Social
PAT24
pg._277-427.pdf
Q5 How Do Organizations Use Web 2.0? 277
Storytelling must observe one limit, however. Stories must be authentic accounts of interactions that are important to the SM community. Thinly disguised advertisements will be ignored at best and ridiculed at worst. You cein find a story example that Microsoft did of an early user of Office 365 at www.youtube.com/watch?v=204Uc5mUSLA.
How Do Organizations Use Web 2.0? Social media and SMIS are the leading edge in Internet commerce today. However, Web 2.0, the name for another set of Internet capabilities, emerged in the early 2000s and is still important. We will address Web 2.0 here because it includes features and functions that you need to know.
Prior to Web 2.0, e-commerce sites duplicated the experience of shopping in a grocery store or other retail shop. The customer moved around the store, placed items in a shopping cart, and then checked out. Such e-commerce sites were, and still are, effective at selling goods online, but they do not take full advantage of the Web's potential.
Amazon.com was one of the first to recognize other possibilities when it added the "Customers Who Bought This Book Also Bought" feature to its Web site. With that feature, e-commerce broke new ground. No grocery store could or would have a sign that announced, "Customers who bought this tomato soup, also bought. . . ." That idea was the first step toward what has come to be known as Web 2.0.
Although the specific meaning of Web 2.0 is hard to pin down, it generally refers to a loose grouping of capabilities, technologies, business models, and philosophies. Figure 8-12 compares Web 2.0 to traditional processing. (For some reason, the term Web 1.0 is not used.)
Warning: As stated in the chapter preview, some people define Web 2.0 to include social media. We separate Web 2.0 and social media here because social media, and especially hyper-social organizations, represent a difference in the nature of the relationship between organizations and humans. Pre-hyper-social
Web 2.0 Processing Major winners: Google, Amazon.com, eBay
Software as a (Free) Service
Frequent releases of thin-client applications
Business model relies on advertising or other revenue-from-use
Viral marketing
Tradhional Processing Major winners; Microsoft, Oracle, SAP
Software as product
Infrequent, controlled releases
Business model relies on sale of software licenses
Extensive advertising
Comparison of Web 2.0 with Traditional Processing
Product value increases with use and users Product value fixed
Organic Interfaces, mashups encouraged Controlled,fixed interface
Participation Publishing
Some rights reserved All rights reserved
278 CHAPTER 8 Social Media \n1orrT\aV\on Systems
organizations can use the tools and techniques described here for Web 2.0 without any fundamental change in their relationship to consumers.
Software as a (Free) Service
Google, Amazon.com, and eBay exemplify Web 2.0. These companies do not sell software licenses, because software is not theii- product. Instead, they provide software as a semce (SaaS) in the cloud. You can search Google, rtm Google Docs, use Google Eartli, process Gmail, and access Google Maps—all from a thin-client browser, with the bulk of the processing occurring in the cloud, somewhere on the Internet. Like all Web 2.0 programs, Google releases new versions of its programs frequendy. Instead of software license fees, the Web 2.0 business model relies on advertising or other revenue that results as users employ the software as a service.
Figure 8-13 shows features that Google was at one time considering adding to Google Maps. Notice the warning that they "may change, break, or disappear at any time." By providing frequent updates this way, Google maintains it reputation as an innovative company while obtaining testing and usability feedback on new features.
Software as a service clashes with the revenue model used by traditional software vendors, such as Microsoft, Oracle, and SAP. Software is the traditional vendors' product. They release new versions and new products infrequently. For example, 3 years separated the release of Microsoft Office 2007 from 2010. Releases are made in a very controlled fashion, and extensive testing and true beta programs precede every release.
Traditional software vendors depend on software license fees. If a large number of Office users switched to free word processing and spreadsheet applications, the hit on Microsoft's revenue would be catastrophic. (See Case 6, page 210 for an example.) Because of the importance of software licensing revenue, substantial marketing efforts are made to convert users to new releases.
In the Web 2.0 world, no such marketing is done; new features are released and vendors wait for users to spread the news to one another, one friend sending a
Testing of New Features, Web 2.0 Style Source: Google Maps.
Google Maps Labs -I-.-'.r'jIf- l.isC; L?-.:r 3̂ s= 'jiCund fc.i .1V~i:n-r.̂ nî i :>?Ui!̂ ^ tnsi Sfrn', cuit̂ - i^?::. ic V5̂ cĥ :̂ s!e br^aK c disappear => U"-?
If i-:zh • f4=!UiT :ir3's 3nd :StMi h3Mna iic-u:if W'cin'j 1:1?::; y;̂ :hi; i ; : a : i h;i:h
;ri-,f-H"r I h i :
i 'T 0)K)"' 0)K)"' n !
), Zco "105 f'" = •i'-r:'^i' r.?A cf ihr ''• t'tc-;. ?n:! r?^,
an:! zov"-' Tcui^ thrrT:
ajck to Deccs G""?fi t-i!".t \hi cpL c-Hr ih?:* Can ^p-c-: 5 BE~- if:;
o Disable
VVhtf* in the- World Gcine
Tif'A .can kncv-JsdoT cf .vcild j'cciiach^! oue;? Ihr nar^- '.i'.ha ccuntiy ko- aiiWtU i:"5'3-sr-. and t(;, to :;^3t your to; ic.-r^!
