Copyright Quocirca © 2014

Rob Bamforth

Quocirca Ltd

Tel : +44 7802 175796

Email: Rob.Bamforth@Quocirca.com

Clive Longbottom

Quocirca Ltd

Tel: +44 118 948 3360

Email: Clive.Longbottom@Quocirca.com

Getting to grips with BYOD

Embrace device diversity, but manage applications and data

May 2014

Since mobile devices have proliferated as consumer gadgets as well as business tools, individuals are not only more comfortable with technology, they have their own preferences and want to make their own choices for work as well as at home. This ‘bring your own device’ (BYOD) idea started with mobile phones, especially once smartphones became widespread, but has also been quickly embraced for other devices, in particular tablets and, to a lesser extent, notebooks, laptops and PCs. This brings an enormous management headache for organisations, but the smart move is to recognise that the device is ultimately far less important than the applications it runs and the data it has access to. This is where attention needs to be focussed to ensure the most important enterprise assets are properly protected and secured.

© Quocirca 2014 - 2 -

Executive Summary

Getting to grips with BYOD Embrace device diversity, but manage applications and data Allowing a few privileged employees to bring their own devices and use them for work purposes (or being compelled to allow it by a senior executive) is one thing, but trying to stop the tide of everyone wanting to do it is quite another. The problem is that, for many organisations, there is no longer the option of saying ‘no’, despite any understandable and legitimate fears about the

risks. This need not be a problem, providing the challenges are properly addressed and focus is applied to what really matters – data. This report investigates the impact that BYOD is having and what organisations are doing to cope. It is based on interviews

with 700 IT decision makers across 11 European countries in mid-size and large enterprises.

Consumer attitudes infiltrate the enterprise

BYOD might have been the most visible trend relating to the decentralisation of decisions over the last few years, but i t i s by no means the only example of consumerisation of IT (with cloud services, social media and mobile apps a lso having a big impact) and a shift in technology

decision-making towards the needs of the business and individual users. CIOs and IT managers should not see this as a threat to be resisted, but to be understood and embraced with a more selective and priori ti sed approach to managing the core va lues and benefi ts of IT.

Smartphones and

tablets – similar or different?

Mobi le phones, even as they became smarter, have been managed di fferently to other computers due to requiring contracts and often being subsidised by operators. In many cases they have only recently moved from being managed by facilities or telephony contract managers to IT, whereas tablets always appeared more like traditional IT devices. However, logically, they

have a similar impact on IT management, yet all too often IT still views them differently – this needs to change.

Securing the hardware

Systems that access corporate IT resources, whether owned by the employee or the

organisation, need to have some level of control applied to them in order to protect the organisation’s assets. However, care must be taken as devices are rarely ever going to be used

exclusively for one purpose in future. Mobile device management (MDM) must be discerning and discreet, but integrated with other mobi le and systems management so not discrete.

Determining the software

Most companies recognise the need to extend their mobility controls to include mobile application management (MAM) but, as yet, this is often disjointed and as many as one in five companies have not even heard of MAM. Taking the next s tep towards sandboxing,

conta inerisation or dual persona to separate work and personal application usage is s till in very early stages, but there appears to be an appetite to move in this direction, as banning or limiting

the use of personal apps i s a non -starter.

Focus on data

Enterprise data, and the context within which i t is being accessed, i s one of the most important

elements of securing and managing mobility and the one most l ikely to be keeping IT managers awake at night. Management of data access i s patchy, with just over ha lf having data leak prevention (DLP) tools in place and over two thirds allowing data to be stored in cloud stores.

Over a quarter use encryption, but only 11% store data in separate containers on BYO devices .

Containing specific assets of value

A more precise approach to managing what i s important would benefit the organisation and

minimise the impact on end users, who would still have freedom to choose and use their own applications. The organisation would a lso be safe in the knowledge that i ts assets are more secure. This requires a more discriminating approach to IT security and a better understanding of what i s important from a business perspective, but this would do IT no harm whatsoever.

