On changing the culture, On outsourcing, On service design, On service innovation, On social media

Harvard Business Review’s contribution to the death of printed media – a HBR Subscription #fail story

I am a business oriented technology fan that likes to stay updated on the recent trends and research. HBR is perfect in that extent and I love the content.

I use  Kindle on my cell quite a lot and read electronically, but I also love reading on paper – the tactile user feedback that paper gives me, the ability to take notes, fold corners and let my eyes rest while reading adds value to me. I also love great user experience. Especially it is important if you aim to target a group of busy business users and managers. I have enough time guided CEO and mid level managers through services that has been carefully designed with them actually in mind. Therefore I am utterly baffled with how crappy the subscription service user experience of HBR is – seen from Norway that is.

First, here is the invoice that I received, this is the third letter I receive that looks exactly the same except from the headline which is increasingly harsh.


#HBRFail1 – Pay option: Cheque enclosed


I am a 31 year old Norwegian.

I do not know what a cheque is,

I do not know how get hold of one, not to mention to complete one.

If I dig realy deep in my memory I think I saw my mom complete one when I was 8 years old.

That was back in 1990.

(As a sidenote, filling out my credit card info on a piece of paper and filing it to you by snail mail also feels a bit awkward, which is why I progressed electronically)

#HBRFail2 – Wrong URL


Last time I checked the TLD list, .hbr was not on the list.

#HBRFail3 – Unclarity whether my account number is 9 or 12 digits


As you will see below, this gives a cascading error when I try to log in.

Ok, I overcame these issues on the third letter, decided to give my MasterCard a shot online and actually managed to click myself into hbr.org/subscriberservices.

Actually a tiny kudos here, beause all these URLS work, it is just that none of them are atually printed on my letter:

I will get back to the latter four URL’S, but here are the landing page for hbr.org/subscriberservices


#HBRFail4 – Unhelpful help with the digit length

As I mentioned #HBRFail3, I was thrilled that there was a help file here that would help me answer whether 9 or 12 digits were right.

Unfortunately it does not serve that purpose as the account number in the picture is 9 digits and my number was 12:


#HBRFail 5 – Unclear call to action for international users


Did you see it before you looked at my arrows? Yeah, that is the link I was supposed to click.

Obviuosly I was a bit in the fog because it was my third letter of invoice and I had had the hassle of guessing the URL, and I was very eager to log in, but it would be easy to design the page so that International users actually saw the message. It fails the “dont use click here policy” also.

I did not find this link until I turned the letter over, found the phone number to the lovely gentleman Luke in the Netherlands, and made him a call. He was very nice and polite, but still made me embarrassed in a most pleasureable gentlemans way when he made me aware of the link.

Remember the URLs above? Actually the four latter ones send you directly to the international site, so why the heck did you not print one of those on my invoice in the first place? This might call for a separate error, but I’ll spare you.

Now onward, this is the error message I got when I tried to login – no wonder I did not concentrate on the link:


#HBRFail6 – Not provide the user with useful error messages

Remember #HBRFail3 and #HBRFail4? Well, I still could not log in with neither 9 nor 12 digits.

Since I had not received any e-mails regarding this invoice (it was after all third notice) I thtought that it might be they had the wrong e-mail adress for me.

Not a throught crossed my mind when I read that error message that I was on the wrong page until the kind Luke by phone from the Netherlands made me aware of the link and what I call #HBRFail5.

#HBRFail7 – Not able to process my MasterCard and to give me feedback about it

Finally, I have managed to log in (by clicking the link “click here” for, selecting my country and login in and calling luke). Now I happily entered my MasterCard number. I got the message that they could not use it.

I called Luke again (are you the only one in the Netherlands on the phone?). Nice, he knew my case from 2 minutes before, but still asked for my account number again (did you not register my phone number and have automatic popup/CTI Integration like most modern call centers?).

Well Luke told me that they had actually received my credit card info once earlier in May, but they were unable to process it.

