Gavin Heaton

Founder Disruptors Co

Gavin is the Founder of Disruptors Co, one of Australia’s leading independent strategy and innovation companies. Gavin advises firms on strategy, marketing, product development and innovation. He is also a member of the Orbits program, the influencer network of  award winning analyst and advisory firm, Constellation Research. Gavin advises boards and leadership on innovation strategy, marketing, data-driven product development and corporate venturing. Gavin is on the board of Vibewire, a youth-led social enterprise based in Sydney, Australia and on the Technology Advisory Group for Good2Give – the workplace giving platform. Read more

When IBM’s Center for Business Value released its 2011 report into the relationship between social media, marketing and brands, it revealed a “perception gap”. On the one hand, marketers had an understanding that their connected consumers “wanted” or even “expected” a certain style of interaction through social media. And on the other hand, there was the hard reality of what those customers actually wanted. The gap between the two was the distance between two competing realities.

But is anyone listening?

In reality, we are not really dealing with a gap. It could be better described as a “mismatch” – after all, a “gap” would indicate some alignment. But the problem for brands is that the distance between the two sets of expectations is growing. We are now dealing with a widening chasm in the world of customer experience.

Two years after IBM’s original report, even a casual investigation of most branded social media would indicate that the chasm is becoming more pronounced as brands continue to shift their marketing spend and resources into digital and social media (Gartner’s US Digital Marketing Spending Report indicates that 25% of the marketing budget is now devoted to digital).

But when it comes to business effectiveness, more budget is not necessarily always the answer (though there would be few marketers who would refuse an increase, I am sure). To bridge the social chasm, business must begin to re-think, re-action and re-calibrate their organisational approach to social:

• Re-think: Start with what you know. Create a new social baseline and audit all your activity for assessment. Real time analytics and dashboards such as those from Anametrix can provide the kinds of decision-ready data that is essential to informed decision-making

• Re-calibrate: If you have started a social business program in the last two years, it’s now worthwhile assessing its impact. Have you achieved the original milestones? Has the program had the kind of impact that you expected? Take a look at R “Ray” Wang’s 50 use cases that help demystify social business and think through the business processes and workflows that are business critical. Are your social programs impacting business results? If not, it may be time to recalibrate.

• Re-action: This is no time for social business fatigue. No one ever said that change was easy. And equally, no business achieved competitive advantage by being complacent. It’s time to re-action the business programs that are core to your strategy.

What’s your experience?

Interestingly, this recent workplace research study by Microsoft revealed that there is also a chasm between business management and the workforce. Teams not only expect or demand more collaboration – about 17% of people are actively ignoring IT policy and installing social tools independently. This is delivering some value to the business – with 60 percent of participants in the Microsoft study indicating that their use of social tools has increased productivity – but this would be a far cry from the billions of locked-in value that McKinsey Global Institute’s 2012 study revealed.

If businesses can’t work to unlock the value in the low hanging opportunities within their own business, how long will customers have to wait?

It seems like there are whole industries on the brink of disruption. Social may not be the driving force, but it could be the trigger.

Microsoft Social Tools in the Workplace Research Study by Mark Fidelman

Alan Lepofsky

Vice President & Principal Analyst Constellation Research

Alan Lepofsky - VP and Principal Analyst, Constellation Research. With almost two decades of experience in the collaboration software industry, Lepofsky helps organizations improve the way their employees work together to get their jobs done. Lepofsky’s primary research area The Future of Work, focuses on: integrating collaboration and business processes (Purposeful Collaboration), structuring work via Social Task Management, leveraging analytics and digital assistants to work more productively, the strategic impact of mobile computing on business transformation, and measuring workforce culture based on Digital Proficiency instead of age. Twitter: @alanlepo<br>LinkedIn:&nbsp;https://ca.linkedin.com/in/alanlepo &nbsp; &nbsp; , Title:&nbsp;Big IdeasIntelligent Collaboration: The… Read more

Today I went with a friend of mine to the Google campus (known as the GooglePlex) to pick up his Google Glass.

MyPOV

It's certainly an interesting experience. It's really impressive how clear the display is and how good the camera is. The audio is a bit quiet. I would not call them "comfortable", but they are not invasive. I imagine after a day or two you probably forget you're wearing them.

Google Glass does not do anything my (Google) phone can't do (pics, video, directions, search, weather, stocks, etc), it just does it hands-free. It's important to note, this is NOT augmented reality yet, meaning the data is not yet being overlaid on top of the real world, just on a little display at the side of the glasses. I am sure there will be some amazing apps when these are really released. I'd love to see a golf GPS app!

My overall take is that the ability to have information easily accessible (or recordable) is clearly important. Having it displayed contextually (without the need to search) based on what you're seeing will be really powerful. Is Google Glass the final answer? Of course not. At some point we'll view information displayed on your own glasses or contact lenses, via holograms in the air in front of us, or eventually embedded directly into our eyes/brains. We'll look back at Google Glass similar to how we now view the original mobile phone (Motorola DynaTAC) or tablets (Apple Newton).

Alumni: Constellation Research Constellation Research

Dr. Brent Kelly is a Vice President and Principal Analyst at Constellation Research and President of KelCor, Inc. He focuses on the unique intersection of unified communications, social business, cloud services, video and mobility.&nbsp; Dr. Kelly provides strategy and counsel to key clients including Chief Information Officers, Chief Technology Officers, investment analysts, venture capitalists, technology policy executives, sell-side firms and technology buyers. <br> Prior to joining Constellation, Dr. Kelly served for 10 years as a partner at Wainhouse Research where he was the primary author of most of the firm’s unified communications reports and forecasts. Dr. Kelly is a regular presenter at Enterprise Connect (formerly VoiceCon), the communications industry trade show where his… Read more

Every website you visit may download a different collaboration app!

When I think of voice, video, or data on my PC, tablet, or smartphone, I think of applications over which I have some control. For example, I can choose if I want to download the Lync, Skype, GoToMeeting, WebEx, Vidyo, or Google Hangouts clients. Choice is preserved across all of my devices: I choose what I want on my device. I can also remove any of these apps any time I want.

But WebRTC changes all that.

In thinking about how WebRTC will be used, it is possible that many of the sites I visit may have their own unique real-time communications and collaboration application, and this application will be downloaded automatically in the Java Script my browser fetches from the web server...without any permission required on my part.

Given the variety in each of these communications applications, it would be very easy to inadvertently click on something that gave camera or microphone control to someone I don't know and don't care to know. How does WebRTC provide security for this brave new world of ubiquitous browser-based voice, video, and data?

I recently had the privilege of speaking with Eric Rescorla of RTFM, Inc. about this topic. Eric is the author of two IETF RTC-Web working group documents focusing on WebRTC security--one discusses WebRTC Security Considerations and the other proposes a WebRTC Security Architecture that satisfies these security considerations.

According to these documents, "RTC-Web communications are directly controlled by some Web server,...[and] a Web browser might expose a JavaScript API which allows a server to place a video call [unknowingly by the user]. Unrestricted access to such an API would allow any site which a user visited to "bug" a user's computer, capturing any activity which passed in front of their camera."

In this post, I will discuss WebRTC security and how it has been specifically formulated to protect users from unauthorized persons or sites creating malicious scripts that could take over control of the user's camera and microphone. It is important to recognize that WebRTC security is still under development in the working groups; hence, there may be some variation in the final specification from what is discussed below.

Because the user has no control over the Web servers visited during a browsing session, a key to making WebRTC secure is to make each browser the only trusted base for which security decisions can be made and to assume that any Web site could have malicious Java Code embedded therein. Furthermore, identity is at the heart of any decision to allow a Web-based application to have camera and microphone control.

WebRTC Calling Scenarios

Eric's security considerations document identifies several different WebRTC calling scenarios and what the user expectations are from those scenarios.

1. Using A Dedicated Calling Service: A user may establish a relationship with a Website that provides a calling service. This could be a site that effectively provides a "rendezvous" capability or directory for calling other people using WebRTC, or it could be a service that interconnects WebRTC with the PSTN or enterprise infrastructure. In this case, because there is an established trust relationship with the website, the user may want to give this service the ability to automatically access the camera and microphone. Social networking sites or gaming sites may be examples of a dedicated calling service.

However, by giving the site long-term authorization, the user is effectively also automatically giving the site the ability to "bug" the computer and make calls on the user's behalf. User expectation is that the site is not listening in on the calls and that the user can be sure the call is actually made to the intended person or entity.

2. Calling The Site Itself: Suppose a user looking for information goes to a support website or an e-commerce site or a vendor site and wishes to contact someone associated with the organization that owns the site. An easy way to do this with WebRTC would be for the site owner to put a button on the site with verbiage to this effect: "Click here to talk to a representative". The user assumes that he is actually calling the site he is visiting, and the expectation is that this site will be able to access the camera and microphone with the user's permission one time only, and only for the duration of the call.

3. Redirection and Calling: We are bombarded with advertisements on many of the sites we visit. Often these ads are served up by parties not even affiliated with the site we are visiting. If we click on an ad, we will often be redirected to a site we may not know and with which we have no relationship at all. The original site we visited may not even know if we were redirected by clicking on an ad. Users would expect that the site to which we were redirected would not be able to take over camera and microphone control without permission.

The above scenarios deal with the Web browser being pointed at a particular site, and the user at least having some control over allowing that site to make calls based on the site origin and the relationship. WebRTC must make sure that "origin-based" attacks can be avoided.

However, another kind of attack is also possible. This is done by network attackers, often known as man-in-the-middle attacks. These kind of attacks can be made when we use an unsecured network such as a hotspot or home Wi-Fi network. In this scenario, we use HTTP, rather than HTTPS (secure HTTP). While on the unsecured network we point our browser to a particular site unaffiliated with a calling service we may have authorized to make calls in our behalf. The attack proceeds as follows (per Eric's document):

1. I connect to http://anything.example.org/. Note that this site is unaffiliated with the calling service.
2. The attacker modifies my HTTP connection to inject an IFRAME (or a redirect) to http://calling-service.example.com.
3. The attacker forges my credentials at the calling service site, making the user's browser assume it is pointing at http://calling-service.example.com/ while the attacker injects JavaScript to initiate a call to himself.

Attacks can also be made while connected to secure HTTPS sites if that site fetches JavaScript from an unsecured, HTTP, site.

The Security Mechanisms Within WebRTC

This kind of scenario is pretty scary to think about. It reminds me of the rather sophisticated attack at the Iranian nuclear facilities where the microphones and video cameras were hacked by a third party who could see and hear what was going on within these facilities. How can WebRTC's security mechanisms prevent unauthorized parties from taking over our devices?

Security is based around trust, and in WebRTC, any security or trust property that the user needs enforced would need to be guaranteed by the browser. Realistically, however, in a working system, the browser must rely on other trusted sources. For example, if I log into a website that provides WebRTC rendezvous services (a directory), then I trust that website to assure that the other users I may wish to call are also authenticated. The website itself becomes the trusted identity provider. There are a number of other third-party identity providers such as BrowserID, Federated Google Login, Facebook Connect, LinkedIn, OAuth, OpenID, and WebFinger. WebRTC can use also these trusted third parties to verify a user's identity.

Here's how it works (see figure below).

Figure 1. The WebRTC security architecture.

User A and User B are both connected to the same secure website via HTTPS. They have also authenticated their identity using their credentials with either an external identity provider or with the website itself.

User A decides to call user B. This will likely be done by clicking on some type of a "call" button next to B's name. When A clicks on the call button, the Web server sends a message to the JavaScript running in A's browser that creates two peer connections: one for audio and one for video (assuming this is an audio and video call--a peer connection is needed for both media types). At this point, no security has been invoked and any website can proceed with WebRTC to this point.

Next, the calling application needs to actually get the audio and video from the microphone and camera. User A is presented with a "door hanger", which is a pop-up window that asks if the website can access user A's camera and microphone.

