Adapting to Change
As a new year unfolds, we continue to observe continued growth in eBusiness opportunities. Even as the Internet expansion trend overcomes slumps in world economy, and defies political and religious strife, the momentum generated so far is force too big to ignore. Regardless, continued growth is faced with tangible milestones if this trend is to sustain itself throughout the decade.
- Achieving End-to-end Connectivity – Although the internet may be considered “end-to-end”, many companies continue to struggle with connectivity within their own enterprise. Let alone achieving the same goals externally with their suppliers, partners, and customers. Despite the false start of Supply Chain Management initiatives (SCM), and struggles to achieve Business Process Re-automation (BPR) in the late 90’s,.such solutions still offer promise. Although this promise has somewhat morphed into up-in-coming business solutions such as Web Services.
- Implementing Change in Corporate Culture – In moving to new business models, companies need to instill fundamental changes to how employees conduct their daily activities. New processes and procedures need to integrate into corporate culture, in eBusiness applications, as well as the eSecurity protecting this infrastructure. This is undoubtedly a significant challenge for large enterprises, than for smaller, more agile businesses. The migration of an enterprise to online commerce, or the implementation of a modern security infrastructure such as managed security services, or Identity Management. The effort for management to implement such new solutions is a mere 20% technical verses 80% organizational.
- Implementing Enterprise-wide Identity Management – A continued expansion of channels relationships now dictates a more aggressive approach to identifying the individuals we conduct our daily business. Identity management has made it’s mark on a national and global scale as governments are evolving to new border control security, in efforts to flank terrorism. Likewise, the corporate industry continues to struggle with an ever increasing sophistication of fraud methods and hacker attacks. Individual enterprises need to establish trust in authentication (who you are) and authorization (what I will allow you to do). For these reasons, identity is fundamental to an ever increasing importance of establishing trust. This is the ultimate drivers; Trust in knowing who is transacting with you, and trusting who you are allowing into your confidential data. Especially in the modern age of business relations between people which have never met in person, and may never meet face to face in their lifetime, for that matter. Trust is fundamental to eBusiness growth.
If the nineties were about bringing enterprises online, then this decade is surely dedicated to Government achieving the same.
In Germany for instance, the public sector is driving the “BundOnline 2005” initiative which is targeted to offering 24×7 eGovernment services to citizens. The German government is set to invest € 1,65 billion until 2005 in order to migrate online its 400 public services. This offers potential for online payment, electronic form signing and data security through digital signature. 200,000 German employees of ministries and federal agencies will be supplied with smartcards and readers by 2005. A quarter of the 400 targeted services — including, for example, bidding for federal procurement contracts – are expected to utilize electronic signatures.
European countries are working towards similar initiatives by the same time frame, of which many countries; France, Greece, Sweden, Denmark & Netherlands have already begun. The need to offer nation-wide online services in G2B (government to business), G2C (government to citizen), and G2E (government to employee) are driving towards the use of eSecurity for authentication, encryption, trust and non-repudiation. Initial adoption of online services has begun in services such online Value Added Tax (VAT) reporting for businesses to government. A classic win-win approach to online G2B, as it creates cost and time efficiency to both the enterprise and the government. In addition, on a regional scale, local municipality portals are being created for the purposes of allowing citizens 24×7 access to government services, as well as the use of identity cards for access to various community services . Examples to date have revolved around online form submissions for social services, income tax, land registration, and other legal documentation. It sure beats standing in line for 4 hours, at your local city hall.
Aggressive internet initiatives are forthcoming in the healthcare sectors as well. Online medical services are being driven by several reasons:
- Privacy of patient records required to meet legislative requirements, and well as European Union (EU) data protection expectations
- Ensuring the integrity of online prescriptions, validated by a digital signature, authenticating the identity of the patient’s doctor.
- Electronic workflow in the communication of patient records via the internet, as well as transfer of prescriptions online. This also applies to the pharmaceuticals industry, interested in using eWorkflow solutions and identity management solutions to streamline their time to market for new drugs.
- End-to-End Connectivity – Online connectivity of hospitals, doctors, pharmacies, and patients continues to be the vision moving forward.
- New services capabilities enabling faster response times and enhancing communication methods through mobile devices is considered longer term milestones.
Such eHealthcare initiatives may be monumental but not insurmountable. Comparing our three eBusiness milestones, end-to-end connectivity may be the least of our worries, through well-established co-ordination between the public and private sector. Establishing identity and privacy are clearly fundamental to healthcare projects, and various legislative initiatives in both the USA and Europe have stepped up to mandate such requirements. Cultural acceptance will be incrementally achievable through a solid communications strategy, and migration plan. Ultimately, the ongoing sophistication of internet usage will be the catalyst in modernizing an existing healthcare infrastructure. But time-scales for such migration should be realistic.
Both the public and private sectors are driving towards change and modernization. Although it is fair to say that the private sector is ahead of government initiatives by at least five years.
Consumers and the Enterprise
Business drivers are somewhat different for the corporate market. Whereby the private sector is focuses on market share, profitability, and channel expansion. The public sector mandates revolve around service quality, efficiency, and legislation compliance. Although governments are not motivated by profit, there is a significant amount accountability and measurement to ensuring the success of G2B, G2E, or G2C initiatives.