• EnabS* •o Oisabf*
"Enable
Save cnanges 11 Csnt^i
Q5 How Do Organizations Use Web 2.0? 279
message to many friends; most of whom send that message, in turn, to their friends; and so forth, in a process called viral marketing. Google has never announced any software in a formal marketing campaign. Users carry the message to one another. In fact, if a product requires advertising to be successful, then it is not a Web 2.0 product.
By the way, traditional software companies do use the term software as a service. However, diey use it only to mean that they will provide their software products via the cloud rather than having customers install that software on their computers. Software licenses for their products still carry license fees. You can, for example, obtain a license to use Office as part of the Office 365 SaaS offering.
Use tncroasss Value
Another characteristic of Web 2.0 is that the value of the site increases with users and use. Amazon.com gains more value as more users write more reviews. Amazon.com becomes the place to go for informadon about books or other products. Similarly, the more people who buy or sell on eBay, the more eBay gains value as a site.
Organic User interfaces and iVlashups
The traditional software model carefully controls the users' experience. All Office programs share a common user interface; the ribbon (toolbar) in Word is similar to the ribbon in PowerPoint and in Excel. In contrast, Web 2.0 interfaces are organic. Users find tlieir way around eBay and PayPal, and if the user interface changes from day to day, well, that is just the nature of Web 2.0. Further, Web 2.0 encourages mashups, which occur when the output from two or more Web sites is combined into a single user experience.
Google's My Maps is an excellent mashup example. Google publishes Google Maps and provides tools for users to make custom modifications to those maps. Thus, users mash the Google Map product with their own knowledge. One user demon- strated the growth of gang activity to the local police by mapping new graffiti sites on Google Maps. Other users share their experiences or photos of hiking trips or other travel. See Figure 8-14 for another example.
•7 Mashup Example
S o u r c e ; © 2011 Google.
Sunday In Central Park
CHAPTER 8 Social Media Information Systems
In Web 2.0 fashion, Google provides users a means for sharing their mashed-up map over the Internet and then indexes that map for Google search. If you publish a mashup of a Google map with your knowledge of a hiking trip on Mt. Pugh, anyone who performs a Google search for Mt. Pugh will find your map. Again, the more users who create My Maps, the greater the value of the My Maps site.
Participation and Ownership Differences Mashups lead to another key difference. Traditional sites are about publishing; Web 2.0 is about participation. Users provide reviews, map content, discussion responses, blog entries, and so forth. A final difference, listed in Figure 8-12, concerns ownership. Traditional vendors and Web sites lock down all the legal rights they can. For exaniple, Oracle publishes content and demands that others obtain written permission before reusing it. Web 2.0 locks down only some rights. Google publishes maps and says, "Do what you want with them. We'll help you share them."
How Can Businesses Benefit from Web 2.0? Amazon.com, Google, eBay, and other Web 2.0 companies have pioneered Web 2.0 technology and techniques to their benefit. A good question today, however, is how these techniques might be used by non-Internet companies. How might 3M, Alaska Airlines, Procter & Gamble, or the bicycle shop down the street use Web 2.0?
Advertising Consider an ad for Oracle CRM that appears in the print version of the Wall Street Journal. Oracle has no control over who reads that ad, nor does it know much about the people who do (just that they fit the general demographic of Wall Street Journal readers). On any particular day, 10,000 qualified buyers for Oracle products might happen to read the ad, or then again, perhaps only 1,000 qualified buyers read it . Neither Oracle nor the Wall Street Journal knows the number, but Oracle pays the same amount for the ad, regardless of the number of readers or who they are.
In the Web 2.0 world, advertising is specific to user interests. Someone who searches online for "customer relationship management" is likely an IT person (or a student) who has a strong interest in Oracle and its competing products. Oracle would like to advertise to that person.
Google pioneered Web 2.0 advertising. With its AdWords software, vendors pay a certain amount for particular search words. For example, GearUp might agree to pay $2 for the term soccer ball. When someone Googles that term, Google wi l l display a link to GearUp's Web site. If the user clicks that link (and only i f the user clicks that link), Google charges GearUp's account $2. GearUp pays nothing if the user does not click.
The amount that a company pays per word can be changed from day to day, and even hour to hour. If GearUp is about to offer a new spinning bicycle, it will be willing to pay for the word spinning just before the event starts. The value of a click on spinning is zero after the event has closed.
AdSense is another advertising alternative. Google searches an organization's Web site and inserts ads that match content on that site. When users click those ads, Google pays the organization a fee. Other Web 2.0 vendors offer services similar to AdWords and AdSense.
With Web 2.0, the cost of reaching a particular, qualified person is much smaller than in the traditional advertising model. As a consequence, many companies are switching to the new lower-cost medium, and newspapers and magazines are strug- gling with a sharp reduction in advertising revenue.
Q6 How Can Organizations Manage the Risks of Social Media and Web 2.0? 283
Wiashyps How can two non-Internet companies mash the content of their products? Suppose you're watching a hit movie and you would like to buy the jewelry, dress, or watch worn by the leading actress. Suppose that Nordstrom sells all those items. With Web 2.0 technology, the movie's producer and Nordstrom can mash their content together so that you, watching the movie on computer at home, can click the item you like and be directed to Nordstrom's e-commerce site that will sell it to you. Or, perhaps Nordstrom is disintermediated out of the transaction, and you are taken to the e-commerce site of the watch's manufacturer.
