Towards a Framework of Open Business Dynamics Jens Frøslev Christensen, Professor Department of Innovation and Organizational Economics Copenhagen Business School Kilevej 14A 3rd floor, 2000 Frederiksberg, Denmark E-mail: jfc.ino@cbs.dk 25.05-2009
Summary This paper presents a framework for understanding business dynamics that are not confined to industry- or technology-specific trajectories and which we therefore term “open business dynamics”. These are defined in terms of convergence and divergence of product markets and technologies, and the systemic nature of innovation underlying such boundary-crossing processes. The framework aligns these concepts with an understanding of “open” business environments that combines notions of product market, industry and ecosystem. The open business dynamics framework serves three purposes. First, it offers a systematic way of analyzing business and innovation contexts that are not well explicated by the Five Forces framework. Secondly, it provides a new life cycle model, the Convergence Life Cycle, which exposes business trajectories that do not correspond to the classical models of product and innovation life cycles. Finally, it offers a contextual complement to the dynamic capabilities and open innovation perspectives in strategy and management of innovation. The framework builds on recent work on open and systemic innovation, dynamic capabilities, platform dynamics and related issues, and on a study of the historical development of IT security sector.
Key words: open business dynamics, convergence, open innovation, IT security.
Introduction For decades, three complementary frameworks have shaped the analysis of strategic management and innovation strategy in many industries. These are the Product Life Cycle, the Five Forces, and the Innovation Life Cycle. Taken together, they comprise what we term the industry-bounded strategy and innovation paradigm, because they provide a consistent set of analytical frameworks for understanding the structure and dynamics of industries as contexts for firm strategy and innovation. 1 However, this paradigm has increasingly encountered difficulties in explaining current business dynamics, and during the last decade, new evolving perspectives, in particular the “dynamic capabilities” and “open innovation” perspectives have engendered new ideas to guide scholarly research and management practices that are not constrained by an appreciation of the industry-bounded paradigm. We refer to these and related perspectives as the emerging open strategy and innovation paradigm. 2
This paper contributes to the enhancement and coherence of this emerging paradigm. It presents a framework for understanding business dynamics that are not confined to industry- or technologyspecific trajectories, and which we therefore term “open business dynamics”. 3 These dynamics are specified with regard to three building blocks – the conception of an “open” business environment, the convergence and divergence of product markets and technologies, and the nature of innovation underlying convergence and divergence. The framework serves three purposes. First, it offers a systematic way of analyzing business and innovation contexts that are not well explicated by the Five Forces framework. Secondly, it provides a new “life cycle” model, the Convergence Life Cycle, which exposes business trajectories that do not correspond to the classical models of product and innovation life cycles. Finally, it offers a contextual complement to the dynamic capabilities and open innovation perspectives.
The paper builds on recent work on open and systemic innovation, dynamic capabilities, platform dynamics and related issues, and on a study of the historical evolution of IT security during the period 1988-2004 (the methodology of data collection is shortly described in Appendix A). This case is not congruent with the industry-bounded paradigm but ideally suited for improving our 2
analytical and managerial insights on open business dynamics and more generally the open strategy and innovation paradigm.
These developments are important for managers for two reasons. One is that the classical industry-bounded paradigm and its constituent elements are failing to address key features of open business dynamics. The other reason is that the emerging open strategy and innovation paradigm has not yet sufficiently matured in scholarly research to provide effective tools for managerial analysis and navigation.
The elements of the “industry-bounded strategy and innovation paradigm” Two of the three analytical frameworks that comprise the industry-bounded strategy and innovation paradigm, as defined above, the Product Life Cycle (PLC) and the Five Forces, are grounded in industrial economics. Since the early 1980s they have been standard elements in business school curriculum in strategic management. The PLC model presents a systematic sequence of stages in the evolution of the economic structure of industries, with special emphasis on the changing significance of entry and exit. 4 The early segmentation stage is characterized by intensive entrepreneurial entry and exit. After this is the ‘shake-out’ stage, with lower entry and intensified exit leading to an oligopolistic market structure and the transition to large-scale operations. Eventually this is followed by phases of lower growth and decline. The second framework, Porter’s “industry analysis”, identifies five competitive forces framing the strategic attractiveness of industries (rivalry, supplier power, buyer power, substitutes, and barriers to entry) 5 The objective is to analyze the level of competition among rivals, the size of entry barriers, and the indirect competition across the value chain from suppliers to buyers. This framework has been inspired by the Mason-Bain “structure-conduct-performance” model in industrial economics. 6 Both share the view of market structure as being predominantly exogenous, and that firm strategies tend to be shaped by given industry structures rather than shape these structures. The Five Forces framework has been useful for analyzing many industries, particularly in their stable and mature stages, but it has been less (or not at all) applicable for understanding very dynamic product markets or industries in the early stage of development. 7 3
The third framework in the industry-bounded paradigm, the Innovation Life Cycle (ILC) model, is rooted in Schumpeterian economics and innovation studies. It was pioneered by Abernathy and Utterback in the 1970s, and was later further developed by Utterback and other scholars of innovation. 8 It is complementary to the PLC and the Five Forces frameworks in that it points to changing patterns of innovations as key drivers in the evolution of industries. According to the ILC, the early stage of industries is characterized by technological discontinuities, radical product innovation and rivalry among a diversity of product designs. This stage ends when one or a few dominant designs are selected by the market, corresponding to the initiation of the ‘shake-out’ phase in the PLC model. Subsequently, scale economies are created through radical process innovation with regard to production and logistics processes and systems, and the previous dynamism of the early stage is replaced by more predictable trajectories of incremental product innovation based on the constraints of the dominant design. The ILC model has provided an important complement to the PLC model and has substantially contributed to enhance our knowledge of strategic management and innovation management in the context of industry evolution.
The decreasing relevance of the “industry-bounded strategy and innovation paradigm” The industry-bounded strategy and innovation paradigm has been particularly effective in explaining the evolving competitive market structure and innovation dynamics of traditional manufacturing industries that are based on one distinctive product category, and that maintain robust boundaries over extended periods of time, which makes the notion of life cycles meaningful (e.g. the automobile, bicycle, steel, tire, or television industry). However, it is increasingly evident that modern business dynamics tend not to fit well with this paradigm. Teece recently made the following pessimistic judgment as to the value of the ‘structure-conductperformance’ model: “Developed in the 1930s, 1940s, and 1950s, it is still relevant to some of the ‘rust belt’ industries that experience low rates of technological innovation where complementors are not important, and where the co-evolution of technologies and institutions is 4
not significant…” 9 The same judgment is appropriate more generally with regard to the industrybounded strategy and innovation paradigm.
Below we point to four generic tendencies in business dynamics and innovation management that have profoundly weakened the scope of validity of this paradigm: •
First, business dynamics are to a decreasing extent confined to classical single-product industries that behave according to the PLC and ILC models. 10 By contrast, business dynamics are increasingly characterized by porous/open boundaries associated with dynamics of convergence (integration) of different product markets, 11 and the divergence (disintegration) of existing product markets into more disaggregated submarkets.
•
Secondly, these convergence and divergence processes are in turn driven by other types of innovation than those addressed in the ILC - radical and incremental innovation, on the one hand, and product and process innovation, on the other. While these categories remain valuable, they do not contribute to understanding the innovative processes underlying convergence and divergence. To this end, we need to differentiate innovations according to their systemic nature and impact.
