Platt Perspective on Business and Technology

On the importance of disintermediating real, 2-way communications in business organizations 1

Posted in social networking and business, strategy and planning by Timothy Platt on May 8, 2017

I write on a recurring basis in this blog, on a variety of basic business strategy and operations issues that come together in this posting. A list of such issues would include making a business lean and agile, and more flexibly resilient in the face of change and its pressures. And any such list would essentially automatically have to include information management and communications, and identifying and remediating business systems friction there, where friction per se militates against lean and agile and resiliency per se, and essentially by definition.

There are two basic approaches that I could address this posting’s topic from: reactive and in terms of after the fact correction, and proactively and from a more preventative and opportunity creating perspective. My goal here is to pursue both of these faces to this complex of issues and in that order, and with a goal in doing so, of presenting an argument for actually pursuing the later so as to at least limit the need for ever pursuing the former. Though I will add in an at least seeming-complication to that too.

My primary focus in all of this is on making communications more direct and impactful while at the same time effectively meeting any and all realistic, and realistically necessary information and communications compartmentalization requirements, as for example arise when dealing with:

• Customer’s or employee’s sensitive personally identifying information,
• In-house proprietary information such as trade secrets, or
• Business intelligence from supply chain or other business-to-business collaborators that has to be kept secure and confidential.

And I begin doing so by citing a famous, if fictionally literary counterexample to the approach that I offer here, as can be found in Jonathan Swift’s novel: Gulliver’s Travels. (See literatureproject.com/gulliver-travel/ for a free downloadable PDF version of the full text of this book.)

One of the peoples that Gulliver is said to have encountered in his far-reaching journeys is the Laputians: a race of deep thinkers renowned for their grasp of mathematics and music but who were at least equally impractical in day-to-day matters as well. They tended to get caught up in their own areas of interest and expertise, and to the exclusion of all else. So when one of them had to converse with anyone from outside of their community, they employed the services of special servants who were known as Flappers, to facilitate that. These servants would carry about with them a special rattle on the end of a long stick, and when a Laputian they worked for was supposed to speak, they gently flapped their lips with it to remind them and to in effect enable them there. When their master was supposed to listen, they would similarly flap their ears with this device, and when they were supposed to look at something as a part of one of these conversations, they gently brushed this device over and near their eyes as well as a necessary cue for that too.

Of particular importance here, if a Flapper did not want their master to speak, or to even know if they were facing a possible conversation, they simply refrained from acting. They did not flap. If they wanted to end such a conversation, they stopped flapping and that was that. And if for whatever reason, a Flapper did not want their master to see something, they controlled that too.

Flappers were the quintessential information gatekeepers in Gulliver’s universe. And while modern businesses do not generally employ their exact counterparts, the gatekeepers that they do employ can have as far reaching an impact, and as much consequential control.

My goal for this posting is not to discuss or describe specific implementations of how a business can be better organized so as to facilitate more effective communications, and the information and knowledge development that would lead to it. Good practices, and certainly best practice solutions to that type of challenge are business and business-context specific, and depend on a variety of factors that can at times create conflicting organizational demands that would have to be reconciled. And the factors and forces at play in specific businesses that would shape and resolve these at least potential congruences and conflicts including but are not limited to:

• The business model of the specific business under consideration and how functional areas are set up and connected together, and why.
• The scale and size of the organization, where larger organizations with more functionally and task-oriented specialization can demand more complex overall structure and both laterally in a standard modeled table of organization, and vertically in its system of management and supervisory oversight.
• The levels and types of sensitive and confidential information held, and the nature and pervasiveness of access restrictions that have to be in place in order to safeguard it according to required due diligence and risk management standards.
• And the range over which employees, and in general and in specific areas of the business, have to reach across table of organization boundaries in order to jointly carry out tasks with more distant colleagues, that call for multi-specialty, multi-functional area participation.

It is at least a necessary goal of effective strategic and organizational planning, that the people responsible for it take these issues into account when doing so, and the overarching need for developing and maintaining more effective information and knowledge development and communications. And this brings me closer to what I would in fact discuss here: the question of how they would do this.

I answer that question with the Laputians and their Flappers in mind, and by posing a set of basic due diligence questions:

• Who in fact has taken on an information gatekeeper role in your business?
• Was this intentionally planned out and implemented, and do these information and communications intermediaries have specific thought-through gatekeeper responsibilities and areas of responsibility, and guidelines in place for when and where and how they should exercise this responsibility?
• And how is this activity being monitored and tracked, and performance-impact reviewed, and by whom and how often and under what circumstances?