Oh yeah, now I remember, on the first letter I actually tried the same route as above but never succeeded login in.

Therefore I (#facepalm for security in hindsight) sent my Mastercard number by mail. They had not been able to process it.

How about telling me? In the end I tried a different card, A VISA, with Luke on the line, and it worked.

Hopefully, I will get all my issues this year as well.

Thanks to Luke for being polite and helpful.

Thanks to the HBR editors for providing good insight and thoughts.

Warm regards

A true fan

On enterprise SaaS, On outsourcing, On the IT Industry

Security certifications for cloud applications, will it help adoption?

I just read this, a tad old pre-finance-crisis, but still relevant and good article on “Gartner prediction misses today’s enterprise cloud action” when I realized it was automatically linked to my post “Enterprise cloud computing and security, the missing debate or solved” – it actually still gives me hits, nice!

The post refers to security certifications for cloud applications and it also provides a nice grouping of applications with a timeline of when the author expects the cloud to be ready to handle this type of apps.

  1. Low security sites such as marketing apps and batch computations on public data with public algorithms
  2. Massive compute jobs that use proprietary algorithms that are not super-sensitive and operate on public data.
  3. Super secret data and very sensitive algorithms

I certainly believe that certifications that document security and processes, and new good architectural solutions will bring us to a point where cloud-sourcing bullet three is considered ok sometime in the future, but it still comes down to the level of trust one is able to build.

If you are the owner of business critical data that is “super secret and sensitive” a certificate doesn’t help much when your competitor got hold of your customer base and attacked all your customers with their marketing machinery, but of course a certificate helps documenting and is good in the sales process.

Who knows, your data might be more secure in the cloud than in your basement server room, which is normally most certainly not certified and it will provide documentation to hide behind. To conclude, yes, I think it will help adoption.

Security officer, courtesy to erotikknett.no

Security officer, courtesy to erotikknett.no

Meanwhile, be aware of social hacking amongst your trusted security officers 😉

On collaboration, On enterprise SaaS, On outsourcing

Projectplace flies high on SaaS model


I am referring to Swedish SaaS Company Projectplace International AB, which proves the Enterprise SaaS model absolutely viable. I was flying home from Tromsø the other day and read an 8 page insert to SAS inflight magazine Scanorana (a nice advertising media by the way).

More than 300 000 projects are currently run on projectplace. I have used it in a project – it works great, but I think it provides less flexibility than for instance a well set up Sharepoint site. However a couple of nice features extend those of Sharepoint, being the time and issue registration features.
I have had several skeptical comments to SaaS, but obviously it works very well for Projectplace. I do not think they have higher security than username and password. That seems to be enough for the projects mentioned above, so perhaps it is enough for Innovation also, ref Induct Softwares SaaS model?

On collaboration, On enterprise SaaS, On outsourcing

Yammer – Free enterprise Twitter as SaaS

Steria Norway is testing collaboration with Yammer – so far we are satisfied and a need is uncovered. It is a great example of enterprise software as a service solution featuring what seems to be good enough enterprise security by reducing visibility by others to only those with same mail domain.

Other than that it is a better version of twitter with file attachments, no post length restrictions and better group functionality.

Our community likes it. However, one needs to assess how it adds value to a projectized organization like Steria. Can it be too much collaboration?

On collaboration, On enterprise SaaS, On outsourcing

Enterprise cloud computing and security, the missing debate or solved?

Gartner and IBM says Cloud computing will skyrocket in 2009. Microsoft is more reluctant but coming along as well. Several news sites report that 2009 will be the year of enterprise cloud computing, but others are unable to spot the next salesforce.com, requesting it to come out of the cave. Why? I believe that security concerns are the biggest hurdle; IT department does not trust that services in the cloud are secure enough. I am not talking about uptime and availability, which is also a needed discussion, but I am talking about viruses, hacking, and information leak and so on. Ok, Gartner sees this as well, but they still predicts “sky rocket growth” three quarters of a year later – I am not convinced, and I consider myself innovative – I dare not think about conservative 50 year old CIOs.

