Quocirca Insights

Summary Bullets:                 

• ·       Cisco's Q3 earnings report statement is impressive and trendsetting
• ·       Wireless bandwidth expansion needs more QoS, to improve profitability

Cisco delivered a neat and fast Q3 (Feb-April) financial result last week (http://newsroom.cisco.com/release/1190049/Cisco-Reports-Third-Quarter-Earnings?utm_medium=rss), marking its ninth consecutive record revenue quarter, and generally outdoing market expectations. The results were presented by the captain, remarking that 'Cisco is executing at a very high level in a slow, but steady economic environment'. The Q3 revenue figure of $12.2bn is 5.4% better than last year, and twice what the company delivered in Q3 2005 - so, steady yes, but slow, not at all.

Cisco has always been a great bellwether for trends in the WAN infrastructure and the global networking dynamics. Earnings in its largest product segments, switching and routing, are overall flat, whereas its data center UCS and the integrated Nexus switches jumped 77%, its wireless business grew 27%, and its service provider video product sales increased by 30%. Driving these growth areas is the  continued growth in cloud services traffic, and the mega data centre nodes delivering the cloud services. The continued shift to wireless is no surprise either, whereas the strong growth in video product sales may indicate that this slow-growth UCC video component along with more interactive consumer cable solutions, are finally taking off.

Looking at the regional performance, Europe and Asia/Pacific revenues were flat, whereas the US grew 7% and Emerging Markets shot up 13%. With Huawei sales more or less deep-frozen on the US market due to security concerns, Cisco is having a field day there - and even managed an 8% growth in China!

Cisco's rock-steady 20 year growth record in the network infrastructure business may appear smooth (almost IBM-like) on the surface, but relies on a willingness to make seismic-shift business choices in its core business. The strong Q3 results owe a lot to successful shifts in its enterprise customer space, notably its entry into the UCC market with UCS, and development of its converged Nexus line. Conversely, Cisco investments in the consumer space (remember Flip and more recently Linksys?) have generally not gone well.

Looking at the Q3 balance sheet, what trend lines emerge, and how does this performance reflect changes in global WAN infrastructure (not overlooking the fact that some, geographies are still stuck in the economic doldrums)?

One indicator is to look at what Cisco has recently acquired and what the company proposes to acquire in the near future. Recent acquisitions include Intucell, Ltd., a provider of advanced self-optimizing network (SON) software products that enable mobile carriers to plan, configure, manage, optimize, and heal cellular networks automatically, according to changing network demands. It has also added Cognitive Security, headquartered in Prague, Czech Republic, to its security portfolio; with an integrated range of software technologies to identify and analyze key IT security threats through advanced behavioral analysis of real-time data. On the acquisition roadmap is SolveDirect headquartered in Vienna, Austria that provides cloud-delivered services management integration software and services; and Ubiquisys, a long-time Cisco partner, providing intelligent 3G and long-term evolution (LTE) small-cell and femtocell technologies that provide seamless connectivity across mobile heterogeneous networks for service providers.

Apart from all these companies being European, they are all in Cisco's high-margin business areas, and will be able to support Cisco's growth trajectory: enhancing the wireless infrastructure, delivering real-time network security, offering cloud delivered service management, and LTE wireless network end-points.

The Cisco enterprise and carrier product and service lines appear to be merging more and more - be it private cloud, hybrid or carrier/IT service provider clouds delivering everything-as-a-service. The strategic direction chosen is clearly to optimize and secure the end-user experience.

However, we are still not seeing any closer service links across the fast growing wireless LTE infrastructure. Could Cisco provide QoS across its wireless links to support latency sensitive cloud based ERP apps? Could this be deployed and monetized by Cisco's carrier and IT service provider customers? In many instances the enterprise customers are much more interested in solid and predictable network performance than in lots of best-effort, fluctuating bandwidth, LTE or otherwise. Clearly, the acquisition strategy that Cisco is pursuing will bring more and more capabilities to build an end-to-end wireless service delivery capability. Getting the acquired technologies and platforms aligned and integrated in a heterogeneous WAN environment will be an arduous task - but if not Cisco driven, then who could step up to the plate?

In its account relationships with carriers and IT service providers, it will be key for Cisco to have a very clear well-documented view of enterprise customer priorities, when proposing significant (or even massive) infrastructure investments. But such deliberations seem urgently needed as the recent spate of wireless infrastructure investments seem driven by consumers insatiable bandwidth appetites. But margins in that cutthroat business are low. Focusing on enterprise grade wireless services may well deliver more value. 

Paper-based information is not often thought about in today's Big Data picture, which tends to focus on the proliferation of unstructured data from sources such as blogs, social media and video that is growing at exponential rates compared to traditional enterprise data. Yet paper documents are an important part of corporate business operations, often containing valuable information that must be captured, stored, organised and analysed. 

Despite all the talk of the paperless office, organisations today still rely heavily on paper documents. Every day businesses receive and print thousands of paper documents, mail, email and faxes that need to be captured and transformed for entry into business processes. Whilst some businesses have transitioned to electronic forms and transactions, many mission-critical business processes - such as billing, claims-processing and accounts-payable are paper based. This reliance on paper is costly and inefficient and paper documents can be a huge liability. 

As organisations try to reduce costs, improve process efficiency and establish compliance with various government legislation and industry regulations (e.g. PCI-DSS, SOX, HIPAA, Data Protection Act), digitising paper documents through document capture is an important first step in business process automation. Document capture solutions are designed to remove the bottleneck paper creates at the onset of many business processes today.

When captured at the point of origination, paper documents can be directly integrated into business-critical processes. The full capture process includes scanning, data extraction from scanned images, document classification and sharing of content across electronic content management (ECM) systems. Documents become more accessible and easier to find, distribute and track.  This increases productivity and streamlines processes, while supporting record retention, document security, and privacy requirements. Consequently, paper documents become part of the wider big data picture, enabling organisations to extract value from information to support faster decision making, for instance through business intelligence or big data analytics.

However, the challenge of document capture and processing can be daunting for many businesses, requiring specialist skills and resources. Despite the clear benefits of integrating all types of information into business processes and eliminating paper from these processes, employee attitudes and existing departmental systems can make it difficult to know where to start. Most organisations are resource constrained today, so many turn to outsourcing providers, in order to focus on their core business.

The benefits of using an outsourced service include improved customer service, reduced business costs, compliance and greater efficiency.  Outsourced services allow for easy scalability and can minimise infrastructure costs and disruption. One area where such business process automation is becoming more prevalent is in the managed print services (MPS) market.  MPS is a proven approach to reducing printing costs by optimisation complex printer fleets, and deploying tools and technologies to minimise wasteful printing.  As businesses move to next generation MPS engagements and are looking for further cost and efficiency improvements, many are working with their MPS providers to digitise paper workflows.  With many organisations having already invested in Multifunction Printers (MFPs), working with MPS providers enables them to leverage these devices as sophisticated document capture and processing hubs.

Although many MPS providers are now competing in the wider and highly competitive BPO market, providers such as HP, Lexmark, Ricoh and Xerox have mature industry-specific services to automate manual processes such as electronic invoicing, mortgage application processing and health records management. With the core MPS services becoming commoditised, such business process services (BPS) are becoming key to differentiation amongst leading players in the MPS market.

Whilst Big Data and MPS may not have immediately obvious connections, many MPS engagements are advancing beyond the realm of device consolidation to encompass business process improvement.  By accelerating the transition to digital workflows, paper based information becomes better integrated with enterprise data enabling organisations to extract business value from all data - both paper and digital.

CA is a company with a somewhat chequered past.  Two of its CEOs (along with other senior staff) have been accused concerning financial irregularities, and the repercussions around these issues are only just quietening down.  The other big challenge for CA is that its name is often extended into "CA, the mainframe software company".

The last but one CEO, John Swainson, did everything he could to put CA on more of an even keel. He uncovered and fixed the majority of the issues around the financial problems, and also oversaw the acquisition of companies that would help CA better position itself in a heterogeneous world of mainframe and distributed computing, with an aim of being just as attractive to those who do not have any mainframe computing in their organisation as those who do.

Swainson moved on, and a stint was carried out as CEO by Bill McCracken, a "safe pair of hands" who was unlikely to ever set the world on fire.

Now, a new CEO is on board - and it looks like he means to move CA along as fast as he can.  Michael Gregoire comes with experience from a line of other technology companies, having been at EDS, PeopleSoft and, latterly, Taleo.  His first major appearance in front of the public was at this year's CA World, held in Las Vegas, where he presented his vision in front of several thousand customers, prospects, partners and media, along with being streamed to several thousand more people watching remotely.

Gregoire had to make sure that what he said engaged with prospects while not scaring the existing customers.  On the whole, I would say that he probably managed this.  His view seems to be that CA has to become not only more cloud-friendly, but to become one of the largest cloud companies around.  Further speakers covered how CA was not going to be an infrastructure or platform as a service (I/PaaS) company as such - it would provide tooling that would be used by others who were providing such services.  However, when it comes to software as a service (SaaS), then CA's aim is to be there - as fast as possible.

A "cloud first" strategy will be balanced with providing on-premise solutions to keep the faithful customers happy and also to provide a pathway for these customers to move to cloud as and when it makes sense to them.  Over time, CA will offer as much of its portfolio as possible as cloud services.

Under Swainson's tenure, the foundations were laid for CA to acquire a group of companies that positioned it well to deal with cloud computing.  3Tera provided a means of designing and automating the build of functions and applications; Nimsoft provided a means of monitoring and measuring how applications were performing.  Wylie gave application performance monitoring, and existing software such as Unicenter and Clarity provided additional means of managing what was happening in the cloud - or across a hybrid environment of physical, on-premise systems and different private and public cloud systems. Other acquisitions filled in gaps in CA's portfolio.

On top of these, CA has now acquired Layer 7 Technologies and Nolio, bringing API management and application release management to the game.

The problem for Gregoire could well be one which faced Swainson and McCracken.  Yes, CA now has a portfolio of tools that provide it with the capabilities to be a world-leader in hybrid cloud management.  Yes, there is a lot of work that needs to be done to pull everything together in a way that gets rid of all the redundant functionality that exists between all the acquired systems.  The biggest problem, though, is more prosaic: how to make enough money from an overall offering?

A full, soup-to-nuts offering would use the capabilities of 3Tera to enable a business user to define what they need as a business process and have the basic technical components mapped out.  Clarity would provide a timeline and resource management layer to create a "project" for the work.  Layer 7 would then be used to manage the various APIs between the internal and external functions identified by 3Tera and pull the overall composite application together.  Nolio would be used to roll out the application as required.  Nimsoft and Wylie would be used to monitor and self-remediate any issues seen in the running of the application in real time.

6 enterprise systems all working nicely together.  But, would you pay the full cost for all six systems?  Highly doubtful. 

It is far more likely that in this case, six times one adds up to no more that around 2.5.  Can CA present a solution to the market that is at the right price point, but also keeps its shareholders and Wall Street happy?  It is more likely that Gregoire will have to be bull-headed around the issue and face down the shareholders and Wall Street based on the fact that if CA does not meet the issue head-on, then there may be no CA further on down the track.

As it lies, the mainframe still accounts for around 60% of CA's revenues and more than that in profit.  The mainframe side of the business cannot be left to fade, but new revenue streams will come through cloud computing.

CA has the arsenal of software to be a leading player in the cloud world.  As always, the devil is in the detail: CA has to be able to move this collection of disparate software built up through acquisitions into meaningful packages of function at price points that are attractive to the markets.

Only time will tell if Gregoire is up to this task.

Having seen so many vendors talking about it and so many articles written about it, may make it seem like it has been around forever, but the bring your own device (BYOD) trend has only really been 'crossing the chasm' of wider adoption in the last 6-12months.

Quocirca started widely referring to BYOD over two years ago, but it first cropped up when employees in certain companies, mainly in the IT industry, perhaps most notably Intel in 2010, brought their own smartphones into the office, mostly to access email. Since then it has become a byword for anybody wanting to appear that they are up to date with mobile thinking - hence its presence in so much marketing material.

All too often BYOD is conflated with 'consumerisation', which it is an element of, but there is much more to using a personal networked device for work than the fact that it was procured as a consumer purchase. Which is why organisations need to understand what they are getting into, and why, when they rush to adopt BYOD.

Unfortunately the focus simply on devices, shiny and attractive though they are, misses the point. Whilst these are expensive tools and organisations might like to outsource the cost of them to the eager employee, it is the purposes that employees put devices to that matters.  The hope is that these tools make employees more productive and at a manageable cost to the business, without introducing it to unacceptable risks. For an IT manager, saying this and then 'crossing fingers' or 'touching wood' while they do, will not be sufficient.

A BYOD strategy is required, but as part of a wider IT strategy, encompassing remote working, corporate communications etiquette and standards etc. The most important thing to get to grips with is the 'work/lifecycle' of any and all personal technology used for work.

Anyone thinking, "we stop supplying phones and save money by letting users chose and bring their own" is being wildly over-simplistic. There are security and data protection risks with their associated costs, even if all that is being delivered is email on the move. For more complex or integrated IT applications, there may be architectural changes and this is where use of the cloud can be useful, but still requires a big shift in thinking and infrastructure.

As these are typically devices with networks and usage based contracts attached, there are direct operational as well as capital costs, which may be less transparent or easy to manage with BYOD. For example, what were once 'on net' calls within an enterprise contract, may now be between different carriers. The economies of scale of shared large data bundles could be haphazardly and uneconomically split across employees, mobile operators and Wi-Fi providers.

The worst of it is, no one will really know the true costs for some time as the lifecycle of device procurement, use, replacement and retirement is also completely fractured by BYOD. Software and firmware upgrade cycles will not be uniform across employees, who will also change, upgrade and add to their portfolio of device hardware at their own whim as finances allow.

Moving between departments or locations within an organisation might create additional strains, as the practices, hardware and applications suitable for one role may differ significantly for another. Finally when each employee leaves an organisation, the process of disentangling enterprise supported BYOD purchases, operator contracts and payments, and who has rights to which applications and data will not necessarily be easy.

'Who is liable for what', for many will not be a black or white 'corporate liable' vs 'employee liable' and it is the grey area in between that will catch out or cost organisations dearly, unless they plan 'exit strategies' for BYOD as well as adoption strategies. For more thoughts on what this might involve, Quocirca has updated and re-published its report "BYOD - who carries the can" which is available for free download.

