It is the time for creative destruction. Many great companies were born in recessionary times. Microsoft and Oracle in the mid 80'ies, Berkshire Hathaway in the 70'ies and Rockefeller and Carnegie a century before that. Strong established companies will go back to the drawing board the coming months and redesign their business. They should take a good look at their organization model. It is probably outdated for a world of uncertainty.
Ashish Sahni wrote in a comment to my Open Source blog: “Organizations create boundaries. There is no room for folks to choose and show initiative. Most employees just wait for an assignment, innovation is only talked about, the element of fun is missing, risk avoidance is the mantra rather than encouraging bold initiative taking attitude, reusability never even reaches beyond the drawing board. Lastly the most important element of management practice is ignored at all levels ‘Put the right people in right place with empowerment’, which eventually results in an organization with very little collaboration.” Rob van der Kooij commented: “ …The issue is the lack of innovation of enterprise design and culture. Since the industrial revolution nothing whatsoever happened there!”
Both have a point. Most organizational models are still variants of the traditional factory model with strict division of labor, specialization ad absurdum, and rigidly defined hierarchies. Primitive carrots and sticks remain the most important behavioral instruments. Despite the omnipresent, employee-sensitive Human Relations “professionals”, your boss can still fire you and determine your annual bonus. Decision-making is concentrated at the top and slow to percolate down. Markets tend to move faster than the companies serving them.
This makes the Open Source model even more intriguing. How can it be that the opposite of the factory model is so successful? Open Source teams are ad hoc organizations, without strict hierarchies or sticks and no carrots beyond peer recognition. They also tend to move faster than traditional organizations.
A quick analysis of highly innovative companies shows that they have more in common with the Open Source than the Factory model. They realized that knowledge is more valuable than physical assets and that innovation comes from all nooks and crannies of the company. Innovation bellwethers like Google and Apple have fluid organizations with multi-disciplinary teams continually creating new products and services. Google tells its employees to spend 20% of their time on company projects that personally interest them and are outside their current assignment and competency. These organizations stimulate spontaneous brainstorming sessions, rapid prototyping and, similar to Open Source organizations, they have self-governing mechanisms.
Taking a step back, these companies actually reflect pre-industrial social groups: there is a strong sense of community, alignment of individual and group interests and the team (not the leader) provides the pressure for its members to perform. In the factory model control and governance are top down, in the open source model it is bottom up. With increasingly complex and dynamic markets, the top down model is showing major cracks. Just look at what has happened to some of the largest banks in the world. While all of these companies spent hundreds of millions on risk management they failed to manage their exposure and they let trillions evaporate. Bringing responsibility and self governance down into the organization is a good way to get started to fix these organizations.
Wikipedia is a good example of how self-governance works in an open environment. Of course the concept that anyone can contribute, invites all kinds of rubbish. My kids used to run contests to see how long it would take for Wikipedia to spot the nonsense they posted and rectify it. To govern the quality of their site, Wikipedia is using extensive Patrols to watch over a class of pages and take any appropriate actions. They also have a mechanism for dispute resolution, in case of conflicting opinions. “Most patrol actions are performed by individual Wikipedians, but some are performed by bots or other tools that monitor for potential integrity breaches. Patrols focus on various pages, notice boards and feeds. Many of the well-known patrols have hundreds of users, and are directly responsible as a first line against vandalism, or other potential problems” , according to Wikipedia. The mechanisms to control the quality of content have become truly sophisticated and continue to evolve. There is no reason some of these cannot be applied to the modern organization, specifically to financial institutions.
There is indeed wisdom in the crowds; it is how you bring it out and have it rise among the clutter. The collective knowledge of all folks at the front, dealing daily with customers, probably gives you the best insight in what customers need. If you combine this with the ability of your customers to provide direct feedback on your products and services, you probably get a good pulse on quality and competitiveness. This insight, in turn, will help you improve on your products and services with the highest impact, at the lowest cost. When we launched online banking for Citibank in the mid-90s, I suggested that we would allow customers to give direct feedback on the service through a bulletin board (fashionable at that time) and vote on the features they wanted to see in the product. Marketing was against this, as it would put out our dirty laundry for all to see. When we finally did this (on a much smaller scale than I suggested), it turned out that Marketing’s assumptions about what customers want, was completely different from what customers expressed as their priorities.
