Getting to grips with BYOD

Embrace device diversity, but manage applications and data
May 2014

Since mobile devices have proliferated as consumer gadgets as well as business tools, individuals are not only more comfortable with technology, they have their own preferences and want to make their own choices for work as well as at home. This ‘bring your own device’ (BYOD) idea started with mobile phones, especially once smartphones became widespread, but has also been quickly embraced for other devices, in particular tablets and, to a lesser extent, notebooks, laptops and PCs. This brings an enormous management headache for organisations, but the smart move is to recognise that the device is ultimately far less important than the applications it runs and the data it has access to. This is where attention needs to be focussed to ensure the most important enterprise assets are properly protected and secured.

Rob Bamforth Quocirca Ltd Tel : +44 7802 175796 Email: Rob.Bamforth@Quocirca.com

Clive Longbottom Quocirca Ltd Tel: +44 118 948 3360 Email: Clive.Longbottom@Quocirca.com

Copyright Quocirca © 2014

Executive Summary

Getting to grips with BYOD
Embrace device diversity, but manage applications and data
Allowing a few privileged employees to bring their own devices and use them for work purposes (or being compelled to allow it by a senior executive) is one thing, but trying to stop the tide of everyone wanting to do it is quite another. The problem is that, for many organisations, there is no longer the option of saying ‘no’, despite any understandable and legitimate fe ars about the risks. This need not be a problem, providing the challenges are properly addressed and focus is applied to what really matters – data. This report investigates the impact that BYOD is having and what organisations are doing to cope. It is based on interviews with 700 IT decision makers across 11 European countries in mid-size and large enterprises.

Consumer attitudes infiltrate the enterprise Smartphones and tablets – similar or different? Securing the hardware

BYOD mi ght have been the most vi sible trend relating to the decentralisation of decisions over the l a st few yea rs, but i t i s by no means the only exa mple of consumerisation of IT (wi th cloud s ervi ces, s ocial media a nd mobile a pps a lso ha ving a bi g i mpact) a nd a s hift i n technology deci sion-making towards the needs of the business and individual users. CIOs and IT managers s hould not s ee this a s a threat to be resisted, but to be understood and embraced wi th a more s el ecti ve a nd pri ori ti s ed a pproa ch to ma na gi ng the core va l ues a nd benefi ts of IT. Mobi le phones, even a s they beca me s marter, ha ve been ma naged di fferently to other computers due to requiring contracts a nd often being subsidised by operators. In many cases they ha ve only recently moved from being managed by facilities or telephony contract managers to IT, whereas ta blets always appeared more like tra ditional IT devi ces. However, l ogically, they ha ve a similar i mpact on IT management, yet all too often IT still views them differently – this needs to cha nge. Sys tems tha t a ccess corpora te IT res ources, whether owned by the employee or the orga nisation, need to ha ve s ome l evel of control a pplied to them i n order to protect the orga nisation’s assets. However, ca re must be ta ken a s devices a re ra rely ever going to be used excl usively for one purpose in future. Mobile devi ce management (MDM) must be discerning a nd discreet, but integrated wi th other mobi l e a nd s ys tems ma na gement s o not discrete. Mos t compa nies recognise the need to extend thei r mobility control s to i ncl ude mobile a pplication management (MAM) but, as yet, this is often disjointed and as many as one in five compa nies ha ve not even hea rd of MAM. Ta ki ng the next s tep towa rds s a ndboxing, conta inerisation or dual persona to s eparate work and personal a pplication usage is s till i n very ea rl y stages, but there appears to be an a ppetite to move in this direction, as banning or limiting the us e of pers ona l a pps i s a non -s ta rter. Enterprise data, a nd the context wi thin which i t is being accessed, i s one of the most important el ements of s ecuring a nd ma naging mobility a nd the one most l ikely to be keeping IT managers a wa ke a t ni ght. Ma nagement of da ta a ccess i s pa tchy, wi th jus t over ha lf havi ng data leak prevention (DLP) tools in place a nd over two thirds allowing data to be stored in cloud stores. Over a qua rter use encryption, but only 11% s tore data i n s eparate containers on BYO devi ces . A more precise a pproach to ma naging what i s important would benefit the organisation and mi nimise the impact on end users, who would still have freedom to choose and use their own a pplications. The orga nisation would a lso be s afe i n the knowledge tha t i ts a ssets a re more s ecure. This requires a more discriminating a pproach to IT s ecurity a nd a better understanding of wha t i s important from a business perspective, but this woul d do IT no ha rm wha ts oever.

