Way back when, personal computers were just gadgets enjoyed by hobbyists.
Then, in 1979, Dan Bricklin and Bob Frankston invented VisiCalc, the world’s first electronic spreadsheet.
VisiCalc was, for the personal computer, what the inflation that followed the Big Bang was for the universe.
Then the Internet happened, and with it the four key innovations that made it interesting enough to stimulate all the other innovations that made it more interesting: Wikipedia, search engines, Google Maps, and Amazon.
Wikipedia is on the list because it changed where we all go to satisfy our curiosity about just about anything with confidence we aren’t just reading FAKE NEWS!
Search engines? Because they’re what we use when we want to find something someone wants us to find.
Google Maps wasn’t the first mapping application, but it’s completely replaced paper maps and the Yellow Pages for locating anything and navigating to it.
And Amazon is what we use when we want to buy something, never mind if the vendor is nearby or not. It’s also supplanted local libraries, and in part is supplanting the Library of Congress. It’s also what we use when we want to find a book about something.
Not to trivialize everything else on the internet … many readers would, for example, add blogs and social media … but it’s these innovations that resulted in the internet supplanting much of physical reality.
Then there’s one more innovation that, in its own way, has been just as influential: cybercrime. It’s key impact: Preventing innovation. This week’s topic: How to encourage innovation without endangering the enterprise.
Start here: “Innovation” isn’t a thing. Or more precisely, it isn’t just one thing. Conversations about innovation are easily derailed by confusing and conflating innovation’s various contexts.
Conversations about innovation are, for most people most of the time, about products and services. Product-innovative companies design, engineer, market, and sell products and services that have unexpected and exciting features.
Not that there’s anything wrong with adding unexpected and exciting features to your business’s products and services. Far from it: When it comes to marketplace success, product innovation is right up there with selling at the lowest price and making the whole buying experience more convenient.
Only in this day and age, many potentially valuable features might never see the light of day due to cybersecurity considerations.
Or, even worse, they might see the light of day while ignoring their cybersecurity implications.
When the subject is innovation and it isn’t about products and services, it’s probably about internal processes. And when it comes to competitive advantage, that’s as it should be: Better internal processes can result in lower product prices and improvements in convenience.
Big process improvements tend to come from formal projects that build cybersecurity into their deliverables. But as a general rule, there’s as much opportunity from large numbers of small improvements as from small numbers of big improvements.
If it weren’t for cybersecurity worries, business users could, between Excel and Robotic Process Automation tools, sand off a lot of small obstacles to process efficiency with minimal IT involvement.
But taking cybersecurity concerns into account, a lot of these opportunities will never see the light of day.
Products and processes are the most obvious types of innovation that can be stifled by cybersecurity considerations. But they aren’t the only ones.
But wait! There’s more!
Two types of innovation get less attention than they deserve: capability innovation and customer innovation.
Capability innovation is making the business competent at skills it could use to improve its products, services, and internal processes if only it knew how to do something.
Customer innovation is all about finding ways to attract customer segments the company currently ignores.
Both of these innovation categories are just as prone to being stifled by cybersecurity concerns as products and processes.
Bob’s last word: I’d love to tell you I have a brilliant solution that results in a highly innovative business that’s also perfectly hardened.
I don’t. My best suggestion (no, not “best practice”!) is an all-out, no-hold’s-barred, high-visibility effort to build cybersecurity awareness into the business culture. Couple that with turning the Cybersecurity organization into a highly accessible internal consulting group, ready, willing, and able to help anyone developing an innovation to harden their innovation.
If you have other alternatives to suggest, please post them in the comments. That’s what they’re for.
Bob’s sales pitch: It isn’t really a sales pitch, but it’s time for the annual KJR census. It’s your opportunity to let me know enough subscribers have enough interest in what I write every week to warrant the time and effort needed to write it.
It’s also your opportunity to let me know which of the topics I tend to write about … and others that I don’t … are topics you want to read about.
If you’re willing, please use the Comments so we can get a discussion going on the topics front. If you don’t want your thoughts to appear in a public forum, use the Contact form instead. Thanks!
KJR census – I have enjoyed… and more importantly learned from your weekly posts for many years. As I still have quite a bit to learn, I hope you will continue to share your thoughts and experiences!
This note is merely to say that I find the topics to write about interesting. That’s why I’m still reading your words, having done so for more decades than I’m comfortable with counting.
You are the only author I subscribe to. While I am no longer in IT directly, all business is IT, even church business. I really respect your perspective on things. And several times a year I forward your pieces to other non-IT-types who find your business/human interaction insights clear and spot on.
VisiCalc………… OH MY…. I never used it, but Multiplan, yes, and PortaCalc.. (VAX Fortran version of VisiCalc, formerly called VisiKludge)….
Thanks for those memories!… Please keep those columns going!
This subscriber has continued interest in reading what you write, so I hope you’ll keep at it. Organizational Effectiveness is a category that is particularly helpful, but I get benefits from just about any topic you address.
