Thursday, November 25, 2010

Programming in Cloud using Goolge App Engine

It is pretty much agreed in the industry that there are three major varieties of cloud computing: software-as-a-service (SaaS), platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS). So when I decided to get my hands dirty (with the PaaS) by developing and deploying an application on the cloud, my preferred options were Amazon, Google and SalesForce.

Serious thought led me to Google App Engine for the following reasons

We will give you a Virtual Machine of any configuration   with which you can do anything you wish - this approach proposed by Amazon sounds good; but  it can  turn out to be a lot  more tricky and complicated for the first timer like me, who wants to have a feel of cloud development  with out serious commitment. So I decided to check  out  Amazon's path latter.

Learn our proprietary language and realize high productivity as much of application development can be accomplished without programming - this approach proposed by Force.com, kindled my  interest; but still  had  a few lingering questions:  why should I learn one more way to do the same thing ?. Can I not reap the benefit based on what I know already?. Should I lock myself with this vendor? Plus having seen the benefit of all those open source re-usable libraries which has helped me to concentrate on the business logic for years, I was reluctant to select the option of Force.com.

With both Amazon and SaleForce out of my way, I decided  to check Google App Engine which provides me the following benefits: First I can program in Java and I don’t have to learn another language. Second, my web application will be portable  which can be hosted on any Java EE server, as they provide a subset of Java EE standards. Three, it's absolutely free : no charge and with no commitment.  The big catch is however if you decide to use  services  like authentication, scheduler etc (provided by Google) and later want to move away from Google infrastructure, additional efforts will be needed.

My intention was not to build a unique world class web application with load balancing and clustering in place, but to find out for one self how flexible and simple it will be to build and deploy  applications on the Google platform while utilizing needed standard services provided by Google.  So decided to build a  simple reminder web application.  Here a scheduler will  be run every day  which will  compare, what you have entered as the events and dates for various tasks with current system date and notify the user through email about the upcoming events which needs attention. Of course only user with proper permission should be able to see his  or her upcoming task as well as add/delete task list.

As I have already a Google Account (if you own @gmail.com email id, you too have one!!),  I registered my application at https://appengine.google.com/   by providing a unique application Identifier and received an acknowledgment as well as the ‘registered ID’ from Google through a SMS (You need a phone, which can receive SMS or else good luck!!, as it seems a mandatory requirement for now. This might change in the coming months).


As the first step download and installed the Java SE Development Kit (JDK) and Eclipse Galileo as well as the Google plugin using the Software Update feature of Eclipse. The installation location is http://dl.google.com/eclipse/plugin/3.5 . This provided me the 2 important features : New  wizards to create App Engine web app  project and a tools to deploy/upload the developed web app in the Google platform with a click of a button .

Once I had the necessary software on my local machine, developed the web application like what I do often during my normal application development including configuring web.xml in the war/WEB-INF/ directory.  The application made use of Google user authication service, email service and scheduler service along with App Engine datastore.

Only additional work that needs to addressed for the app engine was the configuration of war/WEB-INF/appengine-web.xml, with the ‘registered ID’ and version information of the application.

<?xml version="1.0" encoding="utf-8"?>
<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
    <application> registered ID </application>
    <version>1</version>
</appengine-web-app>

Once development is completed,  selected the RUN command from the menu to execute the application using the built in server  which simulates the App Engine environment and services, including the data store, and the login services. 

After completing the local testing, uploaded the application from Eclipse by clicking the App Engine deploy button on the toolbar, which prompts for my Gmail id and password before publishing the app in the Google platform - the very same infrastructure in which Googl’s Gmail also runs.

This article glossed over few of the details of making a basic application, so if you feel you need more technical development information, make sure you go through the complete official tutorial http://code.google.com/appengine/docs/whatisgoogleappengine.html and the video at http://www.youtube.com/watch?v=bfgO-LXGpTM 

Google has to prove itself worthy of business to the world. It has made baby steps into the corporate world with Google Apps and Google Docs. And I am pretty sure that in the months to come, Google App Engine will significantly change the way applications are delivered, managed and integrated. And with Microsoft also pushing hard on Azure, it is sure  that we will see good competition and see the rapid adoption of PaaS in corporate world which is currently dominated by SaaS and IaaS  The next two years will decide who will have the laurel.