Viruses in the cloud, you got to be kidding? Well, last week Norwegian Police went out of business because of virus brought to them by MSN. Phishing attempts is a well known problem, and the “fatter” the account you can phish or hack, the more vulnerable it is. When Barrack Obama runs a teleconference in the cloud, god knows who listen to that.

Hacking in the cloud? Well, the first is social hacking; it has always been and probably always will be a problem, but when running on level one security (username and password) it is no doubt that it is not good enough, to get someone’s password is just too easy. I heard from youths at the age of 13 hacking MSN accounts. And one expects enterprises to jump onto this with storing mission critical strategy documents? No fucking way! Maybe you could get around this with solutions like decided IP-range, VPN-solutions, RSA code calculators and so on, but then the usability (and thus the usage!) starts to drop, people start complaining, the money starts running out anyway, and the IT department has it going. Norwegians has used internet bank since around 1998, when I visited Poland in 2003, long queues of bill paying polish men and woman were standing outside the banks. They had no trust in online banks, and thus were not using it. The same goes for US Consumers, using checks to pay bills. I am 25 years old, and can barely remember checks in Norway. Yes Norwegians have a large trust in banks, but then, BankID has never been exploited in successful large scale hacking attempts, and banks have spent millions on campaigns building user trust.
Information leak? Not long ago I heard about EmailXtender, a plugin to Outlook, helping you search for lost e-mail. The company at question had set it up wrong so all incoming e-mail was searchable from every employees computer. How about if the same thing happened to salesforce, suddenly some competitor could see all the leads to someone else? Often you want to share with people outside the company, but not always. The “not always” unfortunately is a must have, whilst as long as email, google documents and public CMS-systems works, the other is a nice to have. You get to share your documents and texts somehow anyway.

All right, I admit it, I am very critical towards enterprise cloud computing, but realise that I might “look like a server hugger who want to sleep with a copy of my data under my pillow“. Why am I critical? I have spent two years working for Steria and visited several customers, and security concerns are always an issue. Now, it may be that Steria has a traditional look upon this, we even promote and sell security consulting, but no one has yet proven to me that security is taken good enough care of when it comes to cloud computing. That said, I love the many fantastic new services developed out there like doodle, vyew, etherpad, comapping and so on, just do not even consider using them when you are hosting a discussion that needs a higher security level – yet!

On outsourcing

Secondbrain, Al Gore and the Pyramide

All, as you may see on top of this page there is a link to my seconbrain.com-page. This is a very nice content aggregation service that have great potential – and best of all, it is hatched and developed in Norway and not in the valley. Great job and keep up the good work.

Yesterday I found a great graduate ceremony speach, Steve Jobs Stanford Commencement Speech 2005. I saw it through ingvilds secondbrain. And today I saw a comment to a video by Al Gore:

1. Outsourcing is “killing” jobs in the US. It would be interesting to see proof of this, and what would have happened if they did not outsource? Would they then be able to compete on a international level ?

I correlate this to Friedmans the world is flat and to my earlier post on that change is good. Would not the worlds net production be better of if expensive workforce in one country, in this case U.S.A., perform more useful operations and let the “others” do what they do best? Tariff barriers are means to slow this development down, but how about the more useful and interesting jobs that these people can do? To answer the question, yes it happens. Companies struggle this every day. Take the furniture industry in Møre, the car industry in Detroit or the textile industry in Italy. Either they face competitions and clings to the ever rotating wheel of improvement, or they die – outcompeted by low cost, high efficiency asian solutions. Either you can sleep (while we are sleeping..) or you can compete.

Obviously there are examples of ghost cities where change were not good. Where innovation did not happen fast enough. For instance the settlement Pyramiden at Spitzbergen (does anyone have a better link in English?). Left behind by the russians in 1998. When mining was longer worthwhile they could innovate something else to do there – tourism, production, research, seed bank or they could do as they did: leave.