How Can Organizations Manage the Risks of Social Media and Web 2.0? Social media and Web 2.0 represent a revolution in the way that organizations communicate. Twenty years ago, most organizations managed all public and internal messaging with the highest degree of control. Every press conference, press release, public interview, presentation, and even academic paper needed to be preapproved by both the legal and marketing departments. Such approval could take weeks or months.
Today, progressive hyper-social organizations have turned that model on its head. Employees are encouraged to engage with communities and, in most organizations, to identify themselves with their employer while doing so. All of this participation, all of this engagement, however, comes with risks. In this question, we will consider risks from employee communication and risks from nonemployee, user-generated content.
The first step that any hyper-social organization should take is to develop and pubhcize a social media policy, which is a statement that delineates employees' rights and responsibilities. You can find an index to 100 different policies at the Social Media Today Web site." In general, the more technical the organization, the more open and lenient are the social policies. The U.S. military has, perhaps surprisingly, endorsed social media with enthusiasm, tempered by the need to protect classified data.
Intel Corporation created an open and employee-trusting SM policy that is a model for hyper-social organizations to emulate. Intel's six guiding principles to its employees are:
1. Stick to your area of expertise. 2. Post meaningful, respectful comments. 3. Pause and think before posting. 4. Respect proprietary information and content, and confidentiality. 5. When disagreeing with others, keep it appropriate and polite. 6. Know and follow company code of conduct and privacy policy.*^
This policy is supplemented with a statement of Rules of Engagement for social media, which is excerpted and summarized in Figure 8-15. Read this list carefully; it contains great advice and considerable wisdom. Also, visit the full description at www.intel.com/content/www/us/en/legal/intel-social-media- guidelines.html.
• Social Media Employee Policy Examples from Over 100 Organizations," Social Media Today, http://socialmediatoday.com/ralphpaglia/141903/social-media-employee-poUcy-examples-over- 100-companies-and-organizations (accessed August 2011). '2 "Intel Social Media Guidelines," Intel, vinAW.intel.com/content/www/us/en/legal/intel-social- media-guidelines.html (accessed November 2011).
284 CHAPTER 8 Social Media Information Systems
Figures-15 Excerpts from Intel's Rules of Social Media Engagement
Source: Used with permission of Intel Corporation.
Rule Remarks
Be transparent. Your honesty—or dishonesty—will be quickly noticed in the social media environment. If you are blogging about your work at Intel, use your real name, identify that you work for Intel, and be clear about your role....
Be judicious. Make sure your efforts to be transparent don't violate Intel's privacy, confidentiality, and legal guidelines for external commercial speech...
Write what you know. Make sure you write and post about your areas of expertise, especially as related to Intel and our technology If you are writing about a topic that Intel is involved with but you are not the Intel expert on the topic, you should make this clear to your readers. And write in the first person...
Perception is reality. In online social networks, the lines between public and private, personal and professional are blurred. Just by identifying yourself as an Intel employee, you are creating perceptions about your expertise and about Intel by our shareholders, customers, and the general public-and perceptions about you by your colleagues and managers. Do us all proud...
It's a conversationn. Talk to your readers like you would talk to real people in professional situations. .. .Don't be afraid to bring in your own personality and say what's on your mind. Consider content that's open-ended and invites response. Encourage comments.
Are you adding value? There are millions of words out there. The best way to get yours read is to write things that people will value. Social communication from Intel should help our customers, partners, and co-workers...
Your responsibility. What you write Is ultimately your responsibility Participation in social computing on behalf of Intel is not a right but an opportunity, so please treat It seriously and with respect...
Create some excitement.
As a business and as a corporate citizen, Intel is making important contributions to the world, to the future of technology, and to public dialogue on a broad range of issues. Our business activities are increasingly focused on high-value innovation. Let's share with the world the exciting things we're learning and doing—and open up the channels to learn from others.
Be a leader, There can be a fine line between healthy debate and incendiary reaction. Do not denigrate our competitors or Intel. Nor do you need to respond to every criticism or barb.. .Did you screw up? If you make a mistake, admit it. Be upfront and be quick with yourcorrection. If you're posting to a blog, you may choose to modify an earlier post—just make it clear that you have done so.
If it gives you pause, pause.
If you're about to publish something that makes you even the slightest bit uncomfortable, don't shrug it off and hit 'send.' Take a minute to review these guidelines and try to figure out what's bothering you, then fix i t . . .
Two elements in this list are particularly noteworthy. The first is the call for trans- parency and truth. As an experienced and wise business professional once told me, "Nothing is more serviceable than the truth." It may not be convenient, but it is service- able, long term. Second, SM contributors and their employers should be open and above board. If you make a mistake, don't obfuscate; instead correct it , apologize, and make amends. The SM world is too open, too broad, and too powerful to fool.
When singer Amy Winehouse died in July 2011, both Microsoft and Applf tweeted messages about where to buy her music that the Twittersphere founc distasteful and objectionable.^^ After a loud outcry, both organizations were promp with apologies, made amends to her family and friends, and the errors were forgottei by day's end. Had they done otherwise, we would still be hearing about them. Sei also Using Your Knowledge Question 8 on page 291.
