What CIOs need to understand about the mesh economy

The mesh or sharing economy is a term coined to reflect an economic model in which individuals are able to use assets owned by someone else; an easy example is Uber and similar ride-sharing apps that many people are familiar with.

From an economics standpoint this makes more sense when the asset price is expensive and does not have 100 per cent utilisation. A lawn mower or chainsaw are examples of specialised items lying around in your tool shed — and there are already mechanisms, thanks to startups like OpenShed, allowing you to rent golf clubs, roof racks, or power tools.

While it is true that we have shared tools with our neighbours since the inception of time, the advent of the web has enabled this sharing to be more widespread and expand beyond the people that we personally know.

This has led to the rise of the peer-to-peer (P2P) rental market. Near where I live there are shared cars, vans and small trucks. Similarly, we have seen Airbnb create new capacity for most cities that struggle to keep pace with demand for business and tourist visitor accommodation requirements.

So how does this model apply to the CIO? Are there aspects of the mesh economy that can be applied to enterprises?

 Why should the CIO care?

In every organisation, there is a consistent pattern of demand exceeding supply for IT expertise. The CIO who has too much capacity is in a rare and enviable position vis-a-vis his or her peers.

There are always gaps that exist that will affect IT projects and operational requirements.  Most CIOs have already tested and are using alternative sourcing of labour, such as offshore staffing. However this is also at a point where there can be a shortage of some very specific skillsets.

In today’s market some examples would include cyber security, software quality management, machine learning and agile development.

Sharing cyber security expertise?

For many enterprises, the strategy has been to just ensure that your security standard is better than the competitor. This philosophy is somewhat short-sighted and will leave the CIO in a difficult position when they have to explain any significant cyber incident.

Many now believe that this is a flawed approach and that sharing threat intelligence is a good idea.  In essence, having more eyes and ears looking at and analysing potential issues is an advantage. Right now in Australia, the Big Four banks all share threat intelligence with each other through a formalised process.

It is short leap, then, to challenging whether all the activities of a cyber security professional have to be exclusively internal. Let’s take a far-fetched example – a machine learning service able to monitor and detect intrusions on your network.

Do you ignore it as it requires extreme levels of trust to allow a third party this level of access?

As the Internet of Things (IoT) spreads, the growth in trusted devices will create an increased strain on your own ability to monitor and respond. Clearly something to ponder.

Software quality management

Having third parties examine your software for quality issues is becoming more accepted.

This is termed bug bounty hunting, with cash rewards for coders to find vulnerabilities in your applications and/or source code and report rather than exploit them.

Large technology enterprises such as SAP, PayPal, eBay, Google, Amazon, Apple, Microsoft, Salesforce and Red Hat have adopted such programs.   Even some of the older school companies such as IBM and United Airlines are onto this.  

New age tech companies such as Atlassian, Facebook, Airbnb and Tesla are also using this approach. Finally many of the captains of the information security cyber industry use it in some form — Bluecoat, McAfee and Trend Micro also entrust their code to external hackers.

Shouldn’t you?