Q&A: Charles B. Wang

NEW ORLEANS -- On the eve of CA-World 2000, Computer Associates International Inc.'s annual user conference, CA chairman and CEO Charles B. Wang, 55, talked with Computerworld about electronic-commerce, the changes it is making to the economic and social landscape and CA's role in managing the e-commerce infrastructure.

Q: With the purchase this year of Sterling Software and Applied Management, it looks like CA is trying to knit together a big federal practice, right?
No, see, what we do is:

  • Provide the platform for people to integrate on.

  • Enable business applications.

  • And recognize that the world we live in is heterogeneous.

It's very different from the way other companies operate. Microsoft comes in, and says Windows is the best thing ever. You don't need any other operating system. IBM comes in and says use this hardware, because it's the only hardware that will run everything.
We don't have operating systems, we don't have hardware, we don't have communication infrastructure. We have a software infrastructure platform for e-business, Jasmine ii.
This is what we've had tremendous success with and what we'll keep supplying, not just to the private sector but also to the federal government.
We have to have the competency in implementation, the service part of it, and then we work with great third parties because we can't -- there aren't enough bodies to -- do all of this. We work with third parties, we train them, certify them, work with them. This is how we're going to continue to develop that business.
Q: There's a gap between the reality and public perception of privacy and security and what's being done to ensure them. How do you address that gap?
Security and privacy is very important on the Web. People have seen what has happened, have an idea of what can happen. But the perceptions are not necessarily what's (real). People think these denial-of-service attacks were something really sophisticated. Forget it. It was not. The denial-of-service attacks were some Mickey Mouse thing that some hackers got together and did.
It was nothing compared to the real harm that could be done. Is there any way ultimately to protect all of this? Probably not.
But it is something that we can continue to work on, develop new tools. It's continuing. This is like a war: offense, defense. Offensively, new (hacking) tools will be developed; they're available on hacker sites. Defensively, there'll be new fixes, new ways of combating that.
It's like the wonderful federal metal detectors in all the airports, and now they're building plastic guns. Where do we go from there?
You can have the best security in the world, but if you don't implement it and don't have a policy around it, it's useless. So there's also an education process.
You, of course, have e-mail. Do you change your password every 30 days? No? You have a problem then because that's an exposure to risk. Any good security person will tell you that you need a policy that says you must change (your e-mail password) every 30 days, or every two weeks even. That there are rules about what password you choose; you can't use your first name, for example.
The software exists to stop denial of service. There's no reason for it to happen. But it obviously wasn't applied at those sites that were attacked, or (the attackers) wouldn't have been able to plant what we call those zombies in unwitting accomplices' PCs.
Q: Your customers are developing business-to-business exchanges and portals where you have some control over the environment. But they're also creating business-to-consumer sites where their customers are consumers, some with cable modems that are connected to the Internet all the time. (Wang raises his eyebrows in alarm and puts his hands to his throat in a mock strangling gesture). What do you do about that security risk?
We have all the technology. It depends on the company and how they want to protect themselves and their customers. They are at risk. If a cable company does not recognize that and do something about it, their networks are wide open. If you leave that machine on, (a hacker) can go into that network and suck everything out of it using that machine.
My mother does some shopping on the Web. But she's deathly afraid of giving out her credit-card number over the Web. So we got her a credit card she uses only on the Web. We've had to close it down three times. She's only used it on sites that say they're secure. But three times so far, when she's used the card, things have started showing up on her account that she didn't charge, and we've had to shut down the account. Obviously, there's a risk.
Q: How do you counter that risk? How much of an issue is that?
The world we live in . . . is expanding so rapidly that you can make all of these mistakes, and it gets hidden by the success of the expansion rate.
The individual experience gets lost. For example, you and I may buy things on the Web, and it's not a good experience. So we say we're never going to that site again. Meanwhile, in just the past two hours, another 100,000 people signed up to get on the Web.
As time goes on, and hopefully we'll come full circle and apply the technology and apply it correctly.
But right now, (for dot-coms) it's a mad search for as many customers as they can get. It's almost like because the running rate of this water, these Web users, coming into this funnel of their Web site is so great (that dot-coms say), 'So what if I'm losing some? Who cares? I got to service as many of these as I can as fast as I can because I want to be the one who says I've got a million subscribers. Because I'm going to be judged by how many subscribers I have, not by how much money I'm making. So what if I lose 100,000 (potential customers)? I just got two million more.'
There will be a change as perceptions change and the mad rush becomes a trickle. Hopefully it won't come to that point. We're doing a lot to study this problem.
For example, we do Internet readiness audits. I've never seen a secure site yet. It's scary. Simple things like going in and picking up a user's mouse pad and see the password written on it. That's scary.
Q: Yogesh Gupta (CA vice president of research and development) talked about work that you're doing with insurance companies, business-to-business portals, partnering with Asian telecoms to offer application service provider services. How deep is CA going into these other markets?
We're not in those vertical businesses -- we don't belong in them. We do partner with them to deliver services to their customers.
