In this blog I expect we will come up with some guidelines for understanding the plethora of digital disruptions we are facing and will face, as well as for managing them to advantage in our respective businesses. When we do, let’s highlight the former in bold at the latter in italics. I’ll start us off.

You can’t stop disruptive technologies. About five years ago, the price of powerful hardware dropped so precipitously, and a myriad of software productivity tools became so widely available through consumer channels that, while employers struggled to evaluate and integrate it all, employees quickly outfitted themselves with state-of-the-art home offices and leading edge communications gear. These very tech-savvy employees, many of whom never knew a world without the Internet or cell phones, were not content to leave their gadgets at home, and brought them into the corporation, policies prohibiting them notwithstanding. These technologies – instant messaging, Internet e-mail, cell phones, PDAs, flash drives, GPS, portable hubs and MP3 players,* to name a few early ones** – were helping employees get more work done faster, and get it done anywhere, anytime. If the corporation was withholding support for all this unauthorized equipment, so be it. The employees could and did support it themselves. What’s a corporation to do?

One of our clients decided to decouple tried-and-true-but-slower-moving IT from early-adopter employee purchasing by giving employees a budget to buy their own equipment, with the provisions that a) they could not call the help desk for support; b) anything that disrupted the corporate network would be shut down, and c) employees were required to sign an agreement saying that to the best of their ability they would use the technology securely and responsibly. This arrangement, they say, has been working well. Lesson learned: Plan to give up some control, and trust your employees to move your company forward in the digital age – though stay involved to make sure the infrastructure you do provide is not compromised.

Again, expect some chaos as you move from business model A to business model B. For example, commenting on the illegal use of a laptop in Notre Dame’s coaching box, the New York Times reported, “…the N.C.A.A. appears more reluctant than professional sport leagues – and even some high schools – to welcome the latest available technology.” The article observed, “In many aspects, football keeps technology at arm’s length, particularly at a time when it might be most useful – on game day.” You can bet this will change. You can’t stop the technology, so be creative in figuring out the best way to harness it.
__________

*Note the blurring distinction between entertainment equipment and productivity tools.  MP3 players, first used to listen to music, were quickly adopted to replay corporate briefings and seminars.

**See the Digital Disruptions report for the latest innovations you can expect to see soon.

I hope you’re watching the announcements about security as they fly onto your workstation through email, RSS and various postings.  Every week there is a new “discovery” about the need for security services and technology to help create value for the enterprise.  Just this week there are two powerful reminders (and it’s only Tuesday)!  In both cases, the message of Digital Trust is echoed over and over.  In particular, these announcements reinforce three of the four strategic conclusions of the Digital Trust research program as reported in Volume 8, the final volume of the Digital Trust report series:

* First, digital trust is real.  The presence (or absence) of digital trust has real, direct impact on the ability of the enterprise to achieve competitive advantage and “make business happen.”  The findings of the third quarter 2008 Online Customer Respect Study of life insurance industry Web sites has a specific warning about the impact of a lack of (digital) trust for this industry.

* Second, aim high and first with a digital trust strategy to get the payoffs.  In a summary report from the Security for Business Innovation Council, published earlier this year by RSA, 10 security leaders from different industry sectors have declared that security teams must now become “full partners in the business innovation process.”  When you read further, you will discover that this is their way of saying “apply a digital trust strategy.”  In the words of the press release, “In this landscape, the security focus must move from solely mitigating risk to also maximizing business reward.”

* Third, security governance structures prevent digital trust strategies from being used more widely.  A more recent companion report also published by RSA tries to develop and explain a “risk/reward equation” based on a foundation of enterprise information risk management.  Once again each of the 10 council members offers his or her advice about how to maximize the returns from such a strategy.  Compare this to the foundation equations of digital trust presented in Volume 1 of the Digital Trust report series (see “Not Your Father’s Information Risk Management” on p. 6), and to the results shown over and over in each of the succeeding volumes.  (All Digital Trust volumes can be found here.)  There are some important differences between the two in just what “value” is targeted, but both insist on an organizational and governance structure that makes security teams aware of business objectives (not just operational objectives) and assigns them the responsibility for attention to value in prioritizing security actions.