•
Thirdly, interorganizational and network-based modes of managing innovation are increasingly replacing more closed (intra-firm) modes. While this tendency has been recognized by innovation researchers for some time, it has recently gained comprehensive managerial and research momentum under the umbrella of “open innovation”. 12 The particular importance of open innovation in the context of this paper is that it is congruent with the increasing challenges posed by convergence/divergence dynamics.
•
Fourthly, the increasing prevalence of convergence/divergence dynamics, systemic innovation, and more open modes of organizing innovation makes the coordinative or collaborative nature of the firm-environment relationship much more central to strategic and innovation management than can be accommodated by the Five Forces framework, with its primary focus on the competitive bargaining relationships. While the competitive game remains a vital element in business dynamics, in open business dynamics, the 5
collaborative game and its intricate interplay with competition has become increasingly decisive as firms strive to gain competitive advantage. This implies that the classical “industry” conception in Five Forces is insufficient for assisting firms in understanding their business environment as a means to guide firms’ business and innovation strategies.
Towards a new “open strategy and innovation paradigm” Even if a full-fledged new paradigm has not materialized to replace or supplement the industrybounded paradigm, evidence of the contours of an emerging open strategy and innovation paradigm may be seen in the development of two streams of literature, the “dynamic capability” literature, pioneered in 1997 by Teece, Pisano and Shuen, 13 and the “open innovation” literature, pioneered by Chesbrough in 2003. 14 The “dynamic capability” literature has focused mainly on defining the specifics of change-directed capabilities in contrast to path-dependent and routinebased capabilities associated with the Resource-Based View. 15 The “open innovation” literature has been engaged in analyzing externally oriented ways of organizing and managing innovation in contrast to more firm-internal ways. In this section, we will analytically specify the three tenets of our framework of open business emanating from the generic tendencies listed above. These are (1) the conception of the business environment, (2) the nature of product market convergence and divergence, and (3) the systemic nature of innovation underlying convergence and divergence. Against this background, we will present the case of IT security. On this basis, we will further address the strategic and evolutionary/cyclical implications of this framework.
The conception of the business environment: ecosystems, product markets and industries In both the “dynamic capability” and the “open innovation” literature, there is a tendency to question the value of the notion of “industry” as the organizing context for business strategies and innovation practices, and to replace it by the more open-ended concept of business or innovation “ecosystems”. 16 David Teece defines (business) ecosystems as “…the community of organizations, institutions, and individuals that impact the enterprise and the enterprise’s customers and suppliers”. 17 Ron Adner emphasizes that (innovation) ecosystems comprise “….the collaborative arrangements through which firms combine their individual offerings into a 6
coherent, customer-facing solution”. 18 Compared to the classical “industry” concept, the ecosystem concept not only implies a more rich and flexible understanding of the business environment, it also reflects two significant analytical “turnarounds”. First, while the industry view emphasizes the exogenous status of the environment that firms should take for given and adapt to, the ecosystems view underscores the symbiotic and co-evolving relationship between the strategies and innovations of firms and their business environment. This view even leans towards the “endogenous” position that firms, whose strategies are founded on dynamic capabilities and open and disruptive innovation, 19 are actively contributing to shape the structure of the business environment, rather than reactively being shaped by a pre-existing structure. 20 Secondly, while the industry view in Five Forces addresses the competitive bargaining game, the ‘ecosystems’ view focuses on complementarities and associated collaborative arrangements.
These changes give the ecosystem concept some advantages when analyzing open business dynamics. But it is hampered by its ad-hoc definition, hence potentially expansive scope, and its insufficient focus on competition. In order to more fully understand the environmental side of open business dynamics, we shall combine notions of ecosystem, product market and industry as complementary lenses of analysis. We here use “ecosystem” to expose the evolving context for collaborative opportunities for product market convergence or divergence. 21 The term “product market” is used to signify the emergent context for direct competition/rivalry among firms with identical or very similar categories of products or services. The product market concept is often used interchangeably with the industry concept. However, the former is not associated with features of robust boundaries and long life cycles as the case is with the latter. Product markets may evolve along the PLC/ILC track and eventually prove to become consolidated as ”industries”, or they may undergo more or less frequent changes in the form of convergence or divergence (or eventually vanish). Thus, while “product market” here denotes the emergent context for product-specific rivalry, we use the term “industry” to denote mature product markets reflecting well-established patterns of both competition and cooperation and typically dominated by large incumbents (see Figure 1). 7
Figure 1 about here
Product market convergence and divergence In open business dynamics, product market (or industry) convergence and divergence are as important as (or even more important than) PLC/ILC dynamics. Convergence involves changes in the boundaries and relations between two or more product markets, leading to their becoming increasingly integrated. The prototypical case is the convergence of the computer and the telecom industries through the use of digital technologies. 22 Divergence involves processes of disintegration of one product market or industry into one or more submarkets. Convergence/divergence mechanisms have traditionally been studied in terms of the vertical supply- or value-chain relations of industries. 23 Each of the stages in the vertical chain may be (or become) distinct product markets, or may be (or become) embedded in a larger industry under the control of vertically integrated companies. This vertical framing of complementary relations has been widely applied in studies of outsourcing and vertical integration/disintegration of firms or industries. In recent years, opportunities for convergence/divergence have also been investigated in terms of “horizontal” relations across product markets or industries. This has in particular been studied in regard to IT-based platforms that enable the inter-linking and joint use of “complementor” products or applications. Each of such applications may originally constitute product markets on their own, may be developed directly for the platform by a “complementor” firm, or become developed and integrated by “platform leaders”. Likewise, more centrally controlled platforms may eventually undergo divergence and result in the formation of more or less distinctive submarkets. 24 The evolution of the computer industry over the last decades provides the most widely studied example of divergence in both a vertical and horizontal sense. 25
In the IT security case study, we will focus on this horizontal rather than the industry-confined form of convergence and specify two types of open convergence trajectories.
8
Systemic versus autonomous innovation The particularities of innovations relevant to understanding product market convergence or divergence are related to features of ‘systemicness’ rather than the features of innovations that underlie the ILC model (radical/incremental, product/process). To our knowledge, Teece was the first to discuss the significance of the systemic dimension of innovation. 26 He distinguished between “autonomous innovation” (or “stand-alone innovation”) with low requirements for further adaptations or innovations in the value chain, and “systemic innovation” with high such requirements, and hence high demands on coordination among different agents. Henderson and Clark further introduced the distinction between a component and a systemic level of innovation in the context of product architectures, 27 and Sanchez and Mahoney refined the modularity implications in management of innovation and organizational design. They specified the the component level as consisting of single-function subsystems designed to be integrated at the systems level with other components in the overall product architecture. 28 In the recent platform literature, 29 the systemic level of innovation has been extended beyond the value chain and the product architecture contexts into more open-ended platform-mediated networks that operate as organizing tools for linking existing and prospective products and components into still larger systems that are not predetermined by the platform architecture. As such, systemic innovation associated with platforms are drivers of product market convergence and divergence.
In a study of platform-based evolution of the PDA market, Stieglitz (2003) shows that convergence requires systemic innovation in terms of both product and technology integration. 30 Product integration implies the development of a new product that integrates the functionalities of two or more previously autonomous products. These become complementary from a user perspective, and increasingly bought and used as one. But systemic innovation often also requires particular efforts in technology integration, that is, R&D activities focused on merging, and perhaps further developing different technologies underlying the constituent products, including the development of interface standards to make the technologies compatible. Thus, systemic innovation may transcend both industry- and technology-specific trajectories. 9
In our framework of open business dynamics we can specify three categories of innovations, namely autonomous product innovation, systemic innovation and autonomous component innovation (see Figure 2). Autonomous product innovation enables the formation of new specialized product markets. Systemic innovation drives convergence across product markets and industries, mediated by ecosystems. Finally, autonomous component innovation enables the divergence of product markets and industries into disaggregated submarkets. Divergence is also mediated by ecosystems to sustain collaboration between the component-based submarkets and their complementary systemic product markets or industries.