A recent spate of targeted denial of service attacks on organisations such as Spamhaus and Bitcoin serve as a reminder that such attacks are widely used.  Denial of service is the best way to attempt to halt or slow key internet based services by those with a motive to do so. Many IT managers probably look-on, shrug their shoulders and say, "why would they target us? We are not a high profile internet service."

May be so, however, recent Quocirca has shown how reliant all organisations are now the internet to communicate with both customers and partners (free report here "Digital identities and the open business"). This is a double-edged sword. Of course, the internet has become key to enabling high speed automated transactions for many businesses, but from an IT security perspective it also means that those who want to can more easily disrupt the activity of given business for any number of reasons. This can have both tangible and intangible consequences, for example slowing/stopping business or damaging reputation.

Denial of service is just one vector of attack. Another recent Quocirca research report shows that many European businesses have been impacted by a range of other network related attacks. Often these are not aimed at service disruption or damaging reputation but the theft of personal and/or financial data, in particular that relating to payment cards (see free report here "The trouble heading for your business").

"Low profile" businesses that do not deal much with personal data may still feel they are unlikely to be targeted. Don't be so sure. Quocirca was talking with a small engineering firm the other day that was of just such it view. Later in the conversation it said it would be bidding for some work on the proposed controversial High Speed-2 (HS2) rail link. Hacktivists see small suppliers working on such projects as weak links and targeting them as a way of undermining the overall project. Any organisation can unexpectedly become a target.

There is a growing awareness of the dangers of both cybercrime and hacktivism shown by Quocirca's recent research. Organisations are starting to invest in the defence measures necessary to defend themselves. This includes better understanding what is happening on the networks they rely on especially as the formal network edge has dissolved in to a virtual perimeter that cannot be policed using traditional measures such as firewalls and intrusion prevention systems (IPS).

How European business are going about this and the degree of success they are having will be the subject of a webinar Wednesday April 17^th titled "It's time for a new perimeter - protecting your IT infrastructure from malicious attacks" hosted by network defence specialist Corero; for more information and to register click HERE.

Naming a company you founded after yourself can be problematic. OK, no one tries to place the blame for HP's recent woes on Bill Hewlett or Dave Packard (anyway, according to HP's current management a big turnaround in fortune is underway http://www.hpnext.com). However, the ups and downs of Dell are still closely associated with its eponymous founder Michael Dell, especially as he bids to take the company private again, a battle The Economist believes he may lose. For McAfee the recent antics of its founder, John McAfee, were mainly embarrassing (went into hiding after being linked to murder enquiry).

So, it was a brave decision back in 1997 when Eugene and Natalya Kaspersky named the anti-virus company they founded, Kaspersky Lab, after themselves. The name sounds, and is, Russian and although the company now operates as a UK legal entity, it originates from Russia and many of its functions are still based there. Russia is perceived as a hotbed of organised crime and cybercrime, so why would you trust one of its companies with your online security?

In fact, compared to the examples listed in the first paragraph, Kaspersky is not widely known outside IT security circles (except in Russia itself, where it is a well-known consumer brand). There are two reasons for this. First, although its revenues, in excess of £600M, put it in the top 10 IT security companies, only the biggest are that well known, namely Symantec and McAfee (which is why the recent story about John was so widely covered).

Second is the way Kaspersky goes to market (outside of Russia). It has created a widespread network of OEMs (original equipment manufacturers) and ISVs (independent software vendors) that embed its anti-virus in their own products to provide that particular capability for their own offerings. OEMs and ISVs do not always reveal what is under the bonnet unless asked, however a long list of technology partners on Kaspersky's web site includes; IBM, Alcatel-Lucent, Cisco, Juniper, Blue Coat, Check Point and D-Link.

Such prestigious partners have underlined the pedigree of Kaspersky's anti-malware products and convinced many others to place their trust in the vendor; worldwide there are now over 400 million end-points under Kaspersky's protection. Technology partners now account for just 20% of its business with a further 30% coming from businesses across Europe and beyond via 5,000 plus resellers. The balance comes from consumers.

If Kaspersky relied on just selling anti-malware its long term future would be in doubt. As two recent free Quocirca research reports have shown, traditional IT security is no longer good enough on its own to defend against the growing numbers of targeted attacks and other emerging threats (see these links The trouble heading for your business; Advanced cyber-security intelligence). All IT security vendors have had to adapt and Kaspersky has done so with a number of additions and modifications to its product set over the years.

Bringing it all together is the Kaspersky Security Network, a global network that gathers data from over 60 million end-points from contributing Kaspersky customers, providing rapid protection by keeping all users' devices up to date with the latest information about malware and dangerous network links. However, such a capability is table-stakes for any IT security vendor and does not in itself defend against previously unseen (zero-day) threats.

So, the latest release of Kaspersky End-point Security for Business (KESB) includes a set of features designed to counter zero-day attacks. These include sandboxing, virtual keyboards, whitelisting, blacklisting, behavioural and heuristic analysis etc. The range of end-points protected has been extending to include tablets, smartphones and virtual devices. There is also an an overall device management tool to manage patching, usage policy etc.

In addition, Kaspersky System Watcher introduces a context aware security capability by combining information from Kaspersky's firewall, behaviour analyser and cloud-based reputation server to provide a broader overall risk assessment of suspected malware.

Kaspersky admits it is often not first to market but says this is to the long term benefit of its users as all of its technology is built in-house and therefore tightly integrated. Customers might not agree if they get caught out by some new threat whilst Kaspersky's innovations are still in its Lab. That said, many may be unaffected if, as is often the case, Kaspersky is used alongside other security technology.

Kaspersky is an important player in the IT security industry and with its continuing innovation it seems set to remain so. It is likely protecting your organisation against various security threats somewhere, even if you do not know it. It is one of the few Russian software companies with a global footprint and has achieved a level of trust many western business would envy; a jewel indeed.

There is a principal that internet service providers (ISPs) and governments should treat all data crossing the internet equally. It should not matter what type of device is being used, who the user is, or what site or application the data is being coming from/going to - net neutrality should mean no difference in charging models, no discriminating between the different use cases.

The arguments go back and forth as to whether this should be enshrined in legislation as a right, or allowed to drift in a competitive open market.

Despite the arguments and the capacity of technology to advance there are restrictions due to the laws of physics and certain resources that are therefore limited. This might not be too much of an issue with the massed bundles of fibre optics at the heart of fixed-line networks, but wireless networks have to balance range, capacity, power and the frequency spectrum in what is increasingly 'noisy' environment. Ideally without 'frying' anything en route.

While the resources are constrained, the boundless enthusiasm and appetite to access mobile data and applications is not. Nor, given the numbers of subscribers and devices, is the number of endpoints diminishing. In fact, with a re-awakened interest in machine-to-machine communications (M2M), or an 'internet of things', this is likely to accelerate further.

So what about unwired net neutrality?

There are already differential services that break the spirit, if not the letter, of the principal. To see how this happens consider how the way hotels have been offering Wi-Fi is changing. Initially it appeared to be a new revenue stream, but then establishments realised it was costly to get right. As more venues started to offer it, the differentiation was lost and it became a 'table-stakes' offering of free Wi-Fi once hoteliers realised that actually they really made money from renting out rooms and selling food and drinks.