Conclusions Despite all the hype, most organisations are s till at the early stages of dealing with BYOD and mobility in general. However, their

employees and customers are already very fami liar with the benefits of using their preferred i tems of technology – from hardware devices, through applications to cloud storage a nd services. There is no simple way to deal with BYOD. It will not be limited to certain employees or devices and will spread to encompass new technologies, from wearables to other gadgets in due course. Organisations

need to embrace the diversity of devices and focus on managing their core assets, not the networks and tools that access them, which wi l l , increas ingly, be outs ide their di rect sphere of influence.

© Quocirca 2014 - 3 -

BYOD – the unstoppable tide?

The idea of circumventing traditional IT management to get something done faster (or cheaper) has been around for decades – departments buying PCs or their own peripherals l ike printers or scanners etc. However, these purchases

would typically be used exclusively for work purposes. What is different now, with the growing bring your own device (BYOD) trend, is that what is being brought is consumer devices used for personal and work activities.

Hardware is only part of the problem; the

bigger challenge is what is done with it – what applications are run and what data do they access? This is especially relevant as these devices are predominantly mobile and

connected to open or public networks by one or more different radio networks , in particular cellular and Wi -Fi.

No wonder organisations are concerned (Figure 1). There is sti l l an attempt to prevent, or at least l imit, the spread of BYOD

by narrowing the circumstances of permission, but with senior management being supported in many organisations,

those further down the structure might expect to be permitted too. In fact over half of employees would just go ahead even if personal devices were banned1.

Organisations have a choice; they can continue to try to ignore or prevent what is happening and risk being seen as obstructive, leaving employees trying to subvert or work around the rules, or they can support and encourage user choice, perhaps with policies and specific terms. Throughout this report we will refer to the former as ‘deniers’ with

their responses shown in red in Figure 1 and the latter as ‘embracers’ with their responses shown in blue. The primary driver for BYOD is choice, not

ownership, and, for many, choice alone will suffice (Figure 2). Few organisations are ready to have a complete free for all, but with guidance they can allow employees to

follow their preferences. The issue of who owns or buys the device i s important, but generally secondary to obtaining a favourite, at least as far as the individual is concerned.

The challenge for the organisation is how much can it can control or l imit the choice to

make management and support as straightforward as possible without alienating users. Encouragement can be offered to ‘guide’ users in a particular

direction, for example offering incentives to choose devices favoured by the organisation. IT managers should not try to characterise this challenge of managing employee expectations as ‘herding cats’, but ‘luring’ or ‘coercing’ them.

© Quocirca 2014 - 4 -

Organisations and their IT management need to accept that BYOD is a reality and will only continue to increase as mobile technologies evolve. Employees have had mobile phones for some time, but not until phones became smarter,

consumer-oriented computing devices, did the issue of bringing-your-own for work become a major issue. Attempting to restrict employees or hold back the tide will only prove to be futile. There was a cross-over when the cost of smartphones and their contracts dropped to the point where it could

reasonably be considered as a consumer purchase, and that new and more appealing devices would appear before the end of the contract, creating pent up demand for the latest device. Consumers move quickly to get the latest device of their choosing, and typically much faster than their employer’s purchasing function.

All of a sudden it seemed like the technology used for business had, for the first time, fallen behind that used by consumers. It was

no longer just personal preference, but perceived as ‘better’. This process has continued with other devices such as tablets, not necessari ly related to network contracts .

These offer similar capability for enterprise applications to running on traditional IT –

desktops and laptops – but with the casual and informal user experience of tablets. Most tablets are stil l not supplied with cellular networks, and rely on Wi-Fi

connectivity, so should they be treated the same as smartphones or not? The opinions of those who have embraced

BYOD differ significantly from those who have not (Figure 3). The overly high concerns with tablets amongst deniers indicates that, while smartphones share a lot in common with tablets and are even more likely to be connected while mobile, it is the tablet that is predominantly causing their negative feelings towards BYOD.

