November 30, 2011

A Nation of Appkeepers

Napoleon insulted England as a nation of shopkeepers, but of course it turned out that such widespread entrepreneurship was anything but a weakness.
 P776PRU4ZAYR 
Why was is possible for so many shopkeepers to be able to operate successful businesses at small scale? The business fundamentals are the same whether the shop is baking bread or selling candles: startup capital is low, access to credit is easy, and ongoing expenses like rent are affordable. The shopkeeper didn't need to expand nationally or globally to be successful in their own life, they just needed to do a bit better than their expenses. But in so doing, they realized a life better than factory employment.

In our perspective of online services, we tend to think "enormous": Amazon, Facebook, iTunes, and Google. Huge amounts of data and processing centralized around a few dominating vendors. This has been true for many preceding years of information technology: Microsoft, Dell, Intel, SAP, Oracle, HP, etc. Developing commercial software and hardware was such a large investment that enormous scale had to be reached in order for the business to be profitable.

But something very different is happening with entrepreneurs today.

Take a look at the 125 finalists in the Mass Challenge, the worlds largest startup accelerator located in Boston. These businesses are generally not the next aspiring Facebook; they are serving very specific customers, solving very specific problems, and often catering to local markets. Many of these startup companies are actually manufacturing product or providing local services, but often are combining these with an online app that might be the key to creating a viable business.

Cloud computing is starting to have a profound impact on the nature of startup businesses.

Today, a startup software developer doesn't even need to buy server hardware or test equipment. Everything they need to develop, test, launch, and operate their business is available online, rented, affordable, and without a large investment risk. Even marketing costs and access to customers can be highly targeted, efficient, and effective. All of a sudden, a business that could not have been possible because the potential scale of the business would not provide an adequate return on investment, is now viable, at a modest size.

Like shopkeepers, the new appkeepers do not need to create a gargantuan business to be personally successful, they just need to be marginally better than their expenses. With low startup costs and afforable operating costs, and shared resources such as incubators and accelerators, we are seeing an explosion of business creativity. But don't expect another Amazon. Expect a nation of appkeepers.


November 23, 2011

The Domain Trap

Hiring managers are hurting their companies and employees' careers with a single sentence. It goes something like this: "Experience implementing Authentication and Authorization against Active Directory". And so many variations that each of us have written when trying to find the right talent to join our product development organization.

We all want to hire experienced people. The more experienced that we can afford, the better, right? And the more experience within our specific product domain and technology domain and market, that would be perfect! Right?? We don't seem to realize it, but what is actually coming out of our mouths when we address a prospective job candidate is something like: "we are a bleeding-edge, innovative, super-creative company, and we want to hire someone that has already done exactly what we are trying to do."

Of course, we can't put responsibility for building our next generation of products with people that have no relevant experience. The expertise that a company builds within its individual contributors and managers is often its strongest asset. So where's the conflict? It's in the level of domain specificity. As hiring managers, we are no longer looking for someone with experience within our own industry, but very specifically within a narrow product domain and within a narrowly defined technology domain - let's zero in on the "perfect" candidate.

You say that you want to hire the smartest. Fast learners. Lifetime learners. Answer this: if you hired someone more generally from within your industry, but they were not able to understand your specific product domain and could not be productive within a reasonable time, did you make the right hire? Yet by creating highly restrictive hiring domain criteria, you are selecting those who gave up lifetime learning just so they can take your job and keep doing what they have been doing. That's the damage to the employee.

The damage the to company comes from hiring the wrong kind of thinkers. “Hybrid Thinking” is what Dev Patnaik calls the conscious blending of different fields of thought to discover and develop opportunities that were previously unseen by the status quo. As Dev explains in Why Can't Big Companies Solve Big Problems?, "It turns out that while large companies and organizations are phenomenally good at managing complexity, they're actually quite bad at tackling ambiguity."

Hiring someone from a less familiar product domain or skillset domain provides a different perspective and that breadth is exactly what creates the environment for innovative solutions and breakthroughs. Hiring someone that has already solved your problem creates the environment for continuously solving the same problem the same way. Fortunately that creative block can be solved with just one sentence.

November 22, 2011

Why is Airport Food So Bad?

You pay top dollar for airport food, yet it's very rare to find good airport food; usually it's just terrible, and sometimes it's downright dangerous. I'm sure all of you travelers have experienced that. But this is really a blog entry about cloud computing ...

