In the last issue I described the virtual, global company that outsources much of its work, focuses on core capability, and depends on others for many of the vital parts of its business. As key parts of the business are moved outside — whether subassemblies in the manufacturing world, software development in the service business, or janitorial services for the retail store — significant business benefits may be acheived. I outlined the role of information technology as a key enabler in the previous article.
Even with a good business case, however, there are numerous challenges. I will touch briefly on examples from three areas: technology (with focus on security), new business issues, and people issues.
The technology goal is to create the transparent, secure movement of information around the virtual company. This is an active area today, with new companies and products in new niche areas emerging. Technology issues include directories, middleware, information warehouses, and telecommunications, but I will focus on technology security issues.
The obvious goals include protecting information from being stolen, protecting it from being destroyed, and protecting it from competitors when a supplier is working both for your company and your competitor. If protecting information were the only objective, it could be locked up in a vault.
For business to business security, most companies use “firewalls” that protect those on the inside from being invaded by those from the outside, except through carefully controlled access points, much like the physical security for most companies. Ultimately, firewalls are the wrong answer because they have the wrong underlying assumptions. They are designed with the assumption that those inside are the “good guys” and those outside are the “bad guys,” and this is not valid for the virtual company.
There is data within the company that should be protected from others in the company; salary information, some customer sensitive information, and some business planning information are examples. Likewise with the virtual company, there is a great deal of data that needs to be shared outside the company with the partners.
Encryption of data with access control is a partial answer to keeping data from being stolen. Public Key Encryption (PKI) promises to make this access to information both secure and simple, but multi-vendor solutions are still being agreed to in the standards bodies.
Another issue in security is authentication. This is the way the computer recognizes that I am who I say I am. Passwords are widely used today. Maintaining multiple passwords for multiple applications and changing them often enough to satisfy systems administrators creates a security risk in itself. People simply can’t remember them all and often write them down. The answer for authentication seems to be biometric registration; the user is known through voice recognition (not very reliable), fingerprint registration, iris scanning, or even DNA. Fingerprint and iris scanning are beginning to work well for small applications, and are available from several vendors. The support costs in scaling to large numbers of users is still a concern.
Two security issues which have made the headlines recently in electronic business are viruses (leading to destruction of data) and “denial of service” to legitimate users (created by a malicious deluge of messages aimed at tying up the resources). Aggressive filtering of messages coming into the system is often successful at blocking such incoming messages. But, this adds an overhead to the service, and it is difficult to keep up with the hackers and with the number of trials allowed by ever faster computers.
Rapid progress on these technology issues adds to the challenge for business. The best solutions today will not necessarily be best tomorrow.
In addition to the challenging technical issues, there are some interesting business issues for the virtual company. I will comment on several of these. The first simply asks what are my valuable assets? More companies are realizing that the data itself has great value. Product companies that formerly gave away their data are now realizing that their information may be as valuable as their traditional products.
Perhaps the most obvious is determining what is done “in house” and what is outsourced. In the 1990s companies focused attention on their “core competencies,” determining what is essential to the business that must be done internally. Then they looked at what could be outsourced, the “make/buy” strategy.
Why outsource? Often a large company cannot compete effectively with a small one in making simple things. The investment in tooling, the capital costs, or the management attention are viewed as distractions from the main focus of the core business. In addition, the specialty supplier can take advantage of their scale and focus to create a better, lower cost product or service. This has moved from simple, standard items such as screws or pencils, to more complex such as software development or product maintenance. The specialty supplier also has the advantage of targeting wage packages for the skills required for their specialty.
Assuring the right things are outsourced is a vital part of strategy. When both customers and suppliers are making money and the company is not, this is a sure sign the strategy is not working. Another more recently identified consideration in outsourcing is assuring the ownership of valuable information assets.
Having determined to outsource, the next question is how many suppliers? Reducing the number of suppliers can lead to better prices and closer collaboration. Some companies try to keep two viable suppliers so if one falters they can make more use of the second. Since these suppliers likely also supply the competitors, the issue of protecting data is underscored. The emerging trend of industry consortiums for supplier connections (automotive and aerospace are two recent examples) amplifies the issue of protection of competitive information.
This raises another question: how to negotiate business deals with the suppliers? With the rapid change in technology and business, the idea of three year contracts is becoming less viable. Technology itself enables shorter term contracts, where prices can change to adapt to the supply and demand. At the consumer level, a coke machine has been developed where price depends on conditions. When the weather is warm and there are only a few beverages in the machine, the price is high. When it’s cool and the machine is full, the price is low. Consumers are becoming used to “auction pricing” for buying airline tickets, for example. For commodity purchases, companies may go back to many suppliers where price is determined on the open market through auctions. There is a great article on free market supply connections in the March 20 Issue of Fortune, pp 132-145.
Some outsourcing is not as clearly specified as the purchase of pencils or screws. Major subassemblies, software development, or a major portion of a service business will be much tougher to completely specify, and there may be unintended consequences in the integration of the final solution. Here it is much more difficult and costly to have multiple suppliers, and the replacement of one for another at a later point is more difficult. Many companies today are choosing one supplier for this area, and working closely with them. The difficult challenge down the road is replacing that supplier if they fail or change their business focus.
When critical work is outsourced, the company gives up the skill to do the work in-house. For complex outsourcing, there is a need to retain the skill to buy the product or service in an intelligent way, and to assure the purchased product or service remains competitive. Attracting and retaining, or retraining, the right kind of people for the new work is one of the challenges for people in the new virtual company.
Then there is the fundamental question of loyalty. When employees have built careers around doing key tasks for a company and the tasks are outsourced, either the people are let go, or they are retrained to do something else. Often there is a strong feeling of betrayal, including those in the company fearing they may be next. An InfoWorld forum last fall asked where IT people place their loyalty in the fast changing world. Many answered that it was to their profession rather than to the company they worked for. Yet, key success in the application of information technology comes from combining IT knowledge with an understanding of the business itself. Capturing the full creative talents of knowledge workers requires a mutual loyalty between the company and the employee that is eroding in today’s world.
We are early in the transformation to virtual companies. The technology enables some of this transformation, though not as easily or seamlessly as the advertising would cause one to believe. The new business and people issues are not fully recognized nor understood in terms of their downstream implications. The issues discussed here are just some of the challenges ahead.
Al Erisman is executive editor of Ethix, which he co-founded in 1998.
He spent 32 years at The Boeing Company, the last 11 as director of technology.
He was selected as a senior technical fellow of The Boeing Company in 1990,
and received his Ph.D. in applied mathematics from Iowa State University.