1 Raindrop

Gunnar Peterson's loosely coupled thoughts on distributed systems, security, and software that runs on them.

Recent Posts

  • Security Champions Guide to Web Application Security
  • Security > 140 Conversation with Pamela Dingle on Identity
  • 6 Things I Learned from Robert Garigue
  • The Curious Case of API Security
  • Security Capability Engineering
  • Ought implies can
  • Security > 140 Chat with T. Rob Wyatt on MQ and Middleware Security
  • Privilege User Management Bubble?
  • The part where security products solve the problem
  • Four Often Overlooked Factors to Give Your Security Team a Fighting Chance

Blogroll

  • Adding Simplicity - An Engineering Mantra
  • Adventures of an Eternal Optimist
  • Andy Steingruebl
  • Andy Thurai
  • Anton Chuvakin
  • Beyond the Beyond
  • cat slave diary
  • Ceci n'est pas un Bob
  • ConnectID
  • Cryptosmith
  • Emergent Chaos: Musings from Adam Shostack on security, privacy, and economics
  • Enterprise Integration Patterns: Gregor's Ramblings
  • Financial Cryptography
  • infosec daily: blogs
  • Jack Daniel
  • James Kobielus
  • James McGovern
  • John Hagel
  • Justice League [Cigital]
  • Kim Cameron's Identity Weblog
  • Krypted - Charles Edge's Notes from the Field
  • Lenny Zeltser
  • Light Blue Touchpaper
  • Mark O'Neill
  • Off by On
  • ongoing
  • Patrick Harding
  • Perilocity
  • Pushing String
  • Rational Survivability
  • rdist: setuid just for you
  • RedMonk
  • RiskAnalys.is
  • Rudy Rucker
  • Software For All Seasons
  • Spire Security Viewpoint
  • TaoSecurity
  • The New School of Information Security
  • Windley's Technometria
  • zenpundit
Blog powered by Typepad

Costco's Value Chain

17costco2.184Morningstar awarded Costco CEO Jim Sinegal its CEO of the year. Like infosec, retail is a tough business, and Sinegal and Costco succeeded by following a core set of values and by doing things differently.

Several years ago a Costco clothing buyer was able to purchase a large quantity of high-end brand-name jeans at an extremely low price, and the pants showed up in the warehouses for $29.99. The same jeans were selling for $50 at department stores.

It turns out that the buyer was able to negotiate an even better deal on the next order, about $7 less per pair. The idea of keeping the price at $29.99 was briefly floated - potentially bringing in a handsome payoff, considering Costco could sell millions of pairs of jeans. But the notion was quickly and forcefully rejected- and the price dropped to $22.99 a pair, or just a few dollars over cost.

Crazy, right? Yes if you follow traditional retail rationale. But going against convention has been Costco's modus operandi from the start. The person to best explain the approach is Jim Sinegal, Costco co-founder and longtime CEO:

"in traditional retail the thinking is 'Gee, I'm selling this thing for ten bucks, I wonder if I can get eleven for it? The customer's never going to know the difference. We look at it and we say, 'Selling this thing for ten bucks, how do I get it to nine? And then if I get it to nine, how do I get it to eight?'"

This little story illustrates the Costco mindset, which by itself would be an impressive achievement, but Costco values integrity for more than just low prices. At the top SInegal answers his own phone and takes an annual salary of $400k/year. At the employee level, Costco is unique among big retailers in that they pay health benefits, a 50% higher wage, have employee retention rates near 90% (unheard of in the space), and did not lay employees off during the financial crisis. This leads to a great customer experience, and for shareholders the highest valuation of major retailers. You often hear the term "value chain" in business, but Costco actually built one.

Of course, creating a virtuous circle like Costco has isn't easy, otherwise everyone would do it. Its not a stright line path, learning and adapting is required, and this is not an accident either - as Jim Sinegal says "If you aren't spending 90% of your time teaching, you aren't doing your job."

January 09, 2012 in Business | Permalink | Comments (0) | TrackBack (0)

The Silo Curse

Excellent work Waking up to the 'silo curse' is far from the end of the problem by Gillian Tett

When Larry McDonald, a former bond trader at Lehman Brothers, recently wrote an exposé of that broker's collapse, he vented his rage at the ineptitude of former Lehman bosses, such as Dick Fuld.

Almost inadvertently, though, his colourful tale also highlights another curse of the modern financial world: silos.

For, as McDonald narrates in breathless detail, long before Lehmans collapsed in the autumn of 2008, its own fixed income department was already so alarmed by the real estate market that they were trying to go "short".

But, while one department of Lehmans was exceedingly bearish, other departments, such as the mortgage securitisation team, were aggressively bullish - and the different departments were in such rivalry, that they barely communicated, let alone co-ordinated.