There are two kinds of customer relationships: transactional and service. Nearly all restaurants are a service. Their customers are local, and their reputation is local. A restaurant will live or die by the quality of food and service they provide, precisely because their business depends on customers coming back and telling their friends about their great experience. Even fast food restaurants are deeply involved in managing customer relationships so they can ensure repeat business. That's a long-term service relationship. 

A transaction, on the other hand, is a one-time event: no relationship, not much service, just money in exchange for satisfying an immediate need. The transactional vendor doesn't expect the customer to come back. Airport food fails because by all appearances, when we look at an airport concession we see a restaurant, and this causes us to expect a service relationship. But not the airport concession vendor: they see their business as a transaction. They will never see these customers again. Thanks for your money, now please move on. 

An airport food concession is only a viable business because of airplanes: they bring an inexhaustible supply of customers having very few choices. As described in the Freakonomics blog, "My demand is quite inelastic, and the near monopolist at this smaller airport is taking advantage of that."

The technology analogy to transactions and services is quite familiar to you. Most software sales have always been transactions. Are customers of Windows satisfied, happy, loyal, customers? How about Oracle, Siebel, or NetBackup? No matter. There seemed to be an inexhaustible supply of people buying PCs and companies buying servers, and these customers have very few choices. Thanks for your money, now please move on. Might you argue that these vendors maintain customer relationships because of support contracts? You might, and it would be nice if software vendors saw it that way. But they don't.

How about service technologies? Think facebook, salesforce.com, iTunes, or TurboTax. These indeed are long-term customer relationships and can only thrive because their customers loyally and willingly keep coming back for more product and their reputation precedes their growth. Willingly. Hmmm.

Perhaps the greatest danger to the future success of cloud computing might be if the old generation of software vendors gain dominance in the cloud, bringing with them their old transactional attitudes towards customers. The opposite outcome may prove to be the greatest benefit that cloud computing brings to the market - that customers are treated like restaurant patrons and not airplane zombies. Call me an optimist.

November 21, 2011

The Case for Cloud (part 3)

This is the third entry in a series on the Case for Cloud (see part 1 and part 2).

There is plenty of information and opinion available about the risks of cloud computing. The Cloud Security Alliance puts it succinctly: "...customers are also very concerned about the risks of cloud computing if not properly secured, and the loss of direct control over systems for which they are nonetheless accountable." A search for cloud security risks offers up a plethora of expertise on the many risks of adopting cloud computing, as well as advice on what to do about it. Such threats include insecure application programming interfaces, malicious insiders, data loss, and account hacking. Sound familiar? Anyone that is accountable for information systems today will recognize these threats, because they are pretty much the same as the threats faced in any proprietary, non-cloud environment. The issue isn't one of threats, because those are everywhere. The issue is the loss of direct control.

To show that risks in your non-cloud environment are just as real, let's take a quick review of 2010. According to Symantec's Internet Security Threat Report, the average observed daily volume of Web based attacks was 93 percent higher than in 2009. Symantec discovered more than 286 million unique variants of malware. 6,253 new vulnerabilities in software were detected, another record. The underground economy is booming, costing just $15 for an army of 10,000 bots to launch attacks against a target, such as denial of service.

The US government has realized that its agencies must consume a large amount of cloud computing from many vendors, both to achieve greater efficiency and to take advantage of new capabilities. In order to address security concerns it has initiated the Federal Risk and Authorization Management Program, or FedRAMP, a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Perhaps this will help set standards and build confidence in cloud computing practices that will also be enjoyed by the private sector, but it will certainly force many cloud services vendors to put attention to security and greatly improve their offerings.

Given that many of the threats to cloud computing are similar to normal information systems threats, and with programs like FedRAMP focusing the industry to improve security for cloud environments, is there merit to the argument that an enterprise IT manager actually does have better direct control - better security - than a cloud service vendor they may be considering? To believe that, an IT manager needs to accept two assumptions: that network and computer security can be reduced to practice like other disciplines, and that the expertise to configure and administer a network will continue to be available.