Not all have reached this point yet, but the more progressive organisations have already gone a step further. They offer 'basic' Wi-Fi for free, but have a premium service that offers greater bandwidth, improved latency etc - what might be described as 'professional' Wi-Fi, compared to currently simple 'hotspots'. Basic allows a bit of email and gentle browsing, but the premium service would be good enough for consumers' IP telephony, gaming and video streaming or virtual desktops and unified communications for the enterprise user.

Then there are cellular networks. Some carriers are premium-pricing their higher speed 4G offerings compared to the tariffs on their 3G networks. Of course with differential caps on usage it also gets a little confusing as to which is the best service for an individual user. In countries where only one or a few of the mobile networks are offering 4G today, there will be rapid pricing changes as operators switch between land grab, maximising revenue and maintaining network quality modes.

Given that users have different needs - from M2M applications that might only require a few guaranteed kilobytes to video streaming gamers who need high bandwidth and low latency - there will have to be different types of services offered. Setting caps on how many minutes of communication or megabytes of capacity will be bundled and then charged for will no longer be sufficient.

Different qualities of service will need to be differentially priced. This might require application bundling, e.g. all the social media you can eat, but video is charged by the megabyte or guaranteed service levels, e.g. all gaming traffic in sub XYZ latency, but email transmitted as 'best efforts'.

It will be a real challenge for rating, billing and marketing, but there is no dark fibre in the sky and all the innovative use of spectrum has its eventual limit, which with ever more users and usage is close by. 

The superfast mobile net is unlikely to be very neutral, but that might work out to be beneficial in the long run.

Anyone with a personal mobile phone will have seen the odd big bill, perhaps as a result of roaming or with tariffs where the bundled time, text and megabytes did not match the actual usage, or maybe just too many international calls. But most people only get stung once or twice. Once they understand the consequences of their usage, they can use less hungry data apps, perhaps get a different tariff, or switch from voice calls to text.

Or just pay, after all, tariffs are getting cheaper, bundles bigger and there's always free Wi-Fi, right?

However, as soon as you introduce business use - whether on a work supplied device or a 'bring your own device' (BYOD) - the picture gets a little murky.

First who pays, and for what? In the recent halcyon days of all work related mobile devices being corporate supplied on business tariffs most businesses would deal with the contract side covering all costs with some recovering from employees the cost of personal calls, if they could identify them.

Many employees would never see their individual bills and in some organisations only the finance department would have any idea, until things got really expensive. But hey, these mobile phones boosted the productivity of traders, sales and field service people so was it really a big deal? Not really, until many mobile users appeared, usage patterns changed, bills went up, budgets became tighter and organisations started to think about telecoms expense management (TEM). There are also legislative and tax issues that surround the who pays for personal usage issue.

Now with heavy data usage and employees as consumers wanting to, willing to and doing just about everything on their personally owned mobile phones and other devices, the business/personal usage line is almost impossible to draw.

These devices typically come with Wi-Fi, so that's a free option? No, it may be free in certain quarters, but according to the latest research from enterprise mobility provider iPass, almost 60% of mobile workers have had to pay $20 or more for one-time Wi-Fi access. While some mobile and internet accounts have Wi-Fi access or minutes bundles, more often than not with a disjointed cacophony of providers, limited Wi-Fi account 'roaming' and quirky logins, much Wi-Fi usage outside the office is going to be paid for in an ad hoc manner, expensed and not tracked.

Does BYOD take the issue away? Not necessarily, as it depends whether there is BYOC (contract) as well, and even here the costs do not fall clearly.

Everything appears fine if the employee wants to pay for everything - business and personal use - on their own contract and tariff.

But that may not necessarily reduce costs overall. For a start, the organisation, especially if large or multi-national, would probably have a good deal on its corporate tariff, that personal tariffs just cannot match, so employees are likely to be paying higher rates than when contributing to business contracts.

Business tariffs will also be with one provider and might link into the fixed phone system so that 'internal' or 'on net' calls would be free or very low cost. With employees bringing their own contracts it is likely that multiple operators would be involved and inter-employee calling made more expensive than otherwise.

Employees may also balk at paying for business use or having business use take them closer to their personal data usage caps - but how are they going to claim? One off claims for Wi-FI etc. may be easy, but this is again often going under the radar from the enterprise perspective if it only shows up on expenses rather than a telecommunications budget, so not really acceptable longer term. Finally, if business use is starting to dominate then changing behaviours to limit business usage for personal cost reasons undermines the whole idea of using mobile technology to enhance productivity.

The alternative of "employee-choice with BYOD, but employer picks up the tab" is also fraught with challenges, as personal usage could go completely unchecked incurring not only a direct cost on the monthly bill, but also the indirect cost of time spent not working. This is always a risk, but if the employer is paying for everything on a personally chosen device, could easily be a big problem.

The reality is even more complex as employees will increasingly have a clutch of devices - smartphone, tablet, laptop - each with some element of work and personal use, some of which may be corporate supplied, others not. It may not be sensible or even possible anymore for employers to lock this whole situation down, but it is necessary to understand what is going on in order to keep some control of costs.

More thoughts about mobile expense management are in this recently revised and re-published Quocirca report.

The impact of new mobile devices such as tablets and smartphones might not altogether remove the need for desktop computers, but it does open up the potential for a really radical shift in how workplaces of the future might look.

For a start, the subtle way that even simple mobile phones increase flexibility in the working environment, even inside its boundary - no one needs to return to their personal desk to make or receive a call. With smart phones and tablets, all forms of communication can be achieved on the move - voice, text or video - and can be 'unified' around a corporate platform or 'social' around a consumer (or perhaps enterprise) platform.

The concept of 'in' and 'out' trays therefore seems a little dated, although most would admit the paperless office is still a distant dream So, does everyone need their own personal desk while in the building?

Since many now have working practices (and technology) that allows them to be productive outside the office environment - at home or out and about mobile - is there a case for revisiting the concept of shared desks to cover for the odd time when someone is in?

This idea of flexible working, hot-desking, or 'hoteling' is not new, but advances in mobile technologies, the ubiquity of wireless networks and the personal appetite for working on the move and seeing the office as a place for occasional use all gives it an extra boost.

So too does the potential for cost saving.

The cost of providing a typical desk in a city like London can easily run to over £10,000 per year, and the average across the UK is almost £6,000. Providing one for every employee, whether they are going to use it all the time or not, starts to look like an unnecessary extravagance, especially if all it is doing for many working hours is acting as a support for a few personal photos, memorabilia from past training courses and a never-inspected pile of (often unnecessary) paperwork.

Despite this, many companies as well as individuals find it difficult to kick the mahogany (or aluminium and chipboard) habit. According to recent research conducted for Vodafone, just over a third of companies had not even considered flexible working to reduce costs, thought reducing desks was 'inappropriate' for their business or thought it would have a negative impact on teamwork.

A lot of the people-related preparatory work for switching to a flexible office can be a bit daunting and de-humanising. Terms such as 'stacking density' do little to boost morale and while most organisations and individuals would like to think they measure success by results rather than time in the office, presentee-ism still prevails and being seen in the office is perceived to have promotional value.

Technology can help with this, especially as so many consumers have been 'converted' to mobile, but it still needs careful management.

First the devices. Now that so many expect to BYOD (Bring Your Own Device) to use at work, there are more types of devices to deal with, all with different and personal applications. User expectations are high, but still the organisation needs to secure its assets, especially data. Controls, policies and procedures need to be applied and although user education has to be at the heart of it, automated management controls are vital to avoid costs spiralling, otherwise everyone might as well be given a desk.

