Upload
martin-jonson
View
229
Download
0
Tags:
Embed Size (px)
DESCRIPTION
environments that combines notions of product market, industry and ecosystem. The open Key words: open business dynamics, convergence, open innovation, IT security. on recent work on open and systemic innovation, dynamic capabilities, platform dynamics and framework. Secondly, it provides a new life cycle model, the Convergence Life Cycle, which technologies, and the systemic nature of innovation underlying such boundary-crossing E-mail: [email protected] Jens Frøslev Christensen, Professor
Citation preview
Towards a Framework of Open Business Dynamics
Jens Frøslev Christensen, Professor
Department of Innovation and Organizational Economics
Copenhagen Business School
Kilevej 14A 3rd floor, 2000 Frederiksberg, Denmark
E-mail: [email protected]
25.05-2009
Summary
This paper presents a framework for understanding business dynamics that are not confined to
industry- or technology-specific trajectories and which we therefore term “open business
dynamics”. These are defined in terms of convergence and divergence of product markets and
technologies, and the systemic nature of innovation underlying such boundary-crossing
processes. The framework aligns these concepts with an understanding of “open” business
environments that combines notions of product market, industry and ecosystem. The open
business dynamics framework serves three purposes. First, it offers a systematic way of
analyzing business and innovation contexts that are not well explicated by the Five Forces
framework. Secondly, it provides a new life cycle model, the Convergence Life Cycle, which
exposes business trajectories that do not correspond to the classical models of product and
innovation life cycles. Finally, it offers a contextual complement to the dynamic capabilities and
open innovation perspectives in strategy and management of innovation. The framework builds
on recent work on open and systemic innovation, dynamic capabilities, platform dynamics and
related issues, and on a study of the historical development of IT security sector.
Key words: open business dynamics, convergence, open innovation, IT security.
2
Introduction
For decades, three complementary frameworks have shaped the analysis of strategic management
and innovation strategy in many industries. These are the Product Life Cycle, the Five Forces,
and the Innovation Life Cycle. Taken together, they comprise what we term the industry-bounded
strategy and innovation paradigm, because they provide a consistent set of analytical frameworks
for understanding the structure and dynamics of industries as contexts for firm strategy and
innovation.1 However, this paradigm has increasingly encountered difficulties in explaining
current business dynamics, and during the last decade, new evolving perspectives, in particular
the “dynamic capabilities” and “open innovation” perspectives have engendered new ideas to
guide scholarly research and management practices that are not constrained by an appreciation of
the industry-bounded paradigm. We refer to these and related perspectives as the emerging open
strategy and innovation paradigm.2
This paper contributes to the enhancement and coherence of this emerging paradigm. It presents a
framework for understanding business dynamics that are not confined to industry- or technology-
specific trajectories, and which we therefore term “open business dynamics”. 3
These dynamics
are specified with regard to three building blocks – the conception of an “open” business
environment, the convergence and divergence of product markets and technologies, and the
nature of innovation underlying convergence and divergence. The framework serves three
purposes. First, it offers a systematic way of analyzing business and innovation contexts that are
not well explicated by the Five Forces framework. Secondly, it provides a new “life cycle”
model, the Convergence Life Cycle, which exposes business trajectories that do not correspond
to the classical models of product and innovation life cycles. Finally, it offers a contextual
complement to the dynamic capabilities and open innovation perspectives.
The paper builds on recent work on open and systemic innovation, dynamic capabilities, platform
dynamics and related issues, and on a study of the historical evolution of IT security during the
period 1988-2004 (the methodology of data collection is shortly described in Appendix A). This
case is not congruent with the industry-bounded paradigm but ideally suited for improving our
3
analytical and managerial insights on open business dynamics and more generally the open
strategy and innovation paradigm.
These developments are important for managers for two reasons. One is that the classical
industry-bounded paradigm and its constituent elements are failing to address key features of
open business dynamics. The other reason is that the emerging open strategy and innovation
paradigm has not yet sufficiently matured in scholarly research to provide effective tools for
managerial analysis and navigation.
The elements of the “industry-bounded strategy and innovation paradigm”
Two of the three analytical frameworks that comprise the industry-bounded strategy and
innovation paradigm, as defined above, the Product Life Cycle (PLC) and the Five Forces, are
grounded in industrial economics. Since the early 1980s they have been standard elements in
business school curriculum in strategic management. The PLC model presents a systematic
sequence of stages in the evolution of the economic structure of industries, with special emphasis
on the changing significance of entry and exit.4 The early segmentation stage is characterized by
intensive entrepreneurial entry and exit. After this is the ‘shake-out’ stage, with lower entry and
intensified exit leading to an oligopolistic market structure and the transition to large-scale
operations. Eventually this is followed by phases of lower growth and decline. The second
framework, Porter’s “industry analysis”, identifies five competitive forces framing the strategic
attractiveness of industries (rivalry, supplier power, buyer power, substitutes, and barriers to
entry) 5 The objective is to analyze the level of competition among rivals, the size of entry
barriers, and the indirect competition across the value chain from suppliers to buyers. This
framework has been inspired by the Mason-Bain “structure-conduct-performance” model in
industrial economics.6 Both share the view of market structure as being predominantly
exogenous, and that firm strategies tend to be shaped by given industry structures rather than
shape these structures. The Five Forces framework has been useful for analyzing many industries,
particularly in their stable and mature stages, but it has been less (or not at all) applicable for
understanding very dynamic product markets or industries in the early stage of development.7
4
The third framework in the industry-bounded paradigm, the Innovation Life Cycle (ILC) model,
is rooted in Schumpeterian economics and innovation studies. It was pioneered by Abernathy and
Utterback in the 1970s, and was later further developed by Utterback and other scholars of
innovation.8
It is complementary to the PLC and the Five Forces frameworks in that it points to
changing patterns of innovations as key drivers in the evolution of industries. According to the
ILC, the early stage of industries is characterized by technological discontinuities, radical product
innovation and rivalry among a diversity of product designs. This stage ends when one or a few
dominant designs are selected by the market, corresponding to the initiation of the ‘shake-out’
phase in the PLC model. Subsequently, scale economies are created through radical process
innovation with regard to production and logistics processes and systems, and the previous
dynamism of the early stage is replaced by more predictable trajectories of incremental product
innovation based on the constraints of the dominant design. The ILC model has provided an
important complement to the PLC model and has substantially contributed to enhance our
knowledge of strategic management and innovation management in the context of industry
evolution.
The decreasing relevance of the “industry-bounded strategy and innovation paradigm”
The industry-bounded strategy and innovation paradigm has been particularly effective in
explaining the evolving competitive market structure and innovation dynamics of traditional
manufacturing industries that are based on one distinctive product category, and that maintain
robust boundaries over extended periods of time, which makes the notion of life cycles
meaningful (e.g. the automobile, bicycle, steel, tire, or television industry). However, it is
increasingly evident that modern business dynamics tend not to fit well with this paradigm. Teece
recently made the following pessimistic judgment as to the value of the ‘structure-conduct-
performance’ model: “Developed in the 1930s, 1940s, and 1950s, it is still relevant to some of
the ‘rust belt’ industries that experience low rates of technological innovation where
complementors are not important, and where the co-evolution of technologies and institutions is
5
not significant…” 9
The same judgment is appropriate more generally with regard to the industry-
bounded strategy and innovation paradigm.
Below we point to four generic tendencies in business dynamics and innovation management that
have profoundly weakened the scope of validity of this paradigm:
• First, business dynamics are to a decreasing extent confined to classical single-product
industries that behave according to the PLC and ILC models.10 By contrast, business
dynamics are increasingly characterized by porous/open boundaries associated with
dynamics of convergence (integration) of different product markets, 11
• Secondly, these convergence and divergence processes are in turn driven by other types
of innovation than those addressed in the ILC - radical and incremental innovation, on the
one hand, and product and process innovation, on the other. While these categories
remain valuable, they do not contribute to understanding the innovative processes
underlying convergence and divergence. To this end, we need to differentiate innovations
according to their systemic nature and impact.
and the divergence
(disintegration) of existing product markets into more disaggregated submarkets.
