Three recent trends in communications technologies – network convergence,
social media and consumerisation – have on the surface appeared to be about
simplification, but they have actually made life more complicated for some.

Convergence takes all of the silos of proprietary telecoms functions –
voice and data, fixed and mobile – and blends them together around a single
common set of universal open protocols borne out of the IT industry and the
internet. All services are becoming combined and unified.

It sounds simple in principle, but all these proprietary technologies
existed for a reason – commercial control – so the reality is that many
vested interests need to be dragged sometimes kicking and screaming into
line. The fallout has been the emergence of dominant vendors like Apple,
Google and Amazon from the IT world and some casualties in the telecoms
industry, perhaps most notably Nortel, but also the significant weakening
of giants like Motorola and Nokia.

While the economies of scale achieved through the unification and
convergence on common standards are evident in the massive boosts in
performance and reductions in the cost of sending data anywhere on the
planet, it is not without other challenges.

Converged networks can struggle to deliver differentiated and predictable
performance for services that need it. While common protocols mean that all
traffic looks the same, different needs mean it should not all be treated
the same. Network neutrality is a worthy aspiration for equality of access
to technology, but it is not adequate for the deterministic transport of
packets of data.

What of social media? It democratizes the provision and supply of content.
Anyone, anywhere can be a citizen journalist, organise an uprising or share
pictures of funny looking cats with an army of friends, followers or
like-minded ‘individuals’. The opinions and wisdom of the crowd has never
been more accessible, but the signal-to-noise ratio has dramatically
worsened. Finding relevant, accurate and accredited information is getting
harder even for those organizations with the power to search ‘big data’,
let alone for individuals.

As for consumerisation (in particular the use of mobile devices) this means
that the same tools are available and usable for business or personal
activities – the work/life division is completely blurred. Many individuals
find this liberating, but those tasked with managing services, costs and
security in organizations consider it a nightmare.

Many of the historical barriers – between work and home life, between
network services, between friends – might have seemed arbitrary and often
opaque, but they provided some control and resistance to anarchy. Without
some elements of structure and separation, systems become error prone,
difficult to test properly, impossible to identify root causes – in short,
unreliable and insecure.

Many will suggest this is not a problem; this ‘hyperconnectivity’ (a term
once promoted by the now absent Nortel) is the natural evolution of
technology and its total adoption is vital for employing the digital
generation. This smacks of an abdication of responsibility by those who
suggest a ‘do nothing’ approach.

There are others, who will argue, like King Canute, that these changes
should be stopped, the clock turned back, the genie squeezed back into the
bottle. They ban social media in the office, ignore the appearance of
tablets and impose departmental firewalls to keep telecoms, office
facilities and IT functions apart. This is not a realistic approach for
businesses either.

Effective solutions need to emerge not for imposing total control, but
applying coordination – herding cats – keeping data safe, not behind
firewalls, but in ‘bubbles’ and protecting business processes in virtual
pathways. This co-ordination has to be built not around the vested interests
of suppliers, but about the needs of end users – business, social and
personal processes.

The barriers of old have crumbled and been torn down, but without some
shape and definition the revolutions that led to their destruction will
lead only to inefficiency and insecurity. Business processes no longer need
top down re-engineering, they need to be rebuilt from the bottom up from
their constituent tasks, virtualized and properly co-ordinated. Otherwise
these communication trends may not have created democracy, but anarchy.

Rob Bamforth, Principal Analyst, Communication, Collaboration and
Convergence, Quocirca

New Quocirca research – sponsored by on-demand software code security specialist Veracode – underlines a problem faced by financial services organisations when it comes to security and compliance; they track around twice as many critical software applications as other organisations.
 
This is not just an issue when it comes to ensuring that all the code of all their commercially acquired and in-house developed software is secure (as a new Quocirca report to be published in early 2012 will discuss); it is also an issue when it comes to monitoring and restricting access to all those applications.
 
There is more for banks to worry about than their own employees. A previous Quocirca research report ("The Distributed Business Index", sponsored by network acceleration vendor Riverbed) showed that banks are more likely than other organisations to make their applications accessible to outsiders, namely contractors, partners, suppliers and customers.
 
Providing access to so many applications for such a broad range of users is of course a big security headache. However, it is also a compliance issue. The financial services industry is heavily regulated, with national, EU and global watchdogs keeping an eye on them. Compliance often means proving who has been doing what; some are specific about this. For example, PCI DSS v2.0 Requirement 8 states that organisations that handle payment card data should “assign a unique ID to each person with computer access” and “ensure that each individual is uniquely accountable for his or her actions”.
 