The consequences of that unhappy tale are now crystal clear. But the saga raises a much wider moral, not just for bankers, but investors too.

In recent months, vats of ink have been spilt on the macro-economic and regulatory reasons for the financial crash. But one issue that has received less attention is the problem of how financial companies are structured - most notably, in terms of their tendency towards both structural silos (ie: departments that do not talk), and mental silos (financiers with tunnel vision).

This "silo curse" was central to many recent failures of public policy. Just look at how at the activities of groups such as AIG fell through the cracks of oversight because there were so many competing regulatory bodies in the US. Or note how British policymakers split monetary policy (managed by the Bank of England) from financial regulation (handled by the Financial Services Authority) and thus failed to curb the credit bubble.

Of course we see this all the time in information systems, where data, events and processes are highly optimized in one area but impoverished in other areas.
For one paradox of the modern age is that while technology is integrating the world in some senses, it is simultaneously creating fragmentation too. Moreover, as innovation speeds up, it keeps creating complex new activities that are only understood by technical "experts" in a silo.
Add to this the issues around a single, say insurance claim, that in its lifecycle must traverse 50 or 60 applications, different databases, security technologies and the fragmentation problem looks somewha daunting.

October 09, 2009 in Business | Permalink | Comments (0)

Are we outsourcing the wrong thing?

Warren Buffett started off the Berkshire shareholder letter this year talking about subprime, wondering why banks needed to invent new ways to lose money when the old ones still worked perfectly well. HDFC (HDB) is the second or third largest bank in India, its stock I follow thanks to my friends from Motley Fool. They have a net non-performing assets percentage of 0.4%. Their earnings rose 37% for Q4.

Geez, when you look at these results, maybe we should outsource the business side and keep software development here?

April 24, 2008 in Business | Permalink | Comments (1)

Africa Calling

Thought of the day from The Economist emphasis added:

Mo Ibrahim helped to bring mobile phones to Africa. Now he has bigger plans

IN 1998, as the telecoms boom was under way, Mo Ibrahim was amazed that big companies were rushing into the mobile-phone business around the world, yet not in Africa. There they saw only problems: poverty, unrest and corruption. Mr Ibrahim, a veteran of the telecoms industry in Britain and Sudan, was at the time running a consultancy he had founded in London. Amid the cigar smoke and snifters that followed its directors' dinners, an idea formed. Might it be possible to set up a pan-African mobile operator—and to do so without paying bribes?

This was the genesis of Celtel, which is now one of Africa's largest mobile operators, with some 20m subscribers in 15 countries.When Mr Ibrahim sold Celtel in 2005 to MTC, a Kuwaiti operator, for $3.4 billion, it demonstrated that the continent was open for business. Rather than charity, he insists, “the way forward for Africa is investment.”

Building businesses in Africa is important to Mr Ibrahim, who had to leave the continent as a young man in order to pursue his career. Born in Sudan and raised and educated in Egypt, he started off as an engineer at Sudan's national phone company. After further study in Britain he went on to become technical director at Cellnet, the wireless arm of BT, Britain's biggest telecoms operator. (Cellnet was subsequently sold, renamed O2 and is now owned by Telefónica of Spain.) He left in 1989 to set up an engineering consultancy that designed mobile networks, and sold the firm for just over $900m to Marconi in 2000.

These experiences paved the way for Celtel's emergence. The consultancy enabled Mr Ibrahim to peer into the business models of dozens of mobile operators, from which he concluded that an African operator would work. His time at BT was also informative: big companies, he says, teach a fellow everything he ought not to do in order to be successful. “Later on in life I was not worried about taking on the big guys, because you know they are not efficient,” he says. And Mr Ibrahim's previous success meant that the motivation behind Celtel's establishment was not solely commercial. He and his co-founders had already made their fortunes and regarded Celtel as a political and intellectual test. That is why they happily ventured into risky African markets and refused to pay bribes.

June 03, 2007 in Business | Permalink | Comments (0)

My Photo

SOS: Service Oriented Security

  • The Curious Case of API Security
  • Getting OWASP Top Ten Right with Dynamic Authorization
  • Top 10 API Security Considerations
  • Mobile AppSec Triathlon
  • Measure Your Margin of Safety
  • Top 10 Security Considerations for Internet of Things
  • Security Checklists
  • Cloud Security: The Federated Identity Factor
  • Dark Reading IAM
  • API Gateway Secuirty
  • Directions in Incident Detection and Response
  • Security > 140
  • Open Group Security Architecture
  • Reference Monitor for the Internet of Things
  • Don't Trust. And Verify.

Archives

  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015

More...

Subscribe to this blog's feed