Ten “thumbs up” for digital trust
RSA established a Security for Business Innovation Council in 2008.  The membership was selected by RSA from among security executives representing companies that had extensive security programs, regulatory issues, substantial investment in intellectual property, and an acknowledgement that “information security needs to be part of their business innovation process, ” as the summary report said.  Interviews with each of the 10 executives led to the conclusions of the first (summary) report and recommendations about risk/reward in the second report. 

In quote after quote from each of the 10 members in their first report, obligations to recognize business impact and (at least) not hinder business operation unnecessarily are promoted.  It’s a very tiny step between the words of the council members and the conclusions and recommendations of Digital Trust.

In the second report, the council members promote an “information risk management” methodology as a way of balancing risk/reward for information security.  While it does move security service away from being an innovation inhibitor, it still falls short of the digital trust reality (and equations) that include and account for enterprise value creation with security services and technology rather than incremental (even cost justified) reductions in risk exposure over enterprise value that already exists.  Despite this difference, there is strong and compelling agreement on the need to rearrange IT security/risk governance so that the security teams are directly connected to business objectives and value targets.  Only then can they more fully contribute to innovation within the enterprise.

A digital trust deficit for the life insurance industry
The Customer Respect Group “measures and reports on the behavior of corporate websites in relation to the treatment of the online customer and their personal data.” (www.customerrespect.com)  As part of this measurement, the Customer Respect Group has invented a Customer Respect Index (CRI) rating.  For the past five years, the Customer Respect Group has reviewed and measured corporate Web sites, including life insurance industry Web sites.

While this latest study indicates that at least some life insurance Web sites have begun to improve their performance according to the CRI, the study also lists two items as its “most surprising results.”  One has to do with the speed of innovation.  The other, however, is listed as “not enough emphasis on trust.”  Since the study is based on an examination of Web sites (in this case insurance company Web sites), the kind of trust deficit being declared is a digital trust deficit.  And, that deficit is penalizing life insurance companies by limiting leads for offline business.

Despite the generally weak CRI scores of life insurance companies, five companies were noted as making good improvements. The top five life insurance Web sites and their CRI scores (10 is best) are:

—Western & Southern Life (7.7)
—Nationwide (6.7)
—Metropolitan Life (6.7)
—New York Life (6.4)
—Principal Financial (6.4)

In the Digital Trust report series, Volume 7, “Transparency and Assurance,” examines how digital trust can be created, conveyed, lost and reclaimed.  Although four main techniques for the creation of digital trust are explored, special attention is given to the topic of digital trust creation for Web sites.  Even though the five insurance companies listed have begun to rise on the CRI ranking ladder, digital trust creation techniques are readily evident in only two of them (Nationwide and Principal Financial).  Even then, their use of those techniques falls short of the best applications as described in the digital trust reports.

There’s sure room for more value creation with digital trust in insurance company Web sites.  I wonder what the rankings could be if digital trust techniques were applied thoroughly?!

The sound of digital trust on the move
Can you hear it?  The sounds of digital trust and digital trust strategies are getting louder and louder as they move forward into more widespread application, with the recognition that security services and technology can, indeed, create value for the enterprise.  Be sure your enterprise “hops on board” before the last digital trust cars leave the station.

Before they will power 21st century business, technology innovations will first disrupt 20th century business models. As NYU media pundit Clay Shirkey puts it, disruptions don’t typically take us cleanly from current business model A to new business model B, but from business model A to chaos to business model B. It is often the case that before we can progress in a new direction we must retrace some steps and take time to map out a new route, and this likely will be the case in spades in the digital millennium.