Achieving this requires a way to centrally manage identities and associate a single identity with all a user’s actions, whatever the systems and applications they are accessing. How these issues affect financial services organisation i is a subject of a webinar Quocirca is speaking at on Dec 7th in conjunction with Centrify (an identify management specialist).
 
To find out more and register for the webinar, click here.
 
Bob Tarzey, Analyst and Director, Quocirca

The global reach of the internet and access to billions of potential customers via their desks, laps and pockets through an abundance of communications methods from social media to email on a myriad of devices is a fine thing. The fundamental question remains, is the right person actually listening to the right message at the right time and in the right place to be able to make the right response?

The Martini-esque mantra coined by Sun Microsystems in the 1990s – anyone, anytime, anywhere on anything – was great for touting the need for a universal infrastructure. But that is just the open network plumbing that connects everything together and without some intelligence layered above it, all the universal network can do is raise the level of noise.

For first movers this is not necessarily a problem. Those quick-witted organizations who get in early to a new domain can often exploit it sufficiently before it gets too crowded and the dynamics change. Then when well-structured heavyweights get involved, consolidation kicks in, dominant players emerge making it harder and harder for new entrants to get a toehold. Witness the high street and Tesco, e-commerce and Amazon, social networking and Facebook, tablets and Apple.

Sometimes in the technology world it is slow-moving incumbents that take over, but often it is the fleet of foot, who were not necessarily first to market, but are first to volume. Market momentum, like Newtonian momentum, is about velocity – speed and direction – as well as size or mass.

So what about the majority of ‘wannabe’ suppliers who then become followers, can they ever hope to get their message out?

Sure any supplier can make a marketing push to set up Facebook pages, tweet on Twitter, have downloadable mobile apps and pay for search engine optimization on the web, but for all their digital SHOUTING, are they actually taking time to listen to their prospects and customers?

One way to get ahead in the game, even of those who currently dominate, is to use all the information available and listen carefully to user requirements, build relevant market intelligence and so outsmart the incumbents. Just as good salespeople pay more attention to listening and understanding rather than simply speaking, so good marketing, even in a highly connected digital age, depends on good listening. This is the key to businesses engaging in the current social networking boom – how much information can be collected, analysed and understood, rather than how much can be pumped out.

Unlike traditional channels that are more oriented to public one-way communications with perhaps only a ‘call to action’ response, today’s highest profile digital channels - social media, video, mobile - are personal and bi-directional or virally shared. They are also highly treasured and far more sensitive to abuse.

The negative reactions seen with the explosion of spam in email, pales in comparison to the feelings stoked up by misuse of these highly personal contact points. Even a service provider’s attempts at change can be viewed by the digital society as negative – e.g. Facebook’s continual tinkering with privacy settings – and so much so that they can cause significant and rapid uprising among highly connected and vocal users.

Businesses need to tread carefully and keep within the evolving online etiquette and mores as they develop their social media strategies. Most importantly they should remember the ‘two ears and one mouth’ sales mantra to listen carefully, build understanding and then reflect that back into the marketplace. Social networking brings many opportunities for businesses to build relationships with their customers and prospects, but these will need care and attention to avoid being seen as intrusive. For a more detailed exploration of the business use of social media, download Quocirca’s free report, “Community, Connection, Conversation or Channel”

Rob Bamforth, Principal Analyst, Communication, Collaboration and Convergence, Quocirca

Two recent events with rather different audiences reveal that not everyone is convinced that the benefits of technology adoption will be evenly shared. In particular, what was highlighted were some disconnects between organisational gain and personal risk.

At a gathering of senior IT executives at a CBR dining club dinner sponsored by Riverbed and Dimension Data, a number of CIOs voiced their thoughts regarding the IT industry’s current apparently all-enveloping rising star – ‘cloud’. While there was widespread appreciation of the possibilities and potential for the deployment of IT resources into the cloud, there were some significant reservations about the reality.

Vendors and service providers have been keen to promote the benefits of cloud, but they need to appreciate how implementation will affect their customers, in particular one part of the decision making process; the CIO, IT director or individual IT manager most directly responsible. This is the person that gets it in the neck when something goes wrong – irrespective of who in the external cloud ecosystem is really to blame.

The selling job elsewhere in the organisation is slightly less daunting. Those involved directly on the financial side recognise the cost savings of pushing (human and/or IT asset) resource demands into a virtual infrastructure provider, especially if they can cut precious capital expenditure at a time when borrowing is difficult. Many users recognise the flexibility of ‘on demand’ access to IT, storage and services especially while on the move. Mobile and remote access, fuelled by consumer behaviours and social media have become a regular expectation and a perceived necessity.