Figure 2. An example of a WebRTC "door hanger" asking the user for permission to access the microphone and camera (source: a real call using Uberconference.com).

This door hanger has two key elements:

1. It identifies which website is asking for use of the camera and microphone.
2. It gives you the option to allow or deny camera and microphone access.

There are differences in how the browsers currently implement camera and microphone access permissions. Chrome implements persistent permissions only, meaning that if a site is given permission once, it will always have permission. Firefox, on the other hand, has implemented one-time permissions, meaning that the user must always approve camera and microphone access regardless of how many times the same site is browsed to so as to invoke a call.

In addition, the browser window will always display an indicator showing the user that they are in a WebRTC call. If the indicator cannot be displayed, then the standard requires the call to be terminated.

Figure 3. Indicator showing that this site is using the camera or microphone in a WebRTC call (source: a real call using Uberconference.com).

Once user A gives permission to use the camera and microphone, the peer connection script contacts the identity server to get a token that binds user A's identity to his "fingerprint" (digital information uniquely identifying the user). Next, the peer connection looks up possible IP addresses through which the media can flow in order to traverse firewall or NAT devices (these IP addresses are actually ICE candidates--we won't go into the details of ICE, TURN, and STUN in this article, but they can and will be used with WebRTC to securely traverse network boundaries).

At this point, A's browser sends a "communications offer" to the Web server which in turn routes the offer to user B's Web browser. The Java Script on B's browser processes the offer, and the very first thing it does is contact A's identity server to verify that the identity of A in the offer is the same as the identity of A provided by the identity server. As mentioned above, the identity server may be external to the website or it could be the website itself. Once the identity is verified, the "trusted element" icon is shown in the browser URL address pane.

After verifying the identity of user A, user B's browser pops up a message indicating that there is an incoming call from A. If B accepts this invitation, B's browser sets up the peer connection, asks for permission to use the camera and microphone, contacts B's identity server, and returns a message to A containing B's security information, the media information, and the IP addresses needed to traverse B's firewall/NAT.

A's browser receives this message, and contacts B's identity server to verify B's identity. Once B's identity is verified, the two browsers can set up the audio and video exchange on the two media channels that each browser previously established.

The browsers exchange a Datagram Transport Layer Security (DTLS) handshake on every media channel (two channels in this case because there is both voice and video). Once these DTLS handshakes are completed, the media is encrypted and begins flowing between the browsers using Secure Real-time Protocol (SRTP).

Security in WebRTC is still a work in progress. Although this identity model has not yet been implemented in the browsers supporting WebRTC, it is under active development. It is also important to note that the identity server portion of the WebRTC security model will be optional and application specific so that people can make anonymous calls when needed or appropriate, such as when connecting to an ecommerce or support site.

It is also important to note that at any time during the call, if the user points the browser to a different website, the call is terminated because the JavaScript is torn down.

DTLS Versus SDES

There is consensus that DTLS will be mandatory for WebRTC to support. There is active debate over whether to allow SDES at all (see Laurent Philonenko's post on NoJitter.com). SDES, which is used more in the SIP world, would help interface more easily to existing SIP-based infrastructure. Mozilla Firefox currently does not support SDES while Google Chrome does.

The implication here is that if DTLS-SRTP is used, then there will need to be a border element between the WebRTC world and the SIP world. Hence, the border controller providers likely have an excellent future in front of them as secure WebRTC calling and communications applications become widely deployed.

Conclusion

WebRTC uses IETF communications protocols to assure that media and data flowing between browsers is secure. The level of security in a given call will depend on several factors as well as on the context of the communications application.

If HTTPS is not used or an HTTPS site pulls in JavaScript from an HTTP-only site, then there will be a lower level of security (the browser will also alert you that the page has both secure and non-secure data, so you can intelligently decide whether to continue). Furthermore, if there is no identity server involved, which will often be the case when a user goes to a simple calling service and logs on, then the level of security will be good but not as good as if there were an independent identity server.

Finally, anonymous calls can be made, but the security standard under development does suggest that the browser should allow one-time only camera and microphone access permissions.

WebRTC requires the communications application to ask the user if it can access the camera and microphone. There is some variation as to the persistence of the approval: persistent (Chrome) or one-time (Firefox). DTLS is required in WebRTC; there is active discussion about SDES being another security option.

Readers interested in trying WebRTC for themselves can go to www.uberconrerence.com and sign up for a free basic account (this is voice only), or alternatively, they may point their Chrome or Firefox 22 Beta browser to https://apprtc.appspot.com to try voice and video.

Portions of this article are excerpted from Dr. Kelly's recently published report titled, "Ten Things CIOs Should Know About WebRTC."

Holger Mueller

Vice President and Principal Analyst Constellation Research

Holger Mueller is VP and Principal Analyst for Constellation Research for the fundamental enablers of the&nbsp;cloud, IaaS, PaaS and next generation Applications, with forays up the tech stack into BigData and Analytics, HR Tech, and sometimes SaaS. Holger provides strategy and counsel to key clients, including Chief Information Officers, Chief Technology Officers, Chief Product Officers, Chief HR Officers, investment analysts, venture capitalists, sell-side firms, and technology buyers.<br>&nbsp; Coverage Areas: Future of Work Tech Optimization &amp; Innovation<br>&nbsp; Background: Before joining Constellation Research, Mueller was VP of Products for NorthgateArinso, a KKR company. There, he led the transformation of products to the cloud and laid the foundation for new Business… Read more

Every technology market goes through different growth phases and at this point I think we are witnessing the beginning of the second phase for the cloud market, in which the number of players increase, mainly by new market entrants. And at the same time competition increases as the combined forecast of the market players exceeds the overall market growth – so there is significant price competition in the market.