(With software applications we've developed), agents will know which of their customers are at risk for not renewing their policies. It takes 18 months for an insurance company to make money on a policy, so to be able to predict when someone won't renew is of tremendous importance.
There is a lot of data available everywhere. We're just helping our customers use it.
Q: What about the application service provider ventures in China?
Europe has progressed in its use of IT, with Internet service providers, its use of the Internet, business-to-business exchanges (may be ahead of the U.S.).
Asia is a little different. They made a fundamental decision and said (they) need to catch up. And if (they're) going to catch up, it means (they're) going to have to build on what already works and exists and leapfrog it.
All these telecom companies, in Japan, Korea, China, Taiwan, Hong Kong, all are (also) ISPs. Now they're saying, 'We have to get into the application business. We have to have the right software infrastructure, and we're not going to piece it together ourselves.' That's a fundamental difference.
The choice they made was to give it to someone who knows how to tie and integrate all this together. They picked CA. We're going to form a joint venture that's going to provide the software infrastructure layer, Jasmine ii. They said, 'We have all the hardware, operating systems, servers, everything the communications, but we don't have the software infrastructure. We're not going to let our own people try and reinvent that; it's too late.'
That's why we we're partnering with them. This is a joint venture where we provide the software infrastructure for them to go out and do other joint ventures with all the verticals.
We are in the ASP business, but hey, that's our business in many ways.
Q: CA's software, and IT in general, are at the heart of the economic and social changes that are taking place. What responsibility does the maker of that software have for the social changes it's part of?
I look at it differently. In the past, IT's been used mostly for accounting. And if you think about it -- today, most of IT is still used for accounting. But we are changing that.
But it's like the telephone. (The phone) changed the basic way we do business. There were companies back then that embraced it and those who said we don't need it -- they're not around today. The telephone changed so much of how we live; yet today, half the world still doesn't have access to telephones. What has it changed for them?
IT could be seen as the big empowering tool. But most of the world still doesn't have it.
The Internet is bigger. It's changing the way we do business, changing the way we communicate, changing the way we relate. It's making social changes.
My mother, who's 88 years old, communicates with all her grandchildren with e-mail. She sends pictures. In the old days, getting a picture of a grandchild was a big deal. Someone had to take the picture, go out physically and get it developed; somebody's got to put it in an envelope and go to the post office. Today, it's 'Click, click. Oh, Duncan looks so good. I think Charles should see this. Click, click, there it is for Charles.'
It changes the way we work, the way we live. But remember, it's only a tool. All of IT is only a tool. It's our responsibility that we never forget that, that we don't start to drive our children to think that that virtual world is the only world or that it's more exciting than the real world. That I have a big problem with, and I preach this almost to the extent that people think that I'm nuts about it, because I'm a high-tech CEO. They ask, 'How can you say that?'
My child, who is 7 years old, is only allowed on the computer one to two hours a week. That's it. In her class at school, there are kids who have e-mail. They're 7, 8 years old, and they have e-mail. I don't want my child doing that. Parents and businesspeople have to keep it in perspective.
It's like this: I have a hammer. I can use it to build a house or I can use it to bash in your head. It's a tool.
Q: Where are the best IT initiatives coming from today?
Where it works best is when business and IT work together. Where it fails miserably is when they don't. If (the initiative) comes from the business side, then there's often no integration with the rest of the business process, because the IT side still holds all the back-office, the processes. So we wind up with a Web presence that's only for the sales business unit. There's no tie in with the back end.
Next time you buy things on the Web, look at the shipping label. I've bought something and it comes and they've misspelled my name, and I know what happened. At some point someone had to re-input it. The Web site wasn't tied into the back office.
IT and businesspeople must work together because it must be seamlessly integrated from the Web presence to the back office. If it's only driven by IT, businesspeople will never accept it. (Development won't be) fast enough. Because IT people will always tend to rebuild infrastructure. That's their business. But the bigger the company, the more people they have rebuilding it.
Companies will tell you, 'We've hired the best computer scientists, graduates of MIT.' And they all want to build infrastructure. I always use this example. You or I want to go to the airport, we go downstairs and get in a car and go to the airport.
You ask a technical person how to get to the airport, he will tell you how to build a car. They take a transportation problem and turn it into a manufacturing problem. The largest companies in the world shouldn't be the ones to find the best IT builders. They should find the best IT drivers.
Q: How about your CIO? For example, when in the process of an acquisition does he get brought in to start planning how to integrate and merge the new company's systems?
(Laughing) Well, this takes us back to where we started, acquisitions. We don't have this problem (with integrating acquired companies). Because every time we acquire a company, we don't have to revamp all their systems. (Using Jasmine ii) I just make it so that it becomes a data source in our infrastructure.
We have systems that run our support, our conferences, and they're all different systems, some running on AS/400, some running on VMS, some mainframe, some PC. You name it, we've got it, because we've acquired so many different companies. As time goes by, a lot of them get rolled over, get translated to new systems. But we can look at them all because we have that infrastructure layer.

Copyright © 2000 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon