I help hundreds of technology buyers each year to understand the impact of technology changes on their software contracts, but I also get questions from software providers about how best to price their products. Some are bringing new products to market and want to know how to maximize revenue, while others are struggling with obsolete metrics such as per processor and want to update their pricing for the modern mobile, cloudy world. The answer is usually to find licensing metrics that make their pricing value-based while balancing simplicity and fairness. The more value a customer gets from your product, the more they should be willing to pay for it. If you make your pricing too simple then you won't match value sufficiently closely, which will cause you to price yourself out of some deals and leave money on the table in others. If, OTOH, you try to match value too precisely you risk making your pricing so complicated that buyers will reject it, and you, completely.
For example, suppose you have a product that will help people do their jobs better, so you decide that charging for each user will be a good approximation for value. The potential problem is that not everyone will use your product the same, in terms of depth of functionality and/ or frequency of access. Your single per user price will be unfair to companies with long tails of light, infrequent users, for whom you'll therefore be too expensive. Conversely your pricing will be unfair to you when the customer is mostly power users. To make your pricing fairer you could have different prices for different categories of user, but then you risk being criticized for being too complex.
I just wrote a paper on the value of information security. Please see the paper here. It is something I have thought about for a long time. Information security as a technical discipline but someone has to pay for all this fun we are having. My assumption is that as Willie Sutton is quoted as saying "Go where the money is...and go there often.” Today where organized crime and nation states are going is to information. It is amazingly easy to monetize certain kinds of information. There is a buyer for everything that hackers can steal. The impact to business has been debated for some time and we go to great lengths to perform risk assessments. What we don't do such a good job of is monetizing that risk.
Consider this. If we can monetize the information asset, we should be able to monetize the risk to that asset. The key to monetizing risk is knowing the value of the asset at risk. Different systems for risk assessment have been in place for some time. They all seem to revolve around professional judgment. My argument is that using a combination of threat modeling (war planning) plus simple asset monetization will allow us to monetize risk. The results will not be perfect, but they should be directionally correct. As Doug Hubbard says it is better to be directionally correct than specifically wrong.
There is no doubt that Agile growth in the market is significant, and the growing daily number of inquiries I’ve been getting on Agile from end user organizations in 2012 gives me the impression that many are moving from tactical to strategic adoption. Why’s that? Many reasons, and you can read about them in our focused research on Agile transformation on the Forrester website. But I’d like to summarize the top five reasons from my recent research “Determine The Business And IT Impact Of Agile Development” :
Quality was the top — quite astonishing, but both the survey we ran across 205 Agile “professional adopters” and the interviews across some 21 organizations confirmed this. My read is that this is about functional quality.
Change was second to quality. We live in an era where innovation strives and organizations are continuously developing new apps and projects. But your business does not necessarily know what it needs or wants upfront. The business really appreciates the due-course changes that Agile development allows, as they enable the business to experiment and try out various options so it can become more confident about what is really right for the organization. Cutting edge cutting edge systems-of-engagement (Mobile, Web-facing, Social-media, etc) require lots of Change in due course.
In the spirit of the somewhat overstated movie advertisement: “If you only read one of my blogs this year, read this one”; although I prefer the version for The Naked Gun 2 1/2: “If you only see one movie this year... you should get out more often.”
Anyway, so many blogs, so little time; and what did I say that was important (if only in my own tiny mind)? Each bullet links through to the original blog.
Last week, I presented at the itSMF UK’s annual conference on the subject of value or, more specifically, I hid an awful lot of IT financial management-related content behind the title: “Anybody Questioning Your Value?” Importantly, this is not IT value; I am referring to business value.
It was a surprising session in many ways. Firstly, the number of attendees (I didn’t count them but I would guestimate about 80 ... I’m sure my IT service management peers in attendance will now quickly tell me it was a lot, lot less). Secondly, that they all seemed to stay to the end (well bar one worried-looking lady who left in a rush early on ... I assumed a Sev1 incident or an upset tummy, or both).
The third surprise was the response to a simple question I posed:
If your CEO or CFO stopped you in the corridor and asked, “I like the look of this Gmail-for-business thingy, how does it compare cost-wise with our internal email service?” Would you know the per-unit cost of delivering your corporate email service?
The surprise? Not one person in the room admitted to knowing what their corporate email service costs. I expected to see a low number of raised hands but not a wave-less sea of hands-in-laps. Unfortunately, being unable to answer such off-the-cuff and more formal questions around costs and value can only expose the absence of I&O’s business savvy and lack of cost-awareness. This is not a place I&O wants to be in right now (or ever).