Self governance and “crowd sourcing” sound like great concepts, but Erik Bouwer wonders to what extent the communities are managed by time/money restrictions, pace setting and required quality levels. It requires the company culture, values and incentive system to drive collaborative behavior. Leaders in these type of organizations act more like coaches than micro managers. They will motivate the teams to set clear objectives and have the team agree on the collaboration rules. Some simple rules like “every team member will stick to his/ her commitments, because others are dependent on it”, will go a long way. The work has to be guided by an architecture framework to parcel out the work and later assemble the final result. Deadlines need to be set and agreed, quality control should be in place and progress monitored. With other words, having a community approach doesn’t negate the need for old-fashioned project or operations management practices. But it allows for a much higher level of engagement and input from all participants than in traditional organization forms. And yes.. the coach in a business environment will need to have the authority to move things along, when necessary. So while sense of community and peer pressure and recognition play the biggest roles, there is nothing like a good stick to be waved at the right time.
Sunday, December 21, 2008
Sunday, December 7, 2008
You Have the Right to Remain Silent
In 1995 a film was released called the Net, starring Sandra Bullock. Her character is the victim of a program that hackers have slipped into the best-selling routers. As these Internet devices are installed at most companies, including banks, air-traffic control centers, telephone companies and the Federal Government, it has the potential to create major havoc. In this, somewhat cheesy, but maybe prescient movie, her identity gets stolen and transferred to someone else, and thus she vanishes from existence.
In 2008 cyber criminals rob computer users of an estimated $100 billion (the total GDP of a country like Peru), according to an estimate by the Organization for Security and Cooperation (OSCE) in Europe. Identities are traded online and the going rate for full personal details is around $120. In Saturday’s NY Times it is reported that a Russian company that sells fake antivirus software that actually takes over a computer pays its distributors as much as $5 million a year. Two of my bank accounts, one in Holland and one in the US, were hit with illicit ATM withdrawals in Odessa, Ukraine and some other towns in Eastern Europe that I didn’t know they existed until they appeared on my monthly statements. The Internet doesn’t take sides nor cares much about location. Hackers may operate from jurisdictions that don’t have the means or appetite to go after cyber criminals. It is a relatively low risk endeavor and pays extraordinarily well, judging from the amounts pulled from my accounts.
So-called “malware” is getting increasingly sophisticated and can operate on a large scale. It hides itself from anti-virus software installed on your PC and propagates through programs that spread out over the Net. Widely used programs like Facebook, have gaping holes when it comes to data protection. Any Facebook applications can pull profile information from every person that installs the program. The bottom-line is that everyone connected to the Net is exposed. This is about every company on the globe and every person with a PC or enhanced phone. Just making sure that you have the proper security software installed will not be sufficient.
You have to be conscious about the use and privacy you want to apply to your information. Start by categorizing your information with the traditional classification: public, confidential and secret. For confidential and secret data, you have to decide with whom you want to share this information. I assume that your credit card number falls in the category “secret”. However, in order to use it you have to share it with a trusted partner. Not everyone you deal with will keep your card data safe. In August it turned out that 40M credit card numbers had been stolen from the systems of reliable retailers, like Sears and Barnes & Noble. One way to address this risk would be to store your credit card number with a single trusted partner, for instance PayPal, and let them handle the payment to the retailer. For online purchases retailers should actually have an SMS based approval to avoid illicit charges being made from copied card numbers.
Passwords are “top secret”. They should authenticate the person who is logging on. Most new notebooks and keyboards now come with fingerprint readers. This technology is mature and cheap and therefore highly recommended to uniquely identify you.
At the other end of the spectrum is the public information. There is probably more of it about you than you had wished. Just go to White Pages and see what you can find on yourself. You can order a full background report on anyone for only $39.95! But these companies will give you the facts about you, not the information that you are not even aware of it existed. Companies like Experian, EquiFax and Fair Isaac are making a living from analyzing your life. They started out with credit scoring, assessing your credit worthiness, but moved way beyond this and are now profiling you to death. Google’s business model is based on very large scale data mining, analyzing the way you click, search and access information on the web, so that they can find the right ad for you at the moment, based on your profile and the current context. Your journeys on the web tell a story. By comparing you with similar users they start predicting your needs and preferences. Scary stuff.
It will be hard to always stay ahead of the hackers, data gleaners and analyzers. Close monitoring may alert to potential breaches. If someone withdraws money from an ATM every two minutes in Astana, Kazakhstan, it will be an indication of fraud. The Bank should block the card and send an SMS to the cardholder to verify that it’s her actually standing at the ATM of the First national Bank of Kazakhstan. Most banks use this type of “Fraud Early Warning” systems for their credit card operations, but haven’t installed it for their ATM and online banking systems. The future lies in this type of data-mining software that looks for extraordinary behavior on your computers or network. Like Fraud Early Warning, the behavioral analysis program notifies the user and inquires whether this is because of a conscious user action or suspicious activity of Bots, Worms, Viruses or other malware trying to pry information from your systems.
