Remarks by Steve Ballmer, CEO, Microsoft Corporation
“Innovation or Stagnation: The Technology Industry at a Crossroads”
Santa Clara, California
September 15, 2003
STEVE BALLMER: Well, I have to admit I am going to give a little speech, this time in front of the Churchill Club, but I promise one thing about it before we get going, and then I’ll have a chance to take some of those irreverent, provocative and blah-blah-blah other questions from Roger and everybody else in the audience. The speech today for me is kind of an important opportunity and very much not, I would say, a standard stump speech. I want to talk to you about some things that are important, but I want to first thank Chris and the Churchill Club really for the opportunity to come speak with you today.
I’m delighted to be with you because I think there’s a couple of very important issues that I want to talk about that are important, I think, to the entire technology industry. The history of the world, I think, in many ways is the history of innovation. And we have to really stop and think about that. From the discovery of fire, the splitting of the atom, new ideas, research, engineering, that’s the creative blood that really changes our lives in important ways.
There come times, though, when we think innovation has really hit a wall and people get discouraged, they get let down, and we learn that those times are really only the beginning.
If you think back — and I’m a Detroit guy, so I think back this way a lot, even though I’m not a student of history — soon after the Model T, Henry Ford first designed the Model T, he went on and developed the first assembly line, he taught the world how to make automobiles fast, cheap and in very large numbers. His ambition really was to put the car within the reach of everybody.
Yet as the Model T spread across America and throughout the world, it was still, if you really stop and think about it, only a hint of what the future of the automobile would be. It represented just the first few miles, if you will, on the odometer of automotive innovation.
Today I think we are seeing more automotive innovation than ever before. Stop and think about it: advanced navigation systems that keep you a safe distance from the car ahead, advanced safety sensors that trigger air bags and then actually even call the police. Today’s cars, of course, include far more computers than they do cylinders, which was the benchmark of how great a car you had certainly when I was a kid growing up in the ’60s in Detroit.
Silicon Valley, I think, is practically synonymous with innovation. It’s been the cradle of a lot of the most important innovations: semiconductors, personal computing, networking, the commercialization of the Internet. This Silicon Valley 4.0 conference topic that the Churchill Club is talking about sounds pretty cool to me. I think it’s a good way to think about where the future of innovation is going, and I think it’s a hard thing to think about a place that’s been more encouraging for innovation than Silicon Valley — from the universities, the venture capitalists at Sandhill Road to the skilled, innovative, dynamic workforce that is still very much here in Silicon Valley. And there really isn’t a better place I think in the world for me to have a chance to talk about how I’m thinking about the future of innovation.
Our experience with the personal computer has really seen an evolution in a sense similar to the evolution in the auto industry. If you go back and think about good old MS DOS, it’s kind of the Model T in many ways of the personal computer era, and today we have PC technology that’s accessible to hundreds of millions of customers and runs mission critical systems in manufacturing companies, banks, hospitals, stock exchanges, governments, and really across the entire world.
Some industry pundits, though, are suggesting that IT no longer matters, that what was once a transforming technology has really reached the end of the road in terms of innovation, that IT provides little value beyond sort of routine data-processing tasks somehow, that customers should just optimize for cost, out-score their IT, and not really think about the long-term efficiency. In short, there are people who think that what the computer industry and IT is delivering today is good enough and won’t even get much better.
What do you guys think? Have we reached that kind of a plateau of innovation? I don’t think so. Will the pace of meaningful change continue, or should we settle the technology as delivered today as good enough?
I believe that we’re actually entering a new era of innovation. It will compound all of the great things that have come before it. We’ll see a wave of change in the PC, how it helps connect us, how it can be used in ways that are as important as the shipping of the first PC.
Just as the first 25 years were about empowering the individual, these next 25 years will really involve a wave of innovation that centers on empowering the interactions between individuals, groups and organizations, and as more and more of our interactions are mediated and involve the use of technology, I see tremendous opportunity to harness the connectivity of the Internet and workstation in the way we live, the way we work and the way we interact.
There are many people who take all of this for granted. With the dot-com bubble bursting and CEOs becoming more cautious about investment and even downright skeptical, I would say, in some senses in terms of the way they think about IT investment, some have begun to look at IT as simply a place to cut costs instead of a way to improve efficiency. And it really is a key distinction in my mind. Cutting costs is very important but doing it without thinking about long-term productivity will certainly, in my perspective, be a shortsighted decision.
Recently IT spending has stopped growing faster than the economy. Last year it even lagged economic growth. GDP grew 2.4 percent; IT spending actually declined.
The question that maybe is most important to ask is, what will the future look like? Are companies making a mistake when they jump to the conclusion that they have little to gain from further IT productivity and investments, that the Internet’s significance was dramatically overblown?
