Marina Gorbis's Blog, page 1590

Cyber attacks, once primarily directed against networks to steal confidential information and wreak virtual havoc, have begun to expand and are now directly affecting the physical world. For example, the recent hacking of the Associated Press's Twitter account by the Syrian Electronic Army and subsequent tweet about an explosion at the White House caused the U.S. stock market to decline almost 1% before the news was revealed as a hoax. In 2010 the computer worm Stuxnet was discovered and implicated in the attack that caused physical damage to centrifuges at Iranian nuclear enrichment facilities. In 2012 a hacker built and revealed a simple device that can open Onity-brand electronic locks (which secure over 4 million hotel room doors) without a key.

The growing Internet of Things — the connection of physical devices to the internet — will rapidly expand the number of connected devices integrated into our everyday lives. From connected cars, iPhone-controlled locks (versions of which here, here, and here are in or close to production), to the hypothetical "smart fridge" that will one day order milk for me when I've run out, these technologies bring with them the promise of energy efficiency, convenience, and flexibility. They also have the potential to allow cyber attackers into the physical world in which we live as they seize on security holes in these new systems.

As consumer demand for connected devices increases (and projections from Cisco and others suggest that there will be 50 billion connected devices by 2020), traditional manufacturers will, en masse, become manufacturers of connected devices. As these devices become subject to the same cyber threats with which software developers have long been familiar, companies will need to take steps to integrate security considerations into their designs and design processes right from the start.



Train engineers to apply existing systems-engineering tools to security threats. Apart from those who work on specific niche applications, engineers who write software for embedded hardware systems don't usually focus on security issues. For example, although Onity locks used a "secret" cryptographic key to prevent unauthorized access, the key was stored insecurely in the lock's memory, allowing hackers to bypass the security and open the lock. And several models of networked security cameras, designed for remote streaming of real-time security footage over the internet, are vulnerable to remote hacking through a software flaw that exposes the video stream to unauthorized parties and compromises security and privacy. Educating engineers on common cyber threats and design paradigms that have evolved to mitigate attacks would allow them to integrate existing robust security protections into the systems-engineering practices that they already use to build reliable, stable systems.

Train engineers to incorporate security into products by using modular hardware and software designs, so that a breach in one area can't take control over other parts of the system. Technologies like microkernels and hypervisors (which allow individual components to fail and be restarted without affecting other parts of the system) are already commonly used to increase the reliability of embedded systems. These technologies also isolate different parts of the system from one another in the event of a security breach. So, for example, if attackers remotely take control of a car's infotainment system through an unsecure music-streaming station or e-mail app, they won't have access to the authentication or navigation application to change the car's destination or order a remote pickup.

Use existing, open security standards where possible. Open security standards, whose details and implementation have been investigated and vetted by many experts, are more secure than proprietary solutions. Robust security is hard to achieve, and mistakes in proprietary approaches often manifest themselves only when a third party has succeeded in uncovering a security weakness. The internet is built on open standards. Technologies like TLS (which provides secure identification, encryption, and prevents eavesdropping) and OAuth (an open standard for authentication) provide secure, tested protocols. While choosing an established platform does remove direct control over some security design decisions, it is preferable to rolling one's own custom solution, which will have been subject to less scrutiny and the input of fewer experts.

Encourage a skeptical culture. In addition to incorporating security considerations into formal design processes, companies should encourage a skeptical culture in which intellectually diverse groups from different product teams review one another's designs and give feedback about flaws, including those that affect security. One particularly useful approach is to designate internal specialists or external experts as devil's advocates and make it their job to independently review, test, and try to break existing systems. Products produced from a culture in which skepticism is not just encouraged but formally ensured are not only more secure but generally more reliable, as well.

The smart, connected fridge that will know when I've run out of milk and automatically place an order seems like a lovely, benign addition to my house. But when that fridge also has access to my credit card and can wirelessly unlock a door for a delivery person, it becomes less benign, especially if it depends on a security model designed for a fridge that only plugs into the power outlet. As cars, locks, cameras, and other traditionally unconnected products join the Internet of Things, cyber threats directed toward hardware will affect an increasing range of companies. For these companies, investing in a robust, open security solution will be less costly than deploying a proprietary system, if its hidden flaws cause customers harm, trigger costly product recalls, and damage their brand.

Data Under Siege
An HBR Insight Center





Cyber Security in the Internet of Things
Is Anyone Really Responsible for Your Company's Data Security?
The Public/Private Cooperation We Need on Cyber Security
Embrace the Complexity of Cyber Defense

John Macomber, senior lecturer at Harvard Business School, explains why the private sector needs to focus on city-level improvements.

That's a question I am almost guaranteed to hear during any social media workshop, or indeed, in one-on-one conversations about social networking. Even committed LinkedIn users are often uncertain of which connection requests to accept, or which invitations to extend: Someone who regularly shares your blog posts on Twitter? That guy on your condo board? Your cousin's girlfriend with the commemorative-gold-coin business?

The problem of who to connect with on LinkedIn puzzles people precisely because the network itself is neither fish nor fowl. Is it a social network like Facebook, where your connections are (at least notionally) "friends"? A public platform like Twitter, where people can see and judge you on the number of your followers? Or just a really awesome address book?