Alumni: Constellation Research Constellation Research

Dr. Brent Kelly is a Vice President and Principal Analyst at Constellation Research and President of KelCor, Inc. He focuses on the unique intersection of unified communications, social business, cloud services, video and mobility.&nbsp; Dr. Kelly provides strategy and counsel to key clients including Chief Information Officers, Chief Technology Officers, investment analysts, venture capitalists, technology policy executives, sell-side firms and technology buyers. <br> Prior to joining Constellation, Dr. Kelly served for 10 years as a partner at Wainhouse Research where he was the primary author of most of the firm’s unified communications reports and forecasts. Dr. Kelly is a regular presenter at Enterprise Connect (formerly VoiceCon), the communications industry trade show where his… Read more

A few months ago, I predicted that the low hanging fruit for WebRTC in the enterprise space would be in customer service and support applications, including e-commerce sites. This prediction turned out to be true when FreeCRM announced that it has already integrated WebRTC into its cloud-based CRM solution. In the initial offering, the agent is only able to make outbound calls to the PSTN. This fall, the company will enable inbound calls as well.

FreeCRM has not developed this capability alone. Rather, it has deployed an Asterisk PBX in its cloud that acts as a gateway to the PSTN. Asterisk announced support for WebRTC in its Version 11 release back in 

November of 2012. The company reports that the WebRTC audio is solid and that the solution works flawlessly. Also, because it is cloud-based, FreeCRM can aggregate the usage and get very low costs for PSTN calling.

FreeCRM works on a freemium model with “typical” freemium conversion rates (the WSJ reported these are 1% - 2%). FreeCRM’s CEO reports there are roughly 290,000 registered users, and if 2% of these are paying users, then the company has roughly 5,800 paid subscribers.


WebRTC outbound calling capability is only available in FreeCRM’s premium product branded VoiceCRM, which costs $39.95/user/month. However, for this price, users can make unlimited free WebRTC-based calls to any PSTN/mobile number within the United States. Fifty percent of the company’s users are based outside of the U.S., so FreeCRM is looking for solutions that can give these customers WebRTC-to-PSTN international calling plans that are economical.

FreeCRM is firing the first shot in the WebRTC CRM wars that are certainly heating up. Several other CRM vendors are working on WebRTC integration into their products. FreeCRM claims these solutions from traditional CRM vendors will likely cost 3x – 5x more per fully functional CRM seat than what FreeCRM charges.

Holger Mueller

Vice President and Principal Analyst Constellation Research

Holger Mueller is VP and Principal Analyst for Constellation Research for the fundamental enablers of the&nbsp;cloud, IaaS, PaaS and next generation Applications, with forays up the tech stack into BigData and Analytics, HR Tech, and sometimes SaaS. Holger provides strategy and counsel to key clients, including Chief Information Officers, Chief Technology Officers, Chief Product Officers, Chief HR Officers, investment analysts, venture capitalists, sell-side firms, and technology buyers.<br>&nbsp; Coverage Areas: Future of Work Tech Optimization &amp; Innovation<br>&nbsp; Background: Before joining Constellation Research, Mueller was VP of Products for NorthgateArinso, a KKR company. There, he led the transformation of products to the cloud and laid the foundation for new Business… Read more

At this weeks HPDiscover conference in Las Vegas, HP announced a number of interesting new offerings, the one that caught my attention was the nicely crafted acronym of HAVEn, so let's understand what it is - and what it is not. And I hope the movie buffs pardon the name bungling in this post's title, but this one was too tempting. 

What is HAVEn

HAVEn is the bundling of a Hadoop based, Autonomy and Vertica encompassing, Enterprise securyity enabled platform that allow for the building of big data apps, lots of them, n to be precise. Got it? And for good measure HAVEn also includes ArcSight - another A if you want. The first HP application to be delivered on HAVEn is HP Operations Management, which is a very good showcase of big data capability for the platform. And is close to HP's home of helping IT, run IT better. 

The other good news for HP is, that given HP is bundling existing products, everything that has been built in the past using Vertica, Autonomy and ArcSight - will now also work on HAVEn. Only enriched with enterprise security and the availability of a Hadoop Storage system. Which will make any potential move to HAVEn even more attractive for existing applications. 

Proofpoint for Hadoop

As with many announcements, not too much specific could be gleaned on how HAVEn really will work, something to sort out in the weeks to come. But the usage of Hadoop is a great proof point for the maturity of this technology - and there are two options how HP may use Hadoop.

(1) Hadoop as another data source
This would be the low hanging fruit and a tacit admission that despite all the capability of Vertica and the sophisticated algorithms of Autonomy Idol - there is another key data source to get data from. Like many other BI / big data vendors HP may now admit to a co-existence scenario with Hadoop.

(2) Hadoop as the platform
This would be a much more ambitious approach than (1), making Hadoop the operating base and storage for all HAVEn data. And to some point the Autonomy announcement of allowing the Idol engine to run in a Hadoop kernel points in that direction. But it would still see HP operate the Vertica stores for high performance data.

As mentioned - we will see in the next weeks how HAVEn really will work - but regardless - a key validation of Hadoop as a viable platform and as a technology that has arrived to the enterprise - considering the uptake by HP something like the knighthood for Hadoop.

Clarification is needed

It's close to impossible to provide an assessment of HAVEn as a systems, since so little is known about it. HP will need to clarify a lot in the next weeks and I am wondering if HAVEn will be only a loose marketing term of bundled together products - or a true bigdata platform going former.

My hope for HAVEn is of course for it to be a true platform, that will not only enable HP itself, but also its extensive partner ecosystem to build the n applications on top that are part of the name. But for that to happen we would need the specs for HAVEn, what systems it runs on, how does it authenticate, access systems and data, move data etc - all things that need to be clarified.

The Services Dilemma

And like with all things HP this days, we get always reminded of the availability of HP professionals to help customers with these offerings. The irony for HP is, that by integrating the components of HAVEn better, it takes away some of the services revenue. 

But it's the right strategy since customers will not have too much of patience left to pay for integration of HP acquired products. At some point the integration will be simply expected between synergistic products. And that HP has a synergistic big data play across Autonomy, Arcsight and Vertica has just been proven by the HAVEn announcements.

Advice for HAVEn component customers

If you are using Arcsight, Autonomy or Vertica today, keep using them. You probably will end up with HAVEn automatically, as HP integrates these components. Try to understand early what HAVEn is though, so you don't pay for custom services for something that you will get from HP soon and likely for free. 