Strikes and law suits are often signs of disruption.  When they are prompted by innovative digital technologies that threaten the status quo, defensive maneuvering by the establishment is not only expected but called for – until a new order emerges that capitalizes on the advantages brought by unstoppable innovations yet assures their fair and responsible use.

The billion-dollar law suit for “massive intentional copyright infringement” brought last year by Viacom against Google/YouTube for providing access to Viacom content illegally uploaded by fans is a case in point. To address the issue, Google introduced a copyright identification system called Video ID, which tracks unauthorized videos. It enables a copyright owner to either block the clip, leave it up, or enable YouTube to sell ads linked to the material and share the revenue. According to a CNET News blog post, “Google said on its blog… that copyright owners were choosing to turn a buck from unauthorized clips 90 percent of the time.“

The CNET News post quoted Google, “It’s clear to our (more than 300) Video ID partners that our technology has created a framework that allows copyright holders to sanction the creativity of their biggest fans…These partners now have a new way to successfully distribute and market their content online.”  The CNET News post went on to report, “Several start-ups are working on technology that will track unauthorized videos wherever they exist on the Web and then insert an advertisement into the clips.“

Digital content actually allows for tighter owner control then ever. In the past, media giants whose terms of sale legally prohibited certain personal uses of content could not discover such illegal uses nor enforce their claims, but now copyright owners can do so via the Internet. The Digital Millennium Copyright Act (1998) supports this new-found ability, a result of the powerful lobbying muscle of the media industry. Ultimately, though, the consumer will not be put back in his box, and a win-win solution, such as Google/Viacom’s, will be hashed out for the Writers Guild strikers in Hollywood (they so far won minor concessions for Internet distribution), the New York City cab drivers (they so far lost their battle to shun imposed GPS devices in their cars), and countless conflicts to come.

The immense disruptive potential of digital innovation, however, will take much time to address – 50 years, according to a gathering of prominent CEOs at the 2008 World Economic Forum in Davos – and I agree.

What do you think?

“Trust” Means …?
“Trust” is a gut word.  It’s one of those words we use all the time, but often struggle to define in the context of its use.  When asked about exactly what we mean, we often mumble through some confused description that often includes such words as “assurance,” “belief,” “confidence,” “faith,” “reliance,” “reliability” or even “security” as we try to invoke an empathic nod from listeners.

We love this word.  It has the power to evoke an approving response in all kinds of circumstances, even if we don’t exactly know what we mean!  For example, banks have historically had “trust” as part of their name (e.g., SunTrust Bank, Pacific Trust Bank, California Bank and Trust, Branch Banking and Trust) to help us feel confident in letting them hold and manage our money.  Today, that application of the word “trust” has been adopted by dozens and dozens of technology and Internet companies as part of their company name, invoking the power of the word “trust” to support presumed market predispositions.  (See Volume 1 or Volume 7 of the Digital Trust report series for a sample of companies using “trust” in their name.)

For a long time we have acknowledged the important sociological and psychological dimensions of the word “trust” and the ability to apply trust as a “quality” for people or institutions.  But, even in this application, we are not quite sure what we mean.  And, we have a lot of choices.  For example, Google reports more than 27,000 “hits” when a search for “definition of trust” is pursued!

Uncopyable?!
In an essay in “The Technium” called “Better Than Free,” Kevin Kelly uses “trust” as an example of a quality (of a person or enterprise) that is intangible and uncopyable, and which therefore can have value in a network economy that copies everything over and over and thereby makes things “worthless.”  He goes on to name eight values (qualities), not including trust, as attributes that cannot be copied, and which therefore add value to free copies … making the copies “better than free.”  It is an interesting point of view, and certainly worthy of reading.