Next come the networks. Most organisations have an infrastructure designed around people sat in fixed and known locations, and even desk swapping raises issues - "that's my PC!" or "why can't this phone ring with my incoming calls?". Wireless networks, where they are present, are often oriented around laptops. So connectivity may be available in the places where people can sit and 'de-camp', but there may be insufficient coverage and capacity to deal with lower powered radios in devices such as most smartphones AND tablets.

The network capacity will also need to be increased, but also in a flexible, dynamic and automated way. Increased use of video and 'chatty', more social collaboration - good for bringing diverse and dispersed teams closer together - impacts on the network, especially if users are mobile and video usage is ad hoc and unpredictable.

In a flexible office, even the traditional desktop (yes, they're unlikely to disappear completely just yet) is affected. The network needs to be able to cope with delivering services to different users in different places at different times. User authentication and delivery of their services to the spot they're currently occupying requires sophisticated and predictable management.

The working world may be coming much more mobile, but in the flexible office one thing is still fixed - the need to manage everything as simply, seamlessly and automatically as possible.

For many years, technology vendors have promised companies systems that provide the "one true view" of their customers.  CRM vendor PeopleSoft had the 360° View (somehow lost during the acquisition by Oracle); other CRM vendors provided insights into past customer behaviour and analytics vendors touted clever ways of predicting future behaviours based on visualising past activities through graphical and interactive dashboards.

The main problem with such systems lie in that they are pretty dependent on having enough past information to work against, and in analysing large data sets to provide the required visualisations - which can require large compute farms and data warehouses.  That the future predictions take time to come through can also be a problem - the aim is to capture customer activity in real time and make the most of them.

Some approaches managed to get close to giving real-time value through using pattern matching - if a given customer is doing this, then based on past behaviour, we should point them in this direction.  Makes sense, but requires deep analytics of past data (again) and the formalisation of the rules that will need to be in place.

Quocirca recently spoke with Featurespace, a Cambridge Ring company started in 2005.  The company is currently touting itself as a customer retention and fraud identification and management company - but there seems to be a lot more underneath the hood.

Featurespace uses the real time data streams for its main feeds.  It is self-learning and can work against minimal historical data.  Through using advanced algorithms for analysing on-line (or other - see later) behaviour, fraudulent activity can be identified at a very early stage, and actions taken to curtail it.  Yes, this has value to a business, but will only tend to be seen as massively valuable by the Chief Risk Officer (or equivalent).  Customer churn is an accepted occurrence in most markets, and as long as a company sees its churn as being no worse than the industry average, they are likely to stick with what they have.

The trick for Featurespace is to take what it has and create messages that have better value to businesses.  For example, behavioural analysis not only identifies bad behaviour, but also good behaviour.  In real time, customers can be encouraged in their good behaviour, spending more in the process and ensuring that shopping carts are completed and the customer-to-cash process is fully optimised. 

Also, bad customers can be easily identified - the bane of markets such as telecoms, where the top 20% of customers make 80% of profits, and the bottom 20% make 80% of the losses.  Behavioural analysis can identify whether there is any hope in turning the customer through to profitability - if not, then bidding them a fond "farewell" (maybe even offering them a £5 voucher to go to the competition) can improve profitability - and lower churn, as many of these bottom 20% are the ones that hop from deal to deal. 

Such cluster analysis can lead to identifying interesting opportunities that many analytic approaches miss - and if supplemented with other data, such as the (somewhat outdated, but still widely used) ACORN scoring, can further be used to optimise offers at an ad-hoc immediate level and a strategic future product or services level.

Featurespace can help in the on-line retail space in optimising customer behaviour, but it is also showing how it can operate outside of the "standard" markets.  For example, it can analyse video streams.  Imagine at an airport: your average traveller is doing all the "normal" things - gawping at shops as if they have never seen them before; coming to a halt at the bottom of escalators and causing others to fall over behind them. 

Consider someone who is not a normal traveller - a terrorist, say.  No matter what they do, their state of mind will not make it possible for them to look as relaxed or normal as the average passenger.  Tracking all behaviours enables differences to be picked up very rapidly - and it doesn't have to be hidden in how it is used.  No matter how aware the person is of the system, they cannot work around it: their behaviour patterns will just look more false the more they try to be normal.

Featurespace has to change its messaging, and the new(ish) CEO, Martina King, knows this and is going to be making a big push around Featurespace for behavioural analytics. 

There are competitors out there - the big one that springs to mind is IBM with the work that Jeff Jonas has being doing for some years.  However, there is more than enough room for other players, and Featurespace looks like it could well be one to watch.

Dropbox has been a pretty good success, and it is difficult to do it down when it comes to an easy way for an individual to put information in one place for their own use across multiple devices.  Dropbox sparked off a raft of "me-toos" trying to do things just differently enough to create a market for themselves - companies such as SugarSync or Ubuntu's One, or bigger players trying to retain control of their customers such as Apple with iCloud and Microsoft with SkyDrive.

Consumer service are one thing, but there are problems when it comes to the business use of such services; the individual cannot be king here.  To the organisation, information is the basis of its intellectual property, and if the information is spread around the cloud, this can be a major issue.

Dropbox was originally aimed purely at individuals, and as they started to use it for work-related documents, enterprises had a couple of major worries.  Firstly, they had no visibility of what information was being stored in Dropbox (or any other cloud-based consumer service) and secondly, it was not being shared across a team in an effective manner.

Dropbox is addressing this through its "business" plans and Microsoft is working through its plans for SkyDrive Pro - but are they doing enough?  A  look at what other providers such as Box are beginning to put in place, including additional team and organisational functionality, points towards the availability of well-rounded business information sharing system.

One interesting company that is taking things to the next level is Perforce Software.  Perforce is best known for its on-premise software configuration management (SCM) tools. This provides the levels of control and ownership that many organisations are looking for that cloud-based systems may be perceived to lack.

Within SCM, teams work together, creating and working on digital assets that need to be managed and controlled at a granular level with high levels of security. 

Hang on - isn't this what's needed for team working on business information as well?

This is exactly what Perforce thought.  However, the existing Perforce SCM system was not something that could just be re-badged and thrown over the wall in the hope that users would flock to it and change the world.  Perforce is a tool aimed at technical developers and its front end would appear very complex to business users. Even so, Perforce has seen it being used by non-technical users to manage other digital assets.

Perforce could have gone for an approach of taking what they had and cutting out all the functionality that wasn't needed.  This may well have worked, but would have presented them with two set of underlying code to manage, two products to support needs and so on.

What Perforce decide to do was to take the existing Perforce SCM system and keep the engine as it is, but create a new skin over the top, creating Perforce Commons.  Starting from the "keep it simple, stupid" school of thought, it started with the very basics - what would users want to do?  Well, dragging documents from their device into the system seemed like a good place to start.  Once the documents, what next?  Well, preview them would seem like a good idea.  Put them in folders would keep things clean.  Share them between people inside and outside the organisation.  Comment on them to create a stream of activity - you get the picture.  Start simply and allow the interface to make this happen in the simplest way possible.

However, Commons also allows some advanced features - for example, individuals can work on documents at the same time and three-way comparisons can be carried out to aggregate and resolve comments and changes in an easy manner through an intelligent merge.  Ideal when working as a team against the same information assets - parallel work can be carried out, helping to compress timescales.

What Perforce is ending up with is the proven strengths of its SCM product, completely re-skinned so that a business person can use it in a business environment to put documents in a controlled environment so that they can access them from any device wherever they are, share them within their teams and with those outside their teams and enable social collaboration via comments and tagging.  Full versioning is there too - and users can send links to people that will always link to the latest version - or to a specific version if the user wants.

This approach takes things beyond where some of the other shared file providers are looking.  And for Perforce, it has the luxury of being able to rapidly introduce new capabilities through just surfacing the underlying functionality of the Perforce SCM engine.

There are problems for Perforce, though.  Where it is known, it is for SCM - and trying to persuade its SCM users to allow Commons to be used across an organisation may not be easy, although Perforce itself says that its customers are quite open to the proposition.  Where it is not known, it has the problem of messaging - does it want to sell SCM or Commons - or both?  Each needs different messaging to different groups - but any one sale could cloud the sale of the other.  Perforce also has to decide how it works with its channel - the SCM channel will not be well positioned to sell Commons.

It also has to decide what it really is - is it a Dropbox for the enterprise?  Is it an evolution of where others such as Box are going?  Is it an alternative to SkyDrive Pro?  There will be those who want to stay with an on-premise deployment, and Perforce fits the bill well against all these cloud-based services.  Indeed, it would be relatively easy for Perforce to create a cloud-based offering and take on these other vendors head-to-head. 

However, to start with, it will be an on-premise only.  But there are other on-premise products available - should Perforce be aiming to be SharePoint with bells on, or maybe even Documentum for the masses?

Its future is probably somewhere towards the SharePoint with bells on - and it has an interesting business model where small groups can use it indefinitely with no constraints for free: an interesting offer to the SMB market, but one which if it becomes Perforce's main market will produce little in the way of revenues but with considerable cost overheads.

Overall, Commons looks promising.  Quocirca expects Perforce to struggle to start with, but it has the capabilities to react to users' wishes and wants rapidly and as long as it sorts out the channel and creates a sustainable business model, Commons could well be a success. 

Things change, but recent advances in technology coupled with social changes are changing the work/life balance, and not in the way that was once expected. Shorter days and more leisure time was a twentieth century dream for the twenty first century world of work, but the reality is somewhat different.

At one time, information and communications technology (ICT) for the working environment was only made accessible to a select few, controlled by central diktat and superior to anything you were likely to see at home. Now the complete opposite is true and consumerised IT not only extends the working day into individuals' personal lives, but also allows them choices and to bring their personal devices (BYOD) and activities - especially social communications - into the main hours of the working day.

While this blurring may not be an issue providing employees do not push too much personal activity so as to be a detriment to their work, it does create other challenges.

One in particular is related to another change, but this time instigated by the organisation. There is an increasing need to open up business applications to communicate and share information with users outside of the organisation. This includes outside the physical boundaries and the need to share with employees on the move or working from home, but also outside the corporate boundaries to contractors, third party suppliers, business customers and even consumers. The reasons for this are to improve relationships with customers, transact directly with them and to more tightly integrate the supply chain.

Organisations are themselves also increasingly using social media to do this as they feel that it will make it easier to identify, communicate with and retain customers.

The problem then is how and what to share, and will it be safe?

Up until recently the main method of sharing information remotely with anyone external would either be physical media - CD, memory stick, etc - especially for large volumes of data; or, more often for smaller volumes, email. Most organisations are relatively confident they can secure email sharing, and there are certainly many tools to support this and minimise data leakage.

Physical media is more tricky, and as mobile devices have become increasingly prevalent, this increases the physical device risk further. This might be by direct connection through USB such as memory sticks (although 'podslurping' was a term coined for downloading gigabytes to a connected iPod) or over the air through a cellular or Wi-Fi connection.

The risks this brings through the potential loss or theft of device are well known and understood, with mobile device management (MDM) protections often put in place to lock or wipe, and sometimes, though not frequently enough, through on-device encryption. There are also those who avoid data residing on the device at all through virtual connections that leave no permanent data footprints.

However, a greater risk comes from user behaviours related to the increasing use of social media - posting or sharing something 'out there' on the internet. This might be as an update to 'friends' via a social media site or a dedicated cloud storage provider.

Either way it is potentially out of sight from an enterprise perspective, as employees will be using their own preferred tools to create a Bring Your Own Cloud or Collaboration (BYOC) experience. If this casual and informal usage translates into how official or formal information is shared with third party businesses and consumers, the organisation is not in control, making the demonstration of compliance virtually impossible and increasing security risks.

It might be that enterprise IT has its own set of endorsed tools for information sharing via cloud based services, but the blurring of boundaries in employee behaviour may make the use of these difficult to enforce, especially if employees have been allowed or even encouraged to BYOD in an uncontrolled manner. One way or another, lax behaviour may need to be reined in, monitored or checked.

Sellers of computer security products and services sometimes fret that their messaging is too scary as they go on about risk, data loss and regulatory fines. To get around this, every so often they like to remind potential buyers that their wares are also business enablers. The case is easier to make in some areas than others, one such is identity and access management (IAM).

In the old days (pre-business use of the internet) IAM was mainly about providing identities to employees (and the odd contractor) to give them access to various in-house applications. This was generally from PCs and dumb terminals situated on premise and owned by the business; all was restricted to private networks. How things have changed.

A recent Quocirca report, Digital identities and the open business, shows that the majority of European organisations now open up their applications to external users; from either business customers, consumers or both. This is done entirely for positive business reasons, the top drivers being direct transactions with customers, improved customer experience, smoother supply chains and revenue growth.

However, this requires a level of IAM to be put in place that enables the quick capture and on-going authentication of identities. One of the challenges this throws up is the need for federated identity management.

Organisations that only need to worry about their own employees can put in place a single directory for centralised storage and rely solely on this to underpin IAM requirements. Microsoft Active Directory is by far the most common "internal directory". However, when it comes to users from external organisations a whole range of other identity sources come in to play.

For users from business customers and partner organisations, it will often be the target organisation's own directory (so may be another instance of Active Directory). However, identities may also be sourced from the membership lists of professional bodies (e.g. legal and accounting associations), government databases and social media sites.

When it comes to dealing with consumers, social media tops the list as a source of identity. Many of us will already be familiar with, being able to optionally use our Facebook identities to login to sites like Spotify of JustGiving. Wherever an identity is sourced from it is clear that for external users there is a growing concept of BYOID (bring-your-own-identity).

Some may frown at this and wonder how secure it can all be. The answer to that is down to the IAM system in place. This is where the different sources of identity are federated and policies about who can access what are enforced.

Banks would clearly be taking a great risk by allowing a user to move large sums of cash around based on a Google identity, but it may be good enough to answer an enquiry about opening a new account and capturing some basic details to kick the relationship off. If things go further the expense of creating a more secure identity and means of authentication can go ahead and the details updated in the IAM system.

Quocirca's report shows that when IT and IT security managers think about IAM they still think primarily in terms of achieving certain security goals. However, its use for achieving business goals is creeping up the list the priorities. Furthermore, in the past IAM may have been seen as affordable only by large enterprise. However, it is now widely available as an on-demand service (IAM as a service/IAMaaS) and open to business of all sizes.

The majority of respondents to Quocirca's survey report that their business managers are taking an interest in IAM. This is for not for security reasons but for its power as a business enabler. Now that's not too scary - is it?

