IDC FutureScape

IDC FutureScape: Worldwide Future of Trust 2021 Predictions

Frank Dickson Mark Child Rory Duncan Cathy Huang
Christopher Kissel Ryan O’Leary Ralf Helkenberg Christina Richmond
Craig Robinson Simon Piff Christopher Rodriguez Michael Suby
Martha Vazquez James Wester Marta Muñoz Méndez-Villamil

IDC FUTURESCAPE FIGURE

FIGURE 1

IDC FutureScape: Worldwide Future of Trust 2021 Top 10 Predictions

Note: Marker number refers only to the order the prediction appears in the document and does not indicate rank or importance,
unless otherwise noted in the Executive Summary.

Source: IDC, 2020

October 2020, IDC #US46912920

EXECUTIVE SUMMARY

In last year's security and trust predictions, the era of transformation was the prominent theme. That
theme is punctuated again in this year's predictions as COVID-19 exposed frailties in legacy
approaches (and thinking) and spurred organizations to recalibrate and accelerate their digital
transformations (DX). This is clearly evident in the security risks that the sudden and massive
migration to work-from-home (WFH) arrangements has highlighted and in the new normal of delivering
customer value under the construct of social distancing.

Distinctive in this year's predictions is heightened focus on what digital transformation will entail in how
security is conducted and how stakeholders' trust expectations are expanding from the notion of
merely securing data and assets to a telescoping responsibility in protecting employees, partners, and
customers and increasing business value through trust.

More concretely, ecosystem-rich, cross-technology platforms will become the principal source of
security capabilities. Rather than IT security teams stitching together capabilities from numerous
vendors and service providers (SPs) across multiple established and next-stage technologies,
platforms with expertise built-in will dissolve complexity and eliminate minimum-value/high-effort
security tasks so organizations can focus more on security serving strategic goals than managing the
endless effort of security.

In trust, organizations will be pulled by regulations and industry pressure to advance their
demonstrations of trustworthy. But not all organizations will solely be pulled. The more enlightened will
be fervent advocates of demonstrating trust, weave their advocacy into their organizational fabric,
expect the same of their strategic partners, and support and sponsor promising technologies that
institutionalize trust.

Within this document are IDC's top 10 predictions on the future of trust and advice to assist
organizations in navigating the changes ahead. Those predictions are:

 Prediction 1: By 2022, budgets for modern software-defined secure access solutions will
quadruple as flaws in legacy VPN remote access solutions are illuminated by the massive
work-from-home migration.
 Prediction 2: By 2023, to reduce security complexity faced by limited staff, 55% of enterprise
security investments will be on unified ecosystem and platform frameworks.
 Prediction 3: By 2024, two of the three largest public cloud providers will be among the top 5
largest managed security services providers following multiple multibillion-dollar acquisitions.
 Prediction 4: By 2025, 80% of chief trust officers will demand vendors to incorporate security
and risk capabilities to measure corporate trust including vendor relationships and employee
reputation.
 Prediction 5: By 2023, collective risk management requirements between primary and third
parties will force 50% of third-party risk and security service providers to employ advanced
analytic tools.
 Prediction 6: By 2023, privacy regulations in 50% of G20 countries will require that social
media providers provide the option to delete content and data about children under age 16 as
they become "of age."
 Prediction 7: By 2021, 40% of organizations will leverage employee productivity software to
monitor and improve the digital workflows of their full-time, work-from-home employees.

©2020 IDC #US46912920 2

  Prediction 8: By 2022, a consortium of healthcare, insurance providers, and technology
vendors will adopt a digital identity framework used for contact-tracing applications using
distributed ledger technologies.
 Prediction 9: By 2023, 42% of organizations will be held to regulatory certification that their AI-
and ML-based algorithmic systems are ethical (free of bias and discrimination) and
transparent.
 Prediction 10: By 2023, 35% of the largest organizations must demonstrate social
responsibility initiatives through internal structures and processes and publicly reporting the
results in financial statements.
This IDC study discusses the top 10 predictions for worldwide future of trust for 2021.

"Organizations' futures are built on trust and that is evident in IDC's top 10 future of trust predictions,"
according to Michael Suby, IDC research vice president, Security and Trust. He adds, "Leveraging
available security capabilities effectively, adhering to privacy and data protection regulations as a
general course of operations, and stringently following a governance model that extends to business
partners and suppliers will become integral to uplifting trust as a means of competitive differentiation."

IDC FUTURESCAPE PREDICTIONS

Summary of External Drivers

 Strategic innovation — Shaping the future enterprise today
 The next normal — Resilient business and operating models
 Intelligence everywhere — Data drives action
 Geopolitical risk — Societal and economic tensions escalate
 Digital platform — Ecosystems at scale
 Crisis of trust — Meeting rising expectations
 Digital divide — The imperative of connectivity

Predictions: Impact on Technology Buyers

Prediction 1: By 2022, Budgets for Modern Software-Defined Secure Access
Solutions Will Quadruple as Flaws in Legacy VPN Remote Access Solutions Are
Illuminated by the Massive Work-From-Home Migration
The pandemic-induced mass migration of workers from offices and onsite workplaces to home offices
aggravated an emerging pain point in the IT organization: secure remote access. The number of
remote users requiring secure access to business applications doubled, tripled, or more in March
2020. IDC surveys of IT decision makers show that attitudes toward remote work have shifted already,
with respondents expecting to maintain a higher percentage of the workforce as remote workers post-
COVID-19 compared with pre-COVID-19. On this trajectory, secure remote access solutions (virtual
private network [VPN], network access control [NAC], and software-defined perimeter [SDP]) will
represent 12.5% of the $26 billion worldwide network security market by 2024, gaining share at the
expense of adjacent perimeter protection technologies.

However, the work-from-home trend also highlighted the limitations of legacy remote access
technologies as IT teams toiled for long days, late nights, and weekends to install VPN software on
user devices and expand VPN capacity in the network. These challenges drove awareness of the need

©2020 IDC #US46912920 3

for a new, agile, and scalable approach to secure remote access. As a result, budgets for software-
defined secure access (SDSA) solutions such as SDP and identity-aware proxy (IAP) will quadruple by
2022 and will account for 16% of secure remote access market by 2024.

Prior to COVID-19, IDC considered the adoption of SDSA solutions to be inevitable but occurring as a
gradual transition. VPN was born in a day when business applications lived behind a firewall and the
threat to enterprise data from cybermiscreants was less acute. Digital transformation trends would
gradually reveal the technical and operational limitations of VPN technologies at a pace that would
allow decision makers to adopt SDSA in limited use cases and expand adoption when possible.
However, the pandemic has decidedly accelerated the transition to SDSA solutions.