It's actually all of these things.

To use LinkedIn to its fullest potential, you need to tap its power as an introduction machine: an address book in which all the entries can see and connect with another, to create a mini-network with you and the things you share at the hub.

But that introduction machine only works if you are selective about which connections you initiate and accept.

I learned the value of selectivity the hard way. In the early days of LinkedIn, I connected with anyone who asked, just as I had on other social networks. But once I started trying to use it to get introduced to people I wanted to meet, I discovered that my promiscuity in making connections meant that most of my search results consisted of people I couldn't actually get introduced to. Yes, each search turned up tons of potential connections — people who were connected to people I was connected with. But most of the time, that point of connection was someone I didn't know well enough to ask for an introduction. I wasted hours digging through pages of search results just to find the two or three connections I could really leverage. You need a filter to help you connect to not just anyone you know, but only those people who will be able to help — or whom you can help yourself.

Thus was born the "favor test," the answer to the who-should-I-connect-to-on-LinkedIn question.

The favor test is simple: Would you do a favor for this person, or ask a favor of them? If so, make the connection. If not, take a pass.

A favor isn't constrained to an introduction; other kinds of requests come into play on LinkedIn: Would you support my charity? Will you attend my conference? Can you review my book?

When you're thinking about whether to accept someone's invitation to connect, imagine being faced with a request like this. (Note that there's a difference between saying yes to a conference because it's an interesting event, and saying yes because you want to help out the person who asked.) It's the people you'd go out of your way to help or whom you trust to go out of their way to help you, however modestly, who pass the favor test.

If you're consistent in applying the favor test, you can build a LinkedIn network that is useful and efficient in supporting any professional goal.

But you don't want to be one of those people: the kind of person who evaluates people based on a number. The whole point of the favor test is to think about the two-way quality of your relationships. LinkedIn has its most dramatic impact when a favor goes from a hypothetical test to a tangible action — when you make those introductions, or when you meet that key individual at a company you've always dreamt of working for. Once you see your LinkedIn network not only as a way to realize your own goals but also as an asset you can share with the people you believe in, you'll find it gives you much more than a few more sales leads, or a higher rank in the stack of resumes on a recruiter's desk.

--

For more on the favor test, and other ways to make the most of LinkedIn, check out Alexandra Samuel's new e-book Work Smarter with LinkedIn , just out from Harvard Business Review Press.

A majority of retail managers said in a survey that they thought customers would be more satisfied getting perks and bonuses in public than in private, but a team led by Lan Jiang of the University of Oregon shows that's not so: Consumers have mixed emotions when others see them get unearned rewards, such as a cartload full of groceries for being the millionth shopper. It takes the presence of just one other person for the rewardee to start feeling negatively judged, the researchers say. Those mixed feelings dissolve, however, if the observers have higher status than the recipient.

Few industries illustrate the Big Data wars better than the media business. In TV programming, combatants like Netflix and Amazon challenge decades-old premium channels and other producers to gain watchers with original programming. Using their treasure troves of information on online customer viewing habits, they're designing new TV series that their data tells them will win.

Early results show that it is working — and that many pre-Web media companies should be concerned. Netflix's first foray into original programming, the "House of Cards" series, has been a big hit (although the company doesn't disclose ratings). The company says the series brought in 2 million new U.S. subscribers in the first quarter of 2013, a 7% increase over the previous quarter. The company's chief content officer said in February that Netflix uses "really big data" to pick which shows to produce and how to promote them. Yet Netflix's debut as a producer also demonstrates something far more important: how Big Data can fundamentally change the structure of an industry by shifting the balance of power.

The Big Data wars are hardly limited to the media industry. In December 2012 and January of this year, Tata Consultancy Services surveyed 1,217 executives from large companies (revenue of more than $1 billion) in a dozen global industries in North America, Europe, Asia-Pacific, and Latin America. We found that companies with huge investments in Big Data are generating excess returns and gaining competitive advantages, putting companies without significant investments in Big Data at risk. The reason: There's a big learning curve with Big Data, one that companies such as Netflix and Amazon had to embrace in the 1990s to deal with hundreds of millions of customer clicks.

It's a learning curve that most other large companies have not yet faced. So what differentiated the companies with the greatest expected returns on Big Data for 2012 from those with the smallest? We categorized as "leaders" survey respondents that estimated a greater than 50% return on their Big Data investments last year (a number far above most companies' hurdle rate). Although they tended to make much larger investments in Big Data, they also generated much higher returns on those investments than the laggards did. Higher spending correlates with more headroom for revenue growth.

Specifically, our study found that the companies estimating the greatest returns last year on Big Data outspent those with much smaller ROI by a factor of more than three — a median spend of $24 million vs. $7 million. Of the 53% of the survey respondents that had Big Data initiatives in 2012, median spending per company was $10 million, a relatively small amount given that median revenue was $6.9 billion. But that median spending masks a great polarity in Big Data investments — a huge gulf between companies that have embraced it and those that are slow to adopt. A narrow slice of the respondents (7%) with Big Data initiatives in 2012 invested at least $500 million each on Big Data software, hardware, data scientists, consultants and other related expenses. On the other end of the spectrum, 24% spent less than $2.5 million apiece on it last year.