M e User-generated content (UGC), which simply means content on your SM site that: contributed by nonemployee users, is the essence of SM relationships. As with an relationship, however, UGC comments can be inappropriate or excessively negative i tone or otherwise problematic. Organizations need to determine how they will de with such content before engaging in social media.
Sarah Kessler, "Microsoft Apologizes for 'Crass' Amy Winehouse Tweet," CNN.com, July 26, 201 www.cnn.com/2011/TECH/social.media/07/25/apology.winehouse.tweet.7Tiashable/index.htn lref=allsearch (accessed August 2011).
Q3 What Are the Advantages and Disadvantages of Outsourcing? 393
Thus, the CIO must not only establish and communicate such priorities, but enforce them as well. The department must evaluate every proposal, at the earliest stage possible, as to whether it is consistent v«th the organization's goals and aligned with its strategy.
Furthermore, no organization can afford to implement every good idea. Even projects that are aligned with the organization's strategy must be prioritized. The objective of everyone in the IS department must be to develop the most appropriate systems possible, given constraints on time and money. Well thought out and clearly communicated priorities are essential.
Sponsor the Steering Committee The final planning function in Figure 11-3 is to sponsor the steering committee. A steering committee is a group of senior managers from the major business functions that works with the CIO to set the IS priorities and decide among major IS projects and alternatives.
The steering committee serves an important communication function between IS and the users. In the steering committee, information systems personnel can discuss potential IS initiatives and directions with the user community. At the same time, the steering committee provides a forum for users to express their needs, frustrations, and other issues they have with the IS department.
Typically, the IS department sets up the steering committee's schedule and agenda and conducts the meetings. The CEO and other members of the executive staff determine the membership of the steering committee.
One other task related to planning the use of IT is to establish the organization's computer-use policy. For more on computer-use issues, read the Ethics Guide on pages 394-395.
What Are the Advantages and Disadvantages of Outsourcing? Outsourcing is the process of hiring another organization to perform a service. Outsourcing is done to save costs, to gain expertise, and to free management time.
The father of modern management, Peter Drucker, is reputed to have said, "Your back room is someone else's front room." For instance, in most companies, running the cafeteria is not an essential function for business success; thus, the employee cafeteria is a "back room." Google wants to be the worldwide leader in search and mobile computing hardware and applications, all supported by ever-increasing ad revenue. It does not want to be known for how well it runs cafeterias. Using Drucker's sentiment, Google is better off hiring another company, one that specializes in food services, to run its cafeterias.
Because food service is some company's "firont room," that company will be better able to provide a quality product at a fair price. Outsourcing to a food vendor will also free Google's management from attention on the cafeteria. Food quality, chef scheduling, plastic fork acquisition, waste disposal, and so on, will all be another company's concern. Google can focus on search, mobile computing, and advertising-revenue growth.
Many companies today have chosen to outsource portions of their information systems activities. Figure 11-4 lists popular reasons for doing so. Consider each major group of reasons.
Maiiagemerit Advantages First, outsourcing can be an easy way to gain expertise. Suppose, for example, that an organization wants to upgrade its thousands of user computers on a cost- effective basis. To do so, the organization would need to develop expertise i n automated software installation, unattended installations, remote support, and
S u p p o s e y o u w o r k at a company that has the following computer use policy:
Computers, email, social netivorking, and the Internet are to he used primarily for official company business. Small amounts of personal email can be exchanged with friends and family, and occasional usage of the Internet is permitted, but such usage should be limited and never interfere with your work.
Suppose you are a manager and you learn that one of your employees has been engaged i n the following activities:
1. Playing computer games d u r i n g w o r k hours
2. Playing computer games o n the com- pany computer before and after w o r k hours
3. Responding to emails from an i l l parent 4. Watching DVDs during lunch and other
breaks 5. Sending emails to plan a party that
involves mostly people from work 6. Sending emails to plan a party that
involves no one f r o m work 7. Searching the Web for a new car 8. Reading the news on CNN.com 9. Checking the stock market over the
Internet 10. Bidding o n items for personal use o n
eBay 11. Selling personal items on eBay 12. Paying personal bills online 13. Paying personal bills online when traveling
on company business 14. Buying an airplane ticket for an Ui parent
over the Internet
394
15. Changing the content of a personal Facebook page
16. Changing the content of a personal business Web site
17. Buying an airplane ticket for a personal vacation over the Internet
18. Responding to personal TWitter messages
Discussion Questions 1. Explain how you would respond to each situation. 2. Suppose someone from the IS department notifies you that one of your employees is spending 3 hours a day writing Twitter messages. How do you respond? 3. For question 2, suppose you ask how the IS depart- ment knows about your employee and you are told, "We secretly monitor computer usage." Do you object to such monitoring? Why or why not? 4. Suppose someone from the IS department notifies you that one of your employees is sending many per- sonal emails. When you ask how they know the emails are personal, you are told that IS measures account activity and when suspicious email usage is suspected the IS department reads employees' email. Do you think such reading is legal? Is it ethical? How do you respond? 5. As an employee, if you know that your company occasionally reads employees' email, does that change your behavior? If so, does that justify the company reading your email? Does this situation differ from hav- ing someone read your personal postal mail that hap- pens to be delivered to you at work? Why or why not? 6. Write what you think is the best corporate policy for personal computer usage at work. Specifically address Facebook, MySpace, Twitter, and other personal social networking activity
CHAPTER 11 Information Systems ManagemerrC
. Management advantages Popular Reasons for nhtain exoertise. "11 oJSsourcing IS Services I S ^ S - n t problems. *
- Free management time.
