Monday, July 15, 2013

B2B and B2C Are Not Dead

B2B and B2C are dead. This is a declaration I heard at the Cloud Identity Summit 2013. A provocative statement, yes, but I am certain that this is wrong.

The speaker was, I suspect, attempting to find a novel way to describe the, both, exciting and anxiety-inducing inevitability of rethinking security perimeters. If revolutionary technologies and channels are dependent on setting data free, then anyone with a pulse in identity needs to either brace themselves for change or be bold enough to try to get ahead of the challenge.

However, let's make this notion nothing more than a novelty. This statement reminds me of the efforts I've seen utterly wasted on attempting to make batch processes real-time (or quasi-real-time). I actually had to argue with someone who had the intention to turn a batch process, with 80,000 rows of data transferred daily, into a web service that required distinct calls for each row of data. It was to be called every night at midnight, 80,000 times until finished.

Congratulations, innovator, you just increased the size of transactions (dramatically), slowed down the process, and increased complexity for all parties. I didn't think it would be productive then and I don't think it will prove productive now to attempt to tinker with batch back-ends. Maybe later, but it's not an essential, or smart, tactical move to get where we want to be. (If the records were to flow in all day and there was a business case that would benefit from real-time, then the idea would have made sense.)

What proves this declaration wrong? There is a river of data flowing through the back-end. There is data arriving from and being pushed to partners, customers, regulatory agencies, banking platforms, researchers, &tc. Despite the dominance of attention received by the large portals we've built for over a decade now; the revolution that was once du jour and is now passe, this river has flowed on and with ever increasing current.

The message coming from many sources is that a perimeter-less approach to security is the future of handling IT data. I prefer Chris Hoff's assertion that it's not no perimeter, it's many perimeters. Whatever the case, the perimeter will move and migrate.

There will be an internal or core perimeter that remains for a long time to come. Behind it will be mainframes (declared dead 20 years ago by gurus of the day) and other core business that makes no sense to move. The corporate datacenter won't go away, although it will likely become smaller.

The challenge with the perimeter as moving target is the implications to the handling of ownership and responsibility. The good news is that we haven't done much to address this in the current state so there's not much to port. The bad news is that we have buried how we've done it across the IT landscape, specifically in large portals... but that's another blog entry.

Monday, July 8, 2013

Build a Network but Build it Better

When Google ventured into email, I recall many people wondering if it was an empty "me too" move since Hotmail had already been well established. And what did it have to do with search anyway?

Of course, it makes enormous sense when you understand that Google is not actually about search and that it's about monetizing high quality data aggregation. Sending emails tells Google a lot about you: what you like, what you don't, what you want, and who you know.

Of course it is the latter that makes Google, and companies like it, ingenious. Who you know is your network. Using Google to engage your network builds it's colossal network into insights about people that have yet to be imagined.

One can imagine the product pitch within Google being rather dull. "Let's do what all these other companies are doing and figure out how to monetize it later." Of course, the DotCom boom exploded leaving the notion that "if you build it, they will come" a very unfunny joke.

I doubt, however, that the pitch was all that difficult in Google because they certainly must understand the value of their network. In other words, they don't look for transactional qualities to get their heads around return on investment (of course there is an opaque quality to what is actually transparent).

When making product decisions, the network building company simply needs to ask how it can build the network. If it fails to build the network, it failed. If it fails to make money directly, it pays its way building the network where it hasn't been before.

In hindsight, it's hard to imagine Android working out so well without gmail. With phones, you further extend the network several different ways. For instance, the apps you download and use provide insight into the relationships you have with other companies. As with the Chrome browser, Google will have insight into these relationships app or no app. And so the network and the consumer inference potential grows.

Modern networking does not have to be transactional, per se. The payment is less tangible than money but no less powerful. The currency is actually kinetic, it's potential monetization. Maybe it will never actually make money, but will it create customer satisfaction or loyalty?

What's going on in the heads of the customer or potential customer? Have you asked the right questions to ensure that you understand? Can you derive or infer customer actions from the information that they have volunteered?

What about privacy?

I have to pull back on the giddy notion of limitless inference about consumer minds. Privacy matters. Despite what some journalists insist, it matters regardless of age.

To the latter, have you created an environment where they are willing to volunteer this data? Do they trust your network?

I am always advocating for empowering the customer. Corporations, especially large ones, have a tendency to make decisions without involving the customer. They'll partner with others to share your data however makes sense to them. They might have some notion of your consent in legalize, but they won't really ask for customer consent. The customer doesn't really have an alternative. They might even imagine that regulation is actually the customer's will being expressed by proxy. Damn government! Of course, empowered customers must avoid delegating authority that they could easily manage themselves.

But how easy is it? If we enable consent beyond EULAs and click-throughs, could we dramatically ramp up participation on the network? We can build technical systems that allow customers to express consent. Of course, it's actually more important that customers are able to revoke their consent. Would a customer behave differently if, when they revoke their consent, they can be certain that their data is removed from the network? I suspect that the answer is yes. (There's a good job for the government: ensure that revocations are actually being honored.)

This empowers the customer, without a doubt. It also implies transfer of responsibility, or more of it, to the customer. A shallow example of this is an analogy of "poison pill" functionality in smart phones. If you lose your phone, the carrier and/or the phone manufacturer have allowed you to pull the brake line and reduce the risk that your data will be misused. But you have to take action. You are responsible for acting when the conditions demand it: you've lost your phone. The carrier also benefits in that their services will not be stolen and abused.

What might be more interesting about building consent into the fabric of the network is that it will very likely have enormous influence on the behavior of the stewards of data. If the owner of the network makes a decision that adversely effects the perception of the customer, they is the threat that they will lose data and thus cause injury to the network. If such a situation involves enormous numbers of network participants, the impact could be significant.  It's always positive to have skin in the game, even when you imagine that it's not necessary.

Network envy is still alive and well in business. When executed poorly, I imagine the pitch being "it's like Facetime, but for doctors" or "it's like Instagram, but for patients." This is easy to get your head around but it's completely shallow. Beneath such efforts needs to be a thorough understanding of what human (beyond social) networks are, what they mean to the customer, and what they could mean to the business.