Monday, November 1, 2010

Career Guide: .NET Developer

One of the most frequently asked questions about web application development using Microsoft .NET platform goes something like this,

"I am interested in becoming a .Net developer, but I don't know where to begin. There seems to be so many technologies in the field of web development that I feel lost. How do all these technologies relate to each other, which ones do I need to learn in order to be considered for becoming a serious professional, and which one should I learn first?"

However, there is no single answer to these types of questions and truly no unique set of technologies   can address all requirements of a web application built upon .NET platform.

This article’s focuses on those who are trying to make their first step into the IT industry and  beginners who wish to find the right guidance (set of technologies to master) while developing Microsoft based web applications.

The essential requirement is sound knowledge in the following areas.

1. Web and .NET(www.microsoft.com/net) fundamentals

  • Internet , HTML, CSS, JavaScript
  • Object-oriented programming (OOPS) , Microsoft .NET Framework, C#


2. ASP.NET (www.asp.net) is web development framework within the .NET regime that provides you all the foundation and services necessary to develop Enterprise Web applications. While many language options exist, C# is generally acknowledged to be the language of choice for ASP.NET development. So a solid understanding of ASP.NET framework, C# programming language, HTML and JavaScript, AJAX is a must for developer who wishes to develop a world class enterprise web application.

3. Relational databases are generally the preferred choice for storing application data. Relational Database Management Systems (RDBMS) help to organize, store, and retrieve the data in a very efficient manner. Since C# applications traditionally uses the ADO.NET components to access data and data services from data sources using Transact-SQL(T-SQL), clear understanding the basics of Relational Database Management Systems like Microsoft SQL Server and ADO.NET and T-SQL is essential.

4. Integrated Development Environment (IDE) like Microsoft Visual Studio provides comprehensive facilities for faster and efficient software development and is always preferred over others.  An IDE consists of source code editor, compiler, build automation tool and debugger together in a packaged form and provide a favorable environment for development.

Mastering the above technologies, equips one with the required minimum skill sets but it doesn’t mean you would be getting a job in IT Company simply.  Many people fail miserably in job interviews when it comes to presenting their strengths in right form. So, work on your soft skills especially communication skill which will give you, an ability to express your ideas clearly and effectively.

Once these  basic requirements are met one could add the following technologies to move up the ladder.

5. Even though an applications could make use of the ADO.NET and T-SQL to persist data into relational databases, Object Relationship Mapping tools such as LINQ  or ADO.NET Entity Framework, that provide a layer of abstraction between the application and the database is preferred by most development teams nowadays.

6. Understanding the basics of Web Servers like  Internet Information Services (IIS) will be helpful as such applications provide the run time environment for the deployment in production environment.

7. Version control is a critical aspect of any software project, and its importance is generally understood. Version control systems serve several key purposes. First of all, they allow you to sequentially store successive versions of your source code. In addition to providing a secure backup copy of the source code, this process ensures  that you can step back to a stable version when things go drastically out of control. Version control systems also help team members to work simultaneously on a project's source code without stepping on each other's toes. So understanding a Version Control System such as Visual SourceSafe (VSS) or Subversion (subversion.tigris.org) and its vital functions  is helpful.

8. Substantial amount of developer’s time is spent on automating tasks which will ease the development. Even though IDEs automate much of the work, many developers look to an external tool to assist critical activity; like the build process. Build tools automate many tasks which a software developer encounters while developing, compiling, testing, or deploying applications. So a good understanding of build processes and build tools like NAnt (nant.sourceforge.net) which eliminates the hassle out of the build process and the maintenance is desirable.

9. Frequent testing during development is one of the practices growing in popularity in IT industry now. It provides a powerful approach for combating the inevitable continuous changes of inputs in software projects. But this simple mantra “unit testing” is much easily said than done. In the past major obstacle for implementing “unit testing” was the lack of suitable testing framework. Now with  the availability of many “unit testing” frameworks like NUnit (www.nunit.org) and VS Test (comes with Visual Studio  Professional editions), providing the basic plumbing for developers to quickly generate whole test suites that validate their programs with the click of a button, implementing “unit testing” has become  simple.

10. One of the most significant problems in software development is ‘assumptions’. Assumptions  pass  required parameter values, or a particular configuration parameters  This process can lead to a situation where a developer will spend precious development hours  tracing items which don't exist. Assumptions in software development often results in considerable wastage of time and add to risks. Continuous Integration (CI) can help to reduce assumptions associated problems on a project by resorting to rebuilding software  frequently.(whenever a change occurs as logged by version-control system) The benefit  arising out of CI has been proven beyond doubts and  thus it has become the De Facto software development practice for all projects. Spending some time on the non-glamorous fundamental activities and use of CI tools like Cruise Control.Net (confluence.public.thoughtworks.org/display/CCNET) will provide ample time for important and visionary activities.

11.  A code review is a useful exercise that helps to ensure code quality. But checking thousands of lines of someone else's code for items like hardcoded locale specific strings, Finalizers are protected, and naming conventions can be a real pain. To make matters worse, code reviews are typically constrained by tight project schedules. There is never enough time for detailed evaluation of code. Despite the best intent of the reviewer, optimization and logic checking take a back seat. Code reviews often become just an exercise in code beautification. Tools like FxCop which examines managed code assemblies for conformance to Microsoft's .NET Framework design and custom guidelines, conformance to recommended coding standards and practices are the real boon to code reviewers. Able team lead leverages these tools to measure and monitor the entire codebase, thereby controlling and ensuring system quality throughout the development life cycle.

Nevertheless these are not the only frameworks, tools and libraries used by all IT companies to develop .NET based web application. But this step by step approach provides a good starting point for the new entrants.

Saturday, October 9, 2010

Career Guide For Java Developer

One of the most frequently asked questions about web application development using Java goes something along the lines of,

Beginners Guide
"I am interested in becoming a Java developer, but I don't know where to begin. There seems to be so many technologies in the field of web development that I feel lost. How do all these technologies relate to each other, which ones do I need to learn in order to be considered a serious professional, and which one should I learn first?"

However, there is no single answer to these types of questions and truly no unique set of technology which can address all requirements of an web application using Java.

This article’s focus is on those who are trying to make their first step into the IT industry and for beginners who wish to find the right guidelines (set of technologies to master) while developing Java based web applications.


The basic requirement is sound knowledge in the following areas.

1. Web and Java (www.java.com) fundamentals
  • Internet working principles, HTML, CSS, JavaScript
  • JDK, Servlet, JSP

2. Even though one could develop a web application using JSPs and Servlets, mastering a web application framework like Spring (www.springsource.org) or Struts (struts.apache.org) is recommended. Framework aims to minimize the overhead associated with common activities performed in web development like security, database access, session management and often promote code reuse

3. Relational databases are generally the preferred choice for storing application data. Relational Database Management Systems (RDBMS) help to organize, store, and retrieve the data in a very efficient manner. Since Java applications traditionally uses the JDBC (Java Database Connectivity) API to persist data into relational databases, clear understanding the basics of Relational Database Management Systems like Oracle (www.oracle.com) or MYSQL (www.mysql.com) and JDBC is essential.

4. Integrated Development Environment (IDE) like Eclipse (www.eclipse.org) provides comprehensive facilities for faster and efficient software development and is always preferred over others.  An IDE consists of source code editor, compiler, build automation tool and debugger together in a packaged form and provide a favorable environment  for development.

Mastering the above technologies, equips you with the required minimum skill sets but it doesn’t mean you would be getting a job in IT Company simply.  Many people fail miserably in job interviews when it comes to presenting their strengths in right manner. So, work on your soft skills especially communication skill which will give you, an ability to express your ideas clearly and effectively.

Once the basic requirements are met one could add the following technologies to move up the ladder.

5. Even though Java applications could uses the JDBC (Java Database Connectivity) API to persist data into relational databases, persistence frameworks that provide a layer of abstraction between the Java application and the database is preferred by most development teams. Since persistence framework simplifies the development process by providing a wrapper around the persistence logic, mastering any one persistence framework like Hibernate (www.hibernate.org) becomes desirable for java developers.

6. Understand the basics of Java Application Server like JBoss (jboss.org) and servlet containers like Apache Tomcat (tomcat.apache.org) as they provide the run time environment and middleware services for the deployed application in production environment.

7. Version control is a critical aspect of any software project, and its importance should not be underestimated. Version control systems serve several key purposes. First of all, they allow you to safely store successive versions of your source code. In addition to providing a secure backup copy of the source code, this ensures you can step back to a stable version when things go drastically out of control. Version control systems also help team members to work simultaneously on code without stepping on each other's toes. So understanding a Version Control System such as Subversion (subversion.tigris.org) and its vital functions during software development is helpful.

8. Substantial amount of developer’s time is spent on automating tasks which will ease the development. Even though IDEs automate much of the work, many developers look to an external tool to assist critical activity; the build process. Build tools automate many tasks which a software developer  encounters while developing, compiling, testing, or deploying applications. So a good understanding of build process and build tool like Maven (maven.apache.org) or Apache Ant (ant.apache.org), which takes much of the hassle out of the build process and the maintenance of complicated build scripts is desirable.

9. Frequent testing during development is one of the practices growing in popularity in IT industry now. It provides a powerful approach for combating the inevitable continuous change of  inputs in software projects. But this simple mantra “unit testing” is much easily said than done. In the past major obstacle for implementing “unit testing” was the lack of an excellent  testing framework. Now with  the availability of many “unit testing” frameworks like JUnit (www.junit.org) and many flavors of XUnit , providing the basic plumbing for developers to quickly generate whole test suites that validate their programs with the click of a button, implementing “unit testing” in Java has become  simple.

Want to climb further, work on the following areas

Continuous Integration
10. One of the most significant problems in software development is ‘assumptions’. Assumptions like, a method will pass the required parameter value, or a particular configuration value can lead  to a situation where a developer has to spend precious development hours needlessly tracing  items which don't exist. Assumptions in software development often results in considerable wastage of time and add to risks. Continuous Integration (CI) can help to reduce assumptions associated problems on a project by resorting to rebuilding software  frequently.(whenever a change occurs as logged by version-control system) The benefit  arising out of CI has been proven beyond doubts and  thus it has become the De Facto software development practice for all projects. Spending some time on the non-glamorous fundamental activities and use of CI tools like Continuum (continuum.apache.org) will provide ample time for important and visionary activities.


11. A code review is a useful exercise that helps to ensure code quality but checking thousands of lines of someone else's code for items like un-reachable code, code indenting, Java doc comments, and naming conventions can be a real pain. To make matters worse, code reviews are typically constrained by tight project schedules. There is never enough time for detailed evaluation of code. Despite the best intent of the reviewer, optimization and logic checking take a back seat. Code reviews often become just an exercise in code beautification. Tools like FindBugs (findbugs.sourceforge.net) which examines class and JAR files, PMD (pmd.sourceforge.net) which scans Java source code for potential problems and Checkstyle (checkstyle.sourceforge.netare the real boon to code reviewers. Able team lead leverages these tools to measure and monitor the entire codebase, thereby controlling and ensuring system quality throughout the development lifecycle.



12. Give a try to Automated Funtional Testing tools like Canoo WebTest (webtest.canoo.com) and Selenium (seleniumhq.org)

Never the less these are not the only frameworks, tools and libraries used by all IT companies to develop Java based web application. Neither the only ones in the identified category. But this step by step approach provides a good starting point for the new entrants.

Monday, October 4, 2010

Unstoppable forces: Cloud and Mobile computing

The increased use of Web for day to day tasks is making accessing web-based services an essential part of everyone’s life. The demand for accessing the services through mobile devices is also rapidly increasing. This is due to factors like ubiquitous Internet access, advancement in wireless technology and widespread availability of low cost mobile devices.

This is show cased when Apple's iPhone sparked an explosion in consumer awareness of mobile application’s usage. New applications are proliferating and "application stores" are springing up. But these applications need mobile devices with robust computing power, limiting their potential use.  In a few years time we can expect a major shift from traditional mobile application technology to mobile cloud computing.

Mobile Apps powered by Cloud
Cloud computing will bring unprecedented sophistication to mobile applications. Cloud network services are quickly becoming a tremendous force in the mobile ecosystem, offering almost unlimited storage and processing power. The number of mobile apps based on Cloud is growing at exponential rates, and industry analysts predict enormous growth for this sector. 

The cloud brought with it a couple of interesting dimensions. First, it required everyone to get used to internet. Anyone who wanted to make use of cloud has to accept computer networks. One of the downsides of cloud computing is that it's dependent on connectivity.    No connectivity, no cloud. 

Fortunately, these days, connectivity issues are few and far between.  However, one have to consider the risks involved in leveraging networked computing model, inclusive of cloud computing.    When, you manage the risks systematically,   there is nothing to worry about.

Future outlook
Joshua Jewett, CIO Family Dollar Stores chain predicts "Either you consciously build cloud and mobile systems or you're reacting to forces of the world which will surely push you down that path,”

Sunday, September 19, 2010

Cloud Computing: Road to Business with Agility and Flexibility

There is lot of debate about cloud computing in recent times and its impact on IT landscape.  By the way “cloud computing “what it is? Is it one more service like many others being offered? No; it is lot more than that.  It advocates an approach that can help organizations to improve their standing in competitive business, quickly and effectively utilizing   least capital resources at the same time with added flexibility unlike other competing technologies, cloud is as much about business, as it is about technology.