• Cost reduction - Obtain part-time services. -Gain economies of scale.
• Risk reduction - Cap financial exposure. - Improve quality. - Reduce implementation risk.
other measures that can be used to improve the efficiency of software management. Developing such expertise is expensive, and it is not in the company's strategic direction. Efficient installation of software to thousands of computers is not in the "front room." Consequently, the organization might choose to hire a specialist company to perform this service.
Another reason for outsourcing is to avoid management problems. Suppose Carbon Creek Gardens (Chapter 9 Collaboration Exercise, page 334) decides to share its inventory with its suppliers using SOA semces. How will Mary Keeling hire the appropriate staff? She doesn't know if she needs a C++ programmer or an HTML programmer. Even if she could find and hire the right staff, how would she manage them? How would she create a good work environment for a C++ programmer, when she does not know what such a person does? To avoid such management problems. Carbon Creek would hire an outside firm to develop and maintain the Web service.
Similarly, some companies choose to outsource to save management time and attention. Lucas at GeaiUp has the skills to manage a new software development project, but he may choose to not invest the time.
Note, too, that it's not just Lucas' time. It is also time from more senior managers who approve the purchase and hiring requisitions for that activity. And, those senior managers, like Kelly, wil l need to devote the time necessary to learn enough about Web farms to approve or reject the requisitions. Outsourcing saves both direct and indirect management time. Cost Rediicisoii Other common reasons for choosing to outsource concern cost reductions. With out- sourcing, organizations can obtain part-time services. Another benefit of outsourcing is to gain economies of scale. If 25 organizations develop their own payroll applica- tions in-house, then when the tax law changes 25 different groups will have to learn the new law, change their software to meet the law, test the changes, and write the documentation explaining the changes. However, if those same 25 organizations outsource to the same payroll vendor, then that vendor can make all of the adjust- ments once, and the cost of the change can be amortized over all of them (thus lowering the cost that the vendor must charge). R'mii Reduction Another reason for outsourcing is to reduce risk. First, outsourcing can cap financial risk. In a typical outsourcing contract, the outsource vendor will agree to provide, say, computer workstations with certain software connected via a particular network. Typically, each new workstation will have a fixed cost, say, $2,500 per station. The company's management team might believe that there is a good chance that they can provide workstations at a lower unit cost, but there is also the chance that they will get in over their heads and have a disaster. If so, the cost per computer could be much higher than $2,500. Outsourcing caps that financial risk and leads to greater budgetary stability.
Q3 What Are the Advantages and Disadvantages of Outsourcing? 397
Second, outsourcing can reduce risk by ensuring a certain level of quality, or avoiding the risk of having substandard quality. A company that specializes in food service knows what to do to provide a certain level of quaUty. It has the expertise to ensure, for example, that only healthy food is served. So, too, a company that specializes in, say, cloud-server hosting, knows what to do to provide a certain level of service for a given workload.
Note that there is no guarantee that outsourcing wil l provide a certain level of quality or quality better than could be achieved in-house. If it doesn't outsource the cafeteria, Google might get lucky and hire only great chefs. Carbon Creek Gardens might get lucky and hire the world's best software developer. But, in general, a professional outsourcing firm knows how to avoid giving everyone food poisoning or developing new apphcations. And, if that minimum level of quality is not provided, it is easier to hire another vendor than it is to fire and rehire internal staff.
Finally, organizations choose to outsource IS in order to reduce implementation risk. Hiring an outside vendor reduces the risk of picking the wrong hardware or the wrong software, using the wrong network protocol, or implementing tax law changes incor- rectly. Outsourcing gathers all of these risks into the risk of choosing the right vendor. Once the company has chosen the vendor, further risk management is up to that vendor.
Many firms headquartered in the United States have chosen to outsource overseas. Microsoft and Dell, for example, have outsourced major portions of their customer support activities to companies outside the United States. India is a popular source because it has a large, well-educated, English-speaking population that will work for 20 to 30 percent of the labor cost in the United States. China and other countries are used as well. In fact, with modern telephone technology and Internet-enabled service databases, a single service call can be initiated in the United States, partially processed in India, then Singapore, and finalized by an employee in England. The customer knows only that he has been put on hold for brief periods of time.
International outsourcing is particularly advantageous for customer support and other functions that must be operational 24/7. Amazon.com, for example, operates customer service centers in the United States, India, and Ireland. During the evening hours in the United States, customer service reps in India, where it is daytime, handle the calls. When night falls in India, customer service reps in Ireland handle the early morning calls from the east coast of the United States. In this way, companies can provide 24/7 service without requiring employees to work night shifts.
By the way, as you learned in Chapter 1, the key protection for your job is to become someone who excels at nonroutine symbolic analysis. Someone with the ability to find innovative applications of new technology also is unlikely to lose his or her job to overseas workers.
Organizations have found hundreds of different ways to outsource information systems and portions of information systems. Figure 11-5 organizes the major categories of alternatives according to information systems components.
Some organizations outsource the acquisition and operation of computer hardware. Electronic Data Systems (EDS) has been successful for more than 30 years as an outsource vendor of hardware infrastructure. Figure 11-5 shows another alterna- tive, outsourcing the computers in the cloud.