Autonomous innovators focus on developing high performance in one functionality in an endproduct (like anti-virus, anti-spam or firewalls in IT security) or a component (e.g. a technical sub-function of a firewall). Systemic innovators focus on creating high performance with respect to the interaction and compatibility between multiple functionalities (like the above-mentioned IT security functionalities) and thereby seek to maximize systemic (including synergistic) performance value. And while autonomous product or component innovations are based on more specialized technical and functional capabilities and often located in smaller firms, systemic innovations are based on integrative competencies 31 and tend to be driven by larger firms. ---In the following section we shall apply the concepts and framework defined above to provide an outline of the historical evolution of the IT security business – an “ideal case� of open business dynamics.
Figure 2 about here
The case of IT security One dark side of the global diffusion of the Internet and related information and computer technologies has been an explosion of different types of information security problems such as viruses, spyware, pitching and hacking. These, again, have given rise to swarms of firms exploring the commercial opportunities of offering safeguarding measures. Within less than 20 10
years, we have witnessed the emergence of a large range of new security products and services and the creation and hyper-growth of a new complex and volatile sector. IDC estimated global IT security revenue to reach $35 billion in 2003, reflecting a doubling of revenues since 2001 32 and comparable to the size of the global market for recorded music. 33 IT security entails softwareand hardware-based products and systems (Figure 3), on the one hand, and services of different kinds on the other. These services assist users in selecting, implementing, integrating and more broadly managing the constantly evolving IT security products, and in adopting organizational procedures and behavioral routines for safeguarding. IT security products and services are dedicated to alleviate IT security problems of different kinds. But despite this commonality, the enormous diversity, and emergent nature of IT security doesn’t lend itself fruitfully to be analyzed as one industry. Rather, it is better conceived as a cluster of product markets or submarkets that have primarily evolved through convergence in the context of a likewise evolving ecosystem.
Figure 3 about here
Most IT security product markets can roughly be differentiated into three segments: the high-end, the mid-end and the low-end. The high-end segment comprises private and public organisations in need of advanced and specialized solutions and a broad portfolio of security products and services. The mid-end segment consists of small and medium sized enterprises and other organizations seeking less advanced, less costly and less comprehensive portfolios of products and services. Finally, the low-end segment entails private consumers and very small organizations in need of commoditized and low-cost sets of protective means. Historically, the most proactive parts of the high-end market segment have constituted lead-user roles 34 for early security innovations. As the products and technologies have matured, they have trickled down into the mid- and low-end segments. During that process, they have tended to become bundled into product suites, and some of them have eventually become embedded in infrastructural IT systems. 11
For the period 1988-2004, we have identified three partly overlapping stages of business dynamics. The late 1980s and especially the early 1990s saw the formation of numerous product markets based on specialized firms’ development of autonomous security products, each responding to specific types of emerging security problems and user needs. While product market formation continued after the mid-90s, even if with decreasing intensity, two trajectories of open business dynamics increasingly came to dominate. The first, taking off around 1997/98, focused on convergence associated with product-bundling innovation. It was driven by a few expansive firms emanating from the ranks of IT security specialists originating in particular product markets. The other trajectory, becoming increasingly visible in the early post-millennium years, has focused on convergence through the integration of security functionalities into larger IT systems and services. This trajectory of “context-embedding� innovation has been driven by large incumbents in established IT infrastructure industries.
In the following, we provide a short overview of the three stages or trajectories of business development in the evolution of IT security, and address the strategic challenges (and difficulties) faced by firms in one trajectory when trying to jump unto an emerging trajectory.
Trajectories of product market formation through autonomous innovation From the late 1980s to the late 1990s, hundreds of security technology specialist firms were established based on autonomous product innovations (these include Arbor Networks, CipherTrust, netForensics and Websense). Many have later exited or been subject to mergers and acquisitions (see below). During the early years, the high-end market was virtually the only security market. In particular, large IT enterprises and government institutions in the US were important lead-users of innovative products and licensees of patented technologies provided by pioneering technology specialists. 35
Among the most prominent early examples of IT security innovations are antivirus, softwarebased firewalls, Virtual Private Networks (VPN), vulnerability assessments scanners and services, Public Key Infrastructure (PKI) authentication, and Intrusion Detection Systems (IDS), 12
all invented and initially commercialized between 1989 and 1996. Each of these products (and numerous others, cf. Figure 3) were subject to specialized product market formation, with numerous rival firms engaged in continuous innovation to expand their capacity and functional performance. 36
The ubiquitous tendency since the late 1990s to move ever-increasing volumes and types of data into ever-more distributed IT environments have given rise to still new forms of security breaches, which again have constituted “focusing devices� 37 for new waves of autonomous security innovations (such as anti-phishing, anti-spam, anti-spyware and various forms of biometrics). In recent years, as employees and consumers increasingly operate from mobile devices (notebooks, mobile/smart phones, multi-function PDAs and VoIP) that were initially without the same safeguards as desktops, much innovative endeavour has turned towards providing safeguarding means for mobile devices. 38 However, even if new autonomous product innovations have continued, the predominant tendency since the late 1990s has been a move toward convergence through systemic innovation along two different trajectories, one associated with product-bundling innovation, one with context-embedding innovation. Each of these are described in the subsequent sections. These tendencies can be explained as a response to the rapidly expanding complexity for the customer in dealing with the ongoing add-on budding of new products and services and associated increases in security costs. 39 Trajectories of convergence through product-bundling systemic innovation The many and diverse products associated with product market formation and autonomous innovation were eventually revealed to be more or less complementary - sometimes with overlapping, sometimes with potentially synergistic features (for example between a firewall and an IDS). In the early years, linking these products to form reasonably interoperable systems was either not attempted at all, or left to the IT departments of the clients, and assisted by security services firms that rapidly appeared in large numbers. For a time competition remained confined within narrow product markets. Only gradually did the specialized security vendors together with their corporate customers and assisting services firms, accumulate more precise knowledge of the 13
complementary and synergistic nature of the different products, and thus of opportunities for systemic innovation.
The trajectory of product-bundling innovation was initiated by a few security specialists, who over just a few years fundamentally transformed themselves into large security integrators. They managed to do so through strategies combining three basic elements: An aggressive acquisition policy, a strong commitment to pursue product-bundling systemic innovation, and comprehensive investments in building the requisite operational assets in distribution, sales and marketing needed to shape and manage new global mass markets.