Determining the software

Focus on data

Containing specific assets of value

Conclusions
Des pite all the hype, most organisations are s till at the early stages of dealing with BYOD and mobility i n general. However, their empl oyees a nd customers are already very fa mi liar wi th the benefits of using their preferred i tems of technology – from hardware devi ces, through applications to cloud storage a nd servi ces. There is no simple way to deal with BYOD. It will not be limited to certain empl oyees or devices and will spread to encompass new technologies, from wearables to other ga dgets in due course. Organisations need to embrace the diversity of devices and focus on managing their core assets, not the networks and tools that access them, which wi l l , i ncrea s i ngl y, be outs i de thei r di rect s phere of i nfl uence.

© Quocirca 2014

-2-

BYOD – the unstoppable tide?
The idea of circumventing traditional IT management to get something done faster (or cheaper) has been around for decades – departments buying PCs or their own peripherals like printers or scanners etc. However, these purchases would typically be used exclusively for work purposes. What is different now, with the growing bring your own device (BYOD) trend, is that what is being brought is consumer devices used for personal and work activities. Hardware is only part of the problem; the bigger challenge is what is done with it – what applications are run and what data do they access? This is especially relevant as these devices are predominantly mobile and connected to open or public networks by one or more different radio networks , in particular cellular and Wi -Fi. No wonder organisations are concerned (Figure 1). There is still an attempt to prevent, or at least limit, the spread of BYOD by narrowing the circumstances of permission, but with senior management being supported in many organisations, those further down the structure might expect to be permitted too. In fact over half of employees would just go ahead even if personal devices were banned 1 . Organisations have a choice; they can continue to try to ignore or prevent what is happening and risk being seen as obstructive, leaving employees trying to subvert or work around the rules, or they can support and encourage user choice, perhaps with policies and specific terms. Throughout this report we will refer to the former as ‘deniers’ with their responses shown in red in Figure 1 and the latter as ‘embracers’ with their responses shown in blue. The primary driver for BYOD is choice, not ownership, and, for many, choice alone will suffice (Figure 2). Few organisations are ready to have a complete free for all, but with guidance they can allow employees to follow their preferences. The issue of who owns or buys the device i s important, but generally secondary to obtaining a favourite, at least as far as the individual is concerned. The challenge for the organisation is how much can it can control or limit the choice to make management and support as straightforward as possi ble without alienating users. Encouragement can be offered to ‘guide’ users in a particular direction, for example offering incentives to choose devices favoured by the organisation. IT managers should not try to characterise this challenge of managing employee expectations as ‘herding cats’, but ‘luring’ or ‘coercing’ them.

© Quocirca 2014

-3-

Organisations and their IT management need to accept that BYOD is a reality and will only continue to increase as mobile technologies evolve. Employees have had mobile phones for some time, but not until phones became smarter, consumer-oriented computing devices, did the issue of bringing-your-own for work become a major issue. Attempting to restrict employees or hold back the tide will only prove to be futile. There was a cross-over when the cost of smartphones and their contracts dropped to the point where it could reasonably be considered as a consumer purchase, and that new and more appealing devices would appear before the end of the contract, creating pent up demand for the latest device. Consumers move qui ckly to get the latest device of their choosing, and typically much faster than their employer’s purchasing function. All of a sudden it seemed like the technology used for business had, for the first time, fallen behind that used by consumers. It was no longer just personal preference, but perceived as ‘better’. This process has continued with other devices such as tablets, not necessarily related to network contracts . These offer similar capability for enterprise applications to running on traditional IT – desktops and laptops – but with the casual and informal user experience of tablets. Most tablets are still not supplied with cellular networks, and rely on Wi-Fi connectivity, so should they be treated the same as smartphones or not? The opinions of those who have embraced BYOD differ significantly from those who have not (Figure 3). The overly high concerns with tablets amongst deniers indicates that, while smartphones share a lot in common with tablets and are even more likely to be connected while mobile, it is the tablet that is predominantly causing their negative feelings towards BYOD. This could mean that deniers are lax with their management of smartphones. Conversely, embracers see smartphones and tablets as similar, and are most likely thinking of more sophisticated approaches for managing them. Opinions about the future also indicate a more casual attitude among deniers, in thinking that the status quo will remain or that matters will simplify (Figure 4). They will likely find that reality is very different, with the mobile landscape undergoing significant change and innovation. The embracers, who already anticipate change and are putting in place more flexible approaches for managing mobile fleets, are better prepared. It is now time to accept the reality of BYOD and work out how to manage what is most valuable to the organisation – its data.

