Why aren’t big corporations jumping onto the web?

I work for the IT department of a large pharmaceutical and I’ve been trying to drag them into the 21st century. In my previous company, we used ICQ and Netmeeting for collaboration and we used Hotmail as our mail platform. Our infrastructure required no support, no servers and it was always updated and secure. I’ve explained to management how we save on costs if we moved off our ancient Lotus mail system to a hosted solution. I proposed using ICQ or Microsoft Netmeeting instead of our internal tools and using tools like vBulletin forums for collaboration. When I brought up MySpace for linking to our clients, I didn’t even get two sentences out before being shot down. Everyone else in the world seems to get that we’re moving to the web. Why can’t big corporations see the future?

Frustrated Technologist

I feel your pain. But I also understand the position of your management.

Small companies are more agile and accepting of risk because they can see it quickly and respond just as fast. If your mail host screws up, you can send out a quick memo and move your dozen employees to a new host overnight. If there’s a security breach on ICQ or Netmeeting, it’ll come up in the morning meeting and everyone will understand what they can and can’t do until it’s resolved. If someone has questions, they’ll walk over and ask “Ted the IT guy” for help. If there’s a lawsuit, the company lawyer can walk around and manually copy all of the relevant documents, emails, etc to a USB stick. If a service goes bankrupt overnight, moving to an alternate platform may simply mean that someone walks around and adds a new bookmark to everyone’s browser. If security is breached, the impact may be a few dozen customers or some proprietary information. It could be damaging to the company, but the scope is limited.

Large companies simply can’t accept these risks as easily. If a publicly hosted mail service screws up, they may have to inform 100,000 employees and migrate them to a new platform. That could be months worth of work and manpower. If there’s a security breach on a public messaging tool, it could be a month before everyone in the company even gets around to reading the memo. If there’s a lawsuit (and the bigger the company, the more of a target they become for frivolous litigation), you now have an issue of even identifying who and what is relevant to the case. By the time that you get around to identifying the information that you need, it’s probably been deleted. If the data is centralized and archived, it can be browsed on an as-needed basis. If security is breached, the data of hundreds of thousands of customers could be compromised. In the case of a pharmaceutical, trade secrets worth billions of dollars could be exposed or personal medical histories could become public knowledge. In addition to the loss of intellectual property, the company would also have a huge lawsuit from their clients and they’d be liable for substantial punitive damages.

Here’s an analogy that might help:
Imagine that a couple of college kids come knocking on your door and tell you that they’re offering a new banking service. You give them all of your money and they’ll pay you 10% interest and any time you need cash, you just call them and they’ll hand deliver it to you wherever you are. You check with their references and it all checks out as legitimate. They don’t have the overhead of insurance, offices, regulation or FDIC. They just keep the money in a bunch of labelled shoeboxes and take it out when you need it. From your perspective, they provide a great ROI and they provide much better service than your bank. Would you turn over your savings to them?

Increased size and complexity leads to an inevitable loss of agility. The advantage of centralized and internally hosted IT is that you have the control that you need to compensate for that lack of agility (somewhat). Unfortunately, that control is expensive and the need for it isn’t always obvious. It becomes a source of frustration to the people who are used to acting as individuals instead of part of a larger collective. It’s ironic that small companies lack the resources to fully leverage their agility and large corporations lack the agility to make the best use of their resources.

What it comes down to is that to an individual, information is something to be shared. To a corporation, it’s something to be hoarded and protected. That leads to the “command and control” mentality that we see in most large companies. It leads to processes and infrastructures that are focused on avoiding risk. It’s also what inevitably leads to the small, nimble startups taking market share away from the slow moving dinosaurs. The compromise is to educate your employees and let them run their areas like individual businesses. Lay out ground rules and strategies to keep everyone aligned, but start acting like a pack of coordinated lions/wolves/whatever instead of a single monolithic dinosaur. Let groups make intelligent decisions about whether or not they can accept the risk of using an external mail service or chat client. (but make sure that they *understand* the risk and their responsibilities) Let them choose the devices and software that they want to use as long as it conforms to the rules that matter. Sure you lose some of the savings that you got by commoditizing the decisions, but you also force the units to think on their own and manage their own risk.

As always, that’s just my two cents. I hope that it’s been worth at least that much to you 🙂