Of course, simply spending more is not a strategy. How else did the companies projecting the greatest ROI from Big Data differ from underperformers? We found four key differences:

Leaders are more Internet-centric. On average, 42% of total revenue of the ROI leaders came from customer orders received via the Internet, compared to just 29% for the laggards. This may not be a big surprise; many of the early Big Data technologies such as the Hadoop Big Data system came from Internet companies themselves such as Yahoo and Google. Internet companies face many digital interactions, so they need Big Data technologies and people to sort through their click-stream data. Yet ROI leaders in our study also included telecoms, retailers, banks and high-tech companies. You don't have to be an Internet company to generate outsized returns on Big Data.

Leaders panned for gold in several places. ROI leaders see greater potential from Big Data to improve a number of marketing, sales, R&D and service activities. Companies such as Procter & Gamble and Netflix are using Big Data to identify new product opportunities. Leaders also believe Big Data holds much greater potential than do underperformers for improving four marketing activities: monitoring and improving customers' experience in offline channels (such as stores); discerning competitors' moves beyond pricing; monitoring external perceptions of the brand; and marketing based on customers' physical location (which is why it's become important for many companies to buy mobile data). This last activity helps explain the appeal of Big Data to a growing number of retailers. Leaders also see big potential from Big Data to monitor their products' performance in the field. General Electric is committing $1 billion to an analytics and software center to monitor the performance of its aircraft engines, healthcare equipment, power generation and other machinery, helping customers get more value.

Leaders are more aggressive in exploiting unstructured and external data. Unstructured data, or digitized text, video, machine and other data that doesn't easily fit into traditional databases, is hard for computers to analyze. That's changing, however, as analytics tools come to market for performing such compute-intensive chores as discerning sentiments from text. The ROI leaders make such unstructured data a bigger part of their data mix (55% of their digital data is unstructured or semistructured) vs. 46% for the ROI laggards. And on another measure, leaders use a higher percentage of external data (that is, data they don't own): 37% vs. 26% for laggards. Retailers that want mobile location data of their shoppers must get that "external" data from the telcos.

Leaders are more likely to create a home for their Big Data professionals. Instead of embedding data scientists in business functions, ROI leaders centralized their analysts. Some 79% of the ROI leaders put their analysts in a dedicated Big Data group or in IT vs. 68% of laggards. The manager of a large analytics team at a big Internet company believes that removing analysts from business units and functions and centralizing them was critical to success. When they reported to business unit managers, "our analysts got heavy pressure to confirm what those unit managers were already doing," the manager said. Centralizing the analysts also helped them share analytics methods, which he termed the "special sauce." Providing unvarnished advice to key executives about how to optimize the website, the analysts have helped the firm increase revenue by tens of millions of dollars.



One cautionary note: while Big Data can help businesses identify unnecessary costs, cost-reduction strategies face diminishing returns. Companies such as Netflix, General Electric and LinkedIn have revealed far more potential in using Big Data in sales, marketing, R&D and other revenue-generating activities to drive growth.

Companies still dabbling in "small data" would be well-advised to make serious changes or risk losing to those that have adopted Big Data in a big way.

No matter how nimble, innovative, or globally networked your organization or business is, it will run smack into the limits of its capabilities just by virtue of operating in today's dynamic world. To push through these limits, you need to tap into a nearly bottomless force of adaptability known as symbiosis.

Symbiosis is a biological concept — roughly defined as a partnership between organisms — that has helped living creatures innovate and expand into new niches for billions of years. Symbiosis has allowed organisms to defend themselves from predators, to lure prey into their mouths, to produce energy from the sun, and to produce energy in places where the sun never shines, among other things. Every organism on Earth is engaged in many symbioses with other organisms.

Symbiosis is a powerful force in business too. A broad examination of nature reveals six key guidelines for adaptable symbiotic relationships that can be applied to today's organizations:

Make your symbiosis count. Symbioses have no intrinsic value. Animals don't work together because it's a good idea to "break down silos" or "reach across the aisle" or "diversify their assets." They work together to solve problems. When Yahoo bought Flickr and let it sit on the shelf, that wasn't symbiotic, it was just a waste of money. Likewise, if you're organizing a meeting to get engineers and marketers in the same room, getting them in the same room is not a good enough reason. There had better be a problem to solve that they cannot solve unless they're in the same room.



Love thine enemy. Natural symbioses occur between the most unlikely of partners. Throughout life's history, conflicts between organisms have resolved into symbiotic partnerships. There are small fish that swim right into the mouths of large predatory fish to clean their parasites — the little fish gets some food and the big fish forgoes eating the little fish in exchange for getting its parasites removed. After Superstorm Sandy, Republican New Jersey Governor Chris Christie and Democrat President Obama forgot election-year politics for a brief partnership that ensured a better flow of federal disaster aid to the Jersey shore and provided Obama a measure of credibility as a leader in a time of crisis.