• Thirdly, interorganizational and network-based modes of managing innovation are
increasingly replacing more closed (intra-firm) modes. While this tendency has been
recognized by innovation researchers for some time, it has recently gained
comprehensive managerial and research momentum under the umbrella of “open
innovation”. 12
• Fourthly, the increasing prevalence of convergence/divergence dynamics, systemic
innovation, and more open modes of organizing innovation makes the coordinative or
collaborative nature of the firm-environment relationship much more central to strategic
and innovation management than can be accommodated by the Five Forces framework,
with its primary focus on the competitive bargaining relationships. While the competitive
game remains a vital element in business dynamics, in open business dynamics, the
The particular importance of open innovation in the context of this paper
is that it is congruent with the increasing challenges posed by convergence/divergence
dynamics.
6
collaborative game and its intricate interplay with competition has become increasingly
decisive as firms strive to gain competitive advantage. This implies that the classical
“industry” conception in Five Forces is insufficient for assisting firms in understanding
their business environment as a means to guide firms’ business and innovation strategies.
Towards a new “open strategy and innovation paradigm”
Even if a full-fledged new paradigm has not materialized to replace or supplement the industry-
bounded paradigm, evidence of the contours of an emerging open strategy and innovation
paradigm may be seen in the development of two streams of literature, the “dynamic capability”
literature, pioneered in 1997 by Teece, Pisano and Shuen,13 and the “open innovation” literature,
pioneered by Chesbrough in 2003.14 The “dynamic capability” literature has focused mainly on
defining the specifics of change-directed capabilities in contrast to path-dependent and routine-
based capabilities associated with the Resource-Based View.15
The “open innovation” literature
has been engaged in analyzing externally oriented ways of organizing and managing innovation
in contrast to more firm-internal ways. In this section, we will analytically specify the three tenets
of our framework of open business emanating from the generic tendencies listed above. These are
(1) the conception of the business environment, (2) the nature of product market convergence and
divergence, and (3) the systemic nature of innovation underlying convergence and divergence.
Against this background, we will present the case of IT security. On this basis, we will further
address the strategic and evolutionary/cyclical implications of this framework.
The conception of the business environment: ecosystems, product markets and industries
In both the “dynamic capability” and the “open innovation” literature, there is a tendency to
question the value of the notion of “industry” as the organizing context for business strategies
and innovation practices, and to replace it by the more open-ended concept of business or
innovation “ecosystems”.16 David Teece defines (business) ecosystems as “…the community of
organizations, institutions, and individuals that impact the enterprise and the enterprise’s
customers and suppliers”.17 Ron Adner emphasizes that (innovation) ecosystems comprise
“….the collaborative arrangements through which firms combine their individual offerings into a
7
coherent, customer-facing solution”.18 Compared to the classical “industry” concept, the
ecosystem concept not only implies a more rich and flexible understanding of the business
environment, it also reflects two significant analytical “turnarounds”. First, while the industry
view emphasizes the exogenous status of the environment that firms should take for given and
adapt to, the ecosystems view underscores the symbiotic and co-evolving relationship between
the strategies and innovations of firms and their business environment. This view even leans
towards the “endogenous” position that firms, whose strategies are founded on dynamic
capabilities and open and disruptive innovation,19 are actively contributing to shape the structure
of the business environment, rather than reactively being shaped by a pre-existing structure.20
Secondly, while the industry view in Five Forces addresses the competitive bargaining game, the
‘ecosystems’ view focuses on complementarities and associated collaborative arrangements.
These changes give the ecosystem concept some advantages when analyzing open business
dynamics. But it is hampered by its ad-hoc definition, hence potentially expansive scope, and its
insufficient focus on competition. In order to more fully understand the environmental side of
open business dynamics, we shall combine notions of ecosystem, product market and industry as
complementary lenses of analysis. We here use “ecosystem” to expose the evolving context for
collaborative opportunities for product market convergence or divergence.21
The term “product
market” is used to signify the emergent context for direct competition/rivalry among firms with
identical or very similar categories of products or services. The product market concept is often
used interchangeably with the industry concept. However, the former is not associated with
features of robust boundaries and long life cycles as the case is with the latter. Product markets
may evolve along the PLC/ILC track and eventually prove to become consolidated as
”industries”, or they may undergo more or less frequent changes in the form of convergence or
divergence (or eventually vanish). Thus, while “product market” here denotes the emergent
context for product-specific rivalry, we use the term “industry” to denote mature product markets
reflecting well-established patterns of both competition and cooperation and typically dominated
by large incumbents (see Figure 1).
8
Figure 1 about here
Product market convergence and divergence
In open business dynamics, product market (or industry) convergence and divergence are as
important as (or even more important than) PLC/ILC dynamics. Convergence involves changes
in the boundaries and relations between two or more product markets, leading to their becoming
increasingly integrated. The prototypical case is the convergence of the computer and the telecom
industries through the use of digital technologies.22 Divergence involves processes of
disintegration of one product market or industry into one or more submarkets.
Convergence/divergence mechanisms have traditionally been studied in terms of the vertical
supply- or value-chain relations of industries. 23 Each of the stages in the vertical chain may be
(or become) distinct product markets, or may be (or become) embedded in a larger industry under
the control of vertically integrated companies. This vertical framing of complementary relations
has been widely applied in studies of outsourcing and vertical integration/disintegration of firms
or industries. In recent years, opportunities for convergence/divergence have also been
investigated in terms of “horizontal” relations across product markets or industries. This has in
particular been studied in regard to IT-based platforms that enable the inter-linking and joint use
of “complementor” products or applications. Each of such applications may originally constitute
product markets on their own, may be developed directly for the platform by a “complementor”
firm, or become developed and integrated by “platform leaders”. Likewise, more centrally
controlled platforms may eventually undergo divergence and result in the formation of more or
less distinctive submarkets.24 The evolution of the computer industry over the last decades
provides the most widely studied example of divergence in both a vertical and horizontal sense.25
In the IT security case study, we will focus on this horizontal rather than the industry-confined
form of convergence and specify two types of open convergence trajectories.
9
Systemic versus autonomous innovation
The particularities of innovations relevant to understanding product market convergence or
divergence are related to features of ‘systemicness’ rather than the features of innovations that
underlie the ILC model (radical/incremental, product/process). To our knowledge, Teece was the
first to discuss the significance of the systemic dimension of innovation. 26 He distinguished
between “autonomous innovation” (or “stand-alone innovation”) with low requirements for
further adaptations or innovations in the value chain, and “systemic innovation” with high such
requirements, and hence high demands on coordination among different agents. Henderson and
Clark further introduced the distinction between a component and a systemic level of innovation
in the context of product architectures,27 and Sanchez and Mahoney refined the modularity
implications in management of innovation and organizational design. They specified the the
component level as consisting of single-function subsystems designed to be integrated at the
systems level with other components in the overall product architecture.28 In the recent platform
literature,29
the systemic level of innovation has been extended beyond the value chain and the
product architecture contexts into more open-ended platform-mediated networks that operate as
organizing tools for linking existing and prospective products and components into still larger
systems that are not predetermined by the platform architecture. As such, systemic innovation
associated with platforms are drivers of product market convergence and divergence.
In a study of platform-based evolution of the PDA market, Stieglitz (2003) shows that
convergence requires systemic innovation in terms of both product and technology integration.30
Product integration implies the development of a new product that integrates the functionalities
of two or more previously autonomous products. These become complementary from a user
perspective, and increasingly bought and used as one. But systemic innovation often also requires
particular efforts in technology integration, that is, R&D activities focused on merging, and
perhaps further developing different technologies underlying the constituent products, including
the development of interface standards to make the technologies compatible. Thus, systemic
innovation may transcend both industry- and technology-specific trajectories.