Information security management, as a specific case in point is one area where at least some form of gatekeeper activity is likely going to be necessary and even required. But even in a seemingly clear cut context like that, a requirement for having information access gatekeepers in place does not necessarily mean that they are all working according to a same, single, and up-to-date set of guidelines. Arbitrary and ad hoc create deleterious friction, and it creates increased risk at the same time too, and both from allowing information access in specific cases where that would probably not make the most sense and by denying it or delaying it where it is in fact justified and necessary.

• Is the information access management system that is in place for this, consistently framed and enforced and throughout the organization?

That is, in fact something of a trick question. Many organizations in fact see genuine need to in effect carve out special areas in their overall systems where special and perhaps more restrictive rules of access and of communications might apply. So this question addresses an area of this overall discussion where a simple one size fits all approach is unlikely to work, or at least work best and certainly as a general rule.

But even when a business is so compartmentalized and with need, consistent enforcement of the rules that are in place, and certainly within any given same-approach area of the business, is essential. And everyone should know that whatever specific contextual rules they face in their particular functional area and in their part of the table of organization, information security per se is insisted on and followed, and fairly and consistently and throughout the entire organization as a whole.

And this brings me to the issue of change, which I at least briefly make note of here:

• Is this system being maintained and kept up to date, and both with regard to outside legal and regulatory and other requirements, and to meet internal to the business needs?

I have already at least briefly noted the issues raised in that bullet point in passing in this posting. I highlight this area of concern here as a significant due diligence issue in and of itself, and as one that calls for further consideration. But let’s return for the moment to consider processes and practices per se for this.

Is the system in place for managing sensitive information, explicitly spelled out in rules-based terms and with records kept on who has legitimate access rights to what specific types of sensitive data, and when and where and for how long? Does this rules based system distinguish between read-only access, and read with permission to maintain locally save copies of sensitive information while it is being used? Does it distinguish between read-only access rights and of whatever type, and read-write access rights where a holder of that level of authority can add, delete or alter records in place? How do you maintain archival records in the event that a recovery to an earlier stored version of your databases proves necessary from read-write error or from networked computer systems failure, and both for who has access to what, and for the information that these people would in fact access and for what they have accessed?

And this brings me to the issues of reactive and proactive systems that I made note of towards the start of this posting. Reactive systems essentially always have functional gaps in them, and both for what is officially supposed to be done and by prior-developed and established processes and procedures in place, and in how those processes and procedures in place are actually carried out. Reactive systems are always playing catch-up, and both from picking up the pieces when rules in place were not followed, and in attempting to improve those rules when they are but are found lacking. They are always playing catch-up to keep them relevantly in focus, so they address the right issues and situations actually faced, and to do so in ways that encourage their being followed and even when reactive per se engenders real uncertainty as to what should be done next.

That description addresses efforts to reactively remediate after perhaps multiple day-to-day, incident-by-incident failures and inefficiencies, when an effort is finally made to fix what has palpably locally been found to be broken and for a long time. And that description also addresses how they identify – usually with added delays, when a truly disruptive challenge has arrived and how that would be remediated as well.

Proactive systems seek to step out in front of all of this and to anticipate, and to build for flexibility and to implement accordingly. And this brings me back to those Laputians and Flappers again. The Laputians arrived at their system because they were attempting to proactively prepare for next and new contingencies and needs – when by nature they were more than just somewhat absent minded and inattentive and knew it, and when they thought that they needed specialized gatekeeper help to stay in focus when dealing with outsiders on matters that went beyond their own areas of real interest. It is not enough to simply be proactive. Proactive only works of it represents the right forward thinking and preparation, that is going to be put in place. And this means thinking through the possible contingencies and the possible adverse outcomes that a proposed proactive solution might engender and it means consistently performing reviews and analyses of performance results achieved from them to track how they have actually worked out. And that means proactive depends on reactive, or at least post hoc in order to keep it on track. Proactive without a backward looking experiential foundation cannot succeed, in and of itself.

And this brings me back to the reality check due diligence questions that I bullet pointed above. Add to them a set of questions that would help specify what particular information should not simply flow freely throughout the organization, and where it can go and still meet due diligence and risk remediation requirements. Now where are the barriers in place, to effective communications that are counterproductive to the organization and its functioning and either in principle for their being in place there or in practice from how they are implemented?

I am going to continue this discussion in a next installment where I will explicitly consider innovation and the innovative business. And I will discuss how both effective and unduly restrictive rules-based information management guidelines can and do impact upon information and knowledge development, and on communications systems that can at least in principle help turn what is known into realized value. And turning that around, I will address how innovative initiatives and the drive to achieve them shape and reshape information and knowledge development, and communications systems development and implementation too – and those rules-based systems.

You can find this and related postings and series at Business Strategy and Operations – 4, and also at Page 1, Page 2 and Page 3 of that directory. And also see Social Networking and Business 2 and that directory’s Page 1 for related material.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: