軟體商業生態系統中利基者經營模式之變遷：以資訊安全軟體公司為例 / Metamorphosis of Niche Players' Business Models in the Software Business Ecosystem: the Case of Information Security Software Firms

郭國泰, Kuo,Anthony

Unknown Date

本研究採用「商業生態系統」觀點，以「利基者」的角度出發，來探討利基型軟體公司經營模式的變遷。研究對象為屬於「利基者」的資訊安全軟體公司，以及其所處的環境。研究分為「歷史分析」與「探索性個案研究」兩大部分。首先，本研究以「歷史分析」作為前導研究，探討資訊安全軟體由1986年至2007年的發展沿革，並釐清防毒軟體廠商、防火牆軟體廠商，以及入侵偵測/防禦軟體廠商所處的商業生態系統，以及廠商在其中的角色。此外，在歷史分析中，本研究也探討了主要商業生態系統之間的關係。而「探索性個案研究」，則選擇了五個成功的資訊安全軟體公司，以及五個失敗的資訊安全軟體公司，探討這些廠商在1986年至2000年之間經營模式的變遷，以了解成功及失敗的因素為何。此外，也描述繼續存活的成功廠商，如何在2001年之後，因應環境「擾動」而動態調整其經營模式。 在「歷史分析」的部份，本研究首先發現，資訊安全軟體自1986年開始出現，此時的資訊安全軟體廠商，主要為防毒軟體廠商，而廠商在「個人電腦商業生態系統」以及「區域網路商業生態系統」中扮演「利基者」的角色。在1994年後，「Internet商業生態系統」蓬勃發展，除了防毒軟體廠商之外，防火牆軟體廠商以及入侵偵測軟體廠商開始出現。而資安軟體廠商在「Internet商業生態系統」中扮演「利基者」的角色。之後，資訊安全軟體廠商逐漸形成了一個「邊界安全商業生態次系統」。在這個「次系統」中，不同的廠商分別扮演了次系統中的「關鍵者」、「支配者」，以及「利基者」。另一方面，三個「主系統」之間，存在「演替」的現象，後者的重要性，逐漸超越前者。而到了2001年之後，由於環境中的劇烈「擾動」，產生了新的生存空間，也改變了既有「物種」的「種間關係」。而另一方面，主要商業生態系統中「關鍵者」的跨入，也嚴重壓縮了既有「利基者」的生存空間。 「探索性個案研究」中，本研究又分為「規範性個案研究」與「描述性個案研究」兩部分。「規範性個案研究」探討五個成功的資訊安全軟體公司，包括Symantec、Trend Micro、McAfee、Check Point，以及Internet Security Systems(ISS)，在1986年至2000年之間，調整經營模式的動態過程，並與五個失敗的公司，包括ACSI、ESaSS、EliaShim/eSafe、Raptor，以及Axent進行比較。研究首先發現，成功的「利基者」，充分「借助」了「關鍵者」的資源，包括「技術」、「夥伴」、「聲譽」，並透過學習，運用關鍵者的「知識」，提升組織的能力。其次，成功的「利基者」，都能建立以自己為中心的「商業生態次系統」，包括「通路次系統」或是「技術平台次系統」。此外，成功的「利基者」，也都能及時參與新興的商業生態系統，並察覺商業生態系統「演替」(亦即「消長」)的狀況，進而調整參與的重心。而失敗的五個「利基者」，均於2000年之前被其他公司購併，主要因為較欠缺這些作為，或在這些方面未能成功。「描述性個案研究」則描述在2001年之後繼續存活的成功「利基者」，如何因應環境「擾動」與其他廠商行為的改變，動態調整經營模式。這些廠商調整經營模式，以鞏固既有的生存空間，並掌握新的生存空間。同時，也多方參與由不同的「關鍵者」所主導，未來可能成為「主流設計」的技術架構。 綜合來說，成功的利基型軟體公司，由創立開始，隨著成長的過程，「參與」以其他關鍵者為中心的商業生態系統，同時也致力於「建立」以自己為中心的商業生態系統。「參與」及「建立」二者與時並進，並適時調整，利基者才得以維持長久生存。 / This study takes the view of niche players to explore their business model changes in the software business ecosystem. Software firms in the information security software industry and their environments are selected as research context. The research is comprised of two main parts: a historical analysis and an exploratory case study. The historical analysis serves as a pilot study, in which information security software industry’s historical development is scrutinized to clarify which business ecosystems these security software firms, including antivirus software firms, firewall software firms, and intrusion detection/prevention software firms, participate in as they grow, as well as these firms’ roles within the business ecosystems. Relationships between different busines ecosystems are also studied in the historical analysis. In the exploratory case study, five successful security software firms and five failed security software firms are selected as case companies. The case study explores how successful firms and failed firms, from 1986 to 2000, differ in the way they changed their business models, in order to understand why successful firms remain in existence after 2000. The case study also describes how these surviving firms have, responding to “disturbance” in the environments, been adjusting their business models dynamically since 2001. The historical analysis reveals that the “PC business ecosystem”, the “LAN (local area network) business ecosystem”, and the “Internet business ecosystem” are involved as security software firms grow. Information security software firms have participated in the “PC business ecosystem”, when antivirus software was brought to the world in 1986. Antivirus software firms