10
In our framework of open business dynamics we can specify three categories of innovations,
namely autonomous product innovation, systemic innovation and autonomous component
innovation (see Figure 2). Autonomous product innovation enables the formation of new
specialized product markets. Systemic innovation drives convergence across product markets and
industries, mediated by ecosystems. Finally, autonomous component innovation enables the
divergence of product markets and industries into disaggregated submarkets. Divergence is also
mediated by ecosystems to sustain collaboration between the component-based submarkets and
their complementary systemic product markets or industries.
Autonomous innovators focus on developing high performance in one functionality in an end-
product (like anti-virus, anti-spam or firewalls in IT security) or a component (e.g. a technical
sub-function of a firewall). Systemic innovators focus on creating high performance with respect
to the interaction and compatibility between multiple functionalities (like the above-mentioned IT
security functionalities) and thereby seek to maximize systemic (including synergistic)
performance value. And while autonomous product or component innovations are based on more
specialized technical and functional capabilities and often located in smaller firms, systemic
innovations are based on integrative competencies31
----
and tend to be driven by larger firms.
In the following section we shall apply the concepts and framework defined above to provide an
outline of the historical evolution of the IT security business – an “ideal case” of open business
dynamics.
Figure 2 about here
The case of IT security
One dark side of the global diffusion of the Internet and related information and computer
technologies has been an explosion of different types of information security problems such as
viruses, spyware, pitching and hacking. These, again, have given rise to swarms of firms
exploring the commercial opportunities of offering safeguarding measures. Within less than 20
11
years, we have witnessed the emergence of a large range of new security products and services
and the creation and hyper-growth of a new complex and volatile sector. IDC estimated global IT
security revenue to reach $35 billion in 2003, reflecting a doubling of revenues since 200132 and
comparable to the size of the global market for recorded music.33
IT security entails software-
and hardware-based products and systems (Figure 3), on the one hand, and services of different
kinds on the other. These services assist users in selecting, implementing, integrating and more
broadly managing the constantly evolving IT security products, and in adopting organizational
procedures and behavioral routines for safeguarding. IT security products and services are
dedicated to alleviate IT security problems of different kinds. But despite this commonality, the
enormous diversity, and emergent nature of IT security doesn’t lend itself fruitfully to be
analyzed as one industry. Rather, it is better conceived as a cluster of product markets or
submarkets that have primarily evolved through convergence in the context of a likewise
evolving ecosystem.
Figure 3 about here
Most IT security product markets can roughly be differentiated into three segments: the high-end,
the mid-end and the low-end. The high-end segment comprises private and public organisations
in need of advanced and specialized solutions and a broad portfolio of security products and
services. The mid-end segment consists of small and medium sized enterprises and other
organizations seeking less advanced, less costly and less comprehensive portfolios of products
and services. Finally, the low-end segment entails private consumers and very small
organizations in need of commoditized and low-cost sets of protective means. Historically, the
most proactive parts of the high-end market segment have constituted lead-user roles34
for early
security innovations. As the products and technologies have matured, they have trickled down
into the mid- and low-end segments. During that process, they have tended to become bundled
into product suites, and some of them have eventually become embedded in infrastructural IT
systems.
12
For the period 1988-2004, we have identified three partly overlapping stages of business
dynamics. The late 1980s and especially the early 1990s saw the formation of numerous product
markets based on specialized firms’ development of autonomous security products, each
responding to specific types of emerging security problems and user needs. While product market
formation continued after the mid-90s, even if with decreasing intensity, two trajectories of open
business dynamics increasingly came to dominate. The first, taking off around 1997/98, focused
on convergence associated with product-bundling innovation. It was driven by a few expansive
firms emanating from the ranks of IT security specialists originating in particular product
markets. The other trajectory, becoming increasingly visible in the early post-millennium years,
has focused on convergence through the integration of security functionalities into larger IT
systems and services. This trajectory of “context-embedding” innovation has been driven by large
incumbents in established IT infrastructure industries.
In the following, we provide a short overview of the three stages or trajectories of business
development in the evolution of IT security, and address the strategic challenges (and difficulties)
faced by firms in one trajectory when trying to jump unto an emerging trajectory.
Trajectories of product market formation through autonomous innovation
From the late 1980s to the late 1990s, hundreds of security technology specialist firms were
established based on autonomous product innovations (these include Arbor Networks,
CipherTrust, netForensics and Websense). Many have later exited or been subject to mergers and
acquisitions (see below). During the early years, the high-end market was virtually the only
security market. In particular, large IT enterprises and government institutions in the US were
important lead-users of innovative products and licensees of patented technologies provided by
pioneering technology specialists.35
Among the most prominent early examples of IT security innovations are antivirus, software-
based firewalls, Virtual Private Networks (VPN), vulnerability assessments scanners and
services, Public Key Infrastructure (PKI) authentication, and Intrusion Detection Systems (IDS),
13
all invented and initially commercialized between 1989 and 1996. Each of these products (and
numerous others, cf. Figure 3) were subject to specialized product market formation, with
numerous rival firms engaged in continuous innovation to expand their capacity and functional
performance.36
The ubiquitous tendency since the late 1990s to move ever-increasing volumes and types of data
into ever-more distributed IT environments have given rise to still new forms of security
breaches, which again have constituted “focusing devices”37 for new waves of autonomous
security innovations (such as anti-phishing, anti-spam, anti-spyware and various forms of
biometrics). In recent years, as employees and consumers increasingly operate from mobile
devices (notebooks, mobile/smart phones, multi-function PDAs and VoIP) that were initially
without the same safeguards as desktops, much innovative endeavour has turned towards
providing safeguarding means for mobile devices.38 However, even if new autonomous product
innovations have continued, the predominant tendency since the late 1990s has been a move
toward convergence through systemic innovation along two different trajectories, one associated
with product-bundling innovation, one with context-embedding innovation. Each of these are
described in the subsequent sections. These tendencies can be explained as a response to the
rapidly expanding complexity for the customer in dealing with the ongoing add-on budding of
new products and services and associated increases in security costs.39
Trajectories of convergence through product-bundling systemic innovation The many and diverse products associated with product market formation and autonomous
innovation were eventually revealed to be more or less complementary - sometimes with
overlapping, sometimes with potentially synergistic features (for example between a firewall and
an IDS). In the early years, linking these products to form reasonably interoperable systems was
either not attempted at all, or left to the IT departments of the clients, and assisted by security
services firms that rapidly appeared in large numbers. For a time competition remained confined
within narrow product markets. Only gradually did the specialized security vendors together with
their corporate customers and assisting services firms, accumulate more precise knowledge of the
14
complementary and synergistic nature of the different products, and thus of opportunities for
systemic innovation.
The trajectory of product-bundling innovation was initiated by a few security specialists,
who over just a few years fundamentally transformed themselves into large security
integrators. They managed to do so through strategies combining three basic elements: An
aggressive acquisition policy, a strong commitment to pursue product-bundling systemic
innovation, and comprehensive investments in building the requisite operational assets in
distribution, sales and marketing needed to shape and manage new global mass markets.
The first steps in this direction were taken by Networks Associates (now McAfee) and AXENT
Technology which, through numerous acquisitions in the end of the 1990s, had developed broad
portfolios of security products. Both companies launched the first (more or less) integrated
product suites around 1998/99, but they were not well received by the market and initially gained
a bad reputation.40 Shortly thereafter, Symantec revitalized the product suite strategy through a
successful leapfrog strategy. Like AXENT Technology and McAfee, Symantec had acquired
numerous security specialist firms during the late 1990s, but in particular the 925 million dollar
acquisition of AXENT Technology in 2000 enabled Symantec to make a profound relaunch of
product suites. Symantec’s core capabilities in anti-virus and content-filtering software products
were extended and combined with AXENT Technology’s core capabilities in management
technologies as well as in firewalls, VPNs, vulnerability assessment and IDS products for the
high-end segment. Over the few years of acquisition-based growth and early trials in systemic
innovation, Symantec also built powerful distribution assets and brand recognition. This came to
serve as an effective catalyst for the product packages that were launched after the acquisition of
AXENT Technology. Symantec continued its acquisition-based expansion of its product
portfolio, and by 2004 was recognized as the leading product suite vendor in IT security. A few
other specialized security companies, including Internet Security Systems (ISS) and McAfee
followed suite.41 In the first few years of the 21st century, some of the major companies that long
remained committed to a specialized product or service strategy embarked on similar product-
15
bundling strategies, even if with a narrower scope. One example is RSA Security, a leading
authentication provider with a coherent portfolio of solutions comprising authentication,
encryption and PKI products.