However, IT managers, whose jobs depend on the reliability, fidelity and robustness of the services being delivered, see risk. And who can blame them when recent downtime and outages from what seemed unshakeable cloud service providers – Google, RIM, Amazon, Microsoft – demonstrate that even large and well planned IT systems can fail?

Quocirca regularly advocates the use of a total value proposition to understand the wider benefits and drawbacks of technology adoption. This goes beyond a simple RoI or TCO financial proposition, to encompass the less tangible positive and negative impact on the organisation, its competitive positioning, and crucially on the individual or individuals making a technology implementation decision. In this context the total value proposition also considers an element often missed out by those looking at technology change in an organisation – a “total liability proposition”, perhaps - to understand the potential negative consequences, as these weigh most heavily on those making the decision, as it is their neck on the line.

The second event indicated where a respectful approach to risk might emanate where other critical players in the value chain discussed where they might contribute and benefit from cloud adoption. This was a gathering of diverse telecoms companies and service providers at the NetEvents, Italy conference. Here the interest in cloud as potential new sources of revenue and enterprise influence was strong, but it was dosed with a heavy realisation that significant credibility would be at stake if something went wrong.

Telecoms providers, unlike some of the IT industry, have a healthy respect for Murphy’s Law (if something can go wrong, it will), in addition to the more famous ones that are attributed to the value and growth of Moore’s Law of transistor numbers doubling every eighteen months and Metcalfe’s Law of the increasing value of connectedness. They know that their survival is dependent on fundamental attributes that some vendors in the IT industry like to portray as differentiated marketing benefits, like security, availability, interoperability and predictability.

The telecoms industry’s measured approach and involvement in the blossoming cloud market is to be welcomed, and should over time start to allay the understandable fears of those within enterprise who are responsible for delivering IT services. As well as trusting them to provide resilient networks, CIOs and IT directors might look to their telecoms providers to supply computer power. Then maybe Sun Microsystems (and Oracle, through its acquisition) was right after all, the network really is the computer?

Rob Bamforth, Principal Analyst, Communication, Collaboration and Convergence, Quocirca

From recent briefings with a number of IT security vendors it would seem that most can now identify any new threat immediately and that at the same time none of them can. This contradiction is down to the “we can, they can’t” mantra that any vendor of any product is bound to use against its competitors. Of course, they can’t all be right; in fact, all who make such claims are wrong.

One thing most are right about is that relying on signatures of known malware to protect their customers has not been enough for a long time now. Signature-based recognition is still an important way to cut down the amount of malware moving around; better that spam-bearing emails are stopped in the cloud than at the desktop. However, many of the IT security threats that businesses face cannot be characterised by a simple digital signature.

Security vendors are also right when they identify one of the biggest risks to their customers as zero-day threats (i.e. new ones that have not been seen before and cannot therefore be recognised by existing signatures). Such threats are becoming more and more common as the tools for writing and distributing malware become more sophisticated. It is now possible to ensure every incidence of a new virus is different enough from its siblings to appear unique compared to any existing signature.

So IT security vendors are rightly focusing more and more on identifying and stopping previously unknown threats and coming up with increasingly clever ways of doing so; the IT security arms race continues apace. Where they overreach themselves is to claim they can spot any new threat. This was brought home to Quocirca recently when a new entrant to the IT security market made such a claim, but then said it has delayed its launch because the rise of WikiLeaks and LulzSec had led it to make further changes to its product. In other words, it has not foreseen some threats that customers may face.
 
No single IT security vendor can spot every existing threat and identify every new one. However, between them they are doing a pretty good job. None of us, businesses or consumers, can rely completely on a single security technology. Even if you believe you have catch-all anti-virus software on your PC, iPad or smartphone, it does not make sense to turn off security at your wireless router or decline spam and malware filtering services from your internet and/or email service provider.
 
Good IT security will always be about multiple layers of protection and using products from a variety of vendors. When well-managed, to ensure all known threat vectors are covered, using various security technologies will maximise the chance of recognising and stopping malware. But, even this is not enough. Other measures should also be in place.
 
For example, organisations should reconsider their security posture; a more open approach to business could mean less worry about protecting intellectual property. Educating employees about their responsibilities with regard to personally identifiable information (PII) and providing regular reminders about this is as important a part of ensuring compliance as any security technology. With IT and data security, belts and braces is the only approach. Beware the vendor who promises all.

Bob Tarzey, Analyst and Director, Quocirca