The first steps in this direction were taken by Networks Associates (now McAfee) and AXENT Technology which, through numerous acquisitions in the end of the 1990s, had developed broad portfolios of security products. Both companies launched the first (more or less) integrated product suites around 1998/99, but they were not well received by the market and initially gained a bad reputation. 40 Shortly thereafter, Symantec revitalized the product suite strategy through a successful leapfrog strategy. Like AXENT Technology and McAfee, Symantec had acquired numerous security specialist firms during the late 1990s, but in particular the 925 million dollar acquisition of AXENT Technology in 2000 enabled Symantec to make a profound relaunch of product suites. Symantec’s core capabilities in anti-virus and content-filtering software products were extended and combined with AXENT Technology’s core capabilities in management technologies as well as in firewalls, VPNs, vulnerability assessment and IDS products for the high-end segment. Over the few years of acquisition-based growth and early trials in systemic innovation, Symantec also built powerful distribution assets and brand recognition. This came to serve as an effective catalyst for the product packages that were launched after the acquisition of AXENT Technology. Symantec continued its acquisition-based expansion of its product portfolio, and by 2004 was recognized as the leading product suite vendor in IT security. A few other specialized security companies, including Internet Security Systems (ISS) and McAfee followed suite. 41 In the first few years of the 21st century, some of the major companies that long remained committed to a specialized product or service strategy embarked on similar product14
bundling strategies, even if with a narrower scope. One example is RSA Security, a leading authentication provider with a coherent portfolio of solutions comprising authentication, encryption and PKI products.
By 2004, product suites for the business segments had evolved to include the integration of all or most of the following products: firewalls, VPN, Intrusion Detection and Prevention, antivirus, content filtering and anti-spam. 42 One example is the ISS Proventia security platform targeted at corporate customers. Similar multi-functional products were offered by Symantec to both enterprises (e.g. the Symantec Gateway Security appliances) and private consumers (e.g. the Norton Internet Security software suite integrating firewall, anti-virus, anti-spam and privacy control systems into a unified software suite). Moreover, the emergence of managed security services reflects a move towards integrated solutions. While security integrators like Symantec offered integrated products, security managers like Counterpane and Cybertrust delivered a unified operations control, maintenance and updating of their customers’ various security products and systems.
The value proposition of integrated solutions is clear: overall reduced costs and simplification for the user in terms of implementation, multi-functionality, management and updating, and (more or less) one-stop shopping, The professional customer, however, may face the disadvantage of being locked into one vendor that offers one or more “weak” technologies in the package. The alternative is to shop on the market for autonomous products in an effort to choose the best products for each specific function, in industry jargon called “best-of-breed strategy”. But this strategy incurs high costs associated with building in-house expertise in judging the different products and services on the market, the searching and selecting, negotiating and contracting with the “best” vendors in each specialized product market, as well as the costs of integrating, installing, managing and updating the different products and services to operate as one system.
By 2003/04 the best-of-breed strategy had primarily survived in the high-end market segment, such as in the military and financial sectors with a high-risk profile. 43 Companies like 15
Counterpane (managed security services) or CipherTrust (messaging security), for example, had positioned themselves as among the best in their respective high-end product markets. In the midend segment of small and medium-sized firms, neither the risk-profile nor the resources warranted such a strategy, and product suites obtained a dominant position. 44 In the low-end segment, private users preferred commoditized products (antivirus, firewall etc.), either separate or combined into small packages. In sum, during the first years of the new millennium, the product suite approach appeared to have become the preferred solution for the majority of the overall market, while niche firms maintained a strong position in parts of the high-end segment.
Trajectories of convergence through context-embedded systemic innovation The trajectory of convergence through product-bundling innovation has contributed to drive the IT security sector as a cluster of relatively autonomous product markets in the direction of a unified (even if still highly segmented) IT security product market in which leading firms increasingly compete against each other with rival sets of product suites. By contrast, the trajectory of convergence through context-embedded innovation has contributed to undermine this process of “unification” of IT security towards one market. This is because security in this trajectory has become embedded features of other offerings (general IT networks and systems), instead of dedicated security products with business opportunities in their own right. 45 Both trajectories of convergence respond to user needs for reduced complexity associated with the surge of new autonomous solutions. Obviously private users want simple, holistic solutions that are practically invisible and automated. But also professional users prefer reduced complexity. “They are looking for plug and play appliances that require little installation expertise and hence are less prone to configuration errors – especially for offices with little to no on-site security staff”. 46 The trajectory of convergence through context-embedded innovation has gained strong momentum since around 2000. It signifies a tendency for security to become a more well-defined part of IT operations, with the implication that “…security functionality and processes are being built into every layer of the infrastructure, from the network up through the application”. 47 The drivers of this trajectory have been large incumbents in established industries, network and systems vendors and Internet service providers. The most prominent examples during the early 16
years since 2000 have been Cisco, Microsoft and IBM, whose strategies for integrating security functions in their systems offerings will be briefly outlined below. 48
Cisco, with its strength in network equipment (especially routers, switches and dial up access servers), early on took an offensive stance in providing security at the networks level. From 1995 to January 2005, Cisco acquired 10 security firms, primarily technology specialists with autonomous products or components across a broad spectrum of IT security. This made it possible for Cisco to introduce an increasing number of network-embedded security offerings (e.g. firewall, VPN and Intrusion Prevention functionalities). 49
From its dominant position in operating systems, Microsoft has engaged in embedding IT security into its platforms since 2002, when Bill Gates released a memo to Microsoft employees with the message of giving top priority to security. 50 This happened against the background of increasing problems with viruses and worms that exploited vulnerabilities in the operation systems, potentially threatening the underlying security of Windows products. Since then, Microsoft has pursued a “quality movement” strategy to implement more secure coding standards and design more inherently secure software using threat-modelling, filtering and penetration testing. In addition to the security strategy in software configuration, Microsoft has been active in integrating security functionalities into its systems. 51 Part of this strategy was the acquisitions of three security firms, GeCAD in 2003, a small Romanian anti-virus company, Giant Company Software in 2004, an anti-spyware firm, and Sybari in 2005, an anti-virus and data protection specialist. Specialized security knowledge from these firms was applied in the OneCare subscription service, aligning anti-virus (based on the GeCAD technology), anti-spyware (based on technology from Giant Company Software), firewall protection and PC cleanup tools to Windows private users.
Microsoft’s security strategy during this period wasto offer Microsoft users basic all-round security and to enhance user convenience by providing security systems and services that are simple to understand, use and update and with highly automated processes. By 2004/05 the 17
security strategy also began to emphasize the creation of partnerships with security vendors, networking companies, and Internet Service Providers. 52 Thus, several of Microsoft’s competitors (i.e. in firewalls, anti-virus and anti-spyware) also became partners, invited to build extended security solutions on top of Microsoft platforms and services for users with more specialized security needs.
IBM pursues a broad-scoped systems integration approach to IT security. In contrast to the dedicated security firms, IBM emphasizes the business enabling aspect rather than the protective, threat and fear aspect of security. IBM has become an important provider of security-oriented services, both as a security manager providing managed security services, and as a security consultant providing implementation and systems integration services. These services can mix off-the-shelf tools with external best-of-breed products and components as well as IBM’s own tools and systems. IBM has maintained R&D capacities in numerous areas of IT security and possesses a large portfolio of complementary assets in addition to its security assets – in network management, processes and applications across platforms. Together, these assets form valuable inputs into IBM’s strategy of providing solutions that make security part of integrated IT systems designed for realizing the particular business opportunities of its corporate customers, for instance in e-business and web services.
Even if the convergence trajectories identified in the evolution of IT security has signified rival strategies (e.g. bringing Symantec into competition with Microsoft), they have also represented a division of labour in terms of product specialization and market orientation. This makes it possible for both trajectories to run in parallel, rather than having one fully replace the other (e.g. Symatec is also a Microsoft partner building added security on top of Microsoft’s platforms).
