Today, we have part 4 of my interview with Tom Barnett (part 1, part 2, part 3). Tom looks at the notion of Service oriented alliances, and why businesses should think of risk management as a differentiator. Tom Barnett's recent book is Great Powers (and you can read it on your Kindle).
GP: Your notion of Service-Oriented Alliances is that technology is driving business and business is driving globalization - "if I can do damn near anything over the Internet, my company can assume almost any shape I want", this implies connectivity, dynamism, and a degree of uncertainty. How do firms leverage SOA to find advantages in these alliances? Given the connectivity, a level of uncertainty and multiple policy domains - how should they think about risk management?
Thomas Barnett: It’s our argument at Enterra that companies need to view the emerging SOA environment as the IT equivalent of globalization in all its complexity—both good and bad. It’s an opportunity to render autonomic—through rule set automation—as much of their performance metrics, security (physical, cyber, application), and regulatory compliance practices as possible. That means using genetic algorithms to bake rules into your operating systems and allowing these next-generation management capabilities, in aggregate, to elevate your management’s interventions—as in, keep them above the fray of day-to-day minutia and focused on the serious decisions. But the key thing is to make these rules instantly updatable and re-renderable based on changes in your operating environment. Too much of what constitutes management today are execs chasing down all the gaps and internal conflicts among the various rule-set domains to which their company is exposed. It’s gotten to the point where investors feel that, based on all these recent scandals, major corporations have almost gotten too big to effectively manage. In the end, all this connectivity and systems integration comes at a price: you’re increasingly exposed to all manner of networks in this world and with that connectivity comes increasingly higher expectations from clients, suppliers, and governments.
As such, risk management shouldn’t be thought of as a burden but as a differentiator—another chance to prove your company’s worth relative to the competition.
Inside what I call globalization’s Functioning Core (old West, new East, rising pillars of the South), we’ve moved from classic defense to comprehensive security. Inside my Non-Integrated Gap, defense still trumps security. So we’re talking two rule-set domains—high and stable versus low and unstable. But the third domain is crucial. In political-military terms it’s the question, Under what conditions can/should Core great powers intervene inside the Gap?
The same is essentially true for companies: mature firms in the high-trust Old Core (i.e., North America, Europe, Industrialized Asia) have undergone deep integration with a lower-trust New Core (BRIC-plus), which in turn, because of its skyrocketing resource requirements, is undergoing greatly heightened integration with the low-to-no-trust Gap regions, like China and India going into Africa big time. The New Core’s extension of nets into Gap regions means that our connecting networks with rising powers like China and India makes us—by extension—far more vulnerable to bad things coming out of the Gap (i.e., anything capable of creating business discontinuity). So there’s no question that risk management has gotten a lot more complex—as in, beyond creating redundancy and calling it a day.
Companies need to know their critical assets throughout their systems of supply and production and sales, and be able to re-render those relationships at a moment’s notice, because your client loss this morning is somebody else’s market opportunity that afternoon. You see that on obvious ones like tainted products: all of a sudden South Korea is shut down with regard to U.S. beef and maybe you never reclaim that market space as a result.
Interesting to compare with infosec Old Core equals back office enterprise, mainframe and such, Gap equals Internet wild, wild west, and New Core equals large businesses who primarily do business on the web. Different security and integration rules for each environment and when these environments intersect.