Many of the technologies we are enjoying seem to be developing at a faster rate than we can learn them, but there is hardly anything moving faster than malware. While there are many foundation principles for network security, in practice as the software we purchase gets larger and more complex, so too do the vulnerabilities and the many kinds of attacks that will take advantage of them. Not too mention all of the clever forms of "social engineering" that continue to amaze us with their unrelenting creativity. Even if an IT manager does manager to hire the best-in-class security talent, those people cannot be effective without the resources to keep current - really to fully participate - in the security community.

According to Gartner's 2010 CIO Survey, "...enterprise security projects often lag behind other IT areas... security technology projects came in ninth, behind up-and-coming technologies like virtualization, cloud computing, Web 2.0 and mobile technologies, among others." Can CIOs possibly believe that they are able to provide adequate security, better than the cloud vendors they don't trust, when they are not prioritizing the resources to get it done? Possibly they do believe that. And possibly the lack of security resources is what is continuing to make them attractive targets.

This assumes that the CIO/CSO can find the right talent in the first place. Even with the economic downturn and companies de-prioritizing security, the salaries for security-related IT personnel such as network and systems security administrators is rising more than 4% per year, according to the Salary Guide 2011 by Robert Half Technology. This talent is in hot demand. So where are the best security professionals going to find work? At the company that is not funding resources? Or at a cloud vendor?

It is certainly possible for a company to achieve best-in-class performance and maintain effective direct control over network security. But it seems that fewer companies are budgeting for that outcome nor will they be able to get the talent to make it happen. The solution? Outsource the problem to a cloud services vendor.

November 19, 2011

The Case for Cloud (part 2)


This is the second in a series on the Case for Cloud, and starts in the wayback machine, circa 1995. At the time, the dominant network operating system and email service for large corporations was from Banyan Systems. At a conference for the Association for Banyan Users International, a customer stood up in a session and in utter frustration called to the Banyan staff: "Sell to my CEO!!" We shook our heads, "OK, whatever, got it." He pressed on "No you don't get it, Microsoft is selling to my CEO, and you folks are selling to me, an IT manager, who do you think is going to win this business?" Still taken aback, we muttered something like, "Yeah, we'll try to do better." He then argued: "With Banyan VINES, I can be anywhere on the network and monitor everything and manage everything. Once we rip out Banyan and get forced to implement Windows NT and Exchange, I will need five times more staff to manage that stuff!!" (Maybe "stuff" wasn't the exact word he used).

Of course, he was mostly right, except that IT bloat was far more than five times the staff, and didn't stop with networking and email. Client/server software was taking off across all sectors, and we needed large technology staff and highly skilled IT workers to manage Oracle, SAP, Siebel, Peoplesoft, and the rest, not to mention the growing hardware cost and complexity from HP, IBM, EMC, Cisco, and so on.

The chart on the left, from Gartner, clearly shows this IT spending spree as a percentage of revenue for North American companies during this time. No question that all this IT spending was a broad economic driver, but certainly was an exploding cost to corporations.

Did all of this IT spending have a benefit? The following chart shows the productivity trend for the banking sector since 1987 (from the US Bureau of Labor Statistics). The banking sector is the one of the most intensive users of information technology, spending more than 7% of revenues, and clearly from this trend we can see there has been a continuing productivity benefit.

What is the exact function that all of this information technology is performing? Simply put, automation. Fewer people creating more product and services because processes are being automated. But here's the rub: looking at IT spending and productivity trends for various industries hides a critical factor. Information technology - across all industries - has been automating everything else but not IT itself. If we need to manage more Windows desktops, deploy and backup more servers, expand our email and other services, what do we do? Well, hire more IT staff, of course!

We started to get a peek at industrialization of IT with the introduction of technologies like virtualization and online backup. But those approaches just make the old technologies a little more efficient, they really don't make fundamental changes in IT management. Now think about the scale of cloud computing, and it becomes easy to realize that this vast scale can't possibly be achieved with the manual processes of traditional enterprise IT. Not at all. Cloud is a completely different perspective, a highly automated, industrialized approach, where scale can actually be achieved without explosive IT spending.

Coming back to the example of Microsoft Exchange, which is very illustrative of the economic forces that will move traditional IT towards the cloud. There are many analyses posted on the Internet showing how several cost factors are involved: storage, computing, data center space, bandwidth, skilled IT workers, etc. Google's key insight (with Google apps) is that Microsoft could give away Exchange licenses for free, but a company deploying Exchange would still have an expensive technology stack and staff to pay for. A cloud-based email vendor, with their highly automated, industrialized, and efficient service, could offer a low price with no way for a vendor of on-premise software to compete. Email is just one example, but as all of the core IT functions that a business depends on get moved to stable cloud services, the economics of scale and efficiency will force those businesses to follow the cloud.