By 2004, product suites for the business segments had evolved to include the integration of all or
most of the following products: firewalls, VPN, Intrusion Detection and Prevention, antivirus,
content filtering and anti-spam.42
One example is the ISS Proventia security platform targeted at
corporate customers. Similar multi-functional products were offered by Symantec to both
enterprises (e.g. the Symantec Gateway Security appliances) and private consumers (e.g. the
Norton Internet Security software suite integrating firewall, anti-virus, anti-spam and privacy
control systems into a unified software suite). Moreover, the emergence of managed security
services reflects a move towards integrated solutions. While security integrators like Symantec
offered integrated products, security managers like Counterpane and Cybertrust delivered a
unified operations control, maintenance and updating of their customers’ various security
products and systems.
The value proposition of integrated solutions is clear: overall reduced costs and simplification for
the user in terms of implementation, multi-functionality, management and updating, and (more or
less) one-stop shopping, The professional customer, however, may face the disadvantage of being
locked into one vendor that offers one or more “weak” technologies in the package. The
alternative is to shop on the market for autonomous products in an effort to choose the best
products for each specific function, in industry jargon called “best-of-breed strategy”. But this
strategy incurs high costs associated with building in-house expertise in judging the different
products and services on the market, the searching and selecting, negotiating and contracting with
the “best” vendors in each specialized product market, as well as the costs of integrating,
installing, managing and updating the different products and services to operate as one system.
By 2003/04 the best-of-breed strategy had primarily survived in the high-end market segment,
such as in the military and financial sectors with a high-risk profile.43 Companies like
16
Counterpane (managed security services) or CipherTrust (messaging security), for example, had
positioned themselves as among the best in their respective high-end product markets. In the mid-
end segment of small and medium-sized firms, neither the risk-profile nor the resources
warranted such a strategy, and product suites obtained a dominant position.44
In the low-end
segment, private users preferred commoditized products (antivirus, firewall etc.), either separate
or combined into small packages. In sum, during the first years of the new millennium, the
product suite approach appeared to have become the preferred solution for the majority of the
overall market, while niche firms maintained a strong position in parts of the high-end segment.
Trajectories of convergence through context-embedded systemic innovation
The trajectory of convergence through product-bundling innovation has contributed to drive the
IT security sector as a cluster of relatively autonomous product markets in the direction of a
unified (even if still highly segmented) IT security product market in which leading firms
increasingly compete against each other with rival sets of product suites. By contrast, the
trajectory of convergence through context-embedded innovation has contributed to undermine
this process of “unification” of IT security towards one market. This is because security in this
trajectory has become embedded features of other offerings (general IT networks and systems),
instead of dedicated security products with business opportunities in their own right.45 Both
trajectories of convergence respond to user needs for reduced complexity associated with the
surge of new autonomous solutions. Obviously private users want simple, holistic solutions that
are practically invisible and automated. But also professional users prefer reduced complexity.
“They are looking for plug and play appliances that require little installation expertise and hence
are less prone to configuration errors – especially for offices with little to no on-site security
staff”.46 The trajectory of convergence through context-embedded innovation has gained strong
momentum since around 2000. It signifies a tendency for security to become a more well-defined
part of IT operations, with the implication that “…security functionality and processes are being
built into every layer of the infrastructure, from the network up through the application”.47 The
drivers of this trajectory have been large incumbents in established industries, network and
systems vendors and Internet service providers. The most prominent examples during the early
17
years since 2000 have been Cisco, Microsoft and IBM, whose strategies for integrating security
functions in their systems offerings will be briefly outlined below.48
Cisco, with its strength in network equipment (especially routers, switches and dial up access
servers), early on took an offensive stance in providing security at the networks level. From 1995
to January 2005, Cisco acquired 10 security firms, primarily technology specialists with
autonomous products or components across a broad spectrum of IT security. This made it
possible for Cisco to introduce an increasing number of network-embedded security offerings
(e.g. firewall, VPN and Intrusion Prevention functionalities).49
From its dominant position in operating systems, Microsoft has engaged in embedding IT
security into its platforms since 2002, when Bill Gates released a memo to Microsoft employees
with the message of giving top priority to security. 50 This happened against the background of
increasing problems with viruses and worms that exploited vulnerabilities in the operation
systems, potentially threatening the underlying security of Windows products. Since then,
Microsoft has pursued a “quality movement” strategy to implement more secure coding standards
and design more inherently secure software using threat-modelling, filtering and penetration
testing. In addition to the security strategy in software configuration, Microsoft has been active in
integrating security functionalities into its systems. 51
Part of this strategy was the acquisitions of
three security firms, GeCAD in 2003, a small Romanian anti-virus company, Giant Company
Software in 2004, an anti-spyware firm, and Sybari in 2005, an anti-virus and data protection
specialist. Specialized security knowledge from these firms was applied in the OneCare
subscription service, aligning anti-virus (based on the GeCAD technology), anti-spyware (based
on technology from Giant Company Software), firewall protection and PC cleanup tools to
Windows private users.
Microsoft’s security strategy during this period wasto offer Microsoft users basic all-round
security and to enhance user convenience by providing security systems and services that are
simple to understand, use and update and with highly automated processes. By 2004/05 the
18
security strategy also began to emphasize the creation of partnerships with security vendors,
networking companies, and Internet Service Providers.52
Thus, several of Microsoft’s
competitors (i.e. in firewalls, anti-virus and anti-spyware) also became partners, invited to build
extended security solutions on top of Microsoft platforms and services for users with more
specialized security needs.
IBM pursues a broad-scoped systems integration approach to IT security. In contrast to the
dedicated security firms, IBM emphasizes the business enabling aspect rather than the protective,
threat and fear aspect of security. IBM has become an important provider of security-oriented
services, both as a security manager providing managed security services, and as a security
consultant providing implementation and systems integration services. These services can mix
off-the-shelf tools with external best-of-breed products and components as well as IBM’s own
tools and systems. IBM has maintained R&D capacities in numerous areas of IT security and
possesses a large portfolio of complementary assets in addition to its security assets – in network
management, processes and applications across platforms. Together, these assets form valuable
inputs into IBM’s strategy of providing solutions that make security part of integrated IT systems
designed for realizing the particular business opportunities of its corporate customers, for
instance in e-business and web services.
Even if the convergence trajectories identified in the evolution of IT security has signified rival
strategies (e.g. bringing Symantec into competition with Microsoft), they have also represented a
division of labour in terms of product specialization and market orientation. This makes it
possible for both trajectories to run in parallel, rather than having one fully replace the other (e.g.
Symatec is also a Microsoft partner building added security on top of Microsoft’s platforms).
Implications for understanding open business dynamics
Trajectories of convergence and firm strategies
During the pioneering phase of the IT security in the 1980s and most of the 1990s, business
dynamics were largely based on innovative start-ups targeted at autonomous products to cover
19
the expanding array of security holes that emerged in a context of increasingly complex and
ubiquitous IT systems. Competition was highly segmented within narrow product markets. No
unified industry or market existed. According to the PLC and ILC models, one would predict that
each of these product markets (e.g. firewalls, antivirus) would undergo an emergent stage of
design rivalry, eventually resulting in a dominant design paving the way for an era of incremental
innovation and the build-up of systems for distribution and marketing necessary to establish and
sustain mass markets. Indeed, we can trace such life cycle dynamics in what we have termed
trajectories of product market formation through autonomous innovation. Within each product
market, different solutions would be tried out, one or a few robust designs would come to prevail
in the market, their underlying technologies stabilized, and a few successful companies would
manage to bring these designs into dominant positions for mainstream markets.