This series of articles on “cloud computing” provide an opportunity to learn important aspects of cloud computing in a systematic step by step manner.
 Part 1:  Cloud Computing Demystified, we will be looking at the cloud definition and different types of delivery and deployment models, Case studies of IaaS and PaaS providers / Organizations working on cloud standards and survey results are included.
Part 2, Mobile Cloud Computing we will have a look at how our life will change when Cloud Computing converges with Mobile Computing, yet another emerging technology paradigm.
 Subsequent parts will address the other important areas like Cloud Security and Governance.  Security and Governance aspects play key role in deciding process of organizations whether or not an organization should venture into cloud computing.


While several open questions remain unanswered in current situation like cloud standards, security and the service availability,  business benefits like increased agility and reduced costs are too compelling   And with many new service providers coming up with  solutions  to the already identified issues including one based on  Virtualization (a key enabling technology in response to customers concerns ), it is only a matter of time before every organization in the face of earth  will have a foot print in cloud computing arena.

Monday, September 13, 2010

Organize your Social Networking World

In recent times, whether you read a newspaper or technical magazine or surf the web you would have often run into the buzz word Social Networking. In spite of all these hipes, a simplified procedure to be part of online social networking community for a newcomer is rare thing to find. No worries, we will help you to enter the new world of ”social networking" all by yourself with ease. You don’t need to be a wizard or a geek to enter social networking world. But you should have the drive, perseverance and passion to learn new developments and be part of winning team.

Social Networking Options


First and foremost you need to be clear about objective / purpose. Do you wish to build a network of business professionals or is it for self-promotion. Each individual will have their own objective. Objectives range from finding new friendships or organizing a group to fight for a social cause or to providing free information for tourists or promoting new business ventures. Whatever it is, objectives need to be defined clearly. Once you are have an objectives, explore and select a social networking site which matches your interest. There are site built for general purpose or trailed ones for special objectives. Choose the one which matches your objectives. Do your research well. Here are few pointers.

ObjectivesPopular Sites
Encourages to connect share with friends and family and as well as discover new people through friends of friends
Facebook, Orkut and MySpace
Targets professionals for business networking
Linkedin, XING
Specializes in Microblogging service
Twitter
Helps in sharing your thoughts with the world
Google Blogger, Wordpress
Social Bookmarking
Delicious, StumbleUpon
Helps to share your favorite photos and videos to the world
Flickr, Picasa Web Albums, YouTube

Next step to be part of online social networking community is signing up with the chosen group. Most of the site has simple sign-up procedure which is self explanatory. Generally site collects basic personal information about you. It allows you to build a profile yourself so that others will know about you. At this stage it also allows you to establish contacts with like minded persons or friends. See the sidebar for creating a twitter account.

Twitter Sign-up Process
1. Visit Twitter to Sign up

Visit twitter at http://twitter.com/ and click on the Sign up link.
2. Provide Basic Information

Provide basic information like your name, user id, password and email id and click Create Account.
3. Verify by Key-in CAPTCHA code

As part of verification check, Twitter uses the CAPTCHA to verify if you are indeed human.
4. Configure Account

Once the account is created, complete the process by configuring few essential things
- Identify the topic you are interested in
- Find and add you friends, who are also using Gmail, Yahoo and Linkedin to this account
- Search and find friends or organization you are interested in. 
5. Start Tweeting

Instantly post entries of 140 characters or less, known as tweets to share what you’re doing with the world


Now comes the crucial part, which is a lifelong actively (or of course till you cancel your membership). Build and maintain your social network by being active by frequent blog posting, tweeting often, sharing interesting events with your friends, connecting with your friends friend, following people and sharing the photos, news or the links with others.


Finally a word of caution
  • Do not try every social networking site. Be selective.
  • Do not get addicted to the virtual world and stop, face to face.

Hope you are now equipped with enough information to jump start your social networking life. Start.

Saturday, September 4, 2010

Time Management for IT Professionals



 IT companies are hard-pressed to complete the current projects in the shortest possible time with lowest budget at the same time ensuring quality product for the customer. Day by day the competition is becoming harder and harder. This naturally leads to a situation where the professional has to concentrate on the current project activities with all his resources and abilities to keep up with the project schedule.
Lack of Time and
Emerging Trends 



Changes are the order of the day in current life. Information technology industry is no exception. In fact the changes taking place in IT are more frequent than other fields. Web 2.0, mobile computing, cloud computing and social networking are examples of few segments where lot of changes are taking place in rapid manner. 