Acquiring licensed software, as discussed in Chapters 4 and 10, is a form of outsourcing. Rather than develop the software in-house, an organization licenses it from another vendor. Such licensing allows the software vendor to amortize the cost of software maintenance over all of the users, thus reducing that cost for all users. Software as a service (SaaS) is another outsourcing alternative that provides hosted applications and data storage. Salesforce.com is a typical example of a company that offers SaaS.
398 CHAPTER 11 Information Systems Management
Figure 11-5 IS/IT Outsourcing Alternatives Hardware
Example: laaS cloud hosting
Licensed software
SaaS
System
Business function
Software Data Procedures People
Another outsourcing alternative is to outsource an entire system. PeopleSoft (now owned by Oracle) attained prominence by providing the entire payroll function as an outsourced service. In such a solution, as the arrow in Figure 11-5 implies, the vendor provides hardware, software, data, and some procedures. The company need provide only employee and work information; the payroll outsource vendor does the rest.
A Web storefront is another form of application outsourcing. Amazon.com, for example, provides a Web storefront for product vendors and distributors who choose not to develop their OVVTI Web presence. In this case, rather than pay a fnced fee for the storefront service, the product vendors and distributors payAmazon.com a portion of the revenue generated. Such Web-service hosdng has become a major profit center for Amazon.com.
Finally, some organizations choose to outsource an entire business function. For years, many companies have outsourced to travel agencies the function of arranging for employee travel. Some of these outsource vendors even operate offices within the company facilities. Such agreements are much broader than outsourcing IS, but information systems are key components of the applications that are outsourced.
Not eveiyone agrees on the desirabUity of outsourcing. For potential pitfalls, read the example in the Guide on pages 404-405.
With so many advantages and with so many different outsourcing alternatives, you might wonder why any company has any in-house IS/IT functions. In fact, outsourcing presents significant risks, as listed in Figure 11-6.
Outsourcing Risks Loss of control - Vendor in driver's seat. -Technology direction. - Potential loss of intellectual capital. - Product fixes, enhancements in wrong priority. - Vendor management, direction, or identity changes. - CIO superfluous?
Benefits outweighed by long-term costs - High unit cost,forever. - Paying for someone else's mismanagement. - In time, outsource vendor is de facto sole source. - May not get what you pay for but don't know it.
No easy exit - Critical knowledge in minds of vendors, not employees. - Expensive and risky to change vendors.
Q3 What Are the Advantages and Disadvantages of Outsourcing? 399
Loss of Control
The first risk of outsourcing is a loss of control. Outsourcing puts the vendor in tlie driver's seat. Each outsource vendor has methods and procedures for its service. The organization and its employees will have to conform to those procedures. For example, a hardware infrastructure vendor will have standard forms and procedures for requesting a computer, for recording and processing a computer problem, or for providing routine maintenance on computers. Once the vendor is in charge, employees must conform.
When outsourcing the cafeteria, employees have only those food choices that the vendor provides. Similarly, when obtaining computer hardware and services, the employees wi l l need to take what the vendor supports. Employees who want equipment that is not on the vendor's list will be out of luck.
The outsource vendor chooses the technology that it wants to implement. If the vendor, for some reason, is slow to pick up on a significant new technology, then the hiring organization will be slow to attain benefits from that technology. An organization can find itself at a competitive disadvantage because it cannot offer the same IS services as its competitors.
Another concern is a potential loss of intellectual capital. The company may need to reveal proprietary trade secrets, methods, or procedures to the outsource vendor's employees. As part of its normal operations, that vendor may move employees to competing organizations, and the company may lose intellectual capital as that happens. The loss need not be intellectual theft; it could simply be that the vendor's employees learned to work in a new and better way at your company, and then they take that learning to your competitor.
Similarly, all software has failures and problems. Quality vendors track those failures and problems and fix them according to a set of priorities. When a company outsources a system, it no longer has control over prioritizing those fixes. Such control belongs to the vendor. A fix that might be critical to your organization might be of low priority to the outsource vendor.
Other problems are that the outsource vendor may change management, adopt a different strategic direction, or be acquired. When any of those changes occur, priorities may change, and an outsource vendor that was a good choice at one time might be a bad fit after it changes direction. It can be difficult and expensive to change an outsource vendor when this occurs.
The final loss-of-control risk is that the company's CIO can become superfluous. When users need a critical service that is outsoiu-ced, the CIO must turn to the vendor for a response. In time, users learn that it is quicker to deal directly with the outsource vendor, and soon the CIO is out of the communication loop. At that point, the vendor has essentially replaced the CIO, who has become a figurehead. However, employees of the outsoiuce vendor work for a different company, with a bias toward their employer. Critical managers will thus not share the same goals and objectives as the rest of the management team. Biased, bad decisions can result.
BerK'sls OiiiMelghed by Long-Iem? Costs The initial benefits of outsourcing can appear huge. A cap on financial exposure, a reduction of management time and attention, and the release of many management and staffing problems are all possible. (Most likely, outsource vendors promise these very benefits.) Outsourcing can appear too good to be true.
In fact, it can be too good to be true. For one, although a fixed cost does indeed cap exposure, it also removes the benefits of economies of scale. If the Web storefront takes off, and suddenly the organization needs 200 servers instead of 20, the using organization will pay 200 times the fixed cost of supporting one server. It is likely, however, that because of economies of scale, the costs of supporting 200 seivers are far less than 10 times the costs of supporting 20 servers.