However, when the niche products approached such stage of maturity, the dominant rules of the
game tended to change in the direction of product market convergence through systemic
innovation. This materialized first in product-bundling innovation, and subsequently, with a time-
lag of a few years, in context-embedding innovation - proliferations of cycles that can not be
accounted for in the PLC and ILC models. And in the course of that transformation, many
specialized firms exited or were acquired by a smaller group of “integrators” taking the driver’s
seat in shaping these trajectories. During the period 1993 -January 2005, we registered 291
acquisitions of (or mergers with) IT security firms. By far the largest share consists of specialized
security firms taken over by product-bundling security integrators or security specialists with
integrator aspirations, or, especially after the turn of the millennium, large network and systems
vendors. By gaining control over requirements for adaptations at the specialized product level of
expertise, these acquiring firms became better able to address the particular challenges of
systemic innovation.
For the few firms that successfully changed their identity from being autonomous innovators
within a single-product market to becoming convergence-oriented product-bundling innovators,
the transformation required a concerted strategic commitment to move beyond their product-
20
specific core capabilities through a series of acquisitions, a consistent engagement in systemic
innovation, and the leveraging of complementary assets for large-scale distribution and brand-
building. Through this diverse set of long-term investments, companies like Symantec and ISS
managed to expand from specialized niche positions into much broader positions as providers of
product suites within the expanding IT security market. By contrast, the companies driving
context-embedding systemic innovation during the period studied were already large incumbents
in established industries outside the IT security field (in operation systems, IT networks, systems
integration services, wireless communication and internet services). Their core competencies
were historically grounded in other fields than IT security expertise (e.g. Cisco in routers and
switches). But they eventually gravitated towards more integrative competencies,53
including
capacities for systems integration and platform development as well as strong complementary
assets in distribution, marketing and brand-building for mainstream markets. Context-embedding
systems integration has led to the alignment of infrastructural knowledge situated in these firms
and their industries with knowledge of specialized IT security technologies.
The nature of systemic innovation in open business dynamics
The systemic innovation processes conducted by the pioneering systemic innovators in IT
security did not simply involve product design through the integration of standard
products/components into pre-existing architectures. Different firms experimented with
innovation at different levels and scope (product bundles/packages of various kinds and scope,
network systems, operation systems, gateways and application systems). Both the
product/component development and their architectural integration tended to reflect non-trivial
R&D efforts.
Most scholarly research on systemic innovation has addressed particular product architectures in
manufacturing industries, for instance the automobile industry, as organized by large
companies.54 From this perspective, systemic innovation involves the development of the
architecture either prior to or directly synchronized with component-based developments,
whether the latter takes place in the company, in specialized firms, or in partnerships.55 However,
21
this “rational design” perception is often not adequate for understanding systemic innovation in a
context of open business dynamics. In IT security, the innovating systems “architects” have been
late-comers waiting for the “bottom-up” evolution of autonomous products to evolve and mature
driven by technology entrepreneurs. Only gradually, and following extended learning and trial-
and error processes, did prospective “architects” attempt to integrate these products (more or less)
into product suites and, eventually, into higher-order networks and systems. Through these
processes, what were originally autonomous products tended to be transformed into mature
components in systemic innovations. And the “architects” behind systemic innovation only came
into the innovation game as the different autonomous products and technologies matured, the
complementarities between them became better understood, and their future role as “bundled” or
“embedded” components were gradually envisioned.
Convergence strategies and the exercise of dynamic capabilities and open innovation
The leading firms driving the convergence trajectories in IT security have demonstrated strategic
commitment to build dynamic capabilities in the sense of transcending existing boundaries and
engaging in new challenges of systemic innovation and market creation. On the innovation side,
this has involved an intricate balance and change between exercising different forms of open and
more closed innovation. The strong tendency among these firms to engage in acquisition-based
integration of specialized security knowledge reflects the need for practicing open innovation in
the form of searching, accessing and acquiring specialized knowledge and components from
external sources. This indicates that the acquired technological knowledge tended to be difficult
to develop or replicate by the systemic innovators themselves. Moreover, it indicated the need for
substantial in-house control over the innovation process, including full integration of the
specialized security knowledge – in other words the need to practice a more integral form of
managing innovation.
However, scholarly research on innovation in other areas of business has demonstrated that the
need for tight in-house coordination of innovation is likely to decrease over time as interfaces
across components/technologies become standardized and more ready for modularity and a more
22
distributed form of innovation.56 In terms of open business dynamics, this implies a process of
divergence that leads to new opportunities for specialist firms. During the last year of our
investigation of IT security (2004), the three leading drivers of context-embedding innovation
(Cisco, IBM and Microsoft) had begun to encourage partnering strategies with IT security
specialists. Even if only anecdotal evidence, this may signal that the previous integral mode of
managing innovation in the early stage of systemic innovation was beginning to give way to a
new form of open innovation that would rely more on partnership and outsourcing than on
acquisitions.57
As compared to the dynamics of product market formation through the generation
of autonomous end-products, the dynamics of divergence generate modular components by
innovating within the “black box” of the component technology while adhering to standard
interfaces dictated by ‘architect’ companies. And such divergence is more inclined to shape new
submarkets rather than (end-) product markets.
The strategic significance of the environment in open business dynamics
We have used three concepts for understanding the context for open business dynamics: 1) the
product market signifies the emergent arena for direct competition among rivals with similar
products. 2) The ecosystem signifies the arena for product market convergence and systemic
innovation, and 3) the industry signifies mature product markets dominated by large incumbents
trying to expand their boundaries.
From both a theoretical and managerial perspective, there are advantages gained from using this
three-pronged conception of the environment (see Figure 1). Theoretically, the combined use of
the product market and the ecosystem concepts provides complementary lenses for analyzing
open business dynamics associated with, respectively, direct rivalry (the product market) and
prospects for coordination/convergence across product markets (the ecosystem). The realization
of the convergence prospects of the ecosystem, again, paves the way for the creation of one or a
set of more integrated products and markets to form a new basis for competition.
23
However, prospects for convergence and systemic innovation may also develop from the
perspective of mature industries. In recent years, much research attention has focused on the
widespread processes of “deverticalization” of existing industries in the form of outsourcing and
associated vertical disintegration of large incumbents.58
But while these mechanisms have
certainly been profound, many industries, especially IT-intensive industries, have simultaneously
engaged in expanding their boundaries to link into and seek to integrate evolving product markets
and ecosystems. This is exemplified by the context-embedding strategies of large IT
infrastructure companies vis-á-vis IT security product markets and ecosystems. Such increasingly
integrated product markets will eventually, as they mature, tend to become subject to processes of
divergence and submarket formation.
From a management perspective, this three-pronged view can contribute to a better and more
comprehensive understanding of the environmental side of open business dynamics and form a
set of integrated tools for strategic navigation and the mobilization of dynamic capabilities. It
contributes to a systematic view of both the arena for competition and the arena for innovation-
focused coordination, whether taking the perspective of firms in emergent product markets or
mature industries. Moreover, it provides an analytical perspective on strategically thinking ahead
of current competition and collaboration and out-of-the-box, that is, across the boundaries of
existing product markets, ecosystems and industries.
