Opening the corporate kimono

Organisations that approach electronic business these days are - or should be - aware that it involves far more than simple processing of transactions out of an electronic shop-front.

Organisations that approach electronic business these days are - or should be - aware that it involves far more than simple processing of transactions out of an electronic shop-front.

o offer the true potential of efficiency from conducting business on a digital basis, the Internet front end must be connected seamlessly to the back-end business processes.

These processes will accordingly become visible as never before to your supplier and customers.

"The first consequence of that is, if your business processes stink, it won't take long for your customers and suppliers to find out," says Richard Duffy, Sydney-based e-business and ASP project manager at Great Plains software.

The fortunes of some e-tailers over last Christmas and other festivals like Valentine's Day clearly showed the mismatch of smart Web front-ends with unsatisfactory background fulfilment processes, he says.

Many businesses run their background processes on small software packages like MYOB or Quicken, and printing out lists of orders from the Web site.

"They may not use anything but a bunch of shoe-boxes full of orders and receipts. That was OK when you were making five sales a month, but becomes rapidly inadequate when sales from the Internet start building.

"A chain is only as good as its weakest link," he says, "and too often that link is the supplier. The seller tends to assume the supplier has something competent in place. That's sadly often far from the truth."

Setting up a competent supply chain to power e-commerce requires much discussion among the parties before the electronic links are formed.

Fortunately, there is a growing group of intermediaries who operate independent business-to-business exchanges.

"Ideally, I can subscribe to some service that will manage [all the interchanges] for me." The flip side of that is that many organisations are nervous about involving yet another entity in the loop; "they see it as all too hard. This is where we see the potential of the ASP," he says.

The ASP can build that customer-supplier community, with all the networking infrastructure and many of the necessary programs, accessed on-line.

But this kind of a conglomeration might also cause your data and information about your processes to become evident to other customers of the same supplier, who may well be your competitors.

Duffy suggests this perceived problem is not as serious as believed, and has always been around in days well before the rise of e-commerce.

"Every time I give a seminar, aren't I making available some of the information on how my company operates? Making it potentially available to competitors?

"If a competitor wants to get hold of [this kind of] information, they will."

If you don't reveal it yourselves, they only have to ask another co-operative customer. The technical end of security is handled very well these days, he says.

"We have digital certificates and Secure Sockets Layer encryption on all pages that capture information.

"Then, as a next stage, you can start building virtual private networks. There are applications on hand to do that."

To employ advanced security and communications technologies productively, "you must make sure you have in place the [up-to-date] technologies that support it - technologies like XML and [Microsoft's elaboration of XML] BizTalk.

"Really, it all comes down to making sure your business processes are the kind of things you want to show to your customers and suppliers."

The organisations involved must also understand how e-commerce will impact on their current business model, Duffy says.

"If you have resellers, they will be impacted by your venture into direct selling, and their future position against your company will have to be carefully examined and negotiated. You have to decide whether you can risk losing trusted dealers in return for the benefits of the e-commerce channel."

E-commerce is likely to take away or modify the current jobs of people in the organisation. There are people there whose role has been one of order taking. "You have to transition them into order makers," Duffy says.

Perhaps unfortunately, some bricks-and-mortar organisations take comfort from the high-profile failures, as justifying staying where they are themselves, rather then moving into e-commerce.

"Those ones probably don't have the infrastructure and standard business processes. But those who do are in the box-seat and should be moving into e-commerce now."

Another unrealistic comfort zone is all the talk that goes on about "first mover advantage" in e-commerce. Businesses fear they may have already "missed the boat" in favour of a more adventurous competitor. But the second cabs off the rank get the advantage of more advanced technologies, he says.

It's not enough just to open aspects of your systems to customers and suppliers, says Hamish Moore, consultant with PricewaterhouseCoopers. You must ensure that the elements opened up present the other parties with added value and that this added value can be accessed quickly.

This means bending your business processes somewhat towards the direction of theirs. If your internal processes restrict them then the processes will have to be changed. This is true, particularly if you are asking the other party to volunteer some information of their own. There has to be some pretty smart value-add to compensate for them giving up that information, be it as little as a name and contact number, he says.

"If you start off by saying 'here are our accounting systems; do you want to take a tutorial on how they work?' then you're going the wrong way about it.

"You must step into the customer's shoes, and find out what gives them value; that's one of the challenges of e-business," Moore says. And presenting them with an unfamiliar and confusing exposure of your own internal processes is not taking the right stance.