Don't wed your partner. No one thought the "bromance" between Obama and Christie would last long after the last relief check was cashed, but it doesn't matter. Symbioses can be so long-lived that the individuals become inseparable, or they can consist of extremely short get-togethers that focus on one immediate problem. After the Boston Marathon bombings, to show support for the shell-shocked city, New York Yankees fans sang the Red Sox anthem "Sweet Caroline" in Yankee Stadium. That gesture was warmly welcomed by Bostonians, but I doubt it will happen again. These symbiotic relationships are no less powerful when they are short-lived — in fact, having the freedom to make short-term partnerships with the enemy provides much more latitude to respond to unexpected crises or seize novel opportunities.



Forget quid pro quo. For a while in ecology, a sort of Chicago School of Economics mentality prevailed, and there was a near-constant search to identify the cost-benefit functions that supposedly govern natural symbiotic partnerships. The problem is, those functions don't exist. Symbiotic partnerships occur because they solve problems, not because some Pareto optimal resolution has been achieved. Sometimes one side of the partnership benefits enormously while the other barely benefits, and sometimes one side gives up an awful lot in order to be able to adapt to difficult circumstances. When Dr Pepper Snapple Group wanted to reach a huge but tricky demographic — the Millennials — it developed a novel symbiosis with Viacom, the parent company of Millennial-tuned MTV. To draw MTV in, Dr Pepper made the unusual offer to let MTV choose any lesser-known Dr Pepper brand it wanted to market and offer Viacom equity in that brand. In the end, MTV helped Dr Pepper turn a third-tier product called Sun Drop into a national player, and gave itself credibility as the go-to marketer for any brand — no matter how staid — desperate for Millennial attention (General Motors lined up next). It's impossible to say which side got the best end of this relationship, and it doesn't matter — if either side can do just a little better as a result of a symbiosis, it makes sense to partner up.



There's no such thing as a perfect partnership. Natural organisms don't strive for perfection, they just try to solve problems. I've written about partnerships among Israeli, Palestinian, and Jordanian health officials. They've worked together successfully to stop the spread of infectious diseases, but none of them is trying to create peace in the Middle East. Symbioses built out of "grand visions" are the most likely to fail. As Car and Driver noted in its analysis of partnerships between automakers, big all-or-nothing partnerships, like DaimlerChrysler, tend to fail, whereas very tightly focused partnerships (like Toyota licensing hybrid technology to Subaru, or BMW providing diesel engines to Toyota) have been so successful that they no longer raise eyebrows, even in the highly competitive auto industry.



Prepare for the unexpected. The most amazing thing about symbiosis is that the outcome can't ever be predicted just by looking at the two entities separately. The bacteria in our own gut — which help us digest a wide variety of foods in exchange for a home to proliferate within — also now seem to play an essential role in preventing autism and obesity. In ecology, we call these unpredictables "emergent properties," but they're a close analog to that hard-to-define and harder-to-predict concept of "serendipity" that is so actively sought after in business.

You can't plan for serendipity, but you can create space for the emergent properties that often come with symbiotic relationships. One way to do this is to identify new or longstanding problems within your organization or throughout your industry and issue a reward-based challenge to anyone in the organization to help solve it. A challenge-based problem-solving program typically yields fast, cheap, and unexpected solutions, often because it creates a natural point of coalescence for symbiotic partnerships.

We're facing an eyebrow-raising talent shortfall in cyber security. Consider the findings of a recent inquiry by the UK's National Audit Office. Its report stressed not only that the current pool of security-educated graduates and practitioners falls far short of demand, but also that "it could take up to 20 years to address the skills gap."

This is a challenge my team at IBM is addressing, largely by connecting with the proliferating academic programs on cybersecurity and encouraging higher levels of collaboration among them, industry, and government. (See our recent report here: Cybersecurity Education for the Next Generation.) We're particularly concerned to see that the heavy demand from employers for people capable of fighting off today's waves of cyber attacks is pulling talent out of the ranks of professionals who would otherwise be educating the next generation, and doing the critical research to advance the state of the art. Especially given the rapid and continuous evolution of threats, it's critical that academic cybersecurity programs share best practices and curriculum updates.



But it's just as important for enterprises — from startup businesses to large corporations, and from small nonprofits to vast government agencies — to do their part. They have the means as well as the critical need to enhance their employees' cyber security knowledge.



Start with the many IT professionals on their staffs that were never educated in the security aspects of systems. One important way to achieve enhanced security is to design it from the start, in new application development, in how data is managed, and in the construction of IT infrastructure. Employers should invest in IT employees' training, encouraging and supporting the pursuit of related certificates and degrees from graduate schools and other outside programs. The financial investment need not be large. Coursera, Udacity, and other free, online resources offer security-related courses, and there are numerous online Webinars and YouTube videos to which employees can be directed.

Even those employees who did arrive with security knowledge have more to learn. The field of cyber security is constantly expanding, with more domains to secure and more ways to attack. Intrusions are harder to detect; attackers are stealthier and more evasive. Academic programs that did emphasize cryptography and countering sniffing and denial-of-service attacks now cover areas like cyber-physical attacks, the protection of heterogeneous systems, and real-time security data analysis.