Associated Drivers
 The next normal — Resilient business and operating models
 Digital divide — The imperative of connectivity
IT Impact
 Limitless, unfettered access to network resources violates the tenets of least privileged access
and zero trust. The migration to SDSA provides the opportunity to correctly implement a fine-
grained application-specific and identity-based approach to remote access.
 Applications are migrating away from centralized datacenters to the edge including SaaS,
PaaS, and IaaS. IT must reconsider the relevance of VPN in an age where data lives
everywhere and ubiquitous, location-agnostic delivery is a top business priority.
 VPN is the second-largest source of help desk calls in an era when enterprise users are
demanding IT experiences in the workplace to be as good or better than the experiences they
have in their private consumer lives. Implementation of emerging technology may be fraught
with short-term challenges but offers long-term benefits and improvements.
Guidance
 Enterprises rely on a mix of applications including legacy applications. These applications vary
widely in terms of underlying infrastructure, business criticality, users, and risk. Secure remote
access is not approachable as a monolith. Evaluation, selection, and implementation of SDSA
technologies must factor in application-specific characteristics as much as possible.
 IT managers will need to create pan-organization work teams to fundamentally reengineer the
manner in which remote users engage with applications to simultaneously deliver on favorable
user experiences and overcome security.
 SDSA may offer the ability to inject threat detection and prevention capabilities into the remote
access process or the architecture itself. This raises the possibility that the SDSA market will
continue to morph in the coming years, as the broader trend in the security industry is toward
consolidation.
Prediction 2: By 2023, to Reduce Security Complexity Faced by Limited Staff,
55% of Enterprise Security Investments Will Be on Unified Ecosystem and
Platform Frameworks
Cybersecurity practitioners have continually added security vendors and tools to their inventory over
the past eight years. With this rising inventory, the enemy of security, operational complexity,
increased. In parallel, organizational IT environments were expanding as growing number of
companies embraced digital transformation strategies and added new tools, services, and solutions
inside and outside of the security perimeter. In 2020, practitioners sought to address this complexity

©2020 IDC #US46912920 4

with solutions consolidation via interfaces (where available) and spending resources on integration.
Still, uneven evolution of the different IT segments adds to the burden of maintenance and regression
testing, abducting precious security resources for mundane tasks execution.

The core of security operations — cybersecurity analytics, intelligence, response, and orchestration — is
where three powerful forces are colliding. The first is DX scrabbling traditional workflows. Second is
the ongoing shortage of security operations center analysts and the global demand for analysts is only
likely to accelerate. Naturally, the last dynamic is the COVID-19 pandemic. The effects from the
coronavirus are myriad, but there is a practical, human toll that occurs in IT/SecOps; that is to say that
IT operations were a much more collaborative effort than thought of at first blush. For example, newly
acquired security systems require training and professional deployment. Another example is RESTful
APIs. While these APIs make it possible to link IT and security stacks, capable personnel is still
necessary to write and maintain scripts to tie APIs into business context.

Enterprises are acutely aware of these dynamics. Best-of-breed security point products will always
have an allure; however, with each new security component, comes additional training, dashboards
and, worse yet, more noise. Enterprises are splitting their attention in two different directions. The first
is toward large security organizations (including security service providers) that create and foster
relationships with smaller security vendors. Practical examples of this include Symantec's (Broadcom)
technology Integration Partner Ecosystem, Cisco Security Technical Alliance, and even the Splunk
AppStore or AWS Security Competency Partners Network that insist on strong integration
requirements from participating application providers. The second direction is enterprises increasing
their spending on turnkey multiproduct platforms, such as the Fortinet Security Fabric or Check Point
Infinity platforms. The reasoning is that the time to retrain analysts on singular platforms is significantly
less than over multiple point products.

Associated Drivers
 Strategic innovation — Shaping the future enterprise today
 Digital platform — Ecosystems at scale
IT Impact
 No one vendor can address all security needs. Incompatibility of tools make product selection
a nontrivial task. True integration is not just about being standards compliant or having an API
but owning the responsibility for the interoperability of APIs on behalf of the client, which drives
the need for platform-focus vendor decisions.
 IT managers will be forced to extend the security planning horizon beyond the current 12-
month horizon to three to five years to avoid suffering from integration challenges in the future.
These integration challenges contribute to expensive product replacement decisions or high
professional services dollars to solve.
 IT organizations must immediately prioritize remediation efforts to address the backlog of
technical debt incurred as a result of hasty digital transformation brought on by the onset of
remote work during 2020 with COVID-19. This will include architectural design, quality and
security analysis, and review.
 Ecosystem-focused security investments' collateral impact will be recognized through
simplification of procurement, benchmarks, and baselines unification across ecosystem under
the single framework and additional flexibility from switching between externally and internally
managed solutions in the stack within one ecosystem.

©2020 IDC #US46912920 5

Guidance
 Be more strategic in vendor selection decisions. The best-of-breed selection criteria will no
longer be valid, and instead leaders need to focus on organizations' IT road map and match
that with provider platform/vendor ecosystem development plans. Integrations and
interoperability have material impacts on performance.
 Establish effective strategies to assess and address technical debt incurred during 2020's
headlong rush into digitization, especially as the "new normal" continues to rely on software
iterated during 2020.
 Evaluate design and architectural approaches with close attention to functional shortfalls and
performance issues in user interface design, code analytics quality, and governance, risk, and
compliance (GRC).
 Assess your existing security infrastructure and tools to identify the pivot points that can be
leveraged for platform integration and exchange. Consider transport layer hardening as one of
key preparation steps if you anticipate inclusion of ecosystem-driven security components into
your security stack.
Prediction 3: By 2024, Two of the Three Largest Public Cloud Providers Will Be
Among the Top 5 Largest Managed Security Services Providers Following
Multiple Multibillion-Dollar Acquisitions
The COVID-19 pandemic has affected all types of organizations worldwide. Even in areas that were
not seeing widespread infections, there were still areas of widespread disruptions and changes to
every facets of life. As a result of stay home orders, organizations had to shift their business models
and WFH strategies. The rush to provide remote access for employees and students forced the work
environments to shift and increase the usage of cloud capabilities.

Prior to the pandemic, there was already a shift underway of moving workloads to public and private
clouds. Organizations have been shifting workloads between on-premises and private clouds while still
maintaining workloads across all three environments (on premises, public cloud, and private cloud).
With the pandemic, the need to adopt more services from cloud providers has increased, especially as
organizations remained longer in WFH arrangements. Demonstrating this increase is 90% of
respondents in IDC's U.S. Managed Security Services (MSS)/Managed Detection and Response
(MDR) Survey that indicated that they would utilize one of their top cloud hosting providers if they
offered an MDR service. Moreover, the adoption of cloud services has accelerated organizations'
digital transformation projects as the need to service remote workforces with seamless access to
corporate resources has grown.

With the growing adoption of cloud and managed security services, organizations will continue to fuel
opportunities for cloud providers to offer more security services. In addition, with the surge in
digitization, the need to secure critical data and applications in the cloud will push cloud providers to
offer additional services. In IDC's 2Q20 Cloud Pulse Survey, respondents named the three largest
cloud services providers as their most trusted partners in helping them adapt to changing business
conditions. As customers increase the number of applications in cloud environments, the more they
will spend on security solutions. While cloud providers such as Microsoft and Google have been
partners with a number managed security SPs, their offerings in security services are expected to grow
rapidly over the next few years. The amount of R&D spending that these firms have available is vast,
giving them the ability to spin up their own offerings to the market if given enough time.

©2020 IDC #US46912920 6

Associated Drivers
 Digital platform — Ecosystems at scale
IT Impact
 In 2019 and 2020, public cloud providers like AWS, Microsoft, Google, Oracle, and IBM have
aggressively introduced security features and security products to make their cloud offerings
more secure and effectively lessen barriers to adoption.
 Security's siloed approach is at odds with growing complexity of a dynamic mix and volume of
environments, applications, and security tools to protect environments and applications.
Collectively these circumstances create an unmanageable security task, and organizations will
require help to address this self-created complexity.
 This will lead to a consolidation in standard MSS offerings as smaller players aren't able to
match the scale and cost economics of the public cloud providers. Smaller players will evolve
to become boutique providers, focusing on niches such as compliance, threat hunting, or
specific market vertical needs.
 IT leadership is enamored by multicloud strategies, but complexity follows. The challenges
that complexity creates for security seem, however, to be ignored by most. IT managers are
encouraged to embrace the managed services offers of hyperscale cloud providers. Who
better to help you cook the dinner than the person that shopped for the groceries.
Guidance
 Evaluate your IT infrastructure, assets, and environment, and carefully review which
technology providers will complement the established security functions that are already in
place.
 Service providers will need to invest in their partner ecosystems, acquire or build innovative
security services, and become more customer centric in order to strengthen customer
stickiness.
Prediction 4: By 2025, 80% of Chief Trust Officers Will Demand Vendors to
Incorporate Security and Risk Capabilities to Measure Corporate Trust
Including Vendor Relationships and Employee Reputation
As far back as 1972, when Nobel Prize winning economist Kenneth Arrow pointed out that "virtually
every commercial transaction has within itself an element of trust," it has been "plausibly argued that
much of the economic backwardness in the world can be explained by the lack of mutual confidence."
Since then, research has borne out this assertion by showing a causal relationship between trust and
economic growth (see Kenneth Arrow, Gifts and Exchanges, 1972, and Digital Trust: The Key Driver
for Digital Transformation, IDC #US43986218, June 2018). The notion of trust as core to brand
reputation and business value has expanded over the past nearly 50 years since Arrow's good work.
Amid a pandemic, trust takes on even more meaning. IDC believes that digital trust will be the key
economic driver of a digital transformation strategy and especially in this era of rapidly accelerating
migration to the digital and cloud-enabled business as we've seen because of COVID-19.

Today, IDC defines the future of trust as comprising five core elements: risk, security, compliance,
privacy, and ethics and social responsibility (see The Future of Trust: Mitigating Risk and Creating
Value (eBook), IDC #US46533320, June 2020). According to IDC's 2019 CEO Survey, digital trust
programs are the most important agenda item in the next five years. With the impact of a global
pandemic in the rearview mirror, digital trust will remain a critical focus. By 2025, two-thirds of the

©2020 IDC #US46912920 7

G2000 boards will ask for a formal trust initiative that executes a road map to increase an enterprise's
security, privacy protections, and ethical execution.

A new C-suite role will emerge called the chief trust officer (CTrO) combining legal overview and
enforcement responsibilities. This officer will be tasked with measuring corporate trust across the five
key areas mentioned previously. Five years from now, this role will be fully instantiated and 80% of
these officers will demand that their suppliers demonstrate corporate trust in their internal and
extended ecosystems. This will require cognitive and behavioral technologies to analyze vast
quantities of data and to augment human decision making as well as pervasive controls across all
aspects of the digital business.

Associated Drivers
 Intelligence everywhere — Data drives action
 Digital platform — Ecosystems at scale
 Crisis of trust — Meeting rising expectations
IT Impact
 As 5G escalates to full-blown potential creating a further hyperscale, sensor-driven world,
pervasive risk controls will be key. These controls will measure the five elements of trust of the
master organization as well as its extended ecosystem (refer to prediction number 5).
 Technologies such as machine learning (ML), artificial intelligence (AI), deep learning, and
predictive analytics will seek to ingest disparate telemetry from a wide range of sources and
then deduplicate and contextualize the data for analysis. Visibility will be inconsistent and
limited at first, giving rise to increased security vulnerabilities, reduced privacy control, and
escalated risk.
 As vendors create tools to manage the sheer volume of trust components, some will
necessarily improve algorithms to mine data and enhance user interfaces. Platforms will come
on the scene for access, control, and response to vulnerabilities including and beyond security
to privacy, risk, compliance, and technology for social good.
 One impact that will include but go beyond IT will be the need to be proactive — not reactive —
in the technology for social good area. Failure to be proactive will have negative brand and
material financial impact.
Guidance
 Early adopters of trust doctrines should invest in start-up capabilities for the development of
cognitive and advanced analytics in this arena.
 CTrOs should seek to include a broad set of stakeholders from technical (IT) to line of
business and legal/HR.
 Service providers must educate customers on the negative impact that destroyed (or at best,
immature) trust can bring to the brand. Work with clients and partners to build out scenarios
and data sets to illustrate brand improvement when trust analytics and metrics are employed.
Prediction 5: By 2023, Collective Risk Management Requirements Between
Primary and Third Parties Will Force 50% of Third-Party Risk and Security
Service Providers to Employ Advanced Analytic Tools
Let's face it, the days of the third-party audit for due diligence have been numbered ever since the
Target breach highlighted just how porous external connections can be. As the enterprise engages
with an increasingly large number of external stakeholders — including, but certainly not limited to,

©2020 IDC #US46912920 8

groups of private commercial and open source developers, manufacturing component suppliers, and
autonomous vehicle integrations with Smart Cities, just to name a few possibilities — they will rely more
heavily on third-party stakeholders to identify, manage, and reduce risks collectively.

Our IT environments are too dynamic for an audit to help, especially since the pandemic makes any in-
person audits unlikely for the foreseeable future. For example, multiple waves of IDC's COVID-19
Impact Surveys have revealed a high percentage of respondents (close to 60%) that indicate their
operating and business models will need to be digitally enabled and extended to include new
ecosystems as a result of the COVID-19 pandemic. Indeed, many organizations are operating "at risk"
with rapidly onboarded suppliers or a high volume of third parties with access to critical or sensitive
information without due process assessment of them due to travel restrictions. The pandemic has put
many third-party risk management (TPRM) programs under a serious test, and it proves that many of
the TPRM programs need a revamp.

It's time for organizations to adopt and adapt to continuous audits driven by instrumentation of the IT
environment to collect ongoing data for analytics. As organizations get smarter about how risk is
impacted by activity and architecture, they continue to build out their security posture as a function of a
broader trusted ecosystem. We expect organizations to begin with a standard set of risk
measurements (key risk indicators [KRIs]) and continue to integrate an understanding of how
connectivity affects risk. In addition, organizations will extend TPRM discussions to include
discussions of supply chain redesign and adoption of advanced analytics tools and automation taking
considerations of sourcing materials, data, privacy, remote/offshore, service levels, cyber-risks, and so
forth.

Associated Drivers
 Strategic innovation — Shaping the future enterprise today
 Intelligence everywhere — Data drives action
 Crisis of trust — Meeting rising expectations
IT Impact
 The future of the digital enterprise will necessitate collective risk management practices
between primary and third parties, and system and security transparency will be compulsory to
engage in partnership.
 IT managers will be forced to comply with third-party risk and security assessments and be
able to demonstrate remediation of noncompliance. Compliance will be a compulsory part of
doing business, and ML and AI will be employed to validate against agreed-upon SLAs,
metrics, and so forth.
 Countries that today do not have compulsory breach notification will add an SLA for timely
community notification to their ecosystem partners.
 The requests will first be considered best practice but will evolve to be required as board of
directors begins to request increasing comprehensive risk assessments.
Guidance
 Periodically assess the effectiveness of TPRM, especially leveraging services, to provide a
benchmark to assess maturity of your organization versus peers.
 Streamline operational processes, and determine which functions can be highly automated
and which functions can be taken as managed services from a trustworthy provider.

©2020 IDC #US46912920 9

  Select a partner that can understand the risk profile of your organization with broader
capabilities across cyber, risk, and business value assurance.
Prediction 6: By 2023, Privacy Regulations in 50% of G20 Countries Will
Require That Social Media Providers Provide the Option to Delete Content and
Data About Children Under Age 16 as They Become "of Age"
The poor choices that many teenagers make in their teenage years — sometimes leaving a digital
footprint of their actions and decisions — can have repercussions well beyond those early formative
years. As teenagers grow into their early adult years, many become concerned around some of the
poor choices that they might have made in the heat of the moment with their always accessible social
media platforms on their favorite mobile device. A relatively few poor choices could come back to be
hurtful as social medial platforms are scanned by college admissions offices and HR offices of
prospective employers to determine the character of their prospective candidates.

Recognizing that social media activity at younger years is not an indication of how that same individual
has matured in later years will cause lawmakers and regulators to dictate that social media providers
set up the mechanisms to allow for the deletion of their activity prior to turning 16 years old. For
example, it was as long ago as 2013 that the United Kingdom's first Youth Police and Crime
Commissioner, then aged 17, felt compelled to resign after just six days in post due to messages
posted on Twitter dating back to when she was 14. But was this a fair reflection on her ability to
conduct the role?

The mechanisms to facilitate deletion that need to be put in place will be similar to those that had to be
put in place to account for the regulation in Article 17 of the EU's General Data Protection Regulation
(GDPR) and have more recently had to put into place to address the California Consumer Privacy Act
(CCPA) that went into effect in January 1, 2020.

Associated Drivers
 Geopolitical risk — Societal and economic tensions escalate
 Crisis of trust — Meeting rising expectations
IT Impact
 One of the heaviest lifts in removing information about any individuals — let alone a sensitive
group such as minors — is locating where this data is stored. In addition to the "live" data, there
are further implications around backups. Removing data from live systems is much easier than
backups. Clarification around air-gapped backups will be a stumbling block.
 The "trust but verify" principle will play heavily here, especially as data leaks begin to show a
lack of compliance, which, in turn, forces outside audits to be performed.
 Helicopter parents may drive a demand for an archived export of prior activity. Monetizing this
capability can help offset the increased cost of purging the information that was stored on
minor children. But this must acknowledge regulatory requirements, where, for example, the
EU's GDPR enshrines the "right to be forgotten" (RTBF).
Guidance
 There may not be a "one size fits all" regulation that is accepted. Forward-looking
organizations will need to account for various regulations across nations and industries that
may allow for rights, ranging from individual post deletions to the entire wiping of a child's
online activity.

©2020 IDC #US46912920 10

  While regulators may start with social media platforms, there is every likelihood that RTBF
coming-of-age regulations may spread further to encompass any personally identifiable
posting. As an example, think about product reviews that could be posted online, commentary
on news stories, and other content that might go beyond social media platforms.
 Data mappings will be important exercises to perform, as it is probable that it won't just be
publicly visible information that needs to be deleted but other information surrounding the
activities that these young people did will need to be erased.
Prediction 7: By 2021, 40% of Organizations Will Leverage Employee
Productivity Software to Monitor and Improve the Digital Workflows of Their
Full-Time, Work-From-Home Employees
It has been said many times that the initial onset of the COVID-19 pandemic forced two years of digital
transformation in two months. A major part of that was the drastic shift to WFH for basically every
industry. The permanence of this shift to WFH remains to be seen in a post-vaccine world. IDC
expects there to be a significant long-term shift to WFH or at least a hybrid model with employees
experiencing more flexibility to be more mobile in their work. The cost savings on overhead being
realized by employers will act to further enable a new WFH reality. However, employers will likely not
want to cede too much control. Either models will require some percentage of employers to long for
more control and monitoring of their employee productivity.

Historically, many office workers have been within a quick walk or a quick glance of their managers
and could be easily monitored both visually and electronically. When devices moved from secured
internal networks to a connection through home broadband, the organization's attack surface
expanded and enterprise control declined. To offset, expect enterprises to adopt monitoring software.
This monitoring software will not only monitor the app usage and time employees spent doing work
tasks but also monitor for insider threats and anomalous activity. During the pandemic, business
resiliency and continuity became of renewed importance and protecting the organization is a major
part of that. Expect this to be a major focus of this monitoring initiative as well.

The impact of this software should not be interpreted as Big Brother-esque. Rather, by monitoring
employees' work habits, use of applications, and workflows, enterprises will gain new insights.
Analytics run on the collected data will unlock insights that lead to modifications in and integrations
among applications and workflows that minimize repetitive tasks, reduce error, and improve worker
productivity. Enterprises do, however, need to tread cautiously in order to gain the trust of employees
by framing this new software as a "digital coworker" as opposed to a tattletale sibling.

Associated Drivers
 The next normal — Resilient business and operating models
 Crisis of trust — Meeting rising expectations
IT Impact
 The number of remote workers requiring secure access to business applications greatly
expanded with the stay-at-home orders. While necessary, many employers are legitimately
worried about worker productivity because of competing priorities within the home. This will
drive demand for productivity monitoring software to ensure that work is not ignored.
 Productivity monitoring software will increase demands on compliance, legal, and HR teams.
The privacy concerns and compliance issues will only increase in complexity because of the
increased monitoring of employee's digital work lives.

©2020 IDC #US46912920 11

  A new software program inevitably adds to IT's role in deployment and ongoing management.
A SaaS approach with a lightweight sensory agent for endpoints and open APIs to collect data
from centralized business apps, whether hosted in datacenters or as cloud apps, will assist in
reducing IT's extra effort.
 With the employee exemption in the California Consumer Privacy Act expiring at the end of
2020, enterprises will be required to respond to data access requests from employees and ex-
employees as they do now on client records.
Guidance
 Evaluate employee sentiment and assess the risk associated with violating/eroding employee
trust. Invest in the appropriate technology and processes to mitigate the identified risk.
 Inform the employees of the new policies and limits and scope of the software.
 Prioritize the productivity and workflow improvement aspects of the technology initiative over
the punitive perception of the software.
 Consider leveraging the software to limit the amount of time employees are able to work
outside of normal working hours to encourage a better work-life balance experience for
employees.
Prediction 8: By 2022, a Consortium of Healthcare, Insurance Providers and
Technology Vendors Will Adopt a Digital Identity Framework Used for Contact-
Tracing Applications Using Distributed Ledger Technologies
Besides being a health crisis, the COVID-19 pandemic has underscored the lack of an identity
framework that is useful for a digital economy. Currently, consumers must access multiple forms of
identification for work, travel, banking, and healthcare. In addition, each form of identification is
discrete to specific use cases (e.g., driver's licenses cannot be used as a proof of insurance or
payment cards cannot be used at a voting booth). The consequence is that information about a
consumer — their healthcare, financial service, or any other vital information — cannot be linked in any
meaningful way to provide additional services, access, or information.

In addition, current forms of identification are controlled by third parties and centralized. The ability to
prove one's identity, access to bank accounts, health insurance, and other vital services are controlled
by those third parties. Consumers are beholden to those third parties but also deeply suspicious of the
use of their data by those third parties. The consequence of this lack of control and lack of trust is a
lack of willingness by consumers to participate in an effort like contact tracing during a pandemic; an
effort that could help stem the spread of a deadly illness.

The COVID-19 pandemic has highlighted the failure in the current identity framework and emphasized
the need for tracking the movements and contacts of infected patients by multiple parties. This contact
tracing must be delivered in a manner that acknowledges consumer wariness and protects the privacy
of those using any tracking solution (while also adhering to regulations such as HIPPA and GDPR). A
decentralized, digital identity framework would involve technology vendors, government agencies,
healthcare providers, insurance companies, and others but would also put the consumers in ultimate
control of their data, ensuring privacy while also promoting widespread participation in a contact-
tracing application.

Associated Drivers
 The next normal — Resilient business and operating models
 Crisis of trust — Meeting rising expectations

©2020 IDC #US46912920 12

  Digital divide — The imperative of connectivity
IT Impact
 A decentralized solution would ensure no third-party centralized provider can act as
gatekeeper for necessary data, while a digital identity solution using a technology-like
blockchain allows the patients themselves to limit what data is accessed and by whom.
 A contact-tracing solution using blockchain could build on top of existing pilots for digital
identities (DID) and self-sovereign identities (SSI) adding healthcare data as a part of
individual records.
 Applications using mobile devices linked to digital identities and proximity technology could
work in the background to alert users of contact with infected patients while keeping those
patients' identity secure and encourage users to seek testing and remain in isolation, and data
provided by the applications would help identify "hot spots" where the illness is widespread.
 Access to necessary data would be open to known parties via a permissioned blockchain, and
any alterations and access to the blockchain would also be trackable. As a platform approach,
IT will not have new infrastructure to invest in or operate. Instead, users of the data will be
assessed an access fee or incur a subsidy fee to finance the operation of the platforms.
Guidance
 Encourage education and development of blockchain and distributed ledger technology,
especially open source solutions that are currently being developed by the blockchain
community.
 Participate in consortiums, industry groups, regulatory roundtables, and other forums
developing the technical specifications, governance protocols, and best practices for
developing decentralized and self-sovereign identities. Wide participation by technology
providers, healthcare providers, insurance companies, and more will be necessary.
 Focus as much on the user experience as on the framework and technology. Applications like
contact tracing could be the difference between a widespread pandemic and a serious but
contained outbreak. The adoption of those applications will depend on ease of use by
consumers as well as confidence in the privacy and protection of personal data.
Prediction 9: By 2023, 42% of Organizations Will Be Held to Regulatory
Certification That Their AI- and ML-Based Algorithmic Systems Are Ethical
(Free of Bias and Discrimination) and Transparent
Societal concerns around the ethics and fairness of artificial intelligence and machine learning
technologies will demand proactive assessment of business and privacy impact. Organizations will
need to address the "black box" problem and add more transparency and explicability to the
functioning of their AI services.