Advice for HAVEn prospects

It's too early to tell what HAVEn will be and even more far away from predicting any market success. But if you are to embark into a big data project, this is one of the more interesting platform announcements in the last quarters. So try to learn more and let HP explain this to you in detail.

Advice for HP competitors

If you have no bundling and integration plans for complimentary big data pieces you have acquired, HAVEn is your wake up call. If you are a single big data product player - evaluate partnerships asap - as more integrated big data product announcements are on the horizon.

Advice for HP

Provide a lot more information on HAVEn. Explain the role of Hadoop. Put real product integration investment behind this to leverage the 2 + 2 = 5 synergy benefits you can hope for. 

MyPOV

HP has an early mover advantage now by bundling the acquired big data pieces in its realm. The questions is, what took HP so long, but that's a consideration of the past. It will be interesting to see how bundles like HAVEn will change the dynamics of the big data market away from many products and many hands to fewer products and less hands to be successful with big data. 
But for now congrats to HP for a promising launch - execution needs to follow. 

Gavin Heaton

Founder Disruptors Co

Gavin is the Founder of Disruptors Co, one of Australia’s leading independent strategy and innovation companies. Gavin advises firms on strategy, marketing, product development and innovation. He is also a member of the Orbits program, the influencer network of &nbsp;award winning analyst and advisory firm, Constellation Research. Gavin advises boards and leadership on innovation strategy, marketing, data-driven product development and corporate venturing. Gavin is on the board of Vibewire, a youth-led social enterprise based in Sydney, Australia and on the Technology Advisory Group for Good2Give – the workplace giving platform. Read more

You know how it goes at the international airport check-in counter.

1. Greet customer: “Hello sir”
2. Determine destination: “Where are you travelling to today?”
3. Check passport, print boarding pass etc

It’s all pretty functional.

From time to time, there might be some off-script personality sneaking through, but it’s rare. Unless you are travelling to Vegas.

When I checked-in for my first ever trip to Las Vegas, the routine started as usual. But when we got to point 2 – and I explained where I was heading, the woman stopped and looked up.

Her eyes glistened and she smiled. She nodded and just said, “Veeeegaas”.

It was at this point that I knew that there was something special in store. The thing is, Vegas is a place whose story precedes it. It is a place where stories are born and where we can become wrapped in a story beyond our imaginings in the blink of a showgirl’s eye.

Now, it used to be said that what goes on in Vegas, stays in Vegas. But that was “back in the day” – which in Gen Y speak means about 2009. It was a time when being in a city in the middle of a desert afforded a certain isolation. It was a time before my nanna was on Facebook. And now, as we all know, what goes on in Vegas, lives forever on Facebook. Or Google. Or the computers in the NSA’s secret PRISM data centre.

And this means that the stories that are the lifeblood that is “Veeeegaas” … are no longer contained. Furthermore, those stories are amplified, hyper-real simulacra flashed across a variety of digital networks in multi-format content from pictures on Instagram to collections on Pinterest and videos on Vine and YouTube to collections on Storify.

But just as Vegas transformed itself from family destination to adult playground, it seems that Facebook too is experiencing this kind of shift. With teens and young adults starting feeling Facebook fatigue and dropping away from the social network, it’s leaving a hard core adult population to connect, share and engage. And with a revitalised MySpace and a plethora of low demand/high impact alternatives like Instagram and SnapChat it may well be that Facebook enters a new era of adult-focused engagement.

Perhaps.

But which ever way that dice rolls, one thing is for certain. Before posting a new photo to Facebook, ask yourself the hard question. Should I?

Holger Mueller

Vice President and Principal Analyst Constellation Research

Holger Mueller is VP and Principal Analyst for Constellation Research for the fundamental enablers of the&nbsp;cloud, IaaS, PaaS and next generation Applications, with forays up the tech stack into BigData and Analytics, HR Tech, and sometimes SaaS. Holger provides strategy and counsel to key clients, including Chief Information Officers, Chief Technology Officers, Chief Product Officers, Chief HR Officers, investment analysts, venture capitalists, sell-side firms, and technology buyers.<br>&nbsp; Coverage Areas: Future of Work Tech Optimization &amp; Innovation<br>&nbsp; Background: Before joining Constellation Research, Mueller was VP of Products for NorthgateArinso, a KKR company. There, he led the transformation of products to the cloud and laid the foundation for new Business… Read more

Today Oracle announced the availability of Java Enterprise Edition (EE) Version 7. This marks the first Java EE release under complete Oracle stewardship and is an important milestone to assess Oracle's stewardship of Java and its implications for the enterprise.

No doomsday here

There was a lot of concern in the Java community on how Oracle would handle the future of Java, that came under its control with the Sun acquisition. The majority of voices were critical, the father of Java, James Gosling, being one of the most critical ones. But criticism has calmed down over the years as Oracle has kept Java open and continued to develop it further - with the similar principle of primus inter pares like Sun did.

With involvement and contributions from co-opetitors like Google, IBM, SAP, Sybase, Tibco and VMware there certainly is trust in the Java EE community to work with Oracle. And about 9 million Java developers and 18 Java EE compliant application servers give credit to the wide adoptions and relevance of Java.

Java remains competitive

With the Oracle investment, Java remains a competitive development language for enterprise applications, but despite the enormous amount of applications and systems running on Java, Java is playing catch up on some of the newer technologies. Take HTML5 support as an example, where we are already in the disillusionment of phase of HTML5 adoption with e.g. Facebook recently abandoning their HTML5 efforts for the sake of native mobile apps. 

So with HTML5 support now coming to Java EE 7, Oracle is playing catch up to a certain point, but the consumer application market seems to have been gone anyway - the question is, will this make Java more attractive for enterprise application development.

On the core Java side, Oracle added support for JSON 1.0, something that could have been worked around before via library inclusion, but with support inside of the platform, it makes JSON usage easier and more robust. This also makes the creation of HTML5 applications much easier, which are connected through Websockets 1.0 and provide necessary life cycle methods for nature of the many HTML5 applications out there. And making the HTML5 markup easier from Java Server Faces 2.2 is an important productivity step when building HTML5 apps. 