Meanwhile, keep your security software up-to-date, monitor your information and think carefully about what you want to put in on-line profiles and which pictures and comments you post online. This information will be used by someone, somewhere. Of course you have the right to remain silent online, but then you are missing out on some of the biggest opportunities of this age.
In 2008 cyber criminals rob computer users of an estimated $100 billion (the total GDP of a country like Peru), according to an estimate by the Organization for Security and Cooperation (OSCE) in Europe. Identities are traded online and the going rate for full personal details is around $120. In Saturday’s NY Times it is reported that a Russian company that sells fake antivirus software that actually takes over a computer pays its distributors as much as $5 million a year. Two of my bank accounts, one in Holland and one in the US, were hit with illicit ATM withdrawals in Odessa, Ukraine and some other towns in Eastern Europe that I didn’t know they existed until they appeared on my monthly statements. The Internet doesn’t take sides nor cares much about location. Hackers may operate from jurisdictions that don’t have the means or appetite to go after cyber criminals. It is a relatively low risk endeavor and pays extraordinarily well, judging from the amounts pulled from my accounts.
So-called “malware” is getting increasingly sophisticated and can operate on a large scale. It hides itself from anti-virus software installed on your PC and propagates through programs that spread out over the Net. Widely used programs like Facebook, have gaping holes when it comes to data protection. Any Facebook applications can pull profile information from every person that installs the program. The bottom-line is that everyone connected to the Net is exposed. This is about every company on the globe and every person with a PC or enhanced phone. Just making sure that you have the proper security software installed will not be sufficient.
You have to be conscious about the use and privacy you want to apply to your information. Start by categorizing your information with the traditional classification: public, confidential and secret. For confidential and secret data, you have to decide with whom you want to share this information. I assume that your credit card number falls in the category “secret”. However, in order to use it you have to share it with a trusted partner. Not everyone you deal with will keep your card data safe. In August it turned out that 40M credit card numbers had been stolen from the systems of reliable retailers, like Sears and Barnes & Noble. One way to address this risk would be to store your credit card number with a single trusted partner, for instance PayPal, and let them handle the payment to the retailer. For online purchases retailers should actually have an SMS based approval to avoid illicit charges being made from copied card numbers.
Passwords are “top secret”. They should authenticate the person who is logging on. Most new notebooks and keyboards now come with fingerprint readers. This technology is mature and cheap and therefore highly recommended to uniquely identify you.
At the other end of the spectrum is the public information. There is probably more of it about you than you had wished. Just go to White Pages and see what you can find on yourself. You can order a full background report on anyone for only $39.95! But these companies will give you the facts about you, not the information that you are not even aware of it existed. Companies like Experian, EquiFax and Fair Isaac are making a living from analyzing your life. They started out with credit scoring, assessing your credit worthiness, but moved way beyond this and are now profiling you to death. Google’s business model is based on very large scale data mining, analyzing the way you click, search and access information on the web, so that they can find the right ad for you at the moment, based on your profile and the current context. Your journeys on the web tell a story. By comparing you with similar users they start predicting your needs and preferences. Scary stuff.
It will be hard to always stay ahead of the hackers, data gleaners and analyzers. Close monitoring may alert to potential breaches. If someone withdraws money from an ATM every two minutes in Astana, Kazakhstan, it will be an indication of fraud. The Bank should block the card and send an SMS to the cardholder to verify that it’s her actually standing at the ATM of the First national Bank of Kazakhstan. Most banks use this type of “Fraud Early Warning” systems for their credit card operations, but haven’t installed it for their ATM and online banking systems. The future lies in this type of data-mining software that looks for extraordinary behavior on your computers or network. Like Fraud Early Warning, the behavioral analysis program notifies the user and inquires whether this is because of a conscious user action or suspicious activity of Bots, Worms, Viruses or other malware trying to pry information from your systems.
Meanwhile, keep your security software up-to-date, monitor your information and think carefully about what you want to put in on-line profiles and which pictures and comments you post online. This information will be used by someone, somewhere. Of course you have the right to remain silent online, but then you are missing out on some of the biggest opportunities of this age.
Tuesday, December 2, 2008
Open Source - Par for the Course
In high school our biology teacher explained to us that in the physical world, open systems adapt and evolve and that diverse gene pools have a higher chance of useful mutations, thereby creating better suited and stronger generations. Open organizations and open source software projects show similar characteristics.