November 18, 2011

The Case for Cloud (part 1)

The next few entries in this series will explore the factors that are causing cloud computing to be inevitable, but first let's put the topic in broad perspective.

The place to start is with smartphones. It may be a coincidence of timing that we are witnessing both an explosion of smartphone usage as well as cloud computing, but the two are inextricably linked - two sides of the same coin. Wouldn't smartphones have been just as successful without cloud computing, just as happy with access to plain old websites? What's the difference?

"Cloud computing" may seem to have infinite perspectives and definitions, but for this discussion we'll keep it simple: a website is an Internet service where you are getting access to someone else's data; cloud computing is an Internet service that is holding your data and providing a valuable service based on your data. And it's vast.

Had we not known about cloud computing, we should have been expecting it. Every twenty years or so there have been enormous market shifts, both in the architecture of shared multi-user computers and in the technology to access them. Of course there are early adopters of the new paradigms, and laggards reluctant to let go of the familiar paradigms, but new benefits force inevitable changes for everyone. Roughly, here's the timetable:


Take a look at the evolution of access technologies: punchcard, terminal, PC client, browser, and mobility (which includes smartphones, tablets, laptops - anything that wants to be mobile). With each generation, a huge leap in convenience for users, a huge drop in special skills required, and a huge improvement to the efficiency of managing a complex workload.

Likewise with multi-user computing technology, the evolution from computer to mainframe, server, website, and cloud brings huge leaps in automation and capabilities. Each generation of computing environment is serving far more users than the previous. I've also shown the rough size of the working data sets for each generation - roughly three orders of magnitude increase with each generation.

Just based on the trend of needing to accommodate 1,000 times more users and data, it should be clear that a radically different architecture is called for. And that architecture that services hundreds of millions of users and petabytes of data is called cloud computing. We should have been expecting it.

November 17, 2011

Government Shrinkage

Here are two positions that we seem to hear frequently this primary season:
* Government needs to think and behave more like business
* Government needs to shrink and provide fewer services

Times are certainly tough for governments these days, both federal and local, and pretty much all around the world. The calls for austerity programs seem universal, and almost always this means one thing: curtail services by eliminating government workers.

Times are tough for businesses, too, but businesses are familiar with cycles of growth and slowdown. Certainly businesses cut payroll when times get tough, but here's a key difference. Sometimes during a downturn, a business will reduce or eliminate some product or service that is unprofitable or only marginal. But consider the core products and services you are familiar with - when have you heard that a business will reduce or eliminate these just to save costs? A business can't survive at all if it eliminates its income while slashing costs.

So here is a first observation that the analogy between business and government just doesn't work. The motivation for a business to cut costs yet keep its products and services in the market is precisely because its costs and income are directly tied to each other. If reducing costs results in reducing income, that's a bad thing for a business and it will be avoided. Governments do not behave that way for the exact opposite reason; government income has nothing at all to do with the services offered, except in budgeting - but the ease that governments run a deficit completely breaks that relationship so there isn't even a budgeting connection.

This all leads to the second observation. When faced with the choice between lowering costs and the self-destructive path of reducing products and services, businesses have found a third solution: increase productivity. By definition, an increase in productivity is exactly solving this conundrum: how to lower costs but maintain or even increase output. It's a problem that often requires thinking and work and sometimes investment.

Well then, if government should behave more like business, and governments are in desperate need of reducing costs, why do they - almost universally - ignore the possibility of increasing productivity instead of cutting benefits and services? It seems that there could be two reasons.

The first is that governments simply lack the competency to increase productivity. Considering that elected officials, politicians, and agency heads rarely bring operational efficiency as a core competency, this is plausible, but shouldn't it be a solvable problem?

The second reason is that the people calling for smaller government are really not interested in productivity improvement, but are primarily motivated to reduce benefits and services.

It may be hard to know whether this second reason is a real motivator for politicians as opposed to reducing costs, but it sure would be refreshing to hear a politician call for increased government services while lowering costs. And when the media laughs, explains they plan to get it done the old-fashioned way, with productivity improvements. Just like businesses do.

November 15, 2011

The Insulating Layer

A trendy analogy among product management relates the product manager's job to that of the CEO. This fashion statement is even starting to turn up in job postings: "you'll be the CEO of your product!" But I flatly reject this analogy on this simple assertion: a product manager has way more power than a CEO.

Any professional in a company must spend some of their time interacting with other functions: operations with finance to plan inventory, engineers with legal when filing patents, marketers with sales to pass leads, and so on. But really no other professional needs to interact with every other function in the way that product management must. There is really no other place in the company to get all of these functions aligned on the same mission, and especially when something is broken the responsibility to identify and fix problems falls on the product manager.

Of course, product managers have no authority to get anyone to do anything. But they do have relationships, and the most effective product managers consider these relationships to be critical for achieving success, but it's power through influence made possible by these relationships. It is exactly these relationships where the well-connected product manager hears what is going on, and really assembles a broad perspective of the organization and its behaviors. Whether an interaction is with an executive VP or an individual contributor, for the product manager it's a series of one-on-one relationships.

Now consider the CEO; the most obvious feature of this position is a staff of executives, each executive commanding their sub-organization. What is the function of the CEO's staff? They present information from the organization to the CEO, advise, and execute top-level policies and decisions. You would think with all this authority a CEO could get anything done. Can't they?

In presenting information to a CEO, there is always a filter applied - there has to be in order to reduce the volume of information to a manageable level. But the executive staff are just humans, after all. Even with the best of intentions they have a perspective and agenda that does not align perfectly with the CEO, and may sometimes be very badly misaligned.

How does the CEO compensate when the executive staff is not presenting critical information, or is not executing policy in the manner expected? How does the CEO find out? It seems that this would require some form of direct communication from the CEO down two levels, or even further. How would this happen? Would the CEO call these people into the executive suite? Visit their team meetings? Walk the floor and chat?

Think for a moment at the companies where you've worked - how often have you seen such behavior from a CEO? In practice, it's extraordinarily difficult for a CEO to break through the insulating layer of their own executive staff. They don't have the time. They don't have the inclination. They may upset their staff in doing so. It's uncomfortable. It's so much easier to just tell their staff to get something done.

But wait, didn't we just say that there is someone who not only collects all of this organizational information, but that actually gets things done! It would seem like an easy answer - a conversation between the CEO and the product managers could cover a lot of ground.

Not so fast, because where are these product managers in the organization? They are beneath the engineering VP. Or beneath the sales VP. Or beneath the marketing VP. Or beneath the operations VP. And each of these VPs has their own problems and agenda. So the product managers remain below the insulating layer, where the CEO can't get to them.

By the very act of trying to build an effective organization that can scale, we are all complicit in creating a structure that insulates the chief executive rather than empowers. Makes you wonder how anything gets done.

November 14, 2011

The Missing Interview Question

I scoured the first four pages of Google search results for "interview questions", and found only 3 examples related to this question. In two and a half decades of my technology career, I'm sure that I've been interviewed by several hundreds of people, and only once was asked this simple question.

What do you read?

For a starting point, it is always helpful to have a generic question or two that can break the ice and get a candidate talking and a bit comfortable before getting the candidate into more challenging material, but frankly the score from yesterday's baseball game doesn't really give you any relevant insight. If you give a candidate enough time to answer this question, you could learn a lot.

Apparently being such a rare question, the candidate will surely not be expecting it. Yet answering this question can't be faked, so you can get a very quick perspective on the candidate's honest reaction.

The few related interview questions that are posted on the Internet are typically very specific: what is the last book you read? But if you leave the question open-ended (what do you read?), the candidate could reasonably discuss books, magazines, newspapers, journals, blogs, marketing reports, cookbooks, even the book they read to their toddler last night - it's all fair game! And it's also up to the candidate to figure out that they are being invited to reveal a bit of information about themselves, and do not need an answer having a close relationship to the open position.

Does the candidate keep current with their profession? Do they improve their skills? Do they have broad interests? Are they a good cultural fit? Almost no matter what professional position is being considered, practically any knowledge worker in today's economy is required to read, and often to read a lot. If the candidate can't process information more detailed than powerpoint, you may want to think twice before hiring.

My own reading? http://www.goodreads.com/review/list/6961335 You'll find a lot of material about shipwrecks. I can't explain that.