I guess with the combination of the three above - for a user interface intensive enterprise application like e.g. employee self service on HTML5, you will save up to 10% of development effort and will achieve a much more robust application as a end product.

And the addition of simplified JMS, CDI as a core component model and bean validation on POJOs with improved default resources for JDBC / JPA and concurrency will help developer productivity further. It certainly does not vault Java into the productivity range of some of the popular scripting languages, but that comparison is not fair from the starting premise - Java is a fundamental programming language, not a scripting tool.

Key enterprise additions

Oracle addressed some key weaknesses of Java for enterprise processes with EE 7. Unfortunately there are a lot of long running processes in the enterprise, and Java was never the ideal choice to automate these - as the Java processes would be unreliable and seldom there when needed. With the the additions of batch applications this is being addressed and I am very curious to hear about success of the first batchlets out there.

Hand in hand go the extension of the concurrency utility APIs, with the addition of asynchronous capabilities - a new category of applications is now attainable with Java, that it was better not to use Java or before. How far this will get Java applications for multi-threaded concurrent tasks - we will see and hear in the months to come.

What was missed

The Java community had some hopes that Oracle would also address some of the caching challenges, but already a few months ago the new JCache was cut out of the release schedule for EE 7. Similar the high hopes for more PaaS support have been delayed towards EE 8, as known since fall last year.

Oracle did the right decision to not wait longer, as enough critical substance is in EE 7 and the community should not have been kept to wait longer for them.

After EE 7 is before EE 8

It will be key for Oracle to quickly increase the caching capabilities with JCache in EE 8, maybe even a major EE 7 dot release. A tender spot for Java applications for some time. The cloud / PaaS capabilities will be similarly critical. Though they give the ecosystem of PaaS vendors some more breathing room to differentiate their offerings and lead further - which helps Java overall. 

Advice for enterprises - purchasers

Look for EE 7 adoption from vendors and first experiences before postulating it in RFPs. When promising and encouraging, do not hesitate to add to your requirements. Many benefits from EE 7 will make your enterprise application more attractive to end users and more stable on the backend side, so start the conversation with vendors early.

Advice for enterprises - builders

If you haven't - it's time to get your hands dirty with some lab installs and trials. Focus on the highest benefit drivers, probably focus on the batch and concurrency pieces first. And have a look at NetBeans 7.3.1 as well as Glassfish 4.0 

Advice for ISVs

If you are only looking at EE 8 now, you are behind already, time to catch up. If you haven't moved to HTML5 yet - this is a good evaluation project. Check your defects and support requests in regards of stability needs of background, long running processes. There may be some low hanging fruits there.

MyPOV

Oracle has shipped a solid and attractive release with EE 7. It now needs to maintain momentum to keep the install base and not loose more hearts and minds to the scripting languages. A roadmap and milestones for EE 8 coming out soon - will be the first step. But for now take a deep breath and enjoy Java EE 7. 

P.S. Many thanks to Oracle's Mike Lehmann and Claire Dessaux for a pre-launch briefing. 

R "Ray" Wang

Principal Analyst and Founder Constellation Research

R “Ray” Wang is the CEO of Silicon Valley-based Constellation Research Inc. He co-hosts DisrupTV, a weekly enterprise tech and leadership webcast that averages 50,000 views per episode and blogs at www.raywang.org. His ground-breaking best-selling book on digital transformation, Disrupting Digital Business, was published by Harvard Business Review Press in 2015. Ray's new book about Digital Giants and the future of business, titled,&nbsp;Everybody Wants to Rule The World&nbsp;was released in July 2021. Wang is well-quoted and frequently interviewed by media outlets such as the Wall Street Journal, Fox Business, CNBC, Yahoo Finance, Cheddar, and Bloomberg. Short Bio R “Ray” Wang (pronounced WAHNG) is the Founder, Chairman, and Principal Analyst of Silicon Valley-based Constellation… Read more

Forward And Commentary

Constellation Research pioneered the complete set of front office and back office use cases for social business in 2010. This report provides insight into a key mega-area — lead to deal use cases. This best practices research report offers insight into two of Constellation’s primary research themes, the Next-Generation Customer Experience and the Consumerization of Information Technology/The New C-Suite.

A. Introduction

Social business initiatives have gained acceptance as a key driver in business innovation. Since 2010, organizations have experimented and successfully deployed social business initiatives across a variety of business processes. In Constellation’s recent 2013 survey of 237 social business adopters, more than a majority (57.8 percent) of the market leaders and fast follower respondents had moved from experimentation to scaling social business initiatives to match demand. This trend signifies the successful growth of social business across a number of use cases.

With over 50 use cases identified in the survey, organizations now have defined entry points to begin social business initiatives. Consequently, many businesses can learn from the experience of market leaders and fast followers. Constellation has curated eight mega-use cases for social business that cover key business processes such as:

• Campaign to lead
• Lead to deal
• Incident to resolution
• Kick off to delivery
• Concept to production
• Sourcing to acceptance
• Hire to retire
• Invoice to payment

This report focuses on the lead to deal mega-use case, which includes both traditional business-to-business (B2B) and business-to-consumer (B2C) situations such as territory management, collaborative selling, partner selling, crowdsourced intelligence, matrix commerce, save the deal and steal the deal. These use cases should provide a starting point for mapping out the sales journey.

B. Research Findings – As Adoption Progresses, Seven Major Use Cases Emerge for Sales Processes
The recent 2013 survey of 237 global social business adopters shows 57.8 percent of the market leaders and fast follower respondents scaling social business initiatives to match demand (see Figure 1). This shift from choosing the right go-forward platform in 2012 highlights a move from Level 3 (Evangelization) to Level 4 (Pervasiveness).  This first wave of people has started to see the benefits of social business initiatives and intends to scale them out throughout their organizations and value networks.  They have succeeded by finding executive sponsors, measuring metrics that matter and aligning with business processes.