Just as healthcare regulatory bodies certify drug efficacy, auditors certify corporate financial
statements, and standards bodies certify the safety of products, regulatory certification of AI/ML
applications delivered by independent bodies of experts will help bridge the trust gap and enable
customers and regulators to determine the trustworthiness of AI systems.

To ensure their lawfulness, fairness, and transparency, high-risk AI/ML systems will require a
conformity assessment to include checks of the algorithms and data sets used and the impact
algorithmic outcomes may have on an individual and on wider society.

©2020 IDC #US46912920 13

Associated Drivers
 Intelligence everywhere — Data drives action
 Crisis of trust — Meeting rising expectations
IT Impact
 As organizations adopt and leverage AI capabilities, formalized frameworks to demonstrate
accountability and transparency are often missing, leaving organizations without a trustworthy
AI foundation.
 Business risks that arise from poor implementation of AI/ML systems can lead to reduced
customer trust, regulatory investigation, reputational damage, and revenue loss.
 Governmental and standards bodies are at the embryonic stage of introducing quality
certifications/standards that endorse the fairness, reliability, and accuracy of AI systems to
complement the regulatory frameworks under consideration in the EU and the United States.
Guidance
 Building a delivery environment, which enables ethical and trustworthy design and deployment
of AI systems, requires:
 A set of actionable principles that facilitate an orientation to the responsible design and
use of AI systems
 A process-based governance framework that operationalizes the principles across the
entire AI project delivery workflow
 The use of open source toolkits that enable data scientists and developers to assess
unwanted bias in data sets and machine learning models and to improve the fairness of
their AI systems
Prediction 10: By 2023, 35% of the Largest Organizations Must Demonstrate
Social Responsibility Initiatives Through Internal Structures and Processes and
Publicly Reporting the Results in Financial Statements
The year 2020 has highlighted numerous societal inequalities across the globe — economic, racial and
health/wellbeing — and shifted the needle in terms of the importance attributed to social responsibility.
Increasingly, customers want to buy from those organizations that demonstrate the values that they
themselves hold. And while corporate social responsibility (CSR) and sustainability are not new topics,
many initiatives have been largely invisible to customers, employees, and partners. For long-term trust
to be maintained, "doing good" must be clear and obvious in a way that is accountable and
measurable. Being seen to be doing so, while putting in the minimum of effort, is no longer a
guarantee of customer loyalty.

Sustainability practices encompass environmental, social, and ethical aspects of an organization's

relationship with its wider ecosystem. Enterprise firms need to move on from "giving" to creating
formalized programs that are themselves sustainable and provide more than a one-off donation or
initiative — often a "quick fix," purely reactive responses to a sudden crisis.

The challenge with reporting sustainability and social responsibility initiatives is more difficult than for
other financial metrics. It is important that results can be attributed to specific initiatives while providing
tangible benefit to the organization and the intended beneficiaries. Examples include using recycled
packaging that reduces waste (helping the environment) but also the cost of production (cost savings
in the manufacturing process), funding private education initiatives for disadvantaged communities
(helping the unskilled) but also investing in potential future talent (recruitment, HR, etc.), enabling

©2020 IDC #US46912920 14

transparency in the supply chain to guarantee fair treatment of labor; or reducing CO2 and other
greenhouse gases emissions in the daily operations.

Associated Drivers
 Geopolitical risk — Societal and economic tensions escalate
 Crisis of trust — Meeting rising expectations
IT Impact
 An increasing number of corporations see the value in incorporating sustainable goals into the
overall company strategy and being good corporate citizens, but boards of directors are
already demanding accountability and returns on investment. As a result, internal structures
and processes will be implemented to measure the success of such initiatives.
 Standards and agreed definitions are still relatively informal, with huge variations across
customer, supplier, and partner organizations. IT management will be challenged in terms of
providing infrastructure for quantifying results relative to existing reporting mechanisms — it will
be highly dependent on collaboration with other parts of the business.
 IT will see an overhead in the additional corporate presence required (web/social media, etc.)
that accompanies social responsibility initiatives, particularly those that are long term,
campaign focused, and linked to third sector activities.
 Management of IT equipment in relation to sustainability initiatives is fundamental to a
company's ability to achieve its intended development goals and enable trust among
customers and employees. This will resonate among investors and stakeholders that are
increasingly seeking organizations that adhere to these principles.
Guidance
 Create and publish an overarching sustainability strategy that is transparent in its aims and
has achievable goals. This should incorporate both the altruistic, non-for-profit aspects of
traditional CSR functions and specific objectives around environmental and social goals
internally within the organization.
 Be clear about levels of investment and over what timescale. Ensure actions follow marketing
messages to avoid the risk of being accused of greenwashing, with the negative
consequences this might have on enabling trust.
 Incorporate basic metrics into quarterly reporting mechanisms (similar to financial
announcements) and look at automating parts of it to enable transparency and agility.

ADVICE FOR TECHNOLOGY BUYERS

Our primary advice to technology buyers is that they must be strategic business solvers first and
technologists second. Although a simplistic and recurring notion, putting into practice is anything but
simple in the context of the hyperspeed of technology innovation (and obsolescence) and competitive
disruption, the patchwork nature of privacy and data protection regulations, and cyberthreat actors that
never sleep and are adept at locating and exploiting the weak links in any armor.

Under these circumstances, it is almost excusable that the technologist role comes first. Yet, when
organizations fail to meet their business objectives and the fingers point to technology decisions,
reciting feature comparisons among vendors and products will provide little consolation. The issue isn't
that the wrong vendor or product choice was made to solve a problem, but the problem to be solved

©2020 IDC #US46912920 15

was scoped too narrowly resulting in vendor and product choices that did not have the adaptability,
extensibility, and ease-of-use attributes organizations need during this period of rapid change.

To assist in strengthening your role as a strategic business solver, our advice is:

 Have a current inventory of your organization's assets. This is not limited to your IT assets but
should also include personnel, data that has been entrusted to your organization, sensitive
data your organization created, software, processes, partner relationships, patents,
customers, brand, and reputation. This means essentially any and all assets that directly relate
to the product and service your organization delivers to the market.
 Map assets to business objectives. It is a simple sounding exercise but one that pays
dividends when done well but also cuts deeply when done poorly (e.g., missed opportunities to
retire diminishing return assets and redirect resources to better alternatives).
 Engage with your stakeholders. The business dependencies on the technology you and your
team buy and manage are increasing in number and criticality. These dependencies have
stakeholders. Meaningfully engaging with all of the relevant stakeholders will assist in
confirming your technology choices are optimally aligned with meeting business objectives
and gaining advocates when course adjustments are required.

