But although IT may be commit to relegating mashups to the business user, the corporate culture might not be ready for it. Employees may not know how to even envision, build and use mashups, said Vinay Nair, research manager for enterprise applications, with research firm IDC Canada.
Warming up to the mashup will likely happen with the younger generation who has perhaps already built mashups for their personal use and now want to extend that technology to the job.
But besides often committing the mistake of assigning mashups to IT, organizations will often apply mashups to the wrong problem. The issue partly stems from semantics, said Crupi, because mashups are about combining - not integrating - data. Merely combining data suggests that it gets delivered to the user in a consumable form that requires minimal transformation and cleansing. "If it's in the form that it just requires minor tweaks... then it's a prime candidate for mashups," said Crupi.
Assigning mashups to the wrong problem is also a result of "unfortunate hype" around the technology, said Bowden. He advises against using mashups for applications requiring high security and that cater to a large volume of users like online e-banking.
In fact, the mashup is generally seen as "a good-enough application" that just meets the needs of a group of users to get the job done, said Bowden. Mashups are a tactical - not strategic - approach to problems that would never get addressed through the IT department's normal development process, he said.
Bowden has observed enterprise adopters of mashups to be cross-industry where the requirement is to obtain customized data in a time-critical fashion. The technology is also often seen in businesses that want employees to be informed about market intelligence, competition, price change, stock changes, and the economic environment for instance. "If you want to be engaged in more than once a month updates, this really helps you accomplish that," said Bowden.
But for a business to reap value from a mashup, the technology has to render something new to the user. "It's not about mashing up hundreds of data sets. The importance here is getting the right data," said Andreasen. An organization that uses the same data feed providers as its competitors can't expect to derive novel business decisions from stale information.
While some data sources may be more legitimate than others, Andreasen said that mashups really only work if IT grants the business user some degree of freedom to build mashup creations using the plethora of available sources on the Web. "Mashups are about being creative and finding new ways to solve problems more efficiently," he said.
But there needs to be a balance between enabling user creativity and security and governance. The danger lies in assuming enterprise mashups are like consumer mashups because, said Crupi, in the "enterprise, everything has to move behind the firewall and in the data centre, so security and governance are the ultimate design tenants that have to be in the infrastructure."
"One of the big missteps that we see is trying to implement mashups without any notion of security and governance in place," said Crupi. He added that part of the problem is that mashups are an SOA-style service, and there has yet to be a standard way to instill security and governance into an SOA infrastructure given the loosely-coupled design.
Nair said that although point solutions exist for dealing with the governance issue surrounding mashups, there is enough of a lack of complete products to make IT a little queasy.