Is it a blog? Is it a musing (that’s not “amusing”)? Or is it just a cheap attempt to pick the brains of others smarter than myself? Does it matter? Can I do anything other than ask questions?
My point (or at least my line of thinking while I plan a couple of ITIL-related Forrester reports) is that we spend a lot of time talking about what to do (or more likely what not to do) when "adopting ITIL," but how often do we talk about whether we have been successful in applying the concepts of ITIL, the processes, and the enabling technology for business benefit?
Maybe it is because we quote the mantra that “ITIL is a journey” and we can’t see a point in time where we can stop and reflect on our achievements (or lack of)? Maybe we segue too quickly from the ITIL-technology adoption project into the firefighting realities of real-world IT service management? Whatever the potential barriers to taking stock, where is that statement that describes what we have achieved and our relative level of success?
Looking at this logically (fatal mistake, I know), assuming (potentially a big assumption) that there was a business case for the “ITIL adoption project” where is the post implementation review (PIR)? Where can we look to see the realization of business benefits (I deliberately didn’t say “IT benefits” BTW)? I’m trying not to be cynical but, even if we forget the formalities of a PIR, how many I&O organizations can quantify the benefits achieved through ITIL adoption? More importantly what has been achieved relative to the potential for achievement? Where did we get to in our desired-future-state?
Help mummy, that horrible man is talking about finance again.
I jest, but I very nearly titled this blog “Warning: This Blog Is About IT Financial Management And ITIL.” Sorry, but this is how I feel sometimes when I talk about the financial side of IT management, IT service management, and ITIL adoption.
But remember, accountants are supposedly boring not scary. The really scary thing is that IT infrastructure and operations (I&O) organizations have survived for so long without really appreciating what it costs to deliver their IT services.
There is no denying that I&O organizations have always “done finance” in some shape or form. There is not a single business function, IT or otherwise, in any organization that can escape the need for some semblance of financial management and the scrutiny from the formal finance department. So my question to I&O execs is not “Are you doing IT financial management?” but rather “How mature is your IT financial management?”
The changing business and IT landscapes are bringing an end to a somewhat slapdash approach to managing I&O’s finances and investment and usher in the need to extend IT financial management to encapsulate the concept of value. Read on, Macduff.
Why haven’t I&O execs focused on maturing their IT financial management practices?
Oscar Wilde once said that "The cynic knows the price of everything and the value of nothing." I shudder to think what young Oscar would have said about I&O organizations that don’t know what it costs to deliver individual IT services let alone the value they deliver to the business. Just knowing that it costs “x” annually to “run IT” is no longer enough.
This might appear a little random at first but I was reminded of something I wrote two years ago when informed last week of a CIO fired because they couldn't articulate the value their IT team delivered to the business.
So ask yourself, “what value does IT deliver to the business?” Not in generic terms like business process-enablement and technology-supported efficiencies. What does the money we invest in IT each year actually deliver to the business in terms of value? More importantly, which IT services deliver the most value and which deliver little or no value?
Hold on a minute though. Do you actually know what “value” is from a business perspective? I’m not talking about the value I&O believes its IT services deliver; I’m talking about what the business thinks.
Am I moving too fast? Let’s take stock of the status quo.
I’m a sucker for good, biting humor, and in the spirit of Stephen Colbert’s Medals of Fear that he gave to a few distinguished souls (the press, Mark Zuckerberg, Anderson Cooper) at the rally in Washington D.C., I would like to hand a medal to the U.S. State Department for its 1999 publication of a country-by-country set of "Y2K" warnings — “End of Days” scenarios and solutions — for Americans doing business in 194 nations. I would give another medal to IPv6, the most drawn-out killer technology to date — and one that has had the longest run at trying to scare everyone about the end of IPv4. At Forrester, we are starting to see the adoption freighter slowly turning via the number of inquiries rolling in; governments accelerating their adoption with new mandates; vendors including IPv6 in their solutions; and the Number Resource Organization escalating its announcements about the depletion of IPv4 addresses (only 5% left!). To add to the drama, vendors are in the process of creating IPv4 address countdown clocks to generate buzz and differentiation. These scare tactics haven’t worked because technology pundits haven’t spoken about IPv6 in business terms. There is enormous business value in IPv6; those who embrace it will be the new leaders in their space.