The Open Source movement started with some programmers developing an application for their own use and then making it available freely to a wider audience. The reason for giving it away was that the assumed collective wisdom of a larger group, using and testing it, would improve the quality. Moreover, extensive use would lead to new features being added, thus creating a living and expanding body of software that would grow rapidly in functionality. A coordinator reviewed all contributions and decided on the next iteration of the product, which was then formally released back to the community. The benefits of this accrued to all participants and therefore each of the developers was willing to give up their right of ownership of the source code they developed.
These days, thousands of programmers from different parts of the world participate in large scale Open Source projects, working together on millions of lines of programming code. The LINUX operating system and Apache Web Server, which both have substantial market share, are examples of very robust, complex programs. Apache now runs a stunning 93M websites. Most of the people writing code for those projects have never met each other. Still, the software they produce tends to be of similar or better quality than commercial software. These programs can evolve much faster, because there are more eyes and brains involved to come up with new ideas and to diagnose and resolve problems. Interestingly none of these contributors are being paid for their efforts. For them it is par for the course. Peer recognition and being part of a community of like-minded geeks is more important than financial reward.
The "collective collaboration" model applies not only to software. Wikipedia has 75,000 active contributors, working on 10M articles in 250 languages, that get searched by 685M visitors a year. The quality of Wikipedia is considered to be similar to the venerated Encyclopedia Britannica. The ATLAS particle detector, at CERN in Geneva, will search for new discoveries in the head-on collisions of protons of extraordinarily high energy. This has the potential to rewrite the science of physics. Their website tells us: “ATLAS is a virtual United Nations of 37 countries. International collaboration has been essential to this success. These physicists come from more than 169 universities and laboratories and include 700 students. ATLAS is one of the largest collaborative efforts ever attempted in the physical sciences.” Using Internet collaboration and a highly excited community of academics around the globe, the way science is conducted is changing.
Some companies have seen the opportunity and built their business model around the concept of “crowd sourcing”, a term coined by Jeff Howe of Wired magazine. They essentially created completely open companies that are based on the contributions of their stakeholders and apply what is now called “open innovation”. Two online companies got quite a bit of buzz. The shirt retailer Threadless uses its customer base to design apparel online and they sell it through their catalogue. RYZ allows you to create your own sneakers (try it, it is fun!) and then runs a contest to select the best designs. These companies forge a tightly knit community of followers and a loyal customer base which gives continual feedback on their product lines. MIT professor Eric von Hippel states: “online design is becoming a substitute for in-house research and development while voting takes the place of conventional market research.”
Hybrid models are emerging as well. TopCoder organizes contests for the best software, for which it offers prize money. The quality is judged, not by some panel, but the candidate’s peers. They celebrate the developer of the month. Yes, as you already expected, this month’s winner in the algorithm category is Xao Xaoqing from China. Apple opened up its iPhone platform to allow 3rd party software developers to create applications and sell them through the iPhone Appstore. The Facebook Platform invites anyone to create applications to help them engage Facebook’s 120 M users. However, the Facebook platform may ultimately lose out because it is not as open and therefore not as popular as Google’s OpenSocial project.
How is it possible that in the average company you cannot get people who sit across the hall from each other to work together and that these guys collaborate “naturally”? How come that in your company most big projects are late, over budget or don’t complete at all, while these nerds create the best software?
The first step is to create a community of co-creators, testers and users. A community is non-hierarchical. It is a group of peers who share a common view and enthusiasm to jointly address a problem or create something new. There may be some friendly competition between members to show off skills and capabilities. The second step is to establish the architecture and processes to enable the work breakdown, so that bite-size activities can be parceled out. As the problem gets more complex, this will become more necessary, but also harder to do. Architecture design is usually done by a small tightly knit group, before it’s handed over for “crowd sourcing”. Then you need to ensure that the members keep moving in the targeted direction. Successful communities have a limited set of clear rules that all comply with. Their coordinators are seen as “primus inter pares”, leading among equals. There are published processes for conflict resultion. The last step is to ensure that once the product is out the bugs are removed. In Open Source this is a large part of the attraction of the model. In the words of the open-source guru Eric S. Raymond: “Given enough eyeballs, all bugs are shallow.” Most online companies, now release “beta” versions of their software to expose it as widely as possible but with lower user expectations. They would prefer for their users to locate and help resolve their problems.
There is no reason to assume that these models don’t apply to your organization. Most companies simply haven’t caught up yet with the opportunities of creative communities.