Towards a Convergence Life Cycle
Even if the IT security case has indicated that the PLC and ILC models also apply to the early
formation of product markets, it has also shown that these “trains” were significantly derailed by
tracks of convergence (and divergence). Our framework of open business dynamics, as illustrated
in Figure 2, lends itself directly to understanding such alternative cyclical patterns that we term
the Convergence Life Cycle (CLC) (see Figure 4). The three categories of open business
dynamics, product market formation, convergence, and divergence, are here conceived as life
cycle stages that are linked to our three units of analysis of the business environment, product
market, ecosystem and industry. Figure 4 illustrates these stages from the top towards the bottom
24
as product markets develop, merge and proliferate into broader ecosystems or industries and, in
turn, disintegrate into submarkets.
Figure 4 about here
The stage of product market formation involves the creation of new products/services and
markets that expand or reduce the scope of an extant value chain, or develop to become
complementary to products or services supplied by other product markets. For some time, it may
be genuinely uncertain whether an emerging product market will follow a PLC/ILC-track, a CLC
track – or eventually vanish. The CLC track is likely to be pursued if complementary product
markets and technologies develop and shape the contours of an ecosystem that can catalyze the
creation of dynamic capabilities to explore opportunities for systemic innovation and new market
creation. And a key to such catalyzing process is the ability to envision new business models and
value propositions that are perceived to be superior to those confined to existing product markets
or industries.
Product market convergence takes place between product markets in the context of an ecosystem
of complementary product markets, technologies and institutions,59 or between such product
markets and established industries as illustrated in the upper two rows in Figure 4. Convergence
implies the enlargement of the complementary scope of the involved product markets or
industries as firms engage in boundary-crossing diversification and integration. Divergence (the
lower row in Figure 2) implies the narrowing of the scope of existing product markets or
industries and the resultant formation of new submarkets.60
Submarkets that are born out of
divergence processes may again signal the beginning of a new CLC - as illustrated in Figure 2 by
the arrow back from the stage of divergence to the stage of product market formation - or the
beginning of a new PLC/ILC.
In the case of IT security, the CLC cycle was initiated by product market formation through
autonomous innovation. However, open business dynamics may also be initiated directly by
25
systemic innovation that includes different technologies rather than existing product markets.
This would be the case when these technologies and their (potential) user functionalities have not
(or not yet) become subject to autonomous market formation. Correspondingly, the CLC does not
assume a fixed sequentiality of convergence moving from product-bundling based on firms in
specialized product markets in particular ecosystems, towards context-embedding innovation
based on incumbents in mature industries. In some business contexts there may be no
opportunities for one of the convergence trajectories and in some contexts the initiative for
convergence may be first taken by companies in mature industries. Thus, the CCL is rather a
contingency framework and a taxonomy for understanding various options for trajectories of
convergence and divergence, rather than a model that explains only one universal pattern of
evolution. As such, it can be operationalized for particular firms in particular markets as a
framework for strategic management and innovation strategy.
Conclusion
This paper contributes to the collective endeavour of creating a new paradigm of open strategy
and innovation which was set on the agenda by Chesbrough and Appelyard in their recent paper
in California Management Review.61
We present a framework for understanding business
dynamics that are not behaving according to the classical industry-bounded paradigm. This
paradigm integrates the Fives Forces and the Product Life Cycle, grounded in industrial
economics, with the Innovation Life Cycle rooted in Schumpeterian economics and innovation
studies. While this paradigm for three decades has been central to the notion of strategic
management among scholars and managers, four interlinked tendencies in business dynamics
have eroded its scope of relevance. These are the increasing significance of 1) product market
convergence and divergence, 2) systemic and autonomous innovation, 3) open and network-based
modes of managing innovation, and by implication, 4) the increasing importance of the
collaborative arena for strategy and innovation rather than the competitive arena, the main focus
of Five Forces.
26
Our framework of open business dynamics has three objectives. First, it offers a systematic way
of analyzing business and innovation contexts that are not well explicated by the Five Forces
framework. The building blocks in the framework of open business dynamics emanates from
these tendencies. It addresses the co-evolving nature of convergence/divergence processes and
systemic/autonomous innovation. And it provides a new perspective on the business environment
that explicitly recognizes the need for understanding the boundary-crossing nature of open
business dynamics and the importance of both competition and collaboration.
The second objective of the framework is to offer a systematic way to understand life cycles that
do not follow the classical prescriptions of the product and innovation life cycles but rather
“derail” into convergence or divergence oriented trajectories enabled by different forms of
autonomous or systemic innovation. Of course, one empirical case is not a sufficient basis on
which to draw generalized conclusions with respect to life cycles. However, when Abernathy and
Utterback originally created the early versions of the ILC model in the 1970s, it was based on a
study of the evolution of one industry, the automobile industry.62
When adding that much
research in recent years has demonstrated the limited validity of the ILC/PLC models and the
increasing significance of convergence/divergence dynamics, a systematic framework for
understanding open business dynamics as “patterned” rather than randomly open, is highly
needed – as “navigation tool” for both management and scholars.
Finally, the framework offers a contextual complement to the dynamic capabilities and open
innovation perspectives and related works on business ecosystems and platform dynamics. In a
business world that is increasingly characterized by product market and technology convergence
and divergence, firms are increasingly faced with challenges of crossing existing boundaries,
collaborating and competing with new unfamiliar enterprises and institutions, and these
challenges require increasing capacities within and across firms to mobilize dynamic capabilities
and open and collaborative modes of managing innovation. Hopefully, the framework on open
business dynamics can contribute to improve coherence among these perspectives and to the
development of a new open strategy and innovation paradigm.
27
Appendix A: Data sources and methodology
The case of IT security is based on a study that reflects the triangulation of three categories of
empirical data and information covering the period 1988-2004. First, we have collected
information on the history, product and technology offerings and mergers and acquisitions of a
large number of IT security companies by studying their homepages, press releases and company
cases from Hoovers, IDC, Datamonitor and Gale Group’s Business and Company Resource and
its Investext Plus database. We have furthermore reviewed a large number of analyses and reports
on the IT security sector or particular parts of it from a range of different consulting and
investment firms, including Morgan Stanley, Morgan Keegan & Co. and SG Cowen & Co. We
have obtained access to these analyses through the Gale Group’s Investext Plus database. IDC,
the research consulting company which has most comprehensively been monitoring the IT
security sector over the years, has generously provided us access to reports and data of particular
interest. Insights on new trends in the IT security sector has also been obtained from a number of
special issues on IT security in The Wall Street Transcript. Finally, we conducted 10 interviews
with analysts and managers that during the period of investigation were engaged in different parts
of the IT security sector.
28
29
30
IIddeennttiittyy && AAcccceessss
MMaannaaggeemmeenntt
SSeeccuurriittyy SSooffttwwaarree
HHaarrddwwaarree AAuutthheennttii--
ccaattiioonn
TThhrreeaatt MMaannaaggeemmeenntt
SSeeccuurriittyy AApppplliiaanncceess
SSeeccuurriittyy && VVuullnneerraabbiilliittyy MMaannaaggeemmeenntt
TThhrreeaatt MMaannaaggee--
mmeenntt
WWeebb FFiilltteerriinngg
AAnnttiivviirruuss
MMeessssaaggiinngg SSeeccuurriittyy ((ii..ee..