Implications for understanding open business dynamics Trajectories of convergence and firm strategies During the pioneering phase of the IT security in the 1980s and most of the 1990s, business dynamics were largely based on innovative start-ups targeted at autonomous products to cover 18
the expanding array of security holes that emerged in a context of increasingly complex and ubiquitous IT systems. Competition was highly segmented within narrow product markets. No unified industry or market existed. According to the PLC and ILC models, one would predict that each of these product markets (e.g. firewalls, antivirus) would undergo an emergent stage of design rivalry, eventually resulting in a dominant design paving the way for an era of incremental innovation and the build-up of systems for distribution and marketing necessary to establish and sustain mass markets. Indeed, we can trace such life cycle dynamics in what we have termed trajectories of product market formation through autonomous innovation. Within each product market, different solutions would be tried out, one or a few robust designs would come to prevail in the market, their underlying technologies stabilized, and a few successful companies would manage to bring these designs into dominant positions for mainstream markets.
However, when the niche products approached such stage of maturity, the dominant rules of the game tended to change in the direction of product market convergence through systemic innovation. This materialized first in product-bundling innovation, and subsequently, with a timelag of a few years, in context-embedding innovation - proliferations of cycles that can not be accounted for in the PLC and ILC models. And in the course of that transformation, many specialized firms exited or were acquired by a smaller group of “integrators� taking the driver’s seat in shaping these trajectories. During the period 1993 -January 2005, we registered 291 acquisitions of (or mergers with) IT security firms. By far the largest share consists of specialized security firms taken over by product-bundling security integrators or security specialists with integrator aspirations, or, especially after the turn of the millennium, large network and systems vendors. By gaining control over requirements for adaptations at the specialized product level of expertise, these acquiring firms became better able to address the particular challenges of systemic innovation.
For the few firms that successfully changed their identity from being autonomous innovators within a single-product market to becoming convergence-oriented product-bundling innovators, the transformation required a concerted strategic commitment to move beyond their product19
specific core capabilities through a series of acquisitions, a consistent engagement in systemic innovation, and the leveraging of complementary assets for large-scale distribution and brandbuilding. Through this diverse set of long-term investments, companies like Symantec and ISS managed to expand from specialized niche positions into much broader positions as providers of product suites within the expanding IT security market. By contrast, the companies driving context-embedding systemic innovation during the period studied were already large incumbents in established industries outside the IT security field (in operation systems, IT networks, systems integration services, wireless communication and internet services). Their core competencies were historically grounded in other fields than IT security expertise (e.g. Cisco in routers and switches). But they eventually gravitated towards more integrative competencies, 53 including capacities for systems integration and platform development as well as strong complementary assets in distribution, marketing and brand-building for mainstream markets. Context-embedding systems integration has led to the alignment of infrastructural knowledge situated in these firms and their industries with knowledge of specialized IT security technologies.
The nature of systemic innovation in open business dynamics The systemic innovation processes conducted by the pioneering systemic innovators in IT security did not simply involve product design through the integration of standard products/components into pre-existing architectures. Different firms experimented with innovation at different levels and scope (product bundles/packages of various kinds and scope, network systems, operation systems, gateways and application systems). Both the product/component development and their architectural integration tended to reflect non-trivial R&D efforts.
Most scholarly research on systemic innovation has addressed particular product architectures in manufacturing industries, for instance the automobile industry, as organized by large companies. 54 From this perspective, systemic innovation involves the development of the architecture either prior to or directly synchronized with component-based developments, whether the latter takes place in the company, in specialized firms, or in partnerships. 55 However, 20
this “rational design” perception is often not adequate for understanding systemic innovation in a context of open business dynamics. In IT security, the innovating systems “architects” have been late-comers waiting for the “bottom-up” evolution of autonomous products to evolve and mature driven by technology entrepreneurs. Only gradually, and following extended learning and trialand error processes, did prospective “architects” attempt to integrate these products (more or less) into product suites and, eventually, into higher-order networks and systems. Through these processes, what were originally autonomous products tended to be transformed into mature components in systemic innovations. And the “architects” behind systemic innovation only came into the innovation game as the different autonomous products and technologies matured, the complementarities between them became better understood, and their future role as “bundled” or “embedded” components were gradually envisioned.
Convergence strategies and the exercise of dynamic capabilities and open innovation The leading firms driving the convergence trajectories in IT security have demonstrated strategic commitment to build dynamic capabilities in the sense of transcending existing boundaries and engaging in new challenges of systemic innovation and market creation. On the innovation side, this has involved an intricate balance and change between exercising different forms of open and more closed innovation. The strong tendency among these firms to engage in acquisition-based integration of specialized security knowledge reflects the need for practicing open innovation in the form of searching, accessing and acquiring specialized knowledge and components from external sources. This indicates that the acquired technological knowledge tended to be difficult to develop or replicate by the systemic innovators themselves. Moreover, it indicated the need for substantial in-house control over the innovation process, including full integration of the specialized security knowledge – in other words the need to practice a more integral form of managing innovation.
However, scholarly research on innovation in other areas of business has demonstrated that the need for tight in-house coordination of innovation is likely to decrease over time as interfaces across components/technologies become standardized and more ready for modularity and a more 21
distributed form of innovation. 56 In terms of open business dynamics, this implies a process of divergence that leads to new opportunities for specialist firms. During the last year of our investigation of IT security (2004), the three leading drivers of context-embedding innovation (Cisco, IBM and Microsoft) had begun to encourage partnering strategies with IT security specialists. Even if only anecdotal evidence, this may signal that the previous integral mode of managing innovation in the early stage of systemic innovation was beginning to give way to a new form of open innovation that would rely more on partnership and outsourcing than on acquisitions. 57 As compared to the dynamics of product market formation through the generation of autonomous end-products, the dynamics of divergence generate modular components by innovating within the “black box” of the component technology while adhering to standard interfaces dictated by ‘architect’ companies. And such divergence is more inclined to shape new submarkets rather than (end-) product markets.
The strategic significance of the environment in open business dynamics We have used three concepts for understanding the context for open business dynamics: 1) the product market signifies the emergent arena for direct competition among rivals with similar products. 2) The ecosystem signifies the arena for product market convergence and systemic innovation, and 3) the industry signifies mature product markets dominated by large incumbents trying to expand their boundaries.
From both a theoretical and managerial perspective, there are advantages gained from using this three-pronged conception of the environment (see Figure 1). Theoretically, the combined use of the product market and the ecosystem concepts provides complementary lenses for analyzing open business dynamics associated with, respectively, direct rivalry (the product market) and prospects for coordination/convergence across product markets (the ecosystem). The realization of the convergence prospects of the ecosystem, again, paves the way for the creation of one or a set of more integrated products and markets to form a new basis for competition.
22
However, prospects for convergence and systemic innovation may also develop from the perspective of mature industries. In recent years, much research attention has focused on the widespread processes of “deverticalization” of existing industries in the form of outsourcing and associated vertical disintegration of large incumbents. 58 But while these mechanisms have certainly been profound, many industries, especially IT-intensive industries, have simultaneously engaged in expanding their boundaries to link into and seek to integrate evolving product markets and ecosystems. This is exemplified by the context-embedding strategies of large IT infrastructure companies vis-á-vis IT security product markets and ecosystems. Such increasingly integrated product markets will eventually, as they mature, tend to become subject to processes of divergence and submarket formation.