I believe those companies are making a mistake. I believe that there’s almost a dangerous complacency about innovation amongst people in the world these days. That complacency threatens to leave companies behind in a world that will continue to change rapidly.
What do I really mean by innovation complacency? To put it simply, I think it’s when corporations put the short term over long-term value, when people fail to exploit or even develop new technologies that could boost productivity, when they fail to expand their customer bases, to reduce order times, to improve customer service, to open up new markets. And that’s a mentality I see these days.
Sam Walton said,
“You just can’t keep doing what works one time because everything around you is always changing. To succeed you have to stay out in front of change.”
I think that’s true for Microsoft, I think it’s true for our industry colleagues, and most importantly I think it’s true for all of our customers.
Our industry heritage has been to embrace innovation with enthusiasm. Many of you in the audience — and I see many familiar faces — have participated in the industry for years and have seen the amazing innovations that have changed the world. Yet today I know there’s still a lot of soul searching going on about the aftermath of the bubble, the challenges in the industry.
In the past few months we have seen commentators suggest that IT doesn’t matter, flat out, period, that we’re at the end of innovation. We’ve even see people suggest that Moore’s Law has become a tyrant instead of a tailwind. It’s stunning to me; it just blows my mind.
And I don’t buy it. My pride — always a dangerous thing to follow — but my pride, optimism and experience in the industry don’t let me agree with that kind of pessimism; it really doesn’t.
I know that at the end of the day we all — everybody in this room, everybody in this industry — have so much more that we can do to change the lives of our customers and that we will face these challenges and really drive through.
Today we’re faced with, I think, another new and growing challenge to innovation, and that’s the need for the highest levels of security in a world that frankly is full of thieves, con artists, terrorists and hackers. Many of our customers are feeling the pain. They are frustrated by vulnerabilities. They are frustrated by patches. They are concerned about the threat that hackers pose to their systems. And businesses are taking a hit at the bottom line level.
Our company and our industry has to hit on all cylinders to meet this new challenge, which in and of itself again threatens innovation. We certainly are all fully committed to meeting the challenge of these new security threats while continuing to innovate. In fact, we believe better security and constant innovation go hand in hand.
One of the guys I was talking to at work came up with a good analogy. He said in the Old West the banks didn’t shut down because of the bank robbers; they improved the banks, they improved law enforcement, they went after it. Issues of safety have not stopped innovation in the auto industry. They continue to move forward innovation and safety, and they’ve even helped spur many of the better technologies like air bags and ABS brake systems, et cetera.
So we are in many ways humbled by the developments of the last few weeks. Windows is the most popular platform in the world, so every security incident with it is just magnified and magnified and magnified across so many more systems than with any other platform.
We recognize the concerns of our customer base — boy, do we — and we are further redoubling our efforts to ensure we have a comprehensive approach for better security for all of our customers.
To our customers, my message is very simple: we will address your security concerns, we will make the innovation and the investments in the customer base that are necessary to let them, our customers, continue to stay ahead of these evolving threats.
How are we going to overcome the new wave of destructive worms and viruses that have been unleashed on the world? First, we have to raise the bar on the quality of our product when it comes to security and we have already started down that path.
In early 2002 we announced our initial Trustworthy Computing initiative, and we took the unprecedented step of literally stopping the development of Microsoft Windows and its 8,500 people while those engineers went and conducted 10 weeks of intensive security training, and they literally analyzed the entire Windows Server 2003 code base for security issues. We’re going to continue this work on security and quality pushes for all of our major new products and product updates before those things ship.
There is some evidence of progress, not enough, but evidence of progress. Windows 2000 Professional Server, the new Advanced Server we put in the market, was recently certified under the federal government Common Criteria Certification Level 4. That’s the U.S. government security rating system, if you will.
But we know the security threat is not static, and we need to continue to push, as Blaster and Sobig teach us, to focus on security and reliability in order to make products as resilient as they possibly can be to attack.
One area of investment that we’re pursuing is what’s called post-processing of source code to find vulnerabilities, so you actually go back and you have tools that look through the source code and help identify potential vulnerabilities. And it is true that those tools do get dramatically better with each vulnerability as we learn and can teach them to help spot whole new classes of attacks that come from hackers.
We’re working to determine how we can take those tools and make them available to other independent software vendors in the industry as well as corporate developers to help everybody raise their performance in this issue. There’s still a lot of work ahead of us though.
Second, we’re continuing work with law enforcement on the other side of the problem, finding the hackers and helping to prosecute them. These are not innocent pranks. They are now very serious crimes that could affect defense and hospital systems, and law enforcement is certainly taking up the challenge. We’re going to work with them to deter hacking in the first place, using new methods to detect the source and eliminate the worm or virus writers.