New projects generally incorporate emerging technologies in order to cut cost/development efforts. Unless the IT companies also follow the same path and keep itself up to date with emerging trends, profitability of the company is sure to suffer. How does then the company retain its premier place in industry? It has to rejuvenate by pumping fresh blood in the form of new entrants or train its old work force on areas where the changes are frequent.


How the old worker guards themselves against the competition from the fresh and determined new comer without the aid of training programmes which he/she missed due to very tight project commitments?. Answer lies in equipping oneself with information on new trends/ways of doing things appearing on the horizon by proper planning and management of time.


Time management is a process where one categories the activity which are to be done according to the importance and executes them. Hence it is absolutely essential to find time for keeping oneself up to date either during office hours or otherwise. By regular information gathering exercise on a permanent basis one could solve the problem of getting oneself obsolete.


The situation where the IT professional finds himself in, after a few years of working in an organization is not new. There are lots of things to be learned from grand mother’s narrations. Grand mother’s story is reproduced below for the benefit of those of you who haven’t heard so far.

Once upon a time there was a wood cutter who was very busy cutting a tree with an axe. He seemed to be very tired and exhausted. The tree was big, but he was a great wood cutter and not wasting a minute of his time was focused on the job of cutting the tree. His wife noticed it and said "Hi sweetie, I see that you are working hard, why don't you take a break for a while and sharpen your axe a little bit" To which the wood cutter said "I don't have time." and continued to work harder at cutting the tree.


Modern workers are definitely more intelligent and sure to keep up with the emerging trends and sharpen his skills even on the busiest day to keep him in the forefront always.

Monday, August 16, 2010

Social Networking and Security Compliance

Social-networking application like Facebook, MySpace, Twitter, Flickr, Wikipedia and LinkedIn has turned the very old sociological phrase into the hot buzzword of the recent times. Long crossed are the silly questions like, what is social networking? How popular are social-networking application? Does social networking site bring value to an organization and individuals? There are plenty of studies and reports which talks about the popularity and usefulness of such applications. It was even reported that the top 20 most visited Web sites in the world are social-networking sites.

It has been a while; the world has accepted that the social networking as an extremely important tool both for personal and professional-relationship building. These applications are capable of delivering significant business value in the form of increased employee productivity, faster time to market, reduced customer support cost etc. But the downside is that the same applications can also introduce substantial risks to any organization, including data leakage, identify theft, malware and other threats.

With studies finding more and more number of people using sites like Facebook and others at work increasing, the companies have also long started worrying about the loss of employee productivity, loss of business data, loss of personal identities, which in turn can allow intruder to exploit corporate network or inject malware. Finding the right security solutions became a paramount importance to corporate IT departments. And with more and more of IT work force using laptops and using internet outside the company network it becomes even more challenging. To spice even further, lot of organization are ISO 27001 and BS7799 certified, which mandates the organization not only to put security policies in place but also demonstrate their effectiveness. It all boils to the fundamental question, how secure and controlled are the organizations which allows their people to cope with the technology advancement.

With many corporate IT departments going and/or exploring the quick-fix route “Use Firewall/Web filtering service to block social networking site”, I think it is the high time for the organization to take the right step which is Enablement and Governance than choosing to close the eyes and wishing these issues will go away in the near feature.

Enablement is all about educating the end users as well as the IT departments about the benefits of the right social networking application (No application add value to everyone in the same proposition) & its usage. Enablement is also about the increasing the awareness about the risk associated with these applications.

Governance is not only about defining smart social networking policies for one time, but continuously following what various established model like CMMI preaches - define-implement-monitor-improve. The policies centered around managing risk rather than avoiding risk.

With the executive managment buy-in and with awareness and governance in place, IT department can effectively play the role of moderator/enabler between tech savvy user and security concerned senior management by continuously monitoring and customizing the policies while providing their user optimum web access and their business the ablity to reap technology benefit in a secure way.

Question to the think about:
What level do you think, your organization is committed to social networking? When it comes to security compliance, which side do they fall: one which bans everything or one which has policies tailored towards social networking or one which bet on their people and their common sense? If you are on the liberal side, what measures does your organization take to make you environment secure.