played the role of “niche players” in the “PC business ecosystem” at that time. Later when local area network was getting prevalent, a few antivirus firms participated in the “LAN business ecosystem”, playing the role of “niche players” as well. When the Internet commercialized around 1994, firewall software firms and intrusion detection software firms emerged. All participating information software firms played the role of “niche players” in the “Internet business ecosystem”. In 1996, a “sub-system”—“perimeter security sub-system” —was formed within the “Internet business ecosystem” by various security software firms and hardware companies. This “sub-system” had its own “keystones”, “dominators”, “hub landlords”, and “niche players”. In addition, “ecosystem succession” phenomenon is observed between the three “main system” —the “PC business ecosystem”, the “LAN business ecosystem”, and the “Internet business ecosystem”. Importance of the latter gradually surpassed the former. Furthermore, “disturbance” has emerged since 2001, creating new living space, but at the same time altered the “inter-species relationship” between existing species. Some “keystones” in the main ecosystems turned into “dominators”, highly decreased existing niche players’ living space. The exploratory case study is divided into a “normative case study” and a “descriptive case study”. In the “normative case study”, five successful security software firms, including Symantec, Trend Micro, McAfee, Check Point, and Internet Security Systems (ISS) are compared with five failed firms—ACSI, ESaSS, EliaShim/eSafe, Raptor, and Axent in the way they adjusted their business models from 1986 to 2000. Evidences revealed that successful niche players sufficiently leveraged resources provided by keystones. Resources include technologies, partners, and reputation. Successful niche players also learn from keystones to acquire knowledge, which further improves niche players’ organization capabilities. In addition, successful niche players are capable of building up their own “sub-systems,” which can be “channel sub-systems” or “technological platform sub-systems.” Furthermore, successful niche players, in time, participate in every promising business ecosystems, and sense the “ecosystem succession” phenomenon when it takes place to adjust their efforts on different business ecosystems. Five unsuccessful case companies fail to achieve similar accomplishments. Consequently, all of them have been acquired or merged by other firms by 2000. Meanwhile, in the “descriptive case study,” I describe how five successful firms keep surviving after 2001, adjusting their business models to secure existing living space and seize emerging opportunities. These successful niche players also participated in all information security architectures proposed by different keystones, expecting that one of these architectures will turn out to be the “dominant design” in the future. Overall, successful niche players, as they grow, participate in business ecosystems led by other keystones, and build up their own business ecosystem as well. They advance and adjust both their “participating” and “builing up” activities to secure long-term survival.

軟體

商業生態系統

軟體商業

資訊安全

經營模式

企業網絡

網絡定位策略

利基者

software

business ecosystem

software business

information security

business model

business networks

network positioning strategy

niche player