SSppaamm))
AAddvvaanncceedd AAuutthheennttiiccaattiioonn
SSiinnggllee SSiiggnn OOnn
SSeeccuurriittyy HHaarrddwwaarree
VVuullnneerraabbiilliittyy
MMaannaaggeemmeenntt
EEvveenntt MMaannaaggeemmeenntt
IInnttrruussiioonn DDeetteeccttiioonn-- //
IInnttrruussiioonn PPrreevveennttiioonn SSyysstteemmss
FFiirreewwaallll SSooffttwwaarree
PPuubblliicc KKeeyy IInnffrraassttrruuccttuurree
PPrroovviissiioonniinngg
OOtthheerr ((ii..ee.. SSppyyWWaarree//AAdd
WWaarree))
PPoolliiccyy aanndd CCoommpplliiaannccee
UUnniiffiieedd
FFiirreewwaallll//VViirrttuuaall PPrriivvaattee NNeettwwoorrkk
IInnttrruussiioonn DDeetteeccttiioonn-- //
IInnttrruussiioonn PPrreevveennttiioonn SSyysstteemmss
SSeeccuurree CCoonntteenntt MMaannaaggeemmeenntt
OOtthheerr
SSeeccuurree CCoonntteenntt MMaannaaggee--
mmeenntt
OOtthheerr SSeeccuurriittyy SSooffttwwaarree
OOtthheerr ((ii..ee.. FFoorreennssiiccss))
((DDiirreeccttoorryy SSeerrvviicceess))
IITT SSeeccuurriittyy
TTookkeennss
BBiioommeettrriiccss
SSmmaarrtt CCaarrddss
LLeeggaaccyy AAuutthheennttiiccaa--
ttiioonn
Source: IDC 2005
Figure 3. Taxonomy of IT security products/technologies
31
32
1 Since the late 1980s this paradigm has increasingly become balanced by its firm-focused counterpart, the Resource-
Based View (RBV), an alternative and complementary approach to strategic management which emphasizes the
firm-specific resources and capabilities rather than industry-specific features as the foundation for firms’ competitive
advantage. For a review of the RBV see J.Barney, M. Wright, and D.J. Ketchen, Jr., “Resource-Based Theories of
Competitive Advantage: A Ten-Year Retrospective on the Resource-Based View,” Journal of Management, 27/6
(2001): 625-641. Afuah and Utterback have provided an interesting attempt to integrate the RBV with the ILC and
Fives Forces frameworks within the industry-bounded paradigm, see A. N. Afuah and J. M. Utterback, “Responding
to structural Industry Changes: A Technological Evolution Perspective,” Industrial and Corporate Change, 6/1
(1997): 183-202.. 2 In particular two recent papers have been central sources of inspiration for this article, H.W. Chesbrough and
Appleyard, “Open Innovation and Strategy,” California Management Review, 50/1 (2007): 57-76, and David J.
Teece, “Explicating Dynamic Capabilities: The Nature and Microfoundations of (sustainable) Enterprise
Performance,” Strategic Management Journal, 28 (2007): 1319-1350. The former paper explores the opportunities
for expanding the open innovation theme into a broader agenda of open strategy. Teece’s paper provides a review
and analysis of the dynamic capabilities perspective and a critique of the industry-bounded Five Forces framework. 3 The industry-bounded paradigm has its parallel in theories of technological change as being bounded by
technological paradigms. Such paradigms are characterized by the internal coherence of the scientific and
engineering knowledge and practices, and the distinctiveness vis-à-vis other technological paradigms. According to
this perspective, technological change tends to take place along paradigm-constrained trajectories and are only rarely
faced with obsolescence or derailing as new and superior paradigms emerge. The pioneering theoretical account of
this perspective was provided by G. Dosi, “Technological paradigms and technological trajectories. A suggested
interpretation of the determinants and direction of technical change,” Research Policy, 11/3 (1982): 147-162. In a
recent review of this theory, David Teece points to the need for integrating opportunities for technological searching
outside established technological paradigms. See D.J. Teece, “Dosi’s technological paradigms and trajectories.
Insights for economics and management,” Industrial and Corporate Change, 17/3 (2008): 507-512. This view is in
accord with the increasing recognition among scholars of technology dynamics and strategy that cross-technology
integration has become increasingly prevalent, one major reason being the generic tendency and opportunity for
digitization of technologies and their interfaces. 4See M. Gort and S. Klepper, “Time Paths in the Diffusion of Product Innovations,” The Economic Journal, 92
(1982): 630-653; S. Klepper, “Industry Life Cycles,” Industrial and Corporate Change, 6 (1997): 145-182. 5 M. Porter, Competitive Strategy (New York, NY: Free Press, 1980).
33
6 The term Mason-Bain model refers to the central contributions by Mason and Bain. See E.S. Mason, “Price and
Productivity Policies of large-scale Enterprises,” American Economic Review, March: 64-74; and J. S. Bain,
Barriers to New Competition (Cambridge, MA: Harvard University Press, 1956). 7 Teece, op.cit. 8 W.J Abernathy and J.M. Utterback, “Patterns of Industrial Innovation,” Technology Review, 80/7 (1978):
40-47; P. Anderson and M.L. Tushman, “Technological Discontinuities and Dominant Designs - a cyclical
model of technological change,” Administrative Science Quarterly, 35 (1990): 604-633. J.M. Utterback,
Mastering the Dynamics of Innovation (Boston, MA: Harvard Business School Press, 1994); F.F. Suarez, and
J.M. Utterback, “Dominant Designs and Survival of Firms,” Strategic Management Journal, 16 (1995): 415-
430. 9 Teece, op.cit, p. 1325. 10 Mounting empirical research has over the last decade demonstrated that the classical life cycle models do not
explain the evolution of a large and increasing number of industries. See Klepper, op.cit; F. Malerba and L.
Orsenigo, “Technological Regimes and Sectoral Patterns of Innovative Activities,” Industrial and Corporate
Change, 6 (1997): 83-118; A. Fosfuri and M. Giarratana, “Product Strategices and Survival in Schumpeterian
Environments: Evidence from the Security Software,” Organization Studies, 28 (2007): 909-929; A. Bergek, F. Tell,
C. Berggren and J. Watson, “Technological capabilities and late shakeouts: Industrial dynamics in the advanced gas
turbine industry, 1987-2002,” Industrial and Corporate Change, 17 (2008): 335-392. 11 Business dynamics are also increasingly characterized by tendencies for convergence across technological
paradigms and trajectories (see note 3), an issue that will not be centrally addressed in this paper. 12 See H. Chesbrough, Open Innovation: The New Imperative for Creating and Profiting from Technology (Boston,
MA: Harvard Business School Press, 2003); H. Chesbrough, W. Vanhaverbeke, J. West, Open Innovation:
Researching a New Paradigm (Oxford University Press, 2006); Christensen, J. F. and M. H. Olesen, “The industrial
dynamics of Open Innovation – Evidence from the transformation of consumer electronics,” Research Policy, 34
(2005): 1533-1549; K. Laursen and A. Salter, “Open for innovation: The role of openness in explaining innovation
performance among U.K. manufacturing firms,” Strategeic Management Journal, 27 (2006): 131-150.. 13 D.J. Teece, G. Pisano and A. Shuen, ”Dynamic capabilities and strategic management,” Strategic Management
Journa, 18/7 (1997): 509-533. 14 Chesbrough, op.cit. 15 The Resource Based View (RBV) has been critized for its static inclination by focusing on existing capabilities
rather than the process through which such assets are created. The work on “dynamic capabilities” can be viewed as
both a critique and a dynamic extension of the RBV. But it is also signifies a more fundamental break away from the
34
industry-confined paradigm (see especially Teece, op.cit.), while the RBV has tended to be viewed as
complementary to this paradigm – especially Five Forces. 16 See J.F. Moore, The Death of Competition: Leadership and Strategy in the Age of Business Ecosystems (New
York: HarperBusiness, 1996); M. Iansiti and R. Levien, The Keystone Advantage: What the New Dynamics of
Business Ecosystems Mean for Strategy, Innovation, and Sustainability (Boston, MA: Harvard Business School
Press, 2004); Teece, op.cit; Chesbrough and Appleyard, op.cit; Ron Adner, ”Match Your Innovation Strategy to
Your Innovation Ecosystem”, Harvard Business Review, (2006), April: p. 98-107. 17 Teece, op.cit., p. 1325. 18 Adner, op.cit., p. 98. 19 See C. M. Christensen and M.E. Raynor, The Innovator’s Solution. Creating and Sustaining Successful Growth
(Boston, MA: Harvard Business School Press, 2003). 20 For an analysis of this perspective on the business environment (even if the term ecosystem is not used), see G.P.