While Microsoft products have become a target for hackers, our products are not the only target. Our industry colleagues understand that the entire technology infrastructure is really only as strong as the weakest link: router technology, databases, ISP connections, and other segments of the industry are also at risk and need state-of-the-art security. This is an industry-wide problem that must be fought not only by Microsoft but by all companies in our industry large and small, and we have to do this with a sense of full partnership and cooperation with our customers as well as law enforcement.
The third thing: We find today that too many users are not fully utilizing security technologies and not fully designing their networks for maximum security. There’s a critical message that all of us in this industry need to convey to business customers and consumer customers who are on the Internet, and that message is about encouraging them to take the right steps to put secure infrastructure in place.
We’re working with industry partners here in the Valley and across the world to give the right guidance to customers about how to properly configure and deploy firewalls, antivirus, behavior blocking, filtering, VPN, e-mail, browsing and other technologies.
Partners like Network Associates, Symantec, Checkpoint, Cisco, the ISP community, and many others all are in the business, as we are, of helping protect systems on the Internet, and we must all help our customers better deploy available security technologies.
We’re involved with a security vendor consortium where we’re able to partner with other software companies on dealing with recent attacks like Sobig and Blaster. The collaboration is critical to make sure that our mutual products are more secure, that we help detect an attack when it’s happening and we build better tools for customers to respond. The partnership is particularly critical to help with the early warning and critical emergency response as these new viruses and attacks break out.
To assist us all in getting the word out, we have to turn up the volume on how customers can protect themselves from viruses and protect their PCs. We launched a campaign recently, an education campaign called
“Protect Your PC,”
to raise the awareness of this issue really on a global basis and to try to help customers understand what they can do.
We’re working to make the installation and deployment of security patches easier and more seamless for users of all size. The number of mails I’ve gotten both from consumers and large businesses saying we need more help is large, and we’ve received a lot of very helpful feedback from customers themselves on how to improve our update technology, our tools, our guidance, and where we should increase our use of mitigation solutions that shield the consumer and business systems from attack. There are many ways to work this problem: shields up, as well as improving the basic security and quality in the products.
We’re going to make the investments necessary to help our customers take action. Deploying existing security technologies and having a security plan can really help a business weather attacks much more effectively. The range of impact of these things is really quite huge and we view it as one of our most important responsibilities and partnerships to forge with the customer base to tell them what the best practices are in terms of using security technologies.
Next, we need to improve the entire patch-management process. We’ve made some progress in improving patch-management tools, but we have to continue to improve the speed, the resiliency, and the distribution of patches.
Generally, and this is not that well known, security experts — not hackers — find security holes first, and either tell us or publish a vulnerability, and then we have to all go race to plug the hole or the virus writer races to plug the hole. Even when we publish the patch, the hackers usually take it, reverse engineer it to find out what the vulnerability is, and then exploit it in time before the patch itself is sent out or at least before our customers have an opportunity to load the patch.
We know our responsibility does not end with simply providing patches, but has to be based on a multi-prong strategy that ensures we’ve provided the tools, the education and the support for people to deploy these patches. And they’re not just in our software; people need the tools to be able to patch the entire infrastructure if new innovation is going to be able to move forward with the security people need.
And finally, and I think perhaps the most important technical area that we’re focused on, is the area of what we are calling shield technology. We know that the bad guys are going to keep writing viruses; we know that. Our goal has to be to block them before they can ever get onto those PCs. And regardless of the cost and level of investment required by us, by Microsoft, we are absolutely committed to try to accomplish this notion of shielding.
Products like the Internet connection firewall that’s built into Windows XP provided protection from the recent Blaster attacks for the PCs that had that technology turned on, whether they had patches applied or not.
We want other companies, startups, innovators, large companies to join us and invest in combinations of security technologies so that the innovation curve in security itself remains high, and it allows investment and deployment of innovative new solutions by all of us to remain high.
I’m optimistic that there are yet-undiscovered technologies that will help the industry create a safer and more secure computing experience. This is not a problem that’s going to go away overnight, and it’s a problem that requires innovation.
We think that one of the best answers may be to simply stop the viruses at the front door, rather than having to deal with them at the back door, and that’s a whole new front, we think, in the line of defense.
All these areas need a laser focus from us, our partners and our industry. Improvements in quality, customer communication, industry partnerships and innovative new technologies do form the plans to a more secure future.
Looking to innovation to help address security threats, I think, is the right approach. It’s the passion to innovate that will continue to lift the industry to the next level of customer satisfaction, whether it’s security or any other issue, and in tough times we have to reject this idea that good enough is OK in security, in cost of ownership, in meetings and note taking, in storage. You name the area, we have to resist this idea that good enough is OK. I think good enough is the foe of better, and it’s really the enemy of the best.