EXTERNAL DRIVERS: DETAIL

Strategic Innovation — Shaping the Future Enterprise Today

Description
The COVID-19 crisis has accelerated the shift to digital and fundamentally changed the business
landscape. Innovation is an urgent imperative for overcoming the disruptions, both tactically and
strategically, as enterprises with less mature transformations are more challenged to adapt.
Organizations are rethinking what the future will look like and what it will take to thrive in the new
business landscape. With increased awareness, there is now a strong focus on applying digital
technologies to address the future of work, engagement, intelligence, operations, and leadership.
Organizations are pivoting to become digital innovation factories. But at the current time, innovating
must come without incurring overall incremental costs. To compete, companies must balance digital
and industrial competencies and master them at scale. Yet these efforts will not succeed without
leadership, talent, and the ability to affect change.

Context
Today, to sustain the business, many small and medium-size enterprises have had to quickly pivot
business models. Large organizations are having to reinvent themselves for growth and
competitiveness — before their competitors do. Now more than ever, organizations are looking for new
ideas and emerging best practices to improve the effective use of resources and accelerate the ability
to deliver digital services to customers, patients, and constituents. According to IDC's Worldwide
Digital Transformation Spending Guide, global spending on digital transformation technologies and
services is forecast to grow 10.4% in 2020 to $1.3 trillion despite the challenges presented by the
COVID-19 pandemic.

©2020 IDC #US46912920 16

The Next Normal — Resilient Business and Operating Models
Description
In the post-COVID-19 economy, expected changes in behavior, consumption, and supply will force
companies to adopt digital-led business and operating models that can survive lockdowns, movement
restrictions, social distancing, supply disruptions, and more. New realities and customer expectations
will redefine product and service expectations. Economies of scale will be challenged by the need for
mass customization and social distancing. Products, services, and relationships shift from face-to-face
to digital. Work from home, scalability, security, throughput, and redefining internal processes for
remote access and communications require immediate attention but will have lasting effects.
Resiliency in supply will be balanced against efficiencies as automations are applied to operations.
Adaptability will take greater importance in business and operating strategies. Leading organizations
will not only adapt to shifting customer needs and market conditions but also proactively shape the
needs and the market to match their strengths, innovations, and business models.

Context
COVID-19 has acted as an accelerant to shifting consumer preferences and business models. Global
retail 2020 growth estimates will be halved from pre-COVID-19 forecasts. Retailers are responding
with alternative delivery methods and more digital touch points across the shopping experience. Work
from home is the new normal for knowledge workers, while worker safety takes on new importance. In
education, there is a shift in "when" and "where" learning happens, bringing into question some of the
fundamental assumptions that underpin the traditional four-year college degree model.

Intelligence Everywhere — Data Drives Action

Description
The real-time continuum of applications and data that stretches from edge to network and core from
IoT, mobile devices, and more — combined with historical data, enterprise systems, and global
information — continually "sense" an environment and put it into new contexts. AI and machine learning
"compute" and spread intelligence to turn data into "action" and action into value. Automation literally
extends beyond autonomous operations, resilient decision making, and optimization into life-and-death
dependencies. Generating actionable insight is increasingly dynamic and complex. But as automation
and augmentation increase, so do the ethical issues and opportunities for misuse, surveillance,
invasions of privacy, and more. Competitiveness is determined by the ethical governance of data and
AI; how data is transformed into insight to create high-value differentiators for products, customers,
and markets; and how effectively organizations deliver meaningful, value-added learning, predictions,
and actions that improve engagement, processes, enterprise decision making, resilience, and much
more.

Context
In this world where data drives action, ensuring the veracity of the data and transforming data into
insights become a strategic imperative. But it is not just having more data that matters. Based on IDC's
Global DataSphere study, less than 3% of the data currently created is analyzed to affect enterprise
intelligence. What becomes essential is: first, to put data into context to provide meaning; next, to
understand it in relationship to other data and events to gain knowledge; and finally, to add judgement
and action to achieve insight and the full potential of value realization.

©2020 IDC #US46912920 17

Geopolitical Risk — Societal and Economic Tensions Escalate
Description
Social, economic, and political discourse have risen to a new level of tension, causing instability in
social foundations and an accelerating expansion of geopolitical risk. Fueling much of this is the
unprecedented impact of information and the unprecedented spread of misinformation, from social
media to state-sponsored social engineering, feeding a cycle of polarization. Science is under attack,
threatening evidence-based knowledge and decisions. Politicians use misinformation at scale for
political gain, further dividing societies, while social injustices spur major demonstrations and the
effects of the pandemic deepen the divide between the haves and the have-nots. Massive
unemployment and global food supply disruptions could lead to migrations and humanitarian crisis.
The escalating trade and technology cold war, heightened by national strategic manufacturing
initiatives and superpower tensions, threatens further supply chain disruption, national and
international balkanization, and more, while uneasy countries increasingly must "pick sides" between
East- and West-based technology stacks. Conversely, some aligned countries are using these forces
to proactively increase their global cooperation.

Context
Societal tensions exploded in what is known as the Global Protest Wave of 2019 (and into 2020).
While reasons for each span the spectrum, misinformation, social media, and polarization played
major roles in all. Then, add the pandemic and massive unemployment to the picture. In June 2020,
unemployment reached 40 million in the United States and 150 million in India, with other areas
reporting similar levels of unemployment. Now, different countries and regions are having different
levels of success in mitigating the risk of resurgence. Business needs to factor this volatility into
operational and market strategies and decisions.

Digital Platform — Ecosystems at Scale

Description
Understanding and provisioning the platforms that will sustain, advance, and scale business and
operations and exert strategic control are essential for every business. A digital platform is the
assembly of technologies, capabilities, and data upon which digitally enabled businesses run. The
data exchanges, intelligence, and network effect within digital ecosystems generate new value beyond
the platform itself. Leading organizations today are harnessing the pervasive internet connectivity in
the hand of billions of users, combined with massive data and unlimited processing, to power their
digital platforms. For users and competitors, the value of digital platforms introduces high switching
costs and barriers to entry that cannot be easily replicated through the introduction of new products
and services alone.