© Quocirca 2014

-4-

Security – the primary IT concern
BYOD is little different from many technology topics in that there will always be issues regar ding security. In the case of BYOD, information security is the top concern by far, but when secondary concerns are included, device security also scores highly (Figure 5). This highlights where the industry first focussed, with mobile device management (MDM) playing an important role in controlling the device itself. Device security has less significance with BYOD, as ownership of the device is in the hands of the user rather than the organisation. Concerns around ownership are reflected in the figures and, although not a top concern, once secondary considerations are expressed it is seen as more important. With BYOD, device loss or theft should be less of an issue as users tend to be more careful and responsible with their own devices or ones that they have personally selected. Putting tools in place to allow for secure use of user owned or chosen devices is clearly a trade-off between what, ideally, the organisation would like to enforce and what the individual will agree to or permit. When looking into the detail of what really concerns organisations, it is clear that few feel really confident that they have everything under control (Figure 6). Fewer than one in five manage with existing tools and, for the rest, there is an escalating level of concern. A few are slightly more comfortable with existing approaches to manage device security, but what really keeps a quarter of those interviewed awake at night is the security of their organisation’s information and data. However, the element of hardware control should not be ignored and, even with corporate deployed mobile devices , there is a need to exert control over the device, just in case it is lost or stolen or if the legitimate user has accidently or deliberately changed certain settings and made the device more vulnerable. In the case of BYOD, this is even more likely – it is after all their own device and may also be passed around for other family members to use, potentially with disastrous consequences for the organisation. Organisations do, at a minimum, need to use some form of overarching MDM controls as a base for then applying more precise control over applications and data.

© Quocirca 2014

-5-

The fundamentals of MDM have fairly widespread understanding, thanks in part to the success of BlackBerr y and the features of the BlackBerry Enterprise Server (BES). While struggling now, BlackBerry set the early standard for enterprise mobile management, much of which has been picked up by software tools vendors, as most enterprises have moved to a more open, multi-vendor world. The main attributes required of MDM tools are to be able to remotely wipe and lock the device, typically on the occasion that it has been lost or stolen (Figure 7). This also tallies with the overall need to spot when a device connects to the network. The provisioning of a base environment across a set of devices is a reasonable requirement for those being deployed by the organisation, but is less likely to be useful in a BYOD scenario. Similarly, quarantining an entire personal device will only antagonise users. A lowly scoring for interest in the need to be able to create containers (something that might prove a useful way to isolate work from personal on a BYO device) indicates that much of the thinking is still about keeping complete control of the device, even if it is not owned by the organisation. MDM tools are, for many organisations, becoming a standard requirement for overall IT management, but, surprisingly, about a quarter say that whilst aware of MDM, they do not currently use anything (Figure 8). Perhaps more worryingly, over 5% had not even heard of MDM. This smacks of trying to ignore the issue of mobility in the forlorn hope that it will disappear. Thankfully, many more have a more sensible attitude and either us e MDM-specific tools or have the required capabilities within general management tools. A significant lack of integration of MDM tools with other systems management tools among MDM users, and the high percentage of only basic mobile management functionality with those using existing tools, highlights that this is still a relatively young and immature market. The last few years has seen a degree of consolidation among the vendors of mobile management products. Acquisitions by established mainstream IT suppliers should lead to further product maturity, which will feed into the market over time. The even more promising development is that this will inevitably bring forward the integration of other useful management capabilities, relating to applications and data, into mobile management platforms.