The Open Source movement started with some programmers developing an application for their own use and then making it available freely to a wider audience. The reason for giving it away was that the assumed collective wisdom of a larger group, using and testing it, would improve the quality. Moreover, extensive use would lead to new features being added, thus creating a living and expanding body of software that would grow rapidly in functionality. A coordinator reviewed all contributions and decided on the next iteration of the product, which was then formally released back to the community. The benefits of this accrued to all participants and therefore each of the developers was willing to give up their right of ownership of the source code they developed.
These days, thousands of programmers from different parts of the world participate in large scale Open Source projects, working together on millions of lines of programming code. The LINUX operating system and Apache Web Server, which both have substantial market share, are examples of very robust, complex programs. Apache now runs a stunning 93M websites. Most of the people writing code for those projects have never met each other. Still, the software they produce tends to be of similar or better quality than commercial software. These programs can evolve much faster, because there are more eyes and brains involved to come up with new ideas and to diagnose and resolve problems. Interestingly none of these contributors are being paid for their efforts. For them it is par for the course. Peer recognition and being part of a community of like-minded geeks is more important than financial reward.
The "collective collaboration" model applies not only to software. Wikipedia has 75,000 active contributors, working on 10M articles in 250 languages, that get searched by 685M visitors a year. The quality of Wikipedia is considered to be similar to the venerated Encyclopedia Britannica. The ATLAS particle detector, at CERN in Geneva, will search for new discoveries in the head-on collisions of protons of extraordinarily high energy. This has the potential to rewrite the science of physics. Their website tells us: “ATLAS is a virtual United Nations of 37 countries. International collaboration has been essential to this success. These physicists come from more than 169 universities and laboratories and include 700 students. ATLAS is one of the largest collaborative efforts ever attempted in the physical sciences.” Using Internet collaboration and a highly excited community of academics around the globe, the way science is conducted is changing.
Some companies have seen the opportunity and built their business model around the concept of “crowd sourcing”, a term coined by Jeff Howe of Wired magazine. They essentially created completely open companies that are based on the contributions of their stakeholders and apply what is now called “open innovation”. Two online companies got quite a bit of buzz. The shirt retailer Threadless uses its customer base to design apparel online and they sell it through their catalogue. RYZ allows you to create your own sneakers (try it, it is fun!) and then runs a contest to select the best designs. These companies forge a tightly knit community of followers and a loyal customer base which gives continual feedback on their product lines. MIT professor Eric von Hippel states: “online design is becoming a substitute for in-house research and development while voting takes the place of conventional market research.”
Hybrid models are emerging as well. TopCoder organizes contests for the best software, for which it offers prize money. The quality is judged, not by some panel, but the candidate’s peers. They celebrate the developer of the month. Yes, as you already expected, this month’s winner in the algorithm category is Xao Xaoqing from China. Apple opened up its iPhone platform to allow 3rd party software developers to create applications and sell them through the iPhone Appstore. The Facebook Platform invites anyone to create applications to help them engage Facebook’s 120 M users. However, the Facebook platform may ultimately lose out because it is not as open and therefore not as popular as Google’s OpenSocial project.
How is it possible that in the average company you cannot get people who sit across the hall from each other to work together and that these guys collaborate “naturally”? How come that in your company most big projects are late, over budget or don’t complete at all, while these nerds create the best software?
The first step is to create a community of co-creators, testers and users. A community is non-hierarchical. It is a group of peers who share a common view and enthusiasm to jointly address a problem or create something new. There may be some friendly competition between members to show off skills and capabilities. The second step is to establish the architecture and processes to enable the work breakdown, so that bite-size activities can be parceled out. As the problem gets more complex, this will become more necessary, but also harder to do. Architecture design is usually done by a small tightly knit group, before it’s handed over for “crowd sourcing”. Then you need to ensure that the members keep moving in the targeted direction. Successful communities have a limited set of clear rules that all comply with. Their coordinators are seen as “primus inter pares”, leading among equals. There are published processes for conflict resultion. The last step is to ensure that once the product is out the bugs are removed. In Open Source this is a large part of the attraction of the model. In the words of the open-source guru Eric S. Raymond: “Given enough eyeballs, all bugs are shallow.” Most online companies, now release “beta” versions of their software to expose it as widely as possible but with lower user expectations. They would prefer for their users to locate and help resolve their problems.
There is no reason to assume that these models don’t apply to your organization. Most companies simply haven’t caught up yet with the opportunities of creative communities.
Subscribe to:
Posts (Atom)