Context
The digital economy has spread rapidly throughout the world. Leading organizations are shifting to
digital platform thinking to evolve their business models and manage their technology architecture.
Platform thinking is a fundamental shift in business strategy — moving beyond product differentiation
and pricing toward ecosystem-based value creation. It is also a long-term, sustainable response to
new realities in the digital economy, one in which organizations transform themselves into digital-
native enterprises.

©2020 IDC #US46912920 18

Crisis of Trust — Meeting Rising Expectations
Description
The COVID-19 disruption has exposed, accelerated, and introduced new threats to organizations and
their assets, increasing noise and dissonance and eroding trust among partners and customers.
Enhanced reliance on digital channels, cashless transactions, esignatures, and other virtual
interactions expose new threat surfaces and new vulnerabilities to be exploited by organized actors
leveraging AI. Ransomware, cybercrime, scams, and nation-state attacks are common events that
cause significant business disruptions, high costs, and reputational damage. Stakeholders now expect
trust and reputation to go beyond securing data and assets to protecting employees, partners, and
customers. Meeting expectations of trust and social responsibility become new competitive
advantages where "trust = value." Yet associated threats to human rights and privacy require public
participation and discourse at a time when some consumers, citizens, and partners have lost faith in
government, business, and technology, creating a crisis of trust. While anticipating and protecting the
security and privacy of digital assets, organizations need to rebuild trust as a foundation for resilience.

Context
Cybercrime has increased manyfold since COVID-19. For example, Palo Alto Networks reports email
phishing and scamming schemes have increased 650%. Yet the growth in security investment is
expected to decrease in 2020, even while 70% of cybersecurity teams are understaffed (source:
ISACA) and the mean time to identify and contain a breach is months, not days. Adding more pressure
on business, the most favored companies right now are those that are not only secure but also giving
back to their communities. Business Roundtable, an association of CIOs, changed the Statement on
the Purpose of a Corporation to "take into account all stakeholders, including employees, customers,
and the community," rather than only profit. Trust is not just about security anymore; it is also about
responsibility.

Digital Divide — The Imperative of Connectivity

Description
Amid social distancing and working from home, access to technology and digital connectivity have
become critical. People are learning to socialize, shop, educate, work, and collaborate differently and
expecting a rich, seamless, and interoperable experience, regardless of where people and data are
located. But the digital divide — the gap between those who do or do not have access to technology
and the skills to use it — becomes more consequential in people's ability to complete everyday tasks.
The new importance of connectivity and technology requires governments to consider whether
affordable and effective internet access is a fundamental need or a mere luxury. However, there are
also important concerns with expanded connectivity, such as ethics, safety, life balance, social
distraction, and the privacy of sensitive and revealing insights about people's identity, location,
behavior, associations, and activities and how governments and private business could use or abuse
it.

Context
COVID-19 has reshaped how people think about internet connectivity and the urgency to bridge the
digital divide. At the end of 2019, the International Telecommunication Union estimated that around 3.6
billion people remain offline. While the digital divide is greater in developing nations, developed
countries see the divide run through rural and low socioeconomic status communities. For
organizations, connectivity is critical for information to be created, shared, and consumed in real time.

©2020 IDC #US46912920 19

Enterprises that deploy strategic, integrated connectivity throughout the organization will realize higher
return on investment through gains in revenue, customer retention, infrastructure longevity, and
process and cost efficiencies.

LEARN MORE

Related Research
 Critical External Drivers Shaping Global IT and Business Planning, 2021 (IDC #US46859220,
October 2020)
 Ubiquitous Deployment: A Holistic Approach Makes Infrastructure More Adaptive and Flexible
(IDC #US46826420, September 2020)
 Pervasive Application Edge Defense: An Application-Based Framework for Trust (IDC
#US46810219, September 2020)
 Facial Recognition Facing Setbacks (IDC #lcUS46850620, September 2020)
 Key Findings: 2020 U.S. Managed Security Services/Managed Detection and Response
Survey Results (IDC #US46853720, September 2020)
 Is Privacy Impacting our Safety and Security? GDPR, UBA, and COVID-19 Contact-Tracing
Apps in Europe (IDC #EUR146657020, July 2020)
 Cybersecurity Is the Top Skill Needed in the Recovery from COVID-19 (IDC #US46736619,
July 2020)
 The Future of Trust: Mitigating Risk and Creating Value (eBook) (IDC #US46533320, June
2020)
 Technology and Sustainability: The C-Suite in the Anthropocene Era (IDC #EUR246412520,
June 2020)
 IT Vendors Step Back from Facial Recognition Software Considering Racial Inequity (IDC
#lcUS46610020, June 2020)
 COVID-19: Quantifying the Impact on Blockchain (IDC #US46299020, May 2020)
 Future of Trust: Creating Trust Outcomes (IDC #US46184820, April 2020)
 Future of Trust: Defining Trust (IDC #US46185920, April 2020)
 Analytics: The Foundation of the Future of Trust (IDC #DR2020_T7_CK, March 2020)
 IDC FutureScape: Worldwide Security and Trust 2020 Predictions (IDC #US45582219,
October 2019)

©2020 IDC #US46912920 20

About IDC
International Data Corporation (IDC) is the premier global provider of market intelligence, advisory
services, and events for the information technology, telecommunications and consumer technology
markets. IDC helps IT professionals, business executives, and the investment community make fact-
based decisions on technology purchases and business strategy. More than 1,100 IDC analysts
provide global, regional, and local expertise on technology and industry opportunities and trends in
over 110 countries worldwide. For 50 years, IDC has provided strategic insights to help our clients
achieve their key business objectives. IDC is a subsidiary of IDG, the world's leading technology
media, research, and events company.

Global Headquarters

5 Speen Street
Framingham, MA 01701
USA
508.872.8200
Twitter: @IDC
idc-community.com
www.idc.com

Copyright and Trademark Notice

This IDC research document was published as part of an IDC continuous intelligence service, providing written
research, analyst interactions, telebriefings, and conferences. Visit www.idc.com to learn more about IDC
subscription and consulting services. To view a list of IDC offices worldwide, visit www.idc.com/offices. Please
contact the IDC Hotline at 800.343.4952, ext. 7988 (or +1.508.988.7988) or sales@idc.com for information on
applying the price of this document toward the purchase of an IDC service or for information on additional copies
or web rights. IDC and IDC FutureScape are trademarks of International Data Group, Inc. IDC FutureScape is a
registered trademark of International Data Corporation, Ltd. in Japan.

Copyright 2020 IDC. Reproduction is forbidden unless authorized. All rights reserved.