Digital Trust Value for Real
Notwithstanding the soft claims of value for intangible, uncopyable qualities (even including trust), there is a trust contributor that delivers a real, measurable payoff in new value created through security services and technology.  This is the trust created and delivered by security technology and service.  This is digital trust as defined by the Digital Trust research program and report volumes.  (See all the Digital Trust volumes here.)  Specifically, digital trust is evidence-based confidence that systems operate as advertised, and that no unadvertised functions are occurring.  It is:

*  Announced with features and functions.
*  Completed with life cycle characteristics of design, development, deployment and operation.
*  Capable of value creation beyond a reduction in the risk of loss.

Digital trust is an important contributor to the full fabric of trust in any context.  But, when examined by itself, digital trust contradicts popular notions about how trust is created, conveyed and valued.  Unlike the “uncopyable” quality that is described in Kevin Kelly’s essay, we find that:

*  Digital trust is hard, real and quantifiable.  It measurably affects both speed and cost, and can create value in other ways as well.
*  Digital trust is fast.  In fact, “nothing is as fast as the speed of digital trust.” [1]
*  Digital trust can be purchased (with money and effort) in at least four ways as seen in Volume 7 of the Digital Trust report series (see “How Much Does Digital Trust Weigh?” on pages 2-5).

Better Than “Better Than Free”
So, “better than free” is certainly an attractive notion to contemplate.  But, once we know what digital trust really is, the value that can be created, conveyed and sustained with digital trust is even better than that!

—————————————————-

1 This phrase is adapted from the original “Nothing is as fast as the speed of trust” as seen in Stephen M.R. Covey, The Speed of Trust (New York: Simon & Schuster, 2006).

Digital Disruptions: Technology Innovations Powering 21st Century Business

Complete with its own blog by Alex Fuss, 2008 LEF Associate on Digital Disruptions, and all of you who contribute to this dialogue on disruptive technologies—those technologies that, per Harvard professor Clayton Christensen, introduce to the market very different value propositions than were previously available.

But I am getting ahead of myself. Let me (Alex, here) kick this blog off with an excerpt from a presentation I gave in April at an LEF Client Forum:

The digital disruptions begun with the Internet’s launch at the end of the 20th century and responsible for a tremendous spike in global productivity promise a second-round impact in the 21st century that we can only begin to imagine.  At CSC we have identified seven categories of digital disruptions that are rapidly impacting today’s business models:

1. New Media
2. Augmented Reality
3. Social Power
4. Information Transparency
5. Digital Spectrum
6. Platform Makeover
7. Smart(er) World

The year-long research effort by CSC’s LEF to identify these categories and delve into the implications of specific technologies they comprise will result in the Digital Disruptions research report, to be released in October 2008. 

Looking back, having worked on the Digital Disruptions report for over a year has undoubtedly broadened my horizons, deepened my research and analysis skills, greatly expanded my network of technology innovators and pundits, and left me with some new habits that should serve me well long after the report is officially released.  Foremost among these habits is the tendency to scour the news daily for any and all technology breakthroughs and filter the announcements and pronouncements through the prism of the report, defracting them through the gradients of its seven themes.

Leveraging the blog, I will, in true Web 2.0-fashion, share my personal thoughts on the implications of relevant industry events as they occur, and solicit your personal and professional comments. I am by no means an expert on the subject – “Digital Disruptions” is too broad and too fast-changing a topic for anyone to master – and look to the collective wisdom of all to help us understand the technology landscape forming before us, and how to best use that shared knowledge to advantage.

Though the report is not out yet, if you would like to familiarize yourself with the report’s themes, you can listen to the podcast of the research preview I gave in April by subscribing to the LEF RSS feed (/lefpodcast) and adding the podcast from the LEF Forum, April 2008, podcast 12 “Digital Disruptions.”  In addition, Clayton Christensen’s book The Innovator’s Dilemma provides a good foundation for understanding disruption in the context of technology innovations.

I’m looking forward to a stimulating collective discussion, an actualization of theme 3 above: Social Power.

À la prochaine (until next time)…