web services that support multistep transactions. Instead, they have to use proprietary solutions, offered by each of the major vendors, to solve this problem. This class of standards is at such an early stage of development that there aren't even any working groups working on putting together drafts, said John Kiger, BEA's director of product marketing.