Also, the outsource vendor may change its pricing strategy over time. Initially, an organization obtains a competitive bid from several outsource vendors. However, as the winning vendor learns more about the business and as relationships develop
400 CHAPTER 11 Information Systems Management
A Group Exercise
What's That Humming Sound?
Green computing is environmentally conscious computing consisting of three major components: power management, vii-tualization, and e-waste management. In tliis exercise, we focus on power.
You know, of course, that computers (and related equip- ment, such as printers) consume electricity. That burden is light for any single computer or printer. But consider all of the computers and printers in the United States that will be running tonight, with no one in the office. Proponents of green computing encourage companies and employees to reduce power and water consumption by turning off devices when not in use.
Is this issue important? Is it just a concession to environ- mentalists to make computing professionals appear virtuous? Form a team and develop your own, informed opinion by considering computer use at your campus.
1. Search the Internet to determine the power requirements for typical computing and office equipment. Consider laptop computers, desktop computers, CRT monitors.
LCD monitors, and printers. For this exercise, ignore server computers. As you search, be aware that a watt is a measure of electtical power. It is watts that the green com- puting movement wants to reduce.
2. Estimate the number of each type of device in use on your campus. Use your university's Web site to determine the number of colleges, departments, faculty, staff, and students. Make assumptions about the number of comput- ers, copiers, and other types of equipment used by each.
3. Using the data from items 1 and 2, estimate the total power used by computing and related devices on your campus.
4. A computer that is in screensaver mode uses the same amount of power as one in regular mode. Computers that are in sleep mode, however, use much less power, say 6 watts per hour. Reflect on computer use on your campus and estimate the amount of time that computing devices are in sleep versus screensaver or use mode. Compute the savings in power that result from sleep mode.
5. Computers that are automatically updated by the IS department with software upgrades and patches cannot be allowed to go into sleep mode because if they are sleep- ing they wil l not be able to receive the upgrade. Hence, some universities prohibit sleep mode on university com- puters (sleep mode is never used on servers, by the way). Determine the cost, in watts, of such a poUcy
6. Calculate the monthly cost, in watts, if: a. All user computers run full time night and day b. All user computers run full time during work hours and
in sleep mode during off-hours. c. All user computers are shut off during nonwork hours.
7. Given your answers to items 1-6, is computer power man- agement during off-hours a significant concern? In com- parison to the other costs of running a university, does tills issue really matter? Discuss this question among your group and explain your answer.
between the organization's employees and those of the vendor, it becomes difficult for other firms to compete for subsequent contracts. The vendor becomes the de facto sole source and, with little competitive pressure, might increase its prices.
Another problem is that an organization can find itself paying for another organi- zation's mismanagement, with little knowledge that that is the case. If GearUp outsources its auction site, it is difficult for it to know if the vendor is well managed.
Q4 What Are Your User Rights and Responsibilities? 401
GearUp may be paying for poor management; even worse, it may suffer the conse- quences of poor management, such as lost data. It will be very difficult for GearUp to learn about such mismanagement.
No Eaav E 2ill The final category of outsourcing risk concerns ending the agreement. There is no easy exit. For one, the outsource vendor's employees have gained significant knowledge of the company They know the server requirements in customer support, they know the patterns of usage, and they know the best procedures for downloading operational data into the data warehouse. Consequently, lack of knowledge will make it difficult to bring the outsourced service back in-house.
Also, because the vendor has become so tightly integrated into the business, parting company can be exceedingly risky. Closing down the employee cafeteria for a few weeks while finding another food vendor would be unpopular, but employees would survive. Shutting down the enterprise network for a few weeks would be impos- sible; the business would not survive. Because of such risk, the company must invest considerable work, duplication of effort, management time, and expense to change to another vendor. In truth, choosing an outsource vendor can be a one-way street.
Choosing to outsource is a difficult decision. In fact, the correct decision might not be clear, but time and events could force the company to decide.
It may not always be clear whether a company should outsource. The Guide on pages 406-407 considers different scenarios.
What Are Your User Rights and Responsibilities? As a future user of information systems, you have both rights and responsibihties in your relationship with the IS department. The items in Figure 11-7 list what you are entided to receive and indicate what you are expected to contribute.
Vour User Righiis You have a right to have the computing resources you need to perform your work as proficiently as you want. You have a right to the computer hardware and programs that you need. If you process huge files for data-mining applications, you have a right to the huge disks and the fast processor that you need. However, if you merely receive emaO and consult the corporate Web portal, then your right is for more modest requirements ^ ;-7 (leaving the more powerful resources for those in the organization who need them). User Information Systems
Rights and Responsibilities
You have a right to: - Computer hardware and programs that
allow you to perform your job proficiently - Reliable network and Internet connections - A secure computing environment - Protection from viruses, worms, and other threats - Contribute to requirements for new system
features and functions - Reliable systems development and maintenance - Prompt attention to problems, concerns, and
complaints - Properly prioritized problem fixes and
resolutions -Effective training
You have a responsibility to: - Learn basic computer skills - Learn standard techniques and procedures for
the applications you use - Follow security and backup procedures - Protect your password(s) - Use computer resources according to your
employer's computer use policy - Make no unauthorized hardware modifications - Install only authorized programs - Apply software patches and fixes when
directed to do so -When asked, devote the time required to
respond carefully and completely to requests for requirements for new system features and functions
- Avoid reporting trivial problems
n n
. ~J Security Privacy
S o m e organjzationshaveiegai requirements to^jrotect the customer data they collect and store, but the laws may be more l i m i t e d than you t h i n k . The Gramm-Leach- Bliley (GLB) Act, passed by Congress i n 1999, protects consumer f inancial data stored by financial inst i tut ions , w h i c h are defined as banks, securities f irms, insurance companies, and organizations that provide financial advice, prepare tax returns, and provide similar f inan- cial services.