Better yet, hiring enterprises can find ways to join forces with academic programs. Among the hundreds of programs we follow, many focus strongly on business. These tend to have industry advisory boards or sponsors. Their best business partners are deeply engaged, funding research and design competitions, providing fellowships and scholarships, contributing to curriculum design, and sending their own employees to the institution for training and advanced degrees.

Your education mission doesn't end at the door of the IT department. All the rest of your employees also need to know more about protecting themselves and the company. In a recent Ponemon Institute survey, 73 percent of respondents reported that an employee's security misstep had caused financial loss and/or brand damage to their organization. The sad truth is that many employees do not even know when they are engaging in risky behavior that could cause a major security breach. That widespread naivete can take a heavy toll in an era of Bring Your Own Devices (BYOD) and social media. A slipup can happen to anyone, regardless of their position in the organization.

The best defense is to provide comprehensive education programs for employees. You don't have to turn every employee into a cyber security expert to improve your defenses collectively. IBM, for example, requires all employees to complete digital training each year, which covers matters from secure handling of client data to appropriate sharing on social media sites. Employees can easily learn how to spot and avoid the most frequent types of threats, such as phishing attacks in emails.

Whether taught in a university setting or carried out in an enterprise, cyber security is a holistic problem and needs a holistic solution. Just as educational institutions are beginning to develop interdisciplinary approaches (such as joint programs between computer science and business, medical, law, economics, public policy, criminology, and even journalism schools), organizations should ensure that their approach to security reaches the people responsible for infrastructure, human resources, data, applications, ethics assurance, management policy, and legal compliance.

There have been technological advancements within the last few years to help Chief Information Security Officers (CISOs) secure corporate networks against unintentional, or intentional, risky behavior by employees. But while such technical controls, and the establishment of sound policies, are essential components of effective security, educating employees in IT and cyber security is one of the best investments a company can make — and a rational recognition that it will take all of us to create a more secure future.

Data Under Siege
An HBR Insight Center





Cyber Security in the Internet of Things
Is Anyone Really Responsible for Your Company's Data Security?
The Public/Private Cooperation We Need on Cyber Security
Embrace the Complexity of Cyber Defense

"Beautiful," Cora Milano said, looking up at the soaring spires and gothic arches of the immense charity hospital.

Her colleague, Augusto Tolentino, barely paused. He was in a hurry to get to their meeting — and to make a point to Cora.

The two worked together at Bosi e Faora, a São Paulo-based medical supply manufacturer. Augusto was officially the head of operations, but his real job was as the right-hand man of the company's diretor presidente, who had informally dubbed him "head of customer satisfaction." Cora was the sales director.

(Editor's Note: This fictionalized case study will appear in a forthcoming issue of Harvard Business Review, along with commentary from experts and readers. If you'd like your comment to be considered for publication, please be sure to include your full name, company or university affiliation, and email address.)

Augusto and Cora were on their way to see Sergio Lins, the purchasing director at the Santa Cara de Misericórdia hospital, a few hundred kilometers from the Brazilian capital. Like many of the company's large customers, this philanthropically funded general institution aimed to serve as many patients as inexpensively as possible. So Lins was extremely frugal, always opting for minimum orders and negotiating relentlessly for low prices.

Augusto had been preparing for the meeting for weeks, because he hoped to change the relationship — and to show Cora that the new solutions-based selling and pricing strategy that Bosi e Faora had recently adopted with great success for its specialized, wealthier hospitals could work with all kinds of customers. Augusto saw discounting as a sinkhole — just like the ones that opened up in roads all over Brazil during the rainy season, trapping cars and their drivers. In fact, they'd heard a news report about just such an incident earlier that day and Augusto seized upon the metaphor to persuade Cora.

"That car is like our business," he said. "For years, our sales reps have given bigger and bigger discounts to sell more products, and our prices and margins have dropped steadily. The whole company has fallen into the price sinkhole. And as you know, the diretor presidente's goal is to increase margins by 3%. Solutions selling is the only way to do that."

But Cora wasn't at all convinced that a solutions-selling strategy would work for institutions like the one they were about to visit. "I know we've persuaded some of our specialized hospitals to spend more on an array of products and services — those 'touch points' you love to talk about," she said. "But general hospitals lack the resources. They don't care about our touch points."

"Cora, with all due respect, we have to overcome that attitude if we want to increase margins."

"I'm just being realistic," she responded. "I talk to these people more than you do."

An Unacceptable Minimum

The solutions-selling idea had originally come not from Augusto but a customer: a São Paulo cardiology hospital run by a charismatic doctor who took a keen interest in the medical devices business. A year ago he'd complained to his sales rep about Bosi e Faora's lack of engagement.

"We are very engaged," Augusto retorted when Cora relayed the message. "We'll sell him anything he wants. Tell him to name the product, and we'll provide it."

But the hospital director wasn't talking only about products. He wanted Bosi e Faora to help him better serve his patients. He was looking for ideas.