Figure 1. Social Business Adoption Moves From Platform Consolidation to Scale

(right click to view image)

Seven Key Use Cases Emerge in Lead to Deal

The lead to deal use cases focus on how social business can improve sales team efficiency, reduce sales cycle time, foster collaboration and drive revenue. Lead to deal is a very popular place to begin social business initiatives as the management objectives for many organizations focus on operational efficiency and revenue growth. Constellation identifies seven use cases in lead to deal (see Figure 2):

1. Territory assignment focuses on relationships not geographies.
2. Collaborative selling taps into the entire organization’s network.
3. Partner selling creates force multipliers in the sales force.
4. Crowdsourced deal intelligence improves win rates.
5. Matrix commerce creates a buyer-centric approach.
6. Save the deal tracks customers through the sales funnel.
7. Steal the deal uses influence to take deals from competitors.

Figure 2. Constellation’s Lead to Deal Social Business Use Cases

The Bottom Line: Social Business Is Here To Stay

The moniker “social business” will disappear over the next 24 months. However, the concepts underlying social business will provide the foundation for good business strategy. The new abilities to take social, mobile, cloud and Big Data will converge to create new opportunities. The result – social business is just good business strategy.

C. Report Links

See the objectives, metrics, and starting points market leaders and fast followers use to begin their social business initiatives in lead to deal.  Buy the full research report on the Constellation Research website.

Your POV.

Ready to test out social business for your lead to deal process? Have as success or failure story? Any advice from your experience?  Add your comments to the blog or send us a comment at R (at) SoftwareInsider (dot) org or R (at) ConstellationR (dot) com

Please let us know if you need help with your Social Business efforts.  Sign up for a Constellation Academy Workshop or let us assist with:

• Assessing readiness
• Developing your social business strategy
• Vendor selection
• Implementation partner selection
• Connecting with other pioneers

Reprints

Reprints can be purchased through Constellation Research, Inc. To request official reprints in PDF format, please contact sales (at) ConstellationRG (dot) com.

Related Research:

• Tuesday’s Tip: It’s Time To Consolidate Social Business Platforms
• Monday’s Musings: Understand the 4 Organizational Personas of Disruptive Technology Adoption
• Monday’s Musing: Avoiding Social Media Fatigue Through Engagement
• Friday’s Features: Using Attensity Analyze 6.0 To Compare Customer Sentiment For @united @southwestair @virginamerica
• Event Report: Lithium Network Conference 2012 #LiNC
• Best Practices: From First To Worst – Continental In A Post United World, Lessons In Next Gen Customer Experience
• Monday’s Musings: Seven Basic Privacy Rights Users Should Demand For Social Business
• News Analysis: Lithium Technologies Adds $53M in Financing
• Monday’s Musings: Balancing The Six S’s In Consumerization Of IT
• Monday’s Musings: A Working Vendor Landscape For Social Business
• Product Review: Google+, Consumerization of IT, and Crossing The Chasm For Enterprise Social Business
• Monday’s Musings: Using MDM To Build A Complete Customer View In A Social Era
• Monday’s Musings: Mastering When and How High End Brands Should Use Daily Deal Sites Such As Groupon
• News Analysis: Salesforce.com Acquires Radian6 For $316M
• Monday’s Musings: Q1 2011 State of Social CRM and CRM From An EMEA Point Of View
• Best Practices: Applying Social Business Challenges To Social Business Maturity Models
• Research Summary: Software Insider’s Top 25 Posts For 2010
• Best Practices: Five Simple Rules For Social Business
• Research Report: Constellation’s Research Outlook For 2011
• Research Report: How The Five Pillars Of Consumer Tech Influence Enterprise Innovation
• Research Report: Next Gen B2B and B2C E-Commerce Priorities Reflect Macro Level Trends
• News Analysis: Jive Fills Warchest, Ready to Battle Enterprise Software Giants And IPO?
• Tuesday’s Tip: Applying The Five Stages Of Adoption Towards SCRM Projects
• News Analysis: Lithium’s Acquisition of Scout Labs Ups The Ante in Social CRM
• News Analysis: Biz360 Acquisition Signals Attensity Group’s Move Into Social CRM
• Monday’s Musings: Avoiding Failure In Social CRM Projects Requires Ecosystem Coordination
• Research Report: The 18 Use Cases of Social CRM – The New Rules of Relationship Management
• News Analysis: Siperian Acquisition Vaults Informatica Into An MDM Leadership Position
• News Analysis: Jive and Radian6 Partner – Great For Business, But Could Fragment IT Systems
• Event Report: Salesforce.com Pushes Social CRM Technology — But Don’t Expect Companies To Be Successful With Tools Alone
• Monday’s Musings: Why Every Social CRM Initiative Needs An MDM Backbone
• Personal Log: Altimeter Group – Helping Organizations Bridge The Technology Obsolescence Gap
• Monday’s Musings: 10 Essential Elements For Social Enterprise Apps

Disclosure

Although we work closely with many mega software vendors, we want you to trust us. For the full disclosure policy, stay tuned for the full client list on the Constellation Research website.

Copyright © 2001 – 2013 R Wang and Insider Associates, LLC All rights reserved.

Holger Mueller

Vice President and Principal Analyst Constellation Research

Holger Mueller is VP and Principal Analyst for Constellation Research for the fundamental enablers of the&nbsp;cloud, IaaS, PaaS and next generation Applications, with forays up the tech stack into BigData and Analytics, HR Tech, and sometimes SaaS. Holger provides strategy and counsel to key clients, including Chief Information Officers, Chief Technology Officers, Chief Product Officers, Chief HR Officers, investment analysts, venture capitalists, sell-side firms, and technology buyers.<br>&nbsp; Coverage Areas: Future of Work Tech Optimization &amp; Innovation<br>&nbsp; Background: Before joining Constellation Research, Mueller was VP of Products for NorthgateArinso, a KKR company. There, he led the transformation of products to the cloud and laid the foundation for new Business… Read more

It’s all about - Re-imagine …

Re-imagine functionality

Cornerstone wants to re-imagine the functionality behind its key three automation areas – performance, learning and recruitment. Cornerstone has targeted specific new functionalities In each of the three automation areas, to bring them further, and closer to the new workforce’s needs. Not surprisingly there has been special attention on recruitment. 
 

