Does IT Matter?

(Note: This is a reprint from our June 2004 newsletter - the information here is just as relevant as when it was written)

In May 2003, Nicholas Carr published an article in Harvard Business Review titled “IT Doesn’t Matter”, and more recently a book, “Does IT Matter? Information Technology and the Corrosion of Competitive Advantage”.

The main thrust of the article is described on the author’s site:

I examine the evolution of information technology in business and show that it follows a pattern strikingly similar to that of earlier technologies like railroads and electric power. For a brief period, as they are being built into the infrastructure of commerce, these "infrastructural technologies," as I call them, open opportunities for forward-looking companies to gain strong competitive advantages. But as their availability increases and their cost decreases - as they become ubiquitous - they become commodity inputs. From a strategic standpoint, they become invisible; they no longer matter.

However, I would paraphrase the article as: Don’t spend money on IT advantages that will be quickly and cheaply copied by your competitors before you can recover the development costs.

The problem is while it raises some valid issues regarding over capitalization in and cost recovery in IT, other assertions in the paper made people in the industry object to the entire article (and of course, the title doesn’t help).

For example, there is discussion of the practice of renewing all desktop computers in an organisation every 2-3 years when people are using them for the same business functions, with the implication that word processing only uses 5% of a new computer’s processing power. There is some merit in this argument, but it completely ignores the fact that machines degrade over time and that as PC’s have continued to drop in price, maintenance can become more expensive than replacement. It doesn’t mean that replacement is always warranted or desirable, but the decision should not be over simplified.

Paradoxically, considering the article’s title, the author accepts the necessity of IT in the business world; he simply asserts that you cannot maintain a competitive advantage today by implementing cutting edge technology. This is true, but it’s just another way of saying you can’t solve a problem by throwing money at it. In fact, on his web site, the author quotes Cisco Systems CIO, Brad Boston as admitting, "Wal-Mart, Amazon, eBay, and other great companies didn't succeed because their information technology was better than others. Their vision was." However, copying eBay’s technology is unlikely to significantly erode their market share because the brand is too strong. The vision alone could not have raised these companies to their position either, and the most important part of their technology is that they got it right. If Amazon weren’t delivering product in a timely fashion, it wouldn’t matter that it was cheaper than Dymocks.

The picture for small business is a little different. While they are not likely to create new technology, implementation of IT is not homogeneous. Often in fields like brokerage, the edge comes from using IT to make a large business from many small businesses. The paradox being that it’s a race to avoid being left behind once these kind of services have a significant client base.

Whether or not IT can be reduced to a commodity it certainly needs to be considered with the cost/benefit relationship in mind. Indeed, as technology like RAID has entered the consumer market, it becomes hard to justify the risk of the downtime and data loss caused by a single drive failure in a server. On the other hand, while the technology is cheap enough to consider use in workstations, it would be nonsense to implement if they were not due for replacement as the risk of data loss on a well configured workstation (where data is normally saved to the server) should be negligible.

IT does matter – just like having reliable motor vehicles and planes matters for a courier, and having reliable power matters for a factory. Whether or not IT can deliver great competitive advantage anymore is another matter. One thing is for sure; uncontrolled investment in IT can still hurt businesses.

Going Wireless

(Note: This is a reprint from our June 2004 Newsletter - much of it is still relevant today)

Customers may recall that when wireless technology first started to become prevalent we cautioned against using it, largely because the security for wireless communications was inadequate. The advice was well founded. For example, 128bit WEP (Wireless Encryption Protocol) was the best protection available under the old 802.11b standard, but could be broken by a normal computer in only a few minutes. That is, an attacker could sit outside your premises, and break your security in a matter of minutes using a normal notebook and a wireless card.

The advice was well founded then, but is starting to become obsolete now. The new wireless standard, 802.11g, contains a number of new security measures that have drastically improved the security of wireless networking. In addition to this, the price of 802.11g capable equipment has come down significantly from when it was first released to the point where it is affordable and only slightly more expensive than 802.11b equipment.

So where might you think about using wireless? As always, where it makes sense for the business by either being cost effective compared to alternatives, or giving you a capability you need. For example, if you had a building that you need to setup an office in, and had no data cables in place already, you might decide that setting up a wireless network at approximately $150 a station was a better strategy than paying an electrician $200 per point to setup data points and data cabling.

This would apply double if there were reasons you couldn’t easily modify the building, such as solid concrete walls/floors/no ceiling space. Another example might be if you wanted people to be able to use their notebook computers in a conference or meeting room, but didn’t want to have to cable the room. Finally, if you had wireless devices necessary for your business process, such as using PDAs for managing stock inventories in a warehouse, wireless is a good solution.

On the other hand are some examples of places where wireless was used without good business justification. One client told us that one of their users had decided to install wireless, seemingly purely out of their own interest, and had the system setup so that the base station (that connects to the main network via a cable ), and the wireless computer were on the same desk. The radio signal traveled all of three feet. They had no real need to work away from their desk.

Net result = money wasted, no new required capability delivered, and because this was in the 802.11b days, the security of the network severely reduced.

There are some other things to keep in mind when considering wireless networks. For example, if you were thinking about using wireless for a whole office, rather than cabling, you need to consider how you are going to deliver telephone to people’s desks.

There are ways to do this over a computer network, such as VOIP (Voice Over IP), but very few of these solutions would be cost effective for smaller organizations, and the technology is still a little immature (things are a bit different in 2009).

Another thing to consider is what your actual bandwidth requirements will be. For example, 100Mb switches are now the entry level standard for cabled connections. However, the 802.11g standard is only at 54Mb shared between all computers. If you have network intensive applications you may find, with only a few computers (say 4), that 802.11g does not give you the performance you need.

None of this is to say don’t do it, only that, as always, and particularly with new technology, you should convince yourself of the benefits at a business level. Believe me, this is hard advice for a geeks (like us) to give, but it is what we consistently advise. New technology is always interesting, and for us, fun to play with. That doesn’t mean it is necessarily right for customers.

Quick Tips on Wireless Security for the Enthusiast (may not make sense to others):

• WEP under 802.11b is better than nothing, but that is about it. An attacker can break 128 bit WEP in minutes with a notebook and wireless card, sitting outside your home/office. Yes, people do wander about looking for these connections, often just to obtain a free Internet connection. Your risks of this increase if you live/work in high density areas but it could happen anywhere if you have the wrong neighbors.
• MAC address security is not really much security at all. MAC addresses seem like long random numbers, but they aren’t really. Most manufacturers publish the MAC addresses they use (they have to, so others don’t make gear with the same addresses), and there are tools on the Internet that let a person try and test all possible MAC addresses in seconds.
• WEP and MAC address security combined is not really very strong. If you choose to use just this, for convenience, just be aware in your own mind that there is some risk. Ways to control the risk include putting a personal firewall on all the machines connected to the wireless network, and keeping an eye on your broadband usage throughout the month to make sure you don’t get a nasty shock.
• If you can afford 802.11g equipment then buy it, and use rotating WEP keys and other security features. These features start to offer real levels of security.