The rep had none. Neither did Cora. Out of frustration, the hospital director suggested one off the top of his head: "Bosi e Faora sells me beautiful, state-of-the-art blood-pressure cuffs," he said to the rep. "Could you also sell me inexpensive ones that I can resell to my patients who need to check their blood pressure every day because they're at risk for strokes and heart attacks? And could you make the cuffs electronic so that a nurse can see the data and call the patient if there's a problem?"

The wide-eyed rep presented this idea back at headquarters as though he had discovered a tribe that spoke an unknown language. But the language wasn't entirely unfamiliar to Augusto. He recognized that the customer wanted to move beyond a purely transactional sales relationship — "I'll pay you this if you give me that" — and instead collaborate to solve patients' problems.

The doctor's suggestion prompted a series of significant changes at Bosi e Faora. The company already manufactured a wide range of automated, easy-to-use blood-pressure cuffs, including some that were quite inexpensive (though not very accurate), and it sold simple telemetry systems for remote blood-pressure monitoring. Combining the two concepts turned out to be fairly straightforward, and within a year Bosi e Faora implemented the hospital director's idea on a small scale.

Building on this success, Augusto proposed that Bosi e Faora expand the number of customer "touch points" — that is, opportunities to help hospitals and medical practices improve patients' health. The company gradually began to reposition itself as a provider of not only products but also services, such as training, and the sales reps became more adept at suggesting innovations such as cobranded informational materials.

Still, profitability was not improving, in part because Augusto hadn't dared to try extending the new solutions approach beyond the specialized hospitals in the city of São Paulo to the charity and other private hospitals of São Paulo state, which made up more than 60% of the company's business.

Device makers competed intensely for sales to these institutions by signing up as many customers as possible, using steep discounts if necessary to drive the competition away. Bosi e Faora's sales reps, who were responsible for price negotiations, were rewarded for quantity, not margins — and they had considerable control over the final offer. In fact, for hospitals that employed no more than 10 doctors, the reps didn't even have to obtain company approval for discounts. As a result, prices ranged widely: The average price for Bosi e Faora's flagship wall-mounted blood-pressure monitoring system varied by almost 40% throughout Brazil. The overall trend was downward, and the price erosion led to a steady decline in margins.

The company had recently tried to establish "acceptable minimum prices," but customers and sales reps alike were unreceptive to the AMPs and now openly worked around them. Augusto even broached the idea of dropping some of the barely profitable hospitals, but the diretor presidente said no: He had become enamored with the early success in specialized hospitals, so he instructed Augusto to make solutions selling work for every customer. Augusto accepted the challenge.

Years of Work Down the Drain?

So here they were, ready to test the concept at a less-wealthy general hospital. Sergio greeted Augusto and Cora in a courtyard that looked like something out of fifteenth-century Lisbon. The Bosi e Faora rep, Roberto, was with him.

Looking nervous, Roberto leaned close to Cora and whispered, gesturing at two men who were talking on their phones on the other side of the courtyard. She glanced at them and raised her eyebrows. Augusto was puzzled but kept his attention on Sergio, who had a disarmingly warm smile.

In his office, Sergio talked soberly of the hospital's persistent debt, the shifting philanthropic landscape, and other weighty matters. Eventually he brought up the company's proposal, sent to him earlier, that the hospital expand its reach by creating a series of learning apps for patients' mobile phones and a lending library of simple medical devices that could be used at home. Bosi e Faora would start by providing an app and equipment aimed at preeclampsia. The company's research showed that for general hospitals, which saw large numbers of pregnant women, this serious and sometimes fatal condition, signaled by high blood pressure, was often caught too late, if at all. Patients would be able to borrow or lease a wristband-type blood-pressure device, use the app to learn about the condition, and even ask questions of experts on the hospital staff.

"Too expensive," Sergio said brusquely. "Surely after all these years in the health care business, you understand my situation. Look around you. We have too many patients and not enough resources."

Roberto nodded in agreement. Cora glanced at Augusto but remained silent. Clearly his colleagues weren't going to help him, so Augusto jumped into the role of salesman. He passionately explained how Bosi e Faora wanted not just to sell to the hospital, but also to partner with it. The company's proposal for a package of services and products was ideally suited to the hospital's needs, he argued.

Sergio waved a hand dismissively. "You're just trying to up-sell me," he said. "Where do you think you are? This is Brazil. We simply don't have the cash for additional equipment. That's why price is all-important."

"You are placing price above value," Augusto said, shocking himself with his bluntness.

Sergio, too, was taken aback, but Augusto decided to increase the pressure: "A business relationship must benefit both parties. If we can't work with you on a more extensive basis to develop solutions for your patients, we might have to reconsider our relationship with you."

Sergio burst out laughing. "Your relationship with me has lasted for 15 years, and for very good reason. I'm your key customer in this area, and the other hospitals look to me for guidance. They know I have a good relationship with your company, and it's because of my influence — my personal influence — that so many of them have contacted Roberto and placed orders. Without this hospital, you would lose many of your customers here. So you can't possibly be serious about dropping me.