Quocirca's report Digital identities and the open business is freely available to download here: https://www.ca.com/us/register/forms/collateral/quocirca-european-research-digital-identities-and-the-open-business.aspx

Facebook, Twitter, Apple and Microsoft: all icons of the information technology industry and all the focus for targeted attacks in Feb 2013. The bad news for us all is, that even those that should be some of the most tech-savvy companies in the world, can fall foul of targeted attacks.

Microsoft admitted: "During our investigation, we found a small number of computers, including some in our Mac business unit, [which] were infected by malicious software......" see here for source. Microsoft appears not to have been seriously impacted, at least if the aim of the attackers was to steal data, as it goes on to say "We have no evidence of customer data being affected and our investigation is on-going". The important lesson is that, whilst Microsoft's defences were penetrated, it was prepared to acknowledge this and make a statement that its customers' data remained safe.

The story at Facebook was alike; malware did get on to its devices, but it was confident data was not stolen - see here for more information. Reports about the incident at Apple are similar. Twitter admitted to 250,000 user account details being compromised.

All businesses must accept this, if they become a target, it is very hard to stop determined cybercriminals or hacktivists getting malware on to their systems. What is essential is to ensure that such attacks are identified as soon as possible and that it is hard for the perpetrators to extend their attacks within the impacted networks.

A new research report from Quocirca "The trouble heading for your business" (sponsored by Trend Micro) shows the scale of the problem of targeted attacks across European businesses. The good news is that with all the high profile reporting, awareness is high. This understanding is also due to the fact that most organisations believe they have been a victim of targeted attacks at some point and in about one third say there has been a significant impact of some sort.

The report goes on to show, that there is an over-reliance on traditional security technology and not enough use being made of more advanced techniques. Whilst Quocirca cannot be sure of how Microsoft, Apple and Facebook are defending themselves it seems that their security posture is predicated on the fact that attacks will penetrate their defences but timely detection and multiple layers of security means these attacks can be foiled.

With their high level of interaction with consumers and the need to store personal financial data, Quocirca's report shows that retailers and financial services organisations are some of the most concerned about the potential impacts of targeted attacks. However, no business can afford to be complacent. With the rise of hacktivism any organisation could unexpectedly become an overnight target.

As another recent Quocirca report "Digital identities and the open business" (sponsored by CA Technologies) shows most businesses are driving more and more value from their online interactions, but this comes at a price. Some of the profit from those interactions must be reinvested in security measures that prepare organisations to respond to increasingly sophisticated and well-targeted attacks on their employees, networks, applications and data. Those that do not face data losses, regulatory fines, damaged competiveness and in the worst case the collapse of their businesses.

The recent announcement at Yahoo! about cutting down working from home and getting employees to come into the office seems to have put a virtual cat among several distributed pigeons. It might be that there are a number of remote, disgruntled and disaffected employees who are simmering remotely out there in distant cyber space who are not getting the message about how the business needs to be changed, but this appears to be a very public way to conduct change management.

One thing is sure, it has brought many opinions, fears and prejudices about work out into the open.

First there is the feeling among many who do not or cannot work from home, that all those who do must be 'tele-shirking', i.e. not really working but being subject to a thousand and one distractions - was that the doorbell? I'll just vacuum the hall and make another cup of coffee.

This feeling also pervades many managers; after all, if you can't see each and every one of the workers, how do you know if they're really working or not? This may sound a bit old-fashioned shop floor or weaving mill with an overseer or foreman at one end of a line of workers, literally keeping an eye on them as they work. But, a quick glance around most modern offices and business park facilities will show glass-fronted offices for managers and open plan seating areas for 'the workers'. Plus ca change?

On the flip side there is the understandable fear of remote workers that those in the office get more 'real' time and therefore influence with the boss. This might translate into better opportunities for pay rises and promotions for those able to maximise their visibility and more frequently get the ear of their manager.

Surely technology fixed this? After all, those working from home will be connected via the internet right into the heart of the corporate enterprise IT systems, they will most likely have mobile phones and may even have video conferencing, desktop sharing tools and unified communications. They can phone, email, chat, text, video call, collaborate with a whole variety of tools - in or out of the office - as much as they like and with open IP networks pretty cheaply. So much so that one company banned the use of email for internal communications as it seemed like employees were doing it too much.

So why should it really matter where people are?

Past Quocirca research once indicated a fear of loss of organisational culture if people were working too much while mobile or at home, and some commentators think this might be what Yahoo! is trying to address. However, simply bringing a number of individuals who were simmering at home back together is unlikely to stimulate upbeat and innovative water cooler conversations, but more likely a seething cauldron of gripes.

The underlying problem is unlikely to be either one of technology or location, but management.  That's not just the day-to-day operational stuff of goal-setting, nurturing, mentoring, delegating, support, feedback, correction and reward, but also the higher level direction of who we are, why we're here and what we do.

This does not mean a meaningless buzzword-laden mission statement that people smirk at, but a credible corporate culture that employees can relate to, sign up to or decide is not for them and move out. It can be as simple as "don't be evil" or as prescriptive as a training program, but either way it has to be consistent, applied from the top of the organisation to the bottom and understood by everyone.

That underpins the relationship with customers, suppliers, partners, peers, subordinates and managers, which then has to be supported by the right operational management tools. This is the crucial bit that makes it all work, or not and this is one area where the development of management skills has been lacking in recent years - especially people, time and process management. Technology can then play a part in supporting that, but only if people are taught how to use it - not the functional aspects they pick up or eventually read from manuals, but how to get the best out of it to perform a specific task.

At one time companies put their staff on courses to develop soft skills, with many of them geared towards some particular technology or communications medium. Time management for using their new Filofaxes; responsive communications e.g. how to answer the phone politely and in under three rings; take ownership of any issues; how to conduct effective meetings (hint: search online for "John Cleese meetings").

Some may laugh and say this sort of training is no longer relevant to today's busy workforce, but the inability to control communications overload, collaborate effectively with colleagues, manage remote or distributed workforces seems a little too widespread. Simply throwing more communications tools at employees, or even allowing them to bring their own, is not the answer on its own, but taking them away is not a step in the right direction.

Since the original Basel Accord was agreed and signed in 1988, central governments, driven by the EU, have been trying to ensure that financial institutions were managed in such a way as to provide a solid platform to the global economy.  Starting with Basel I, increasing levels of central oversight have been put in place to try and maintain a good view on what could be happening within the markets.  Through the Capital Requirements Directive (CRD) first instituted in 2007, certain levels of capital are required to be held by the banks and insurance companies so that they are able to weather any economic storms that come the way of the markets.

CRD IV is the latest version, and it nominally came into effect on January 1^st, 2013.  "Nominally" will be covered later...

At the highest level, the basis for CRD IV is covered under the Basel II and Basel III Accords for the banks and under Solvency II for insurance companies, which increase the amounts of common equity and Tier 1 Capital that the institutions are required to hold.  Basel II also covers how the banks will need to provide centralised prudential reporting - and this mandates the use of the extended business reporting language, XBRL.

In October 2012, Quocirca carried out research across the UK, Germany, France, Italy and Spain for EMC to gauge the preparedness of financial institutions for the use of XBRL as well as their understanding of the whole CRD IV process.

