Marketplace Reality
I described the early vision for GeoBooks On Demand In Part 1 of this series. But I realized early on that this vision could not be converted into a successful commercial service without considering fundamental marketplace realities. So, I started researching the Web, and I also started talking with anyone who would listen and was willing to offer their opinion.
The first thing I learned from surfing the Web was that, in 2006, there was very little trade press coverage for "ERP on demand". What little coverage existed often confused ERP with customer relationship management (CRM), which companies like Salesforce.com offer. I was able to find only a handful of customer testimonials about true ERP services like NetSuite, and these were limited to businesses in the United States. I was particularly struck by the fact that the journalists and these customers did not appear overly concerned about security or privacy issues. Keep in mind that existing ERP on-demand services host their customers' financial databases in addition to the ERP application itself. Pretty much any company would consider its financial data to be highly confidential. Apparently, though, the vendors had been able to convince their customers and industry observers that their access and security controls were just as good, if not better, than those of an on-premise ERP application and database running behind the customer's firewall.
I decided to test this proposition in Asia and immediately discovered the exact opposite. In fact, every person I spoke with said something like, "No business in Asia would even think of keeing its financial data at a third party data center, because the only way to guarantee secrecy, and to prevent the authorities from seeing the data, is to keep total control of the financial database at all times."
Here was the dark side of globalization, exposed in full glory. It speaks volumes about how business is done in Asia, but that's another (interesting) story.
Having already anticipated this concern (see my posts On Identity from late 2005), I then turned to the problem of how to build an on-demand ERP service that dealt with the issue using today's public key infrastructure (PKI) technology, which my essays from late 2005 had already exposed as woefully deficient when applied to transnational commerce.
I decided that the only way to address security and privacy concerns was to give customers the option of hosting their own database. GeoBooks On Demand would always be hosted by a third-party service provider. Indeed, customers who were not concerned about security and privacy issues (presumably, most of these would come from the United States) could also opt to keep their data at the service provider's data center. But GeoBooks On Demand would be designed so the application and database servers are different machines, and allow customers to re-direct the application to their own database server instead of the default database server (the one which customers who do not have security and privacy concerns would use). Since communication between the application and database servers would always use Secure Sockets Layer (SSL) encryption, and customer data currently being processed by the application would only reside in the application server's memory, this architecture gives customers total control over their own data, when the data is at rest, and make the data impossible to decipher, when the data is in motion -- but is utilized only when a customer's privacy and security concerns outweigh the extra cost and effort of running their own database server.
To the best of my knowledge, no other on-demand ERP service offers this option to their customers. But technically-savvy readers will recognize that this is a fundamental design decision, and not one that can be easily implemented as an afterthought. As a result, I believe that as the Asian marketplace warms to software as a service (Saas), for obvious cost-saving reasons, GeoBooks On Demand will be the only offering available that completely addresses their privacy and security concerns.
Comments