The other direction of the re-imagination project is around the user experience. Cornerstone rightfully realized about a year ago, that their product’s user experience was falling behind and has embarked into a brand new user interface with a much more 21^st century tune, you may even say consumer grade user interface.

The overall acceptance of the new user interface was very positive by the attendees and I think Cornerstone has done a very good job creating a lightweight, easy to use interface experience with good cross platform consistency.

My main concern on the new user interface paradigm is the scroll intensity and related downsides. The old user experience paradigm of the eyes are faster than the mouse comes to mind – when users need to scroll to get to information – it takes time and in the worst case – they may not even find the information, as they do not start scrolling. But overall the new Cornerstone user interface is a significant increase in usability and can rightfully claim to be consumer grade.

Public Sector, SMB and force

Cornerstone has expanded beyond being a pure horizontal vendor – with a focus on public sector and is adding (north American) functionality to make it a strong provider of talent management for this vertical. And while public sector organizations certainly can take help managing talent, it was a surprising choice of a vertical to me.

Equally Cornerstone has started to offer products for the small and medium size businesses (SMB) – mainly centered around the performance functionality of last year’s acquisition of New Zealand’s Sonar6. Sonar6 was a leader in the gamification trend for enterprise applications and it is good to see some of that DNA not only being preserved for the SMB offering (<500 employees is the cutoff) but that some of the Sonar6 acclaimed performance management functionality like the helicopter view have made it to the mainstream product.

And back in February Cornerstone released it’s Salesforce based product. Interesting enough the company operated a subsidiary in stealth mode for some time, let it build a product on force.com and sell it to over 70 customers, including Salesforce themselves. It’s a gamble not only on the salesforce ecosystem and partner sales activities, but also on the force.com platform as an alternative to the more Microsoft centric mainstream products.

Cornerstone Uniquenesses

The company has a few unique characteristics that are worth mentioning here. At the preceding analyst day it became clear, that the executive team has been working together for a long time, know each other well and is very consistent facing the questions of the analyst community. It’s remarkable that these executives were able to grow along with the company for the last years of very rapid growth, a living proof of hiring talent for growth.

Moreover Cornerstone is one of the very few enterprise vendors out there with a single platform, with all offerings being built on top of this platform. This not only ensures consistency for end users, but also a higher productivity for development resources. At the same time a single platform company needs to have an attentive eye on the time appropriateness of the platform, but Cornerstone seems to have a good eye on this. The user interface modernization being a good indicoator. Likewise the force.com based product seems to have been an alternative platform validation project, with the nice side effect to yield a separate product for the Salesforce ecosystem.

Then there is the location of the company, being headquartered in Santa Monica. And while there are more recent successes from Silicon Beach it remains an unusual location for an enterprise software company. But Cornerstone has reached a good critical size and attracts enough talent for their product development teams to allivieate this a concern. It could even be an advantage, as Cornerstone engineers come with a relocation extra price tag, should a competitor try to poach.

And finally a lot of respect has to go to Adam Miller – who is the driving force on product vision and direction. Few software companies today rely on their CEO to do this – and even fewer CEOs come to mind to have that capability. Even more remarkable is that Adam's background is not in the high tech industry – but in legal and investment banking. Talk about a wide talent profile.

Positive customers

The road ahead

Like Workday, one of the few other single platform HCM vendor in the market today, Cornerstone has a year of execution tasks and challenges ahead of them. Once you have a great product you need to get it to customers and with little localization needs for talent management required – in comparison to core HR and payroll – the worldwide expansion is a key task for Cornerstone. Hiring, training and getting sales people to the first sell in many geographies outside North America will be critical. And then the ramp up of the following value chain with partners, consulting capability and delivery infrastructure to ensure customer viability and satisfaction. The latter has the most obvious need for investment – as the company does not have a data center in the APAC region yet – something that due to international networks latency is pretty much a necessity.

And while Cornerstone is hitting the right notes in terms of re-imagining their core products it needs to keep investing into them. Across performance, learning and recruitment the latter is probably the lightest in terms of functionality.  And while the weakening of Taleo in the marketplace due to the Oracle acquisition has helped some early customer successes, this situation won’t stay quiet as it is now for too many quarters to come. 

Not only will the Oracle / Taleo combo get its act together, but we will see also the Workday recruitment module in less than 12 months from now in the marketplace. This will transform the currently close partnership between Cornerstone and Workday into a coopetition at best.

So it’s time for Cornerstone to invest in distribution, delivery and products. The news of the planned 220M US$ debt offering is a good sign that Cornerstone is serious about the expansion needs and takes advantage of favorable conditions in the capital markets.

Advice for partners

Find a role in the upcoming expansion that Cornerstone needs partners to fill. Find a win / win area that you can invest and execute in and that allows you to setup for above average revenue growth in the next 12-18 months.

Advice for customers

You are in good hands with Cornerstone for learning and performance. The external enterprise functionality is a very good addition and value add.

• If you look for recruitment, make sure it’s a good fit.

• If you are in public sector understand the road map and make sure you get re-assurances for its timely delivery if your critical processes hinge on it.

• If you are an SMB make sure the gamification nature of the product suits your employee base – and if it does – you have one of the most exciting talent management products at your disposal.

• If you are on the force.com platform and want to run an integrated talent and sales / service system – Cornerstone is one of the more viable and capable vendors.

• If you are based in APAC make sure you have sufficient re-assurance for onsite application performance.

MyPOV

A good event for Cornerstone with significant product innovation – not only on the business functionality but also the critical platform side. Cornerstone has positioned itself well and earned a very good market position that it now needs to execute to expand and solidify in the next 12-18 months all across the world. Exciting times for the company’s customers, its partners, investors and employees. And when well executed, it will not only re-imagine the products – but also the company.