© Quocirca 2014

-6-

The impact of the rise of the ‘app’
It is fair to say that mobile and remote access to enterprise applications from laptops or home PCs has not really stretched IT management too much as the vast majority of these systems will have historically been Windows-based, just like the desktops managed in the office. Providing a secured connection can be put in place over whatever network is being used and the remote or mobile user is authenticated, it becomes little different from work in the office as long as the local storage media is reasonably secure from theft or backed up in case of damage. Multi-factor authentication has been a key staple of secure remote connections for many years and works well in conjunction with virtual private networks (VPN), which first came into widespread use in the 1990s as a way to connect over open networks and avoid the cost of leased or dedicated lines. It is a natural first step to apply the same principles and tools to secure other mobile devices and, given the low impact on the mobile platform, these tools also work well in a BYOD context, but are only moderately used by around a half of organisations (Figure 9). Rather more disappointing is the low use of encryption of data at rest and containerisation, both of which could be used selectively to secure and manage corporate data on personal devices, leaving the user ’s own data untouched. These attitudes, based on an extension of ‘old fashioned’ mobility of laptops, have influenced the mechanisms put in place as access to enterprise applications has extended to smartphones and tablets. Using a remote extension to a standard application interface is the top preferred method of providing mobile access to enterprise applications, although one in five want to ban mobile access to enterprise applications altogether – presumably wanting to limit mobile to communications applications like email , calendars and contacts. How little things appear to have moved on for some since the emergence of the BlackBerry (Figure 10). With almost a quarter looking to limit their support of mobile access to enterprise applications to a subset of devices, it is clear that the ‘BYOD means users might use any device’ message has either not been clearly received or is again being ignored in an attempt to resist reality.

© Quocirca 2014

-7-

The more proactive approach of designing specific apps for the mobile user finds some favour, although the preference for native applications for each platform over the more universal use of multi -platform technologies, such as HTML5, will cause problems as devices continue to evolve and diversify and as BYOD evolves. As with MDM, there is a split in the area of mobile application management (MAM) between those using tools that have been designed specifically for the purpose of MAM and those using application management capabilities in existing system management tools (Figure 11). While a few are making use of capabilities already in existing tools to help manage applications, the vast majority only have basic capabilities. Also there are fewer using MAM tools than MDM, and most of the MAM usage is not integrated with existing application management tools. Unfortunately, there are a large number not using anything at all and, of these, more worrying is that almost a quarter have not heard of mobile application management. When asked what might be useful feature requirements for MAM tools, there were no clear leaders, although there appeared to be a reasonable recognition of the need to separate private and business-owned data, despite a lack of appetite for containerisation, which was the lowest ranked feature here and elsewhere in the survey (Figure 12). It is highly likely that the concept of containerisation has not previously been well explained or widely understood, as this is an excellent way to provide the kind of separation that appears to be desired.

© Quocirca 2014

-8-

This is borne out when looking into the detail of the use of containerisation. Few are actively using, and around a third are only piloting or actively inves tigating its usage (Figure 13). Beyond this, the majority of the remainder are not aware of containerisation and those that are have never considered its use. As BYOD continues to grow and spread, both down from senior executives and managers and across the organisation, the challenges of managing and allowing for the separation of personal and work elements will only increase. Containerisation is one area of mobile management many more should investigate. Beyond enterprise applications, the strong emphasis on mobile application development and supportive consumer channels to market encouraged by the mobile ecosystem leaders, especially Apple and Google, has produced a huge number of applications. While much of it is aimed at the consumer, with entertainment, games and ephemeral ‘iTat’, there are also useful applications for business users . The downloading and use of such applications is another important aspect of consumerisation Few such apps could be regarded as critical, but many offer useful information or support for mobile users. Enterprise attitudes to these types of applications is, however, rather unforgiving, with many not allowing their use, often insisting on the use of applications from corporate app stores only (Figure 14). This is not necessarily a problem, but a better approach is to have a defined list of acceptable apps and work with users to manage that list to ensure that useful apps are permitted, but checked to ensure they do not compromise security.