RE: is it worth your time to write these columns? I certainly enjoy many of them, although being retired, they are not typically informing my day-to-day activities. Many of the people issues are broadly applicable, however, and others bring back (generally positive) memories of when leading IT groups was my job. While I hope you continue to share your thoughts, I know the day will come when you decide otherwise.
I left the IT field 23 years ago but have continued to read this weekly column (and your books), because though your focus is often IT, the opinions and observations you share are also invaluable from an organizational and business level. So, while my responsibilities transitioned into Program Management and then into Supply Chain, your insights remain pertinent and often fascinating. Kinda like Adam Grant, but in the trenches, with an IT twist. And no offense intended, if you don’t enjoy Adam Grant! 😉 Thank you for sharing with us!
I’ve been an avid reader for decades. Your advice has been helpful. I encourage you to keep sharing your thoughts and insights about IT and its most effective role in the enterprise.
The story of VisiCalc highlights a longstanding problem with protecting IT innovation and more broadly intellectual property. Protecting innovation in the physical space seems to be far more effective than in the virtual space. Why is that?
Your efforts are absolutely worth my time to read, Bob, and I truly appreciate your thoughts and clearheaded approach. I’m retired from the tech world now, but, as you so often point out, there’s no such thing as a purely technical issue, and I find your thoughts and observations really valuable in navigating life in general. Please do keep up the good work!
I have been reading your column since the very beginning. I am now happily retired, but still enjoy reading it. I often forward your column to my two happily employed sons (not in IT). You might want to do succession planning, so you could retire sometime.
1. On cybersecurity, you might want to check in with a nearby major university to see how they implement their cybersecurity for their basic research departments.
2. I enjoy almost everything you have to write, but I most enjoy the articles you write on where societal issues intersect with IT.
Also, it might be worth your while to survey some Millennial employees of your clients to what relevant concerns or ideas they have that you might write about.
3. Keep up the good work.
Keep up the good work. I’ve been reading you for decades and find your books equally valuable. Needless to say, I will continue to do so.
I would be interested to hear your thoughts regarding ethics/morality with respect to Predictive Analytics/AI/Machine Learning.
What should companies be doing to patrol and regulate how this technology is utilized within their organizations?
Thank you, Bob, for another great year of thought-provoking posts.
Some topic ideas I’d love for you to tackle this year:
– AI and ML – beyond the hype to delivering real value
– The employee experience: Making it part of our process to create delightful employee experiences in the systems and processes we acquire or design. Perhaps explore parallels and differences between employee experience and customer experience and customer journey mapping.
– Strategies for procurement and contract negotiation: How to make vendors accountable, appropriately assign risk, and incentivize outstanding value delivery.
As to what topics you write about that resonate, it’s helpful to me that you write so extensively and thoughtfully about human behavior, which is a bigger lever to drive success than the technologies themselves. Project successes and failures often hinge on relationships and behaviors more so than on technology.
Thanks for what you do. Please keep it coming!
Still reading, count me as one (1) head but sometimes of two (2) minds.
I am always glad to receive the IS Survivor
Always a reader. Part of what I enjoy in your writing is seeing what topic you will treat next. Sometimes you give me a topic that I haven’t spent enough time in to have an opinion yet, so you give me a springboard to start researching.
No suggestions in particular but just to mention that your efforts are appreciated; I’ve been enjoying KJR for years (my favourite article was the one you wrote about your visit to MAD magazine years ago) and still find your articles thought provoking!
I’ve also been reading your column since the days when paper magazines arrived in the mail, and this is my first comment in decades. My challenge of the day is how to get my senior employees to understand that their job is to make their systems easy for their colleagues and stop expecting their colleagues to work harder to fit the system. Keep it coming – your advice has always been on point. Thanks for doing what you do.
I’m still here Bob, even if I don’t leave many comments. Please continue, provided you enjoy writing your columns as much as I do reading them!
Developing a security conscious culture is a great idea. It’s also a great challenge. You have often discussed the way that management culture gets reflected down into an organization’s culture. In computer forensics I took, a guest speaker identified upper management as being the worst violators of security measures. He ran the security teams for a couple related organizations. Other incidents I’ve read about suggest there can be an attitude “I’m important. I’m doing important stuff. Get out of my way.”
I confess to a level of sympathy for that attitude. As a maintenance programmer I have felt very frustrated when the process for implementing a production fix was way more complicated than the fix itself.
KJR census: Love it! And I recommend this newsletter (and books) whenever I can.
Innovation/Security: #1 is buy-in from the top leadership. Once we start with exceptions, “security” becomes a political status symbol. #2 is Security from inception. It could be bringing in people with specific expertise. Or it could be training those not who are experts. Either way, Security-from-inception is superior to “bolt-on.”
An aside: You father’s movies were legend on my college floor.
Really enjoy the column, and while I don’t have any specific recommendations for topics, I look forward to reading each edition.
I know I’m coming to the party late, but I have to agree with the other people. I always enjoy your column, and have for years and years. I am not a manager, but I use your wise words in my daily work. You make me think about problems and solutions in a better light. Thank you!!
Comments are closed.