"But if you are serious," Sergio continued, "I must excuse myself. As Roberto knows, the two men who were in the courtyard earlier are salespeople from your closest competitor, Produtos Médicos. They've been selling to us on a low level for years, but they are making a big push to double that volume. They've been talking about some very interesting prices, tempting us with discounts. I've resisted, of course, because of my close ties with Bosi e Faora. But now —"

Question: Should Bosi e Faora abandon "solutions selling" for some of its customers?

Please remember to include your full name, company or university affiliation, and email address.

At the end of this month, President Obama will begin his trip to Africa, visiting South Africa, Senegal (in West Africa) and Tanzania (in East Africa). The trip will be expensive, and The Washington Post has highlighted the large cost at a time of budget tightening. However, even the myopia of the US budget process cannot obscure reality in this case—this is money well spent.

Putting aside security, global health, and other national issues, US commercial interests alone make Africa an important destination for our President. There is a lot at stake.

Africa ranks second—behind emerging Asia—as the fastest growing region of the world. The IMF forecasts that Sub-Saharan Africa will grow at a rate of 5.4% this year, about 50% faster than Latin America, and infinitely more than Europe, which is currently expected to grow not at all or even contract. Also, Africa's growth is not from a small base. Africa today is a $2 trillion economy, roughly the same as Brazil or India (where few would say a presidential visit is wasted). Of course, Africa is not one country—its many individual nations mean the growth, risks and opportunities vary widely. However, few would deny that West Africa, East Africa and South Africa each hold significant growth opportunities for US companies. It's wise of the White House to have the President visit all three, drawing guests from the whole region and not just the host countries.

The following are snapshots of what's happening in these regions as the President prepares to travel:

In West Africa, the regional dairy and frozen food manufacturer Fan Milk was just acquired (by Dubai-based Abraaj capital) for over $300 million. Abraaj knows Africa well, as few others do, and is betting that even that level of capital investment in one company will yield the 2-3X return on investment private equity it must generate to attract investors to frontier markets like Africa.
In East Africa, Tanzania (where the President is stopping) and Mozambique (which is next door) have just had the most important natural gas finds of the new century. About $30 billion will be spent developing those gas fields and building associated facilities. Natural resources are not the whole story of Africa's growth — they account for about a quarter — but they drive many opportunities that US firms should be capturing..
In South Africa, the opportunity is longer term. It has long been the darling of investment on the continent and, since the 1994 election of Nelson Mandela, an inspiration to many. Today, South Africa is facing its most wrenching social and political challenges since the end of Apartheid, including slowed growth and social unrest. With the shortcomings of its post-liberation structure visible, South African businesses, government, and labor are forging a new social compact. The US did the same about 12 years after our own independence, not without pain, and again repeatedly thereafter. It is a wise investment for our president to show solidarity during this time and make clear that he and US businesses see a bright future ahead in South Africa.

So what does Africa mean to the US, specifically to US companies?

Growth. General Electric's CEO Jeff Immelt reports that he may sell more gas turbines in Africa than in the US over the next three years. Eric Schmidt's Google reports more click-throughs in Africa than in Western Europe. Not surprisingly, both men have traveled to Africa this year.

Innovation. Intel Capital is the global investment arm of the Santa Clara-based Intel. They scour the globe for technologies they can invest in and bring into the Intel fold. In the next six months, Intel aims at reaching over 400 African developers and creating 100 new applications locally that will offer users different experiences across mobile phones and tablets running on Intel architecture. Africa is largely mobile-native environment, and multiple US technology companies are now discovering and developing technologies there to bring home and across the world.



Jobs. Africa is growing, needs more of everything, and has the means to pay. In 2011, US exports to Africa were $21.1 billion, up 23% in just one year and up 350% since 2000. According to the US Trade Representative's office, the top export categories were machinery ($4.0 billion, up 15% over the prior year), vehicles and parts ($3.5 billion, up 42%), non-crude oil ($1.8 billion, up 30%); cereals ($1.7 billion, up 31%); and aircraft and parts ($1.5 billion, up 32%). Do you know someone working in one of those sectors? Are they finding growth like that elsewhere in the world?

Critics of the $60-100 million estimated price tag of the trip might have a commercial case if Africa only served as a place to spend US aid money. Instead, the Africa of today is one where US companies can find growth, innovation, and job opportunities for those at home. To the extent the President's visit advances those goals by even a fraction, the commercial benefits alone well outweigh the cost.

Talk to the founders of Silicon Valley startups and they will tell you that the single greatest obstacle they face after they obtain funding is the dearth of skilled talent. They say this is limiting their ability to innovate. A group of tech CEOs told President Obama in March that five companies alone — IBM, Intel, Microsoft, Oracle, and Qualcomm — had 10,000 job openings in the US. They called this "one of the biggest economic challenges facing our nation" and asked the president to address the need for more qualified, highly-skilled professionals, domestic and foreign, and to urgently enact immigration reform.

Polarization is often stark around highly-skilled immigration, one of the issues at the heart of the tech sector's pleas. It can be difficult to separate fact from fiction.