The research provided some interesting findings - just under half of respondents felt that adopting XBRL would be a major impact on the business, with 65% saying that integrating existing systems into an XBRL system would be of major concern.  Unfortunately, only 25% of respondents had even chosen an XBRL solution for something that was to be mandated as of January 1^st (at the time, only 3 months away), leaving the notion of the financial markets being ready to meet the implementation date as being a bit far-fetched.

But, back to the "nominally".  As the financial markets collapsed, the EU went into prevarication mode.  There was always a transition period built in to CRD IV and Basel III, but this was meant to be for a move along a maturity model with everyone essentially staying in step along a defined set of processes.  Although the nominal dates for CRD IV and Basel III remained as 1^st January, the EU started to change the goalposts, saying that banks must hold more liquid assets and so lower their risk if facing another meltdown.

Country financial bodies, such as the Financial Services Authority (FSA) in the UK had to move to more of an advisory mode - without agreement from the centre, little in the way of solid process guidance could be provided by them.

So, although few banks and insurance companies were ready for the requirements of CRD IV and Basel III on 1^st January, it makes little difference, as the central bodies concerned were still fiddling while the economy burned.

However, this is not an adequate excuse for the financial institutions concerned to be so far away from being able to meet the technical requirements of CRD IV.  The need for centralised prudential reporting is still there - and the failure to plan to implement XBRL systems means that these institutions are incapable of meeting this need.

At some stage, the Powers That Be will get their act together and CRD IV will become law with the necessary Directives in place.  Financial institutions would do well to ensure that they are implementing the right systems now to meet their reporting needs - without them, they will fall foul of legal requirements, which could cost dear in fines.

Quocirca's report on the subject can be downloaded for free here.

Quocirca has recently published a free checklist to help those looking at investing in self-service solutions. So, why might it be useful?

Well, there has been a rush in the UK in recent retail situations towards customer self-service and automation. Pay at pump petrol stations, self-checkout tills and so on. The reasons for this are presented as 'customer convenience', but it is pretty clear that it is all too often about cutting costs and too little thought is given as to how to how it might affect the overall customer experience.

Specialist retailers will argue they have to do this in order to compete with either online or other higher footfall locations such as supermarkets, hypermarkets and shopping malls. There may be some truth in this, but by simply commoditising the shopping experience, those making knee-jerk decisions to automate customer service run the risk of further business decline.

Clearly something is amiss as so many major and well established specialist companies have and continue to disappear, mainly with a wail about "habits have changed", "it's all gone online" after they have narrowed stock ranges, made the stores feel like warehouses and trained the staff to be as friendly as bent nail.

The best (and surviving) retailers - whether online, mobile or physical stores - provide service excellence irrespective of the technology or channel. Automation and self-service has a very important part to play in all these routes to the market, but it has to be delivered with the customer in mind, not simply as a cost cutting exercise.

The first thing to realise is that self-service is not a standalone tool or alternative to existing processes, but has to be integrated into the wider business in order to be successful. It should be viewed as a strategic and well-researched investment, not a simple tactical option. For this reason, the decision making process of how to implement self-service and what solutions or tools to should be implemented has to be well thought out and comprehensive.

To start with, an organisation must identify why the move the self-service is being made in the first place and what the main requirements are. There may be cost reduction element, but how important are other matters such as increasing cross-channel co-ordination or improving customer service levels and internal communications? For example are customers automatically invited to chat if their website interaction indicates they might need help or can support agents see what customers have done, requested or replied in order to avoid duplication of effort on the part of the customer?

However, this process may reveal that there are underlying issues with poor business systems, such as lack of a formal handover at shift changes or problem departments - e.g. a technical group refusing to get involved in customer contact. These will need to be addressed separately to the implementation process as simply deploying self-service alone will not fix these internal problems.

Next consider which suppliers will need to be approached and investigated. As well as taking the partisan views of the vendors themselves and some of their 'tame' customers, dig deeper and find out the broader market perspectives from a wider mix of customers, perhaps through trade shows and conferences. Industry analyst perceptions may also be valuable, but be aware that some analyst houses may overlook specialist or niche vendors and it is best to take a broad view.

The bulk of any product or service suitability assessment will come down to comparing features and functions, and a checklist will be useful. However, as this is an important investment, it is always important to check the people, company and its current client base of an intended supplier to get the full insight.

It is never easy going through the process by oneself, and even self-service benefits from some sort of external guidance. So for an idea of how to approach the self-service product and vendor selection process, download a free checklist

At the end of 2012, Quocirca carried out research for BNP Paribas Leasing Solutions into the perceptions around IT and communications financing amongst UK small and medium businesses (SMBs). For the research, SMBS are defined as organisations having revenues of between £5m and £50m per annum.  The results show that there are marked differences in buying habits within these SMBs - and that there is a lack of strategic thinking that could impact their capabilities to compete in the market. 

The research indicates that although the value added reseller is the most used strategic channel for the strategic buying IT and communications equipment, there is also a lot of tactical buying of equipment directly from the web.  Although this happens particularly at the smaller end of the market, where the buying decision was mainly down to the owner/manager, it is still seen amongst the larger organisations where there was a dedicated purchasing function in place.   

This tends to indicate "reactive" buying, where equipment is sourced as and when required, for example where a piece of equipment breaks or where a new project requires new hardware.  However, by buying reactively, the underlying platform can become less strategic - standardisation and homogeneity can be reduced, while asset lifecycles are difficult to monitor and maintain as no real controls are in place.

It also militates against the way that modern IT is going - virtualisation and cloud computing work best where there is a more standardised and lifecycle managed set of equipment underpinning them.

However, for an SMB, putting in place this sort of rigour may be difficult.  Consider and organisation that has a total IT budget per year of, say, £500,000 - this falls someway along the middle of the range of SMBs that are covered in the research. According to standard metrics, between 60 and 70% of this will be spent on maintaining the existing platform - what is known as "keeping the lights on".  This will leave, at the low end, £150,000 for new IT investments.

This is not a lot when it comes to trying to implement a new technology platform - and many SMBs find themselves in the position of wanting to carry out more strategic projects, but cannot as the required money is not within their grasp.

However, the use of structured financing could help SMBs make far more of their available money by aggregating planned spend over three years into a single pool of resource that can be used as needed.  Taking the same example as above, that £500,000 IT budget could be aggregated over a three year agreement to give £1,500,000 - and through a suitable finance agreement, all that money can be made available as of day one to the SMB for use against IT spend.

Obviously, the SMB will still need to plan for keeping the lights on over the three year period.  However, it should be able to put in place better processes around purchasing ITC equipment; it may be able to negotiate better deals on pricing; a more standardised and modern platform should lead to savings in managing the platform and in its energy usage.

Assuming that making changes to how ITC is purchased and managed drives down the keep the lights on costs to 60%, then £600,000 is now available for ITC project investment - an increase that could make all the difference between an SMB managing by struggling along and reacting to ITC events and an SMB that is more optimally supported by its ITC platform and is better suited to compete in today's market conditions.

ITC financing can make a massive difference to organisations that are looking to gain better control over future spend and also in controlling its ITC platforms.  The key is to make sure that the partner chosen to provide the financing agreement has a track record in this kind of work - banks will often require a legal financial hold against business assets, which could include the business premises and other assets, whereas a good ITC finance organisation will only have a hold against the equipment purchased through the agreement.

Quocirca has written a report on the subject that is freely downloadable here.