© Quocirca 2014

-9-

Data context and discrimination
Controlling the usage and flow of data woul d seem even more useful than managing devices or applications, especially in a world where unknown numbers of users will be bringing their own devices. However, most organisations are typically drawn to managing things they can readily identify, hence the emphasis on devices and users, and struggle once matters become a little less tangible. It is fair to say that a comprehensive understanding of the varying value of different elements of data is rarely at the top of the agenda. Store it, back it up, keep it secure are the main priorities. This was all well and good when all data sat safely inside a traditional IT perimeter delimited by firewalls, but changed as mobile working took data out into the open and leaked further outside of the IT comfort zone with BYOD. Today, however, the focus is still on barriers controlling leakage and loss with Data Loss Prevention (DLP) being used more than Digital Rights Management (DRM) (Figure 15). Given that data security is the issue most likely to be keeping respondents awake at night (Figure 6), it might reasonably be expected that this would be an area where controls are being rigorously applied, but still a significant number have deployed neither DLP nor DRM. Looking at how and where data is permitted to be stored with BYOD reveals that very few companies have taken full control of the situation (Figure 16). Many are avoiding the problem; a worrying percentage are not managing data at all, and over a quarter are dodging the issue by not allowing data to be stored on the devices at all. Unless they have deployed appropriate tools, they have no way to enforce this anyway. Only around one in ten have deployed a container-based approach to create separated silos for corporate data no matter what device it might be on; of these only a small percentage have used encryption. This is slightly at odds with Figure 13, where many claimed to be trialling containerisation – they are clearly at early stages in the trials. There are challenges with the use and licensing of corporate containers on personally-owned devices, and these need to be addressed. Data is more routinely encrypted when stored in the open within the device’s own filing system, but still over half of the companies storing data this way use no encryption.

© Quocirca 2014

- 10 -

With increasing use of cloud-based storage services, especially for personal use, BYO devices bring further challenges for controlling the flow of corporate information. Over a fifth of companies say they do not permit BYOD access to corporate documents, but the majority do allow some access to such documents from either corporate or consumer versions of cloud storage services (Figure 17). Most try to limit this to basic documents, where hopefully this means documents that are of use to the general running of the business or employee efficiency, but are not critical, secure or private. Discriminating between different levels of security for different documents is important, but it must be kept consistent and well communicated so that everyone understands their responsibilities and it is enforced with appropriate tools. DRM and DLP go hand in hand with policies aimed at managing the use of public cloud storage. This type of information discrimination should ideally go much further and take notice of the context surrounding the potential use of data. This means a deeper understanding of who, how, and where in relation to remote access to corporate information. Many companies seem to be fully aware of the basics of what is required – identifying the user and controlling flow to the device itself – but some of the more subtle, yet potentially vital, elements of context are not deemed as important i.e. location, information classification and employee role (Figure 18). Doing so may currently be regarded as intrusive, but given that BYOD brings a higher level of choice, and therefore openness, which will only increase as devices continue to evolve and more employees expec t freedom of choice, the need to be mor e precise with controls will also increase. This is no longer about blanket approaches to security by the creation and enforcement of perimeter walls and fences, but a much mor e pinpoint and targeted protection of things of value to the organisation. This precision, or ‘smart security’, requires better intelligence in order to be fully effective.