Pisano and D.J. Teece, “How to Capture Value from Innovation: Shaping Intellectual Property and Industry
Architecture,” California Management Review, 50/1(Fall 2007): 278-296. For a more explicit management
perspective, see Adner, op.cit. 21 We do not herby pretend to monopolize the concept of ecosystem, only to specify the key aspects of relevance of
this notion in the open business dynamics framework. To be useful for management, a more rich and firm-specific
operationalization of the concept is needed, see Iansiti and Levien, op.cit. Also, a further relevant specification of the
notion of business ecosystem would be to distinguish between convergence/divergence oriented ecosystems as
applied in this paper, and ecosystems confined to particular product markets or industries.. 22 D.B. Yoffie, “Competing in the Age of Digital Convergence,” California Management Review, 38/4 (1996): 31-
53. 23 This analytical perspective of the value chain/systems framework was developed by Porter. See M. E. Porter,
Competitive Advantage. Creating and Sustaining Superior Performance (New York: The Free Press, 1985) 24 For central contributions to platform analysis from a management perspective, see T.R. Eisenman, “Managing
Proprietary and Shared Platforms,” California Management Review, 50/4 (Summer 2008): 31-53; A. Gawer and
M.A. Cusumano, Platform Leadership. How Intel, Microsoft, and Cisco drive Industry Innovation (Boston, MA:
Harvard Business School Press, 2002). 25 For an overview see Iansiti and Levien, op.cit. 26 D. J. Teece, “Technological Change and The Nature of the Firm,” in G. Dosi, C. Freeman, R. Nelson, G.
Silverberg and L. Soete (eds.), Technical Change and Economic Theory (London. New York: Pinter Publisher,
1988).
35
27 R.M Henderson and K.B. Clark, “Architectural Innovation: The Reconfiguring of Existing Product Technologies
and the Failure of Established Firms,” Administrative Science Quarterly, 35 (1990): 9-30. 28 R. Sanchez and J.T. Mahoney, “Modularity, Flexibility, and Knowledge Management in Product and
Organization Design”, Strategic Management Journal, 17 (1996): 63-76. 29 See note 24. 30 N. Stieglitz, “Digital Dynamics and Types of Industry Convergence: The Evolution of the Handheld Computers
Market.” In: J.F. Christensen and P. Maskell (Eds.), The Industrial Dynamics of the New Digital Economy,
Cheltenham, UK: Edward Elgar (2003). 31 J.F. Christensen, “Whither Core Competency for the Large Corporation in an Open Innovation World?”, in:
Chesbrough et al., op. cit. 32 IDC, “The Big Picture: IT Security Products and Services Forecast and Analysis, 2002-2006,” International Data
Corporation (2003). 33 http://www.ifpi.org/site-content/statistics/worldsales.html 34 E.A.von Hippel, Democratizing Innovation, MIT Press, Cambridge, MA (2005). 35 M. S. Giarratana,” The birth of a new industry: entry by start-ups and the drivers of firm growth: The case of
encryption software,” Research Policy, 33 (2004): 787-806. 36 One example is the development of Vulnerability Assessment products towards so-called “Vulnerability
Management solutions that automate the process of identifying, prioritizing, and remediating vulnerabilities across
the enterprise”, Morgan Keegan, “ Navigating the 7 C’s of Security As Industry Shifts from Infrastructure to
Information Security,” Morgan Keegan & Company, Inc. (July 21 2006, p. 30). Another example is the move from
Intrusion Detection Systems focusing on detecting and reporting potential attacks towards Intrusion Prevention
Systems with better ability to stop the attacks that are identified in progress. See SG Cowen & Co., “McAfee –
Initiating Coverage,” SG Cowen Securities Corporation (November 18, 2004, p. 24). 37 N. Rosenberg, N., “The Direction of Technological Change: Inducement Mechanisms and Focusing Devices,”
Economic Development and Cultural Change, 18/1 (1969): 1-24. 38 Morgan Keegan, op.cit. 39 Over time, complexity has not only become untenable to manage even for the most professional customers. It has
also directly contributed to aggravate security vulnerabilities as it leads to flaws in technical systems coherence, and
to configuration weaknesses in systems and applications. 40 Wall Street Transcript, “Special focus: Internet security software,” Wall Street Transcript Corporation (April 23,
2001). 41 SG Cowen, op.cit.
36
42 Wall Street Transcript, “CEO interview: P. Privateer, Internet security systems (ISSX),” Wall Street Transcript
Corporation (June 2, 2004). 43 Wall Street Transcript, Security/Internet security & Identity authentication,” Wall Street Transcript Corporation
(April 26, 2004); Wall Street Transcript, “Analyst interview: Network security,” Wall Street Transcript Corporation
(May 19, 2004). 44 Wall Street Transcript (May 19, 2004), op.cit. 45 Morgan Stanley, “Security Software Data – The Next Perimeter of Defence,” Morgan Stanley (January 5, 2005). 46 Morgan Keegan, op.cit. 47 Ibid., p. 29. 48 Apart from the written sources referred to, these case vignettes are based on interviews with Kim Mikkelsen (Chief
Security Advisor, Microsoft Denmark), Michel Bobilier (Global Offering Executive, IBM Security and Privacy
Services, Geneve), and Martin Grundtvig (Manager of IBM’s Security Group, IBM Denmark). 49 While Cisco is a pioneer and leader in network-based security, it is not the only one. Juniper Networks, a leading
Internet backbone provider, and 3Com, a leading network hardware supplier, have likewise been engaged, via large
acquisitions of security specialists (respectively NetScreen in 2004 and TippingPoint in 2005), in building IT
security functionalities directly into the network (see Morgan Stanley, op.cit.) 50 http://www.wired.com/techbiz/media/news/2002/01/49826. 51 In 2004, Microsoft released Service Pack 2 for Windows XP marking improvements in the security of the
underlying software, and the more recently launched Vista platform is to a larger extent than the Windows platform
designed with security in mind. See L. Selzer, “Vista Security Check: This Time Microsoft Means Business,”
eWeek.Com Enterprise News & Reviews (May 29, 2006) (http://www.eweek.com/article2/0,1759,1968670,00.asp). 52 Morgan Stanley, op.cit.; Morgan Keegan, op.cit.; SG Cowen & Co., op.cit. 53 Christensen, op.cit. 54 See for example M. Sako, “Modularity and Outsourcing: The Nature and Co-evolution of Product Architecture
and Organization Architecture in the Global Automotive Industry,” in A. Prencipe, A. Davies and M. Hobday, eds.,
The Business of Systems Integration (Oxford: Oxford University Press, 2003). 55 Henderson and Clark, op. cit. 56 H.W. Chesbrough and Kusonoki, “The modularity trap: innovation, technology phases shifts and the resulting
limits of virtual organizations,” In J. Konaka and D. Teece (eds.), Managing Industrial Knowledge (London: Sage,
2001). S. Brusoni, A. Prencipe, and K. Pavitt, “Knowledge Specialization, Organizational Coupling and the
Boundaries of the Firm: Why Firms Know More Than They Make?” Administrative Science Quarterly, 46/4 (2001):
597-621.
37
57 For an excellent analysis of the management strategic alliances in modern systems or architectural innovation
within complex IT services systems, see R. Grunwald and A. Kieser, “Learning to Reduce Interorganizational
Learning: An Analysis of Architectural Product Innovation in Strategic Alliances,” Journal of Product Innovation
Management, 24 (2007): 369-391. 58 R.N. Langlois, “The vanishing hand: the changing dynamics of industrial capitalism.” Industrial and Corporate
Change 12 (2003): 351-385. 59 D.J.Teece, op.cit. 60 A recent example from another business is the emergence of a specialized product market providing class D
amplifiers (or components) replacing class A/B amplifiers that were, (and to some extent still are) used and produced
by incumbent vendors of audio consumer electronics. See Christensen, op.cit.; and Christensen et al., op.cit. 61 H.Chesbrough and Appelyard, op.cit. 62 Abernathy and Utterback, op.cit; Utterback and Abernathy, op.cit.