Good enough for our industry means that the industry has really stopped delivering innovative value to its customers. Good enough, in my opinion, fosters this innovation complacency that I talked about a few minutes earlier.
The bottom line for any company in our industry is that we have to meet customer expectations through a relentless focus on innovation. It’s the soul of our company and it’s what we aspire to more than anything else to contribute.
We invest heavily in innovation. We’ll spend about $6.8 billion this year in innovation alone.
Taking a long-term approach has been effective for us and it’s an approach that our industry must continue to take to serve customers. It’s the approach that produces some of the most powerful innovations in the industry, and I’m thinking of very visible things that we’ve done like the Tablet PC and some of the new things coming in the new version of Microsoft Office. I’m also, though, thinking of great examples of things that took years of investment to deliver the kind of innovation that finally pays off in the marketplace.
Other companies are also doing this kind of great innovative work. In 1999, remind yourself, Apple and Lucent teamed to deliver the AirPort, the first wireless networking device to become broadly available. As we look at all the wireless hotspots today, it’s easy to forget how truly groundbreaking this technology was, or how short a period of time ago it was first pioneered at Apple.
Take Adobe; its work on typefaces was one of the most significant breakthroughs in printing, and its Acrobat Reader has really become universal.
These are advantages of what we call the commercial software model, innovation coming from commercial software companies that can integrate across technologies and can do that in a way that leads to solutions in the marketplace that are seamless, easy and inexpensive.
We do think that software should automatically include this notion of integration across all of the pieces so that customers don’t need to be systems integrators for themselves and rely on command-line scripting and other tools. Customers shouldn’t have to spend tons of money on systems integration in security and cost-of-ownership management, et cetera.
Our mantra for our company and for everybody else out there whose business it is to produce software and technology innovation is simple: Let’s all go drive higher business value through innovations that can be implemented quickly, easily and in a familiar way. And the business value of the innovations dwarfs the cost savings in simply turning the thumbscrews down on IT today. Innovation is going to open up new markets. Innovation will drive sales not just for our industry but for all industries, we think.
Let me just give you a couple of examples to think about here before I wrap. The first one is Bear Stearns, which needed a system for handling the flow of its stock and bond orders on a real-time basis. The company built and deployed a new system based totally on XML Web services, took only a few months to come up, and it came in a quarter of a million dollars under budget.
The senior managing director of Bear Stearns said — and this happened to be a Microsoft customer —
“The Microsoft tools allowed us to build a system that met our needs in less time and money than the competition.”
That’s illustrative of the kind of value our customers are looking for across vendors, something which XML Web services definitely allows.
If you take a look at what we did with digital photography in Windows XP, when we designed it, only 10 percent of customers had digital cameras. We could have said, don’t put it in, don’t do it, let’s wait. Today more than 50 percent of users are using digital cameras and digital photography, and we have to as an industry constantly be engineering these needs before they arrive to make sure that the kind of innovations that customers are going to want are easy to get at.
One other example is a company I used to like a lot before I went on a diet, because I’d stop there quite frequently, and that’s 7-Eleven. 7-Eleven is a company that is totally run on the margins. It’s a tough margin business. If they can get exactly the right supply chain and the right inventory, they can service their roughly 6 million customers very, very profitably. Building on top of, again, XML Web services, they recently created a new vendor terminal system that enables their suppliers to access inventory information from 7-Eleven on a daily basis and to supply the right 7-Eleven store with exactly the right product at the right time.
Here’s what the VP for Information Systems at 7-Eleven had to say:
“Innovation is how we differentiate ourselves to our customers and how we drive our costs down and deliver results to convenience customers around the globe.”
If innovation is the hallmark of what’s going to make 7-Eleven successful, innovation must certainly be the hallmark of what’s going to make our industry successful. Now is the time to invest. Now is not the time to be cowed by concerns in the economy about costs. Now is not the time to step back and say we should just stop doing anything until the world can be secured. Now is the time to invest — invest in the technologies that let people do what they want to do, to secure their infrastructures, to secure their infrastructures at lower cost and to allow this industry to continue to provide products that our customers can harness to deliver the kind of innovative value that companies like Bear Stearns and 7-Eleven and others do.
I do have a lot of confidence in what this industry can accomplish, I have a lot of confidence in what our company can accomplish, and certainly I have enjoyed the opportunity to share some of that enthusiasm with you today.
I’ll look forward to the Q & A with Roger and some discussion from the floor, but it’s been a real pleasure and privilege to be here. Thank you.