© Quocirca 2014

- 11 -

Conclusions
The old certainties are disappearing in the IT world. The old world of a comfortable and steady set of vendors, decisions made on technical capabilities, users happy with what was provided and all wrapped inside a controlled and secured perimeter has gone. The reality is that things were never that simple, but sometimes they could be treated that way as it made life easier. Now, users want to make their own choices because, as consumers, they are aware and comfortable with IT and they feel that the organisation’s own IT offering is often behind the curve. This may often be true and it not only impacts on users, it impacts on the business. Too often in its relationship with the business, IT is seen as a cost, difficult, and making seemingly arbitrary decisions – the ‘blockage in the end office’. It does not need to be this way. BYOD might have brought many issues, especially those regarding security, to the fore, but all it really does is highlight the need to be a little more precise in the way in which corporate digital assets are managed, protected and used. It is highly unlikely that the trend towards user choice and BYOD will reverse and, if anything, it has already spread to individuals making even more of their personal choices around applications, cloud services and how they like to be identified. BYO does not stop at devices. Those companies that understand and embrace this trend, and take the necessary steps to manage it with precision, will reap the benefits. They already have a less stressful attitude to security, without being complacent (Figures 19 and 20). Accepting that it is inevitable and managing it on your own terms is the best way to deal with change. BYOD is just a current phase in the constant evolution of IT towards a more open, distributed and highly diverse collection of digital assets. The key for those tasked with managing IT for their organisation is to work out which digital assets they need to focus most of their attention on, and which they do not.

Reference 1. Fortinet Internet Security Census - October 2013

© Quocirca 2014

- 12 -

How to move from being a ‘denier’ to an ‘embracer’
Don’t be surprised if this year’s gadgets for geeks become next year’s employee tools You might not want to bring a wearable fitness device and link the alerts to the mobile phone you use for work, but someone will and, if not this year, then next year. Some of these new devices may turn out to be short-lived fads, but for a while they will be important to someone. Adopting an open and completely flexible approach to devices, a broadly tolerant approach to managing applications and an infor med and discriminating approach to data will allow for adaptation as technology evolves. Smartphones are not just phones with extras and tablets are not toys Both are powerful computing devices with advanced connectivity. Their screen size may differ, but that is unlikely to stop them being used for the same sorts of applications. Sure, writing a document is easier on a laptop than tablet and much harder than either on a smartphone, but not impossible on any of them. Treat all connected, applicationcapable devices as logically the same, and fit policies to how they are used and not what they look like. Get users involved from the outset – make sure it’s the full mix of job roles Even among companies that buy into BYOD there is an assumption that it should only apply to certain roles. Often part of the attempt to hold back the BYOD tide is to try to limit it to senior executives and only then grudgingly allow knowledge workers into the fold. The reality, once it is understood, that BYOD should encompass all device types is that it should also encompass all elements of the workforce. There may need to be different policies for different groups of employees, but an overarching BYOD strategy needs to cover all. Drop the pretence about money – BYOD is not about savings There is little point expecting BYOD to be all about cost savings, at least for IT. There may be some purchasing costs avoided and perhaps an increase in user self-support, but this will probably be outweighed by the need to develop more precise and sophisticated policies, invest in management tools, deal with contract tariff costs and increase user training. There may be savings elsewhere in the business from knock-on benefits; perhaps in recruitment or productivity or an improvement in employee morale. By getting closer to the business, the IT function can better understand these wider benefits to the business and perhaps try to quantify them as part o f the appraisal of the value of the BYOD strategy adopted. All bytes are not all equal – determine the difference in data value and vulnerability A big element of opening up IT to allow employees to bring, use and connect their own devices to corporate networks and data is that there has to be greater sensitivity to what is appropriate use of particular data and information. First it is necessary to understand the value and risk to the business of specific bits of data, and apply policies around its use. With mobile use comes a greater degree of context awareness at the moment of access – where is the device, what sort of network is it connecting across, can the user be verified? – that allows for policies to be created with more discrimination as to what is permitted when, where, how and by whom. There is always ‘an app for that’ – help users discriminate between good and bad Part of the reason why personal choice of devices is so important is the range of applications that each platform makes available and the individual’s favoured portfolio of their preferred apps. However, not all platforms are equally secure, some attract more predatory malware and there are always different choices for applications that perform a similar purpose. Consumer app stores have some rating and review information and some form of similar information and controls would be welcome in a corporate app store. For many, work/life separation no longer exists naturally so needs some artificial support Most employees would be willing to keep elements of work and personal life separate on their chosen devices, with the proviso that it must be easy to work effectively and not get in the way of personal usage. Segregation, containers, personas and virtual platforms or sandboxes are becoming more widely available and offer the combination of individual choice and organisational asset control that best meets the broader needs of mobile enterprise management. These approaches are all worth exploring further.

© Quocirca 2014

- 13 -

BYOD index by country and vertical market
The idea of this survey was to gauge the respondent’s , and their organisation’s , attitude around the concept of bring your own device (BYOD) and the security of the hardware, applications and software concerned . The research was conducted with 700 telephone interviews of those responsible for information and data security in their respective organisation, across several European countries and regions (comprised of neighbouring countries) to aid analysis and understanding. Thus the Nordics includes 25 interviews each from Denmark, Sweden, Norway and Finland; DCH comprises 75 from Germany and 25 from Switzerland; Benelux 50 from each of Belgium and the Netherlands; Iberia 75 from Spain and 25 from Portugal. There were also a total of 100 interviews each in UK, France and Italy. In order to allow for analysis of how the BYOD trend will develop, a repeatable system of scoring the questions i n the survey has been developed. This will provide a measurable baseline score covering the maturity of BYOD adoption and related views on security, with 4 major sub-indices and an overall rolled-up index. The results are shown in Figures 21 and 22, with a breakdown by region and vertical market. The numbers are generated from weighting the answers in the survey to generate an overall picture, and a higher number on the index indicates a greater level of acceptance or interest in the issue.

© Quocirca 2014

- 14 -

Demographic splits of interviewees

About Oracle
With more than 390,000 customers - including 100 of the Fortune 100 - and with deployments across a wide variety of industries in more than 145 countries around the globe, Oracle offers an optimised and fully integrated stack of business hardware and software systems. Oracle engineers hardware and software to work together in the cloud and in the data centre - from servers and storage, to database and middleware, through applications. Oracle systems:  Provide better performance, reliability, security, and flexibility  Lower the cost and complexity of IT implementation and management  Deliver greater productivity, agility, and better business intelligence For customers needing modular solutions, Oracle's open architecture and multiple operating-system options also give customers unmatched benefits from best-of-breed products in every layer of the stack, allowing them to build the best infrastructure for their enterprise.

REPORT NOTE: This report has been written independently by Quocirca Ltd to provide an overview of the issues facing organisations seeking to maximise the effectiveness of today’s dynamic workforce. The report draws on Quocirca’s extensive knowledge of the technology and business arenas, and provides advice on the approach that organisations should take to create a more effective and efficient environment for future growth.

About Quocirca
Quocirca is a primary research and analysis company specialising in the business impact of information technology and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth insights into the views of buyers and influencers in large, mid-sized and small organisations. Its analyst team is made up of real-world practitioners with first-hand experience of ITC delivery who continuously research and track the industry and its real usage in the markets. Through researching perceptions, Quocirca uncovers the real hurdles to technology adoption – the personal and political aspects of an organisation’s environment and the pressures of the need for demonstrable business value in any implementation. This capability to uncover and report back on the end-user perceptions in the market enables Quocirca to provide advice on the realities of technology adoption, not the promises.

Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC has the ability to transform businesses and the processes that drive them, bu t often fails to do so. Quocirca’s mission is to help organisations improve their success rate in process enablement through better levels of understanding and the adoption of the correct technologies at the correct time. Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of long term investment trends, providing invaluable information for the whole of the ITC community. Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that ITC holds for business. Quocirca’s clients include Oracle, IBM, CA, O2, T -Mobile, HP, Xerox, Ricoh and Symantec, along with other large and medium sized vendors, service providers and more specialist firms. Details of Quocirca’s work and the services it offers can be found at http://www.quocirca.com Disclaimer: This report has been written independently by Quocirca Ltd. During the preparation of this report, Quocirca may have used a number of sources for the information and views provided. Although Quocirca has attempted wherever possible to validate the informati on received from each vendor, Quocirca cannot be held responsible for any errors in information received in this manner. Although Quocirca has taken what steps it can to ensure that the information provided in this report is true and reflects real market conditions, Quocirca cannot take any responsibility for the ultimate reliability of the details presented. Therefore, Quocirca expressly disclaims all warranties and claims as to the validity of the data presented here, including any and all consequential losses incurred by any organisation or individual taki ng any action based on such data and advice. All brand and product names are recognised and acknowledged as trademarks or service marks of their respective holders.

Sign up to vote on this title
UsefulNot useful