The Private sector accelerated forward in eBusiness initiatives throughout the nineties, widening the gap of sophisticated compared to government initiatives at that time. Even today Business to Business (B2B) eMarketplaces continue to fuel success in selected markets, whereby Business to Consumer (B2C) is still in its infancy with respect to revenue and profit expectations. This is partially attributed to the lack of technical sophistication of online consumers today (i.e. the challenges of educating the greater public to the overly complex usage requirements of computers and the internet). In many societies these struggles continue, but times are changing, and mass-markets have proven resilient in its ability to adapt. This is evidenced by the estimated one billion online users expected by the year 2006, from the 600 million users today. Modern society continues to adjust to the Internet culture, but possibly not in the same time scales we all desire.
Planning Next Steps
The gap between eSecurity threats and corresponding countermeasures continues to grow. Attacker continue to find new holes in our networks and applications, and we just can’t seem to plug them fast enough. This is undoubtedly a red flag, and my wishful thinking hopes that such a trend not sustainable. As eSecurity is at the forefront of the Internet’s concerns, we need to evolve our expectations from taking a defensive role to security threats (reactive approach), to offensive measures (proactive) in order to prevent attacks before they happen. Security prevention is a distant goal for many corporations which continue the philosophy of investing in security only after an attack. But when the damage is done, it may possibly be irreversible. This leads to loss of revenue (which in some industries is measured in seconds of downtime), loss of time (to recover from the attack), and loss of reputation (it takes years to build a brand, but only days have it crash down on you).
An enterprise trying to manage all threats themselves, is simply unrealistic. It’s the classic man-in-the-middle attack – You need to protect themselves from all known vulnerabilities, whereas the attacker only needs to know the one vulnerability which compromises your fortress.
- Where do we find the expertise to block all threats?
- Where do you find the time to ensure 24×7 protection?
- How does the enterprise source the adequate funds to protect ourselves?
Both the public and private sectors should consider security solutions outside of their fortress to find these answers. For instance, Managed Security Services (MSS), offers a central Security Operation Center (SOC) of experts to assess vulnerabilities, threats and potential solutions. Outsourcing eSecurity ensures a significantly lower total cost of ownership (TCO) – As much as 40%-60% savings compared to creating a department to achieve the same level of 24×7 protection. But more importantly, CTO’s can sleep at night knowing that their network and applications are protected by the best level of defense.
As security threats meet us both inside and outside the enterprise, identity management and access control become essential elements to eSecurity strategies. Whether it be access to internets, extranet & intranet environments, or access to critical data via your mobile phone, PDA, laptop, wireless LAN, or smartcard. Or enabling access connectivity for customers, employees, suppliers, and partners. Customers will be challenged to choose solutions which provide identity management and access control to meet both present and future needs. Managing privacy verses security, while maintaining a reasonable low cost of ownership (COO) will be an influencer. Connecting disparate IT platforms, directories, applications, and back end systems will be deciding factors. The decision to consolidate systems such as directories and applications becomes strategic to the organization.
History has taught us that IT implementations which tear out the old, to bring in the new, just isn’t cost justified nor realistic. For these reasons the approach to implementing new eBusiness initiatives involves an incremental migration path, and not a replacement strategy. With today’s tighter IT budgets, investment protection for existing assets is essential. For example, access control has evolved from a Single Sign On (SSO) approach into what is now referred to as “reduced sign-on (RSO)”. SSO was simply impractical and unrealistic.
A focus on phased implementations is important. Especially as it pertains to end-to-end connectivity. “Start Small, Think Big” is the latest mantra. Consider this approach to an eBusiness deployment:
- Understand and document your business pains and your strategy to solving them. Treating your IT infrastructure as strategic, and taking an end-to-end view will lead to greater eBusiness success
- Establish the right leadership, and cross departmental teams. Understand where your organization cultural dynamics are today, and how it will affect your deployment. Ensure that departmental owners are accountable for driving change.
- Design your architecture and transition strategy and document in an RFP. Concentrate on achieving a solid foundation, through internal connectivity between heterogeneous systems. Then look externally to connecting, suppliers, partners, and customers.
- Project plan into multiple phases. Identify incremental milestones. Select a list of target suppliers & short list though your requirements. Choose your suppliers and Implement in phases
- Treat your project as organic – constantly changing and evolving to the evolving changes in IT and demands of the market.
Achieving End-to-end Connectivity, Organizational Culture, and Identity Management, is driven by leadership. Change is always achievable, but the real the questions is “when” rather than “if” it will occur. Leadership will be a deciding factor towards such transformation, and help generate cultural harmony to evolving eBusiness approaches.
About the Author
Gabriel Dusil is VeriSign’s Marketing Director responsible for the Europe, Middle East and African region. Mr. Dusil’s role includes the management of Channel and Direct Marketing, as well as Marketing Communications. His responsibilities also include the development of product strategies and market positioning throughout the emerging markets.
Prior to VeriSign, Mr. Dusil had been with Motorola for six years, as their EMEA Marketing Director for its Internet and Networking Group. He has over 10 years of experience in the communications industry, and over nine years of international marketing experience. Mr. Dusil has a degree in Engineering Physics from the University of McMaster, in Canada.