There are still many companies that do this, he says; they convince themselves that they've moved "upwards" in their implementation of e-business, but they've not moved "outwards" in the direction of the customer.

You have to "pick out the particular threads" of the business that will offer value to customers and make them available. UPS and FedEx are classic examples of how to do it well; opening the parts of the process that slowed the progress of a customer's parcel through the delivery system - the element that they most wanted to know about - without exposing anything irrelevant to them.

There will always, of course, be the occasional mischief-maker who tries to use the Internet opening to get into other parts of the organisation's system.

The answer here is rigorous partitioning of data and security measures.

"The basic firewall allows you to decide what sort of traffic you'll let through," but often that distinction is not employed in a fine-grained enough manner.

"When [an organisation's decision-makers] say: we'll let in TCP/IP traffic; they often don't appreciate that they're opening up about 15 different channels, all of which fall under the TCP/IP heading."

The standard approach is to have the data that the customer really needs replicated across to an isolated machine, with a "demilitarised zone" between that and the computer holding the main files.

"It would be a brave company that exposed all its back-end processes to the scrutiny of the customer," Moore says. "Those that do are either very carefully planned from the beginning - or they're just careless."

Before making information available, says PWC partner Phil Parnell, you should establish not only that it is going to be useful to the customer, but that its release will be useful to the company providing it.

The company is not only in possession of its own information, but that relating to customers, so it must naturally ensure none of that information is inadvertently revealed to other customers - who may be competitors of the customers whose information they discover, says PWC partner Jan Smolnicki.

The company must not only put security procedures in place to ensure that does not happen; it must publicise its security and privacy standards on the site, he says. These are all part of the company image.

Integrity of information is important, says Colin Slater, of PWC's global Risk Management Solutions unit; is the information on the Web page or in the database likely to be accidentally altered so the two become inconsistent? Availability is also crucial; Internet users expect a service to be available 24 hours a day, seven days a week.

You will want to ensure that your online outlet gives at least as much information and as high a service level as your physical outlet, says Moore; otherwise you risk compromising your overall brand.

A business needs to be aware that the customer would, under law, be entitled to a lot of the information that pertains to their own dealings with the organisation, says ASB Bank solicitor Steven Jurkovich.

"We need to embrace the fact that we should release information," he says. "Nowadays [in the banking sector] there is less of a window between what the customer wants to see and what the bank is prepared to reveal."

The bank must be careful that it does not unduly conceal information. If it is collecting personal information from the customer, it should, in accordance with the Privacy Act, disclose the purpose for which the data is being collected.

The answer to unauthorised intrusion is a systemic security attitude and policies within the organisation, he says.

There are "challenges" involved in deciding how much information you reveal to other parties online, says John Hayson, e-business manager for computer distributor Renaissance.

Do you show actual stock to your customers, for example?

"We'd be happy to let everyone see everything," he says. "The more you open your base of knowledge and information, the more people participate and the greater the knowledge grows.

"But the commercial reality is that there are always things you don't want your competitors to find out. There are legal and financial restrictions, particularly for a public company. The Stock Exchange says you're not allowed to disclose information that could have an effect on your market value.

"The way this is interpreted in the world of e-commerce is one of the difficulties created by old laws having to keep pace with a new era, he says.

Renaissance has been running a Web site with online ordering since April 1998. The system has gone through two major reworks since then, Hayson says.

At the front-line users of the Web site are kept away from sensitive data by simply not being given a button to access it on the page. But as a precaution against more sophisticated interference, the sensitive data is held on a different machine.

Renaissance made a lot of changes to its background business processes so the Web site customers could communicate through the site smoothly and get the fast response they expected.

The staff who used to process orders had a good deal of knowledge of the range of products and some of the individual customers. They could pick up mistakes on the paper order form and remedy them before the order hit the internal digital processes.

Managing the transition involved replacing that human intelligence with a complex set of business rules, Hayson says. It took at least six months to get part of the system right.

Renaissance staff went through every process on the background system, remedying factors that could have an adverse effect on information provided to the Web site user. On the way, there was also something of a clean-up.

"We would ask: do we need this information; why is it there; what do we use it for?" he says.

Initial decisions on what information to conceal and what to reveal were based on research with customers and suppliers, and reviewing some similar projects that had been done overseas.

"But a little of it was based on faith and guesswork," Hayson admits.

Join the newsletter!

Error: Please check your email address.

Tags e-commercee-business

Show Comments
[]