The Privacy Act of 1974 provides protec- t ions to indiv iduals regarding records m a i n - tained by the U.S. government , and the privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 give indiv iduals the r i ght to access health data created by doctors and other health-care providers. HIPAA also sets rules and l i m i t s o n w h o can read and receive your health i n f o r m a t i o n .
The law is stronger i n other countries. I n Australia, for example, the Privacy Principles of the Australian Privacy Act of 1988 govern not only government and health-care data, but also records maintained by businesses w i t h revenues i n excess of AU$3 m i l l i o n .
To understand the importance of these limita- tions, consider online retailers that routinely store customer credit card data. Do Dell, Amazon.com, airlines, and other e-commerce businesses have a legal requirement to protect their customers' credit card data? Apparently not—at least not i n the United States. The activities of such organiza- tions are not governed by the GLB, the Privacy Act of 1974, or HIPAA.
Most consumers w o u l d say, however, that onUne retailers have an ethical requirement to protect a customer's credit card and other data, and most online retailers w o u l d agree. Or at least the retailers w o u l d agree that they have a strong business reason to protect that data. A substantial loss of credit card data by any large online retailer w o u l d have detrimental effects on both sales and brand reputation.
Data aggregators like Acxiom Corporation further complicate the risk to i n d i v i d u a l s because they develop a complete prof i le of households and i n d i v i d u a l s . A n d , no federal law p r o h i b i t s the U.S. government f r o m b u y i n g i n f o r m a t i o n products f r o m the data accumulators.
But let's bring the discussion closer to home. What requirements does your university have on the data it maintains about you? State law or university policy may govern those records, but no federal law does. Most universities consider it their responsibility to provide public access to graduation records. Anyone can determine w h e n you graduated, your degree, and your major. (Keep this service i n m i n d w hen you v«:ite your resume.)
Most professors endeavor to publish grades by student number and not by name, and there may be state law that requires that separation. But what about your work? What about the papers you write , the answers you give on exams? What about the emails you send to your professor? The data are not protected by federal law, and they are probably not protected by state law. I f your professor chooses to cite your w o r k i n research, she w i l l be subject to
426
copyright law, b u t not privacy law. What you write is no longer your personal data; it belongs to the academic community . You can ask your professor what she intends to do w i t h your coursework, emails, and office conversations, but none of that data is protected by law.
The bottom line is this: Be careful with your personal data. Large, reputable organizations are likely to endorse ethical privacy policy and to have strong and effective safeguards to effec- tuate that policy. But individuals and small organizations might not. I f i n doubt, ask. :
Source: Supefstock.
Discussion Questions 1^ 1 1. As stated in the case, when you order from an online retailer, the data you provide is not protected by U.S. privacy law. Does this fact cause you to reconsider setting up an account with a stored credit card number? What is the advantage of stor- ing the credit card number? Do you think the advantage is worth the risk? Are you more willing to take the risk with some companies than with others? Why or why not? 2. Suppose you are the treasurer of a student club, and you store records of club members' payments in a data- base. In the past, members have disputed payment amounts; therefore, when you receive a payment, you scan an image of the check or credit card invoice and store the scanned image in a database.
One day, you are using your computer in a local coffee shop when a malicious student breaks into your computer over the shop's wireless network and steals the club data- base.You know nothing about this until the next day, when a club member complains that a popular student Web site has published the names, bank names, and bank account numbers for everyone who has given you a check.
What liability do you have in this matter? Could you be classified as a financial institution because you are taking students' money? (You can find the GLB at www.ftc.gov/privacy/privacyinitiatives/glbact.html) If so, what liability do you have? If not, do you have any other liability? Does the coffee shop have liability? 3. Suppose you are asked to fill out a study questionnaire that requires you to enter identifying data, as well as answers to personal questions. You hesitate to provide the data, but the top part of the questionnaire states, "All responses will be strictly confidential." So, you fill out the questionnaire.
Unfortunately, the person who is conducting the study visits the same wireless coffee shop that you visited (in question 2), and the same malicious student breaks in and steals the study results. Your name and all of your responses appear on that same student Web site. Did the person conducting the study violate a law? Does the confidentiality assurance on the form increase that person's requirement to protect your data? Does your answer change if the person conducting the study is (a) a student, (b) a professor of music, or (c) a professor of computer security? 4. In truth, only a talented and motivated hacker could steal databases from computers using a public wireless network. Such losses, although possible, are unlikely How- ever, any email you send or files you download can readily be sniffed at a public wireless facility. Knowing this, describe good practice for computer use at public wireless facilities. 5. Considering your answers to the above questions, state three to five general principles to guide your actions as you disseminate and store data.
427