From a management perspective, this three-pronged view can contribute to a better and more comprehensive understanding of the environmental side of open business dynamics and form a set of integrated tools for strategic navigation and the mobilization of dynamic capabilities. It contributes to a systematic view of both the arena for competition and the arena for innovationfocused coordination, whether taking the perspective of firms in emergent product markets or mature industries. Moreover, it provides an analytical perspective on strategically thinking ahead of current competition and collaboration and out-of-the-box, that is, across the boundaries of existing product markets, ecosystems and industries.
Towards a Convergence Life Cycle Even if the IT security case has indicated that the PLC and ILC models also apply to the early formation of product markets, it has also shown that these “trains” were significantly derailed by tracks of convergence (and divergence). Our framework of open business dynamics, as illustrated in Figure 2, lends itself directly to understanding such alternative cyclical patterns that we term the Convergence Life Cycle (CLC) (see Figure 4). The three categories of open business dynamics, product market formation, convergence, and divergence, are here conceived as life cycle stages that are linked to our three units of analysis of the business environment, product market, ecosystem and industry. Figure 4 illustrates these stages from the top towards the bottom 23
as product markets develop, merge and proliferate into broader ecosystems or industries and, in turn, disintegrate into submarkets.
Figure 4 about here
The stage of product market formation involves the creation of new products/services and markets that expand or reduce the scope of an extant value chain, or develop to become complementary to products or services supplied by other product markets. For some time, it may be genuinely uncertain whether an emerging product market will follow a PLC/ILC-track, a CLC track – or eventually vanish. The CLC track is likely to be pursued if complementary product markets and technologies develop and shape the contours of an ecosystem that can catalyze the creation of dynamic capabilities to explore opportunities for systemic innovation and new market creation. And a key to such catalyzing process is the ability to envision new business models and value propositions that are perceived to be superior to those confined to existing product markets or industries.
Product market convergence takes place between product markets in the context of an ecosystem of complementary product markets, technologies and institutions,59 or between such product markets and established industries as illustrated in the upper two rows in Figure 4. Convergence implies the enlargement of the complementary scope of the involved product markets or industries as firms engage in boundary-crossing diversification and integration. Divergence (the lower row in Figure 2) implies the narrowing of the scope of existing product markets or industries and the resultant formation of new submarkets. 60 Submarkets that are born out of divergence processes may again signal the beginning of a new CLC - as illustrated in Figure 2 by the arrow back from the stage of divergence to the stage of product market formation - or the beginning of a new PLC/ILC.
In the case of IT security, the CLC cycle was initiated by product market formation through autonomous innovation. However, open business dynamics may also be initiated directly by 24
systemic innovation that includes different technologies rather than existing product markets. This would be the case when these technologies and their (potential) user functionalities have not (or not yet) become subject to autonomous market formation. Correspondingly, the CLC does not assume a fixed sequentiality of convergence moving from product-bundling based on firms in specialized product markets in particular ecosystems, towards context-embedding innovation based on incumbents in mature industries. In some business contexts there may be no opportunities for one of the convergence trajectories and in some contexts the initiative for convergence may be first taken by companies in mature industries. Thus, the CCL is rather a contingency framework and a taxonomy for understanding various options for trajectories of convergence and divergence, rather than a model that explains only one universal pattern of evolution. As such, it can be operationalized for particular firms in particular markets as a framework for strategic management and innovation strategy.
Conclusion This paper contributes to the collective endeavour of creating a new paradigm of open strategy and innovation which was set on the agenda by Chesbrough and Appelyard in their recent paper in California Management Review. 61 We present a framework for understanding business dynamics that are not behaving according to the classical industry-bounded paradigm. This paradigm integrates the Fives Forces and the Product Life Cycle, grounded in industrial economics, with the Innovation Life Cycle rooted in Schumpeterian economics and innovation studies. While this paradigm for three decades has been central to the notion of strategic management among scholars and managers, four interlinked tendencies in business dynamics have eroded its scope of relevance. These are the increasing significance of 1) product market convergence and divergence, 2) systemic and autonomous innovation, 3) open and network-based modes of managing innovation, and by implication, 4) the increasing importance of the collaborative arena for strategy and innovation rather than the competitive arena, the main focus of Five Forces.
25
Our framework of open business dynamics has three objectives. First, it offers a systematic way of analyzing business and innovation contexts that are not well explicated by the Five Forces framework. The building blocks in the framework of open business dynamics emanates from these tendencies. It addresses the co-evolving nature of convergence/divergence processes and systemic/autonomous innovation. And it provides a new perspective on the business environment that explicitly recognizes the need for understanding the boundary-crossing nature of open business dynamics and the importance of both competition and collaboration.
The second objective of the framework is to offer a systematic way to understand life cycles that do not follow the classical prescriptions of the product and innovation life cycles but rather “derail” into convergence or divergence oriented trajectories enabled by different forms of autonomous or systemic innovation. Of course, one empirical case is not a sufficient basis on which to draw generalized conclusions with respect to life cycles. However, when Abernathy and Utterback originally created the early versions of the ILC model in the 1970s, it was based on a study of the evolution of one industry, the automobile industry. 62 When adding that much research in recent years has demonstrated the limited validity of the ILC/PLC models and the increasing significance of convergence/divergence dynamics, a systematic framework for understanding open business dynamics as “patterned” rather than randomly open, is highly needed – as “navigation tool” for both management and scholars.
Finally, the framework offers a contextual complement to the dynamic capabilities and open innovation perspectives and related works on business ecosystems and platform dynamics. In a business world that is increasingly characterized by product market and technology convergence and divergence, firms are increasingly faced with challenges of crossing existing boundaries, collaborating and competing with new unfamiliar enterprises and institutions, and these challenges require increasing capacities within and across firms to mobilize dynamic capabilities and open and collaborative modes of managing innovation. Hopefully, the framework on open business dynamics can contribute to improve coherence among these perspectives and to the development of a new open strategy and innovation paradigm. 26
Appendix A: Data sources and methodology The case of IT security is based on a study that reflects the triangulation of three categories of empirical data and information covering the period 1988-2004. First, we have collected information on the history, product and technology offerings and mergers and acquisitions of a large number of IT security companies by studying their homepages, press releases and company cases from Hoovers, IDC, Datamonitor and Gale Group’s Business and Company Resource and its Investext Plus database. We have furthermore reviewed a large number of analyses and reports on the IT security sector or particular parts of it from a range of different consulting and investment firms, including Morgan Stanley, Morgan Keegan & Co. and SG Cowen & Co. We have obtained access to these analyses through the Gale Group’s Investext Plus database. IDC, the research consulting company which has most comprehensively been monitoring the IT security sector over the years, has generously provided us access to reports and data of particular interest. Insights on new trends in the IT security sector has also been obtained from a number of special issues on IT security in The Wall Street Transcript. Finally, we conducted 10 interviews with analysts and managers that during the period of investigation were engaged in different parts of the IT security sector.
