Wednesday, May 21, 2008

Zappos and Twitter-- and the futility of firewalls

This Harvard Business piece on Zappos: Why Zappos Pays New Employees to Quit—And You Should Too is most excellent. Where it is a great read for a number of reasons it was this that caught my eye:

This is a company that’s bursting with personality, to the point where a huge number of its 1,600 employees are power users of Twitter so that their friends, colleagues, and customers know what they’re up to at any moment in time.

That is very cool. It's about engaging your customers in new ways. It inspired me to start following some Zappos employees and it is indeed true that they have some serious fun. I don't know how many I'm up to now but it's a lot. You can see a list of Zappos employees that use twitter at I'm now following and being followed by the CEO, COO, the warehouse, and countless others. My interactions have been entertaining enough that I've decided to buy some shoes just to see what the experience is like.

I just have to decide whether to get the pumps, wedges, Mary Janes, or Vans.

Where this has all been great fun, it brings me to the point of this post. Yes, there will be a point. I was fortunate a couple of weeks ago to attend an Enterprise 2.0 panel which was "sort of" interesting. The conversation was lead by the CIO of my bank, which can remain anonymous as it's not particularly germane... all banks would have the pretty much the same philosophy. Basically, most of the discussion that day revolved around how to keep your business information private while starting to leverage the value of these new tools, and where you erect the firewalls.

I asked the naive question about how Anona Bank was using these tools to engage their customers (which includes me), and was told that they do not. As it turns out they block everywhere the bank's employees might encounter real customers: Facebook, Twitter, MySpace, Yahoo Groups, Google Groups, IM... and I ask, why not block email too? It was obvious that they really didn't want to have to engage with us messy ole customers except on terms defined by them. Which is a primary characteristic of last generation organizations. I mentioned the problem with Firewalls-- that no matter where you erect them you will be wrong. That as soon as you put them up, the requests will start flowing to punch holes in the wall here-and-there, and that before too long it will be just like that little hole in the levy that becomes a full-blown breach. The CIO of Anona Bank didn't really respond to my comment other than to sport a look that told me he'd spent more time dealing with holes in the levy than he cared to admit.

Which brings me back to Zappos. This is the model folks. Every person talking to every customer wherever they can find them. This is where we're all headed. You can fight it, or you can embrace it, but you can't escape it. You have to engage with your customers on their terms. The sooner you get there the better. I can say with absolute certainty, that if you are an old-world organization erecting your old-school firewalls, that some new competitor, somewhere is cooking up an alternative to what you're currently offering that embraces these new forms of engagement, and they are going to clean your clock. It's not too late to Zappize your business, but time is running short.


Unknown said...

I would say that banks and other financial institutions have a special problem to deal with. Especially when getting into FINRA compliance areas. (FINRA is just an example here, apply your regulatory agency of choice.)

In order to be in compliance all electronic communications must be logged, compliance reviewed (either by dictionary flagging or random sampling or both), and auditable by the outside agency. Company email makes this "easy".

Twitter, web mail, blogs, IM makes this very difficult. We are looking at installing an XMPP server for IM gateway that will allow us to do this. With any luck (and design) we will then allow employees to twitter (or whatever) via the XMPP gateway. We would then write our own code to log off the messages, and do the compliance thing.

I think XMPP (Jabber) is starting to be the common thread. If all services provide a XMPP way to do this communication, then institutions will be able to support. HTTP is not a great way to try and capture packets for compliance.

But all of this is costly, not too bad for a smallish organization like over selves, but a large institution could be problematic. I agree that they should do this, but if they don't yet see a dollar return it won't happen.

Now all of these rules ignore the obvious "but our employees have cell phones that they SMS, Twitter, Facebook, etc all day". Yes but it is not on company equipment. So you put in policies that say you are not supposed to do that. But you have an obligation to block it at the firewall for company equipment.

Drop the (frankly ridiculous) regulations and many financial institutions would open up like flowers. In the mean time, smaller organizations will be working hard to write (and hopefully release as open software) tools to do as much compliance as possible. Opening up where we can. Making an extra 20,000 dollars by opening up is no good if you are hit with 100,000 dollars in fines. (Yes totally straw man number argument there, just trying to illustrate a point.)

Kevin Gamble said...


Very good comments. I learned something. TY!

I think the basic point still stands. It just wasn't the banking person representing the organizations present that was so worried about privacy and controlling workers. It was a lot of people in the room with and without regulatory nooses.

Your concerns do raise another issue: industrial era policies and laws that are out-of-touch with the current trends. Definitely a weight tied to the ankles of many businesses and organizations. They need to be modernized.