Take academics Hal Salzman of Rutgers, Norm Matloff of UCLA, and Ron Hira of RIT, who insist that there is no skilled labor shortage. They published papers through big labor think tank Economic Policy Institute that support its arguments against immigration reform and the expansion of H-1B visas for foreign workers. Salzman says that the US graduates far more workers in Science, Engineering, Technology, and Mathematics (STEM) than the tech industry needs and that foreign workers are causing Americans to get discouraged and join other professions. Matloff claims that foreign students have talent lesser than, or equal to, their American peers. Hira says that claims of a shortage are a ploy by tech companies to bring wages down and to replace Americans with foreign workers.

The comment boards of articles about immigration are often filled with heart-wrenching stories of American engineers who can't find employment. They too blame foreigners for their woes. So what gives? Could there indeed be a vast conspiracy by the technology industry to exclude Americans from the innovation economy?

The truth is we're not seeing the full picture around highly-skilled immigration. To get there, we need to better understand and debunk myths around three key issues: labor mobility, wages, and the rate of invention.

While there are unemployed engineers in the US at the same time that there are severe shortages of talent in the tech centers, this is really a mismatch of skill, location, and need.

Issue 1: Labor mobility The demand for technology workers cannot be accounted for by merely tallying the numbers of native-born STEM degree-graduates. Many leave the field for other pursuits like finance and law — which sometimes pay higher wages. Skill requirements (such as programming languages and computer platforms) also shift rapidly, rendering skills of significant parts of the workforce obsolete.

But more importantly, the US has amongst the highest rate of home ownership in the world — which makes it difficult for some workers to move. This is made worse by depressed home prices and the high cost of living in places like Silicon Valley and New York City — where tech job demand is high.

In a report titled "The Search for Skills," Neil Ruiz, Jill Wilson, and Shyamali Choudhury of the Brookings Institution analyzed demand for H-1B workers in metropolitan areas. They found that supply and demand for skilled labor varies by region. Demand for H-1B's is highest in tech centers like New York, Silicon Valley, Los Angeles, Washington, D.C., Virginia, Chicago, and Boston. Not coincidentally, these places are among those with the lowest unemployment rates for engineers.

They also found the same trend in regions that house America's research centers. Places such as Columbus, Ind., where engine manufacturer Cummins is based, and Rochester, Minn., home of medical giant Mayo Clinic, are among the regions with the highest demand for H-1Bs and lowest unemployment rates for bachelor's degree holders (3% in Columbus and 1.5% in Rochester for 2010). In other words, where there is demand for skilled workers, there is also the most innovation economic growth.

Issue 2: Wages One argument that opponents of skilled immigration make is that if there were indeed an engineering shortage, salaries would rise. Salzman says he analyzed U.S. census data to determine that engineering salaries have remained flat or declined over the past two decades. So there is no engineering shortage, he argues, and therefore foreign workers are discouraging natives from entering STEM fields.

This analysis is deeply flawed. You can't draw reasonable conclusions about the needs of technology firms by looking at data at the computer industry level. It is a very diverse industry in which there is rapid creation and destruction. Workers with the right skills receive large salary increases while those with obsolete skills see their careers stagnate. This is what defines the tech world and fuels innovation.

Indeed when Jonathan Rothwell and Neil Ruiz of Brookings analyzed salaries in occupations that were receiving the most H-1B requests, they found that wage growth in these was actually stronger than the national average. They also found that H-1B workers are paid more than US native-born workers with a bachelor's degree ($76,356 versus $67,301 in 2010) and even within the same occupation and industry for workers with similar experience. This also counters the argument that foreign workers have lesser skills. Companies would only pay such a premium if this group — which includes foreign students graduating from US universities — were the "best and brightest" and did have the skills that companies need.

Issue #3: Invention A growing body of research has found that a higher concentration of H-1B holders in STEM fields actually boosts invention. In their National Bureau of Economic Research work "How Much Does Immigration Boost Innovation?" Jennifer Hunt and Marjolaine Gauthier-Loiselle found that each 1% increase in the population of immigrant college graduates increased overall patents per capita by 9-18%.

In another research paper, "The Supply Side of Innovation," William Kerr of Harvard Business School and William Lincoln of the University of Michigan studied the impact of the concentration of H-1B visa holders in certain metro areas with regard to innovation. Kerr and Lincoln reported a 10% growth in H-1B population corresponded to a 6%-12% growth in invention (measured as patents) by the largest immigrant groups — Indians and Chinese — and a 0.5% to 1% growth in patents by US natives. In other words, total invention increases with higher admission of skilled foreign workers, primarily through the direct contributions of immigrant inventors.

Ultimately, the debate shouldn't be about shortages or gluts. Having more engineers and scientists means there will be more innovation and the economic pie will grow larger. In the global competition for highly-skilled workers, US companies and institutions must also seek the best talent, wherever they can find it. Consider that only 4% of the world's undergraduate engineering degrees go to US citizens. In contrast, 56% are earned in Asia and 17% of engineering degrees are awarded to Europeans.

The U.S., without doubt, has to improve its education system and graduate more high-quality engineers and scientists. But asking US technology and engineering companies to restrict their search geographically — unless they prove that there is a shortage of talent — makes as much sense as telling the National Basketball Association that it must only recruit players who were born within the United States.