27
28
29
Figure 3. Taxonomy of IT security products/technologies
IT Security
Security Hardware
Hardware Authentication
Biometrics
Threat Management Security Appliances
Firewall/Virtual Private Network
Security Software
Identity & Access Management
Security & Vulnerability Management
Event Management
Public Key Infrastructure
Tokens Smart Cards
Unified Intrusion Detection- / Intrusion Prevention Systems Secure Content Management
Other
Vulnerability
Advanced Authentication
Secure Content Management
Antivirus
Policy and Compliance
Legacy Authentication
Other (i.e. Forensics)
Provisioning (Directory Services)
Source: IDC 2005
30
Firewall Software
W eb Filtering
Management
Single Sign On
Threat Management
Messaging Security (i.e. Spam)
Other (i.e. SpyWare/Ad W ar e)
Intrusion Detection- / Intrusion Prevention Systems
Other Security Software
31
1
Since the late 1980s this paradigm has increasingly become balanced by its firm-focused counterpart, the Resource-
Based View (RBV), an alternative and complementary approach to strategic management which emphasizes the firm-specific resources and capabilities rather than industry-specific features as the foundation for firms’ competitive advantage. For a review of the RBV see J.Barney, M. Wright, and D.J. Ketchen, Jr., “Resource-Based Theories of Competitive Advantage: A Ten-Year Retrospective on the Resource-Based View,” Journal of Management, 27/6 (2001): 625-641. Afuah and Utterback have provided an interesting attempt to integrate the RBV with the ILC and Fives Forces frameworks within the industry-bounded paradigm, see A. N. Afuah and J. M. Utterback, “Responding to structural Industry Changes: A Technological Evolution Perspective,” Industrial and Corporate Change, 6/1 (1997): 183-202.. 2
In particular two recent papers have been central sources of inspiration for this article, H.W. Chesbrough and
Appleyard, “Open Innovation and Strategy,” California Management Review, 50/1 (2007): 57-76, and David J. Teece, “Explicating Dynamic Capabilities: The Nature and Microfoundations of (sustainable) Enterprise Performance,” Strategic Management Journal, 28 (2007): 1319-1350. The former paper explores the opportunities for expanding the open innovation theme into a broader agenda of open strategy. Teece’s paper provides a review and analysis of the dynamic capabilities perspective and a critique of the industry-bounded Five Forces framework. 3
The industry-bounded paradigm has its parallel in theories of technological change as being bounded by
technological paradigms. Such paradigms are characterized by the internal coherence of the scientific and engineering knowledge and practices, and the distinctiveness vis-à-vis other technological paradigms. According to this perspective, technological change tends to take place along paradigm-constrained trajectories and are only rarely faced with obsolescence or derailing as new and superior paradigms emerge. The pioneering theoretical account of this perspective was provided by G. Dosi, “Technological paradigms and technological trajectories. A suggested interpretation of the determinants and direction of technical change,” Research Policy, 11/3 (1982): 147-162. In a recent review of this theory, David Teece points to the need for integrating opportunities for technological searching outside established technological paradigms. See D.J. Teece, “Dosi’s technological paradigms and trajectories. Insights for economics and management,” Industrial and Corporate Change, 17/3 (2008): 507-512. This view is in accord with the increasing recognition among scholars of technology dynamics and strategy that cross-technology integration has become increasingly prevalent, one major reason being the generic tendency and opportunity for digitization of technologies and their interfaces. 4
See M. Gort and S. Klepper, “Time Paths in the Diffusion of Product Innovations,” The Economic Journal, 92
(1982): 630-653; S. Klepper, “Industry Life Cycles,” Industrial and Corporate Change, 6 (1997): 145-182. 5
M. Porter, Competitive Strategy (New York, NY: Free Press, 1980).
32
6
The term Mason-Bain model refers to the central contributions by Mason and Bain. See E.S. Mason, “Price and
Productivity Policies of large-scale Enterprises,” American Economic Review, March: 64-74; and J. S. Bain, Barriers to New Competition (Cambridge, MA: Harvard University Press, 1956). 7
Teece, op.cit.
8
W.J Abernathy and J.M. Utterback, “Patterns of Industrial Innovation,” Technology Review, 80/7 (1978):
40-47; P. Anderson and M.L. Tushman, “Technological Discontinuities and Dominant Designs - a cyclical model of technological change,” Administrative Science Quarterly, 35 (1990): 604-633. J.M. Utterback, Mastering the Dynamics of Innovation (Boston, MA: Harvard Business School Press, 1994); F.F. Suarez, and J.M. Utterback, “Dominant Designs and Survival of Firms,” Strategic Management Journal, 16 (1995): 415430. 9
10
Teece, op.cit, p. 1325. Mounting empirical research has over the last decade demonstrated that the classical life cycle models do not
explain the evolution of a large and increasing number of industries. See Klepper, op.cit; F. Malerba and L. Orsenigo, “Technological Regimes and Sectoral Patterns of Innovative Activities,” Industrial and Corporate Change, 6 (1997): 83-118; A. Fosfuri and M. Giarratana, “Product Strategices and Survival in Schumpeterian Environments: Evidence from the Security Software,” Organization Studies, 28 (2007): 909-929; A. Bergek, F. Tell, C. Berggren and J. Watson, “Technological capabilities and late shakeouts: Industrial dynamics in the advanced gas turbine industry, 1987-2002,” Industrial and Corporate Change, 17 (2008): 335-392. 11
Business dynamics are also increasingly characterized by tendencies for convergence across technological
paradigms and trajectories (see note 3), an issue that will not be centrally addressed in this paper. 12
See H. Chesbrough, Open Innovation: The New Imperative for Creating and Profiting from Technology (Boston,
MA: Harvard Business School Press, 2003); H. Chesbrough, W. Vanhaverbeke, J. West, Open Innovation: Researching a New Paradigm (Oxford University Press, 2006); Christensen, J. F. and M. H. Olesen, “The industrial dynamics of Open Innovation – Evidence from the transformation of consumer electronics,” Research Policy, 34 (2005): 1533-1549; K. Laursen and A. Salter, “Open for innovation: The role of openness in explaining innovation performance among U.K. manufacturing firms,” Strategeic Management Journal, 27 (2006): 131-150.. 13
D.J. Teece, G. Pisano and A. Shuen, ”Dynamic capabilities and strategic management,” Strategic Management
Journa, 18/7 (1997): 509-533. 14
Chesbrough, op.cit.
15
The Resource Based View (RBV) has been critized for its static inclination by focusing on existing capabilities
rather than the process through which such assets are created. The work on “dynamic capabilities” can be viewed as both a critique and a dynamic extension of the RBV. But it is also signifies a more fundamental break away from the
33
industry-confined paradigm (see especially Teece, op.cit.), while the RBV has tended to be viewed as complementary to this paradigm – especially Five Forces. 16
See J.F. Moore, The Death of Competition: Leadership and Strategy in the Age of Business Ecosystems (New
York: HarperBusiness, 1996); M. Iansiti and R. Levien, The Keystone Advantage: What the New Dynamics of Business Ecosystems Mean for Strategy, Innovation, and Sustainability (Boston, MA: Harvard Business School Press, 2004); Teece, op.cit; Chesbrough and Appleyard, op.cit; Ron Adner, ”Match Your Innovation Strategy to Your Innovation Ecosystem”, Harvard Business Review, (2006), April: p. 98-107. 17
Teece, op.cit., p. 1325.
18
Adner, op.cit., p. 98.
19
See C. M. Christensen and M.E. Raynor, The Innovator’s Solution. Creating and Sustaining Successful Growth
(Boston, MA: Harvard Business School Press, 2003). 20
For an analysis of this perspective on the business environment (even if the term ecosystem is not used), see G.P.
Pisano and D.J. Teece, “How to Capture Value from Innovation: Shaping Intellectual Property and Industry Architecture,” California Management Review, 50/1(Fall 2007): 278-296. For a more explicit management perspective, see Adner, op.cit. 21
We do not herby pretend to monopolize the concept of ecosystem, only to specify the key aspects of relevance of
this notion in the open business dynamics framework. To be useful for management, a more rich and firm-specific operationalization of the concept is needed, see Iansiti and Levien, op.cit. Also, a further relevant specification of the notion of business ecosystem would be to distinguish between convergence/divergence oriented ecosystems as applied in this paper, and ecosystems confined to particular product markets or industries.. 22
D.B. Yoffie, “Competing in the Age of Digital Convergence,” California Management Review, 38/4 (1996): 31-
53. 23
This analytical perspective of the value chain/systems framework was developed by Porter. See M. E. Porter,
Competitive Advantage. Creating and Sustaining Superior Performance (New York: The Free Press, 1985) 24
For central contributions to platform analysis from a management perspective, see T.R. Eisenman, “Managing
Proprietary and Shared Platforms,” California Management Review, 50/4 (Summer 2008): 31-53; A. Gawer and M.A. Cusumano, Platform Leadership. How Intel, Microsoft, and Cisco drive Industry Innovation (Boston, MA: Harvard Business School Press, 2002). 25
For an overview see Iansiti and Levien, op.cit.
26
D. J. Teece, “Technological Change and The Nature of the Firm,” in G. Dosi, C. Freeman, R. Nelson, G.
Silverberg and L. Soete (eds.), Technical Change and Economic Theory (London. New York: Pinter Publisher, 1988).
34
27
R.M Henderson and K.B. Clark, “Architectural Innovation: The Reconfiguring of Existing Product Technologies
and the Failure of Established Firms,” Administrative Science Quarterly, 35 (1990): 9-30. 28
R. Sanchez and J.T. Mahoney, “Modularity, Flexibility, and Knowledge Management in Product and
Organization Design”, Strategic Management Journal, 17 (1996): 63-76. 29
30
See note 24. N. Stieglitz, “Digital Dynamics and Types of Industry Convergence: The Evolution of the Handheld Computers
Market.” In: J.F. Christensen and P. Maskell (Eds.), The Industrial Dynamics of the New Digital Economy, Cheltenham, UK: Edward Elgar (2003). 31
J.F. Christensen, “Whither Core Competency for the Large Corporation in an Open Innovation World?”, in:
Chesbrough et al., op. cit. 32
IDC, “The Big Picture: IT Security Products and Services Forecast and Analysis, 2002-2006,” International Data
Corporation (2003). 33
34 35
http://www.ifpi.org/site-content/statistics/worldsales.html E.A.von Hippel, Democratizing Innovation, MIT Press, Cambridge, MA (2005). M. S. Giarratana,” The birth of a new industry: entry by start-ups and the drivers of firm growth: The case of
encryption software,” Research Policy, 33 (2004): 787-806. 36
One example is the development of Vulnerability Assessment products towards so-called “Vulnerability
Management solutions that automate the process of identifying, prioritizing, and remediating vulnerabilities across the enterprise”, Morgan Keegan, “ Navigating the 7 C’s of Security As Industry Shifts from Infrastructure to Information Security,” Morgan Keegan & Company, Inc. (July 21 2006, p. 30). Another example is the move from Intrusion Detection Systems focusing on detecting and reporting potential attacks towards Intrusion Prevention Systems with better ability to stop the attacks that are identified in progress. See SG Cowen & Co., “McAfee – Initiating Coverage,” SG Cowen Securities Corporation (November 18, 2004, p. 24). 37
N. Rosenberg, N., “The Direction of Technological Change: Inducement Mechanisms and Focusing Devices,”
Economic Development and Cultural Change, 18/1 (1969): 1-24. 38
Morgan Keegan, op.cit.
39
Over time, complexity has not only become untenable to manage even for the most professional customers. It has
also directly contributed to aggravate security vulnerabilities as it leads to flaws in technical systems coherence, and to configuration weaknesses in systems and applications. 40
Wall Street Transcript, “Special focus: Internet security software,” Wall Street Transcript Corporation (April 23,
2001). 41
SG Cowen, op.cit.
35
42
Wall Street Transcript, “CEO interview: P. Privateer, Internet security systems (ISSX),” Wall Street Transcript
Corporation (June 2, 2004). 43
Wall Street Transcript, Security/Internet security & Identity authentication,” Wall Street Transcript Corporation
(April 26, 2004); Wall Street Transcript, “Analyst interview: Network security,” Wall Street Transcript Corporation (May 19, 2004). 44
Wall Street Transcript (May 19, 2004), op.cit.
45
Morgan Stanley, “Security Software Data – The Next Perimeter of Defence,” Morgan Stanley (January 5, 2005).
46
Morgan Keegan, op.cit.
47
Ibid., p. 29.
48
Apart from the written sources referred to, these case vignettes are based on interviews with Kim Mikkelsen (Chief
Security Advisor, Microsoft Denmark), Michel Bobilier (Global Offering Executive, IBM Security and Privacy Services, Geneve), and Martin Grundtvig (Manager of IBM’s Security Group, IBM Denmark). 49
While Cisco is a pioneer and leader in network-based security, it is not the only one. Juniper Networks, a leading
Internet backbone provider, and 3Com, a leading network hardware supplier, have likewise been engaged, via large acquisitions of security specialists (respectively NetScreen in 2004 and TippingPoint in 2005), in building IT security functionalities directly into the network (see Morgan Stanley, op.cit.) 50
http://www.wired.com/techbiz/media/news/2002/01/49826.
51
In 2004, Microsoft released Service Pack 2 for Windows XP marking improvements in the security of the
underlying software, and the more recently launched Vista platform is to a larger extent than the Windows platform designed with security in mind. See L. Selzer, “Vista Security Check: This Time Microsoft Means Business,” eWeek.Com Enterprise News & Reviews (May 29, 2006) (http://www.eweek.com/article2/0,1759,1968670,00.asp). 52
Morgan Stanley, op.cit.; Morgan Keegan, op.cit.; SG Cowen & Co., op.cit.
53
Christensen, op.cit.
54
See for example M. Sako, “Modularity and Outsourcing: The Nature and Co-evolution of Product Architecture
and Organization Architecture in the Global Automotive Industry,” in A. Prencipe, A. Davies and M. Hobday, eds., The Business of Systems Integration (Oxford: Oxford University Press, 2003). 55
56
Henderson and Clark, op. cit. H.W. Chesbrough and Kusonoki, “The modularity trap: innovation, technology phases shifts and the resulting
limits of virtual organizations,” In J. Konaka and D. Teece (eds.), Managing Industrial Knowledge (London: Sage, 2001). S. Brusoni, A. Prencipe, and K. Pavitt, “Knowledge Specialization, Organizational Coupling and the Boundaries of the Firm: Why Firms Know More Than They Make?” Administrative Science Quarterly, 46/4 (2001): 597-621.
36
57
For an excellent analysis of the management strategic alliances in modern systems or architectural innovation
within complex IT services systems, see R. Grunwald and A. Kieser, “Learning to Reduce Interorganizational Learning: An Analysis of Architectural Product Innovation in Strategic Alliances,” Journal of Product Innovation Management, 24 (2007): 369-391. 58
R.N. Langlois, “The vanishing hand: the changing dynamics of industrial capitalism.” Industrial and Corporate
Change 12 (2003): 351-385. 59
D.J.Teece, op.cit.
60
A recent example from another business is the emergence of a specialized product market providing class D
amplifiers (or components) replacing class A/B amplifiers that were, (and to some extent still are) used and produced by incumbent vendors of audio consumer electronics. See Christensen, op.cit.; and Christensen et al., op.cit. 61
H.Chesbrough and Appelyard, op.cit.
62
Abernathy and Utterback, op.cit; Utterback and Abernathy, op.cit.
37