This could mean that deniers are lax with their management of smartphones. Conversely, embracers see smartphones

and tablets as similar, and are most l ikely thinking of more sophisticated approaches for managing them. Opinions about the future also indicate a more casual attitude

among deniers, in thinking that the status quo will remain or that matters will simplify (Figure 4).

They will l ikely find that reality is very different, with the mobile landscape undergoing significant change and

innovation. The embracers, who already anticipate change and are putting in place more flexible approaches for managing

mobile fleets, are better prepared. It is now time to accept the reality of BYOD and work out how to manage what is most valuable to the organisation – its data.

© Quocirca 2014 - 5 -

Security – the primary IT concern

BYOD is l ittle different from many technology topics in that there will always be issues regar ding security. In the case

of BYOD, information security is the top concern by far, but when secondary concerns are included, device security also scores highly (Figure 5). This highlights where the industry first focussed, with mobile device management (MDM) playing an important role in controlling the device itself.

Device security has less significance with

BYOD, as ownership of the device is in the hands of the user rather than the organisation. Concerns around ownership are reflected in the figures and, although not

a top concern, once secondary considerations are expressed it is seen as more important.

With BYOD, device loss or theft should be less of an issue as users tend to be more careful and responsible with their own

devices or ones that they have personally selected.

Putting tools in place to allow for secure use of user owned or chosen devices is clearly a trade-off between what, ideally, the

organisation would like to enforce and what the individual will agree to or permit.

When looking into the detail of what really concerns organisations, it is clear that few feel really confident that they have everything under control (Figure 6). Fewer than one in five manage with existing tools and, for the rest, there is an escalating level of concern.

A few are slightly more comfortable with existing approaches to manage device

security, but what really keeps a quarter of those interviewed awake at night is the security of their organisation’s information and data.

However, the element of hardware control should not be ignored and, even with corporate deployed mobile devices , there is

a need to exert control over the device, just in case it is lost or stolen or if the legitimate user has accidently or deliberately changed

certain settings and made the device more vulnerable. In the case of BYOD, this is even more likely –

it is after all their own device and may also be passed around for other family members to use, potentially with disastrous consequences for the organisation. Organisations do, at a minimum, need to use some form of overarching MDM controls as a base for then applying

more precise control over applications and data.

© Quocirca 2014 - 6 -

The fundamentals of MDM have fairly widespread understanding, thanks in part to the success of BlackBerr y and the features of the BlackBerry Enterprise Server (BES). While struggling now, BlackBerry set the early standard for

enterprise mobile management, much of which has been picked up by software tools vendors, as most enterprises have moved to a more open, multi-vendor world. The main attributes required of MDM tools are to be able to remotely wipe and lock the device, typically on the occasion that it has been lost or stolen (Figure 7). This also tallies

with the overall need to spot when a device

connects to the network. The provisioning of a base environment across a set of devices is a reasonable

requirement for those being deployed by the organisation, but is less l ikely to be useful in a BYOD scenario. Similarly, quarantining an

entire personal device will only antagonise users. A lowly scoring for interest in the need to be

able to create containers (something that might prove a useful way to isolate work from personal on a BYO device) indicates that

much of the thinking is sti l l about keeping complete control of the device, even if it is not owned by the organisation.

MDM tools are, for many organisations, becoming a standard requirement for overall IT management, but, surprisingly, about a quarter say that whilst aware of MDM, they do not currently use anything (Figure 8). Perhaps more worryingly, over 5% had not even heard of MDM. This smacks of trying to ignore the issue of mobility in the forlorn hope that it will disappear.

Thankfully, many more have a more sensible attitude and either us e MDM-specific tools or have the required capabilities within general management tools. A significant lack of integration of MDM tools with other systems

management tools among MDM users, and the high percentage of only basic mobile management functionality with those using existing tools, highlights that this is sti ll a

relatively young and immature market. The last few years has seen a degree of consolidation among the vendors of mobile

management products. Acquisitions by established mainstream IT suppliers should lead to further product maturity, which will

feed into the market over time. The even more promising development is that this will inevitably bring forward the

integration of other useful management capabilities, relating to applications and data, into mobile management platforms.

© Quocirca 2014 - 7 -

The impact of the rise of the ‘app’

It is fair to say that mobile and remote access to enterprise applications from laptops or home PCs has not really stretched IT management too much as the vast majority of these systems will have historically been Windows-based,

just l ike the desktops managed in the office. Providing a secured connection can be put in place over whatever network is being used and the remote or mobile user is authenticated, it becomes little different from work in the office as long as the local storage media is reasonably

secure from theft or backed up in case of damage.

Multi-factor authentication has been a key staple of secure remote connections for many

years and works well in conjunction with virtual private networks (VPN), which first came into widespread use in the 1990s as a

way to connect over open networks and avoid the cost of leased or dedicated lines. It is a natural first step to apply the same

principles and tools to secure other mobile devices and, given the low impact on the mobile platform, these tools also work well in

a BYOD context, but are only moderately used by around a half of organisations (Figure 9). Rather more disappointing is the low use of

encryption of data at rest and containerisation, both of which could be used

selectively to secure and manage corporate data on personal devices, leaving the user’s own data untouched.

These attitudes, based on an extension of ‘old fashioned’ mobility of laptops, have influenced the mechanisms put in place as access to enterprise applications has extended to smartphones and tablets.

Using a remote extension to a standard application interface is the top preferred method of providing mobile access to enterprise applications, although one in five

want to ban mobile access to enterprise applications altogether – presumably wanting to l imit mobile to communications applications l ike email , calendars and

contacts. How little things appear to have moved on for some since the emergence of the BlackBerry (Figure 10).

With almost a quarter looking to l imit their support of mobile access to enterprise applications to a subset of devices, it is clear

that the ‘BYOD means users might use any device’ message has either not been clearly received or is again being ignored in an

attempt to resist reality.

© Quocirca 2014 - 8 -

The more proactive approach of designing specific apps for the mobile user finds some favour, although the preference for native applications for each platform over the more universal use of multi -platform technologies, such

as HTML5, will cause problems as devices continue to evolve and diversify and as BYOD evolves. As with MDM, there is a split in the area of mobile application management (MAM)

between those using tools that have been designed specifically for the purpose of MAM and those using application management capabilities in existing system management

tools (Figure 11). While a few are making use of capabilities

already in existing tools to help manage applications, the vast majority only have basic capabilities.

Also there are fewer using MAM tools than MDM, and most of the MAM usage is not integrated with existing application

management tools.

Unfortunately, there are a large number not using anything at all and, of these, more worrying is that almost a quarter have not heard of mobile application management.

When asked what might be useful feature requirements for MAM tools, there were no clear leaders, although there appeared to be

a reasonable recognition of the need to separate private and business-owned data, despite a lack of appetite for

containerisation, which was the lowest ranked feature here and elsewhere in the survey (Figure 12).

It is highly l ikely that the concept of containerisation has not previously been well explained or widely understood, as this is an excellent way to provide the kind of

separation that appears to be desired.

© Quocirca 2014 - 9 -

This is borne out when looking into the detail of the use of containerisation. Few are actively using, and around a third are only piloting or actively investigating its usage (Figure 13). Beyond this, the majority of the remainder are not

aware of containerisation and those that are have never considered its use. As BYOD continues to grow and spread, both down from senior executives and managers

and across the organisation, the challenges of managing and allowing for the separation of personal and work elements will only increase. Containerisation is one area of

mobile management many more should investigate.

Beyond enterprise applications, the strong emphasis on mobile application development and supportive consumer channels to market encouraged by the

mobile ecosystem leaders, especially Apple and Google, has produced a huge number of applications.

While much of it is aimed at the consumer,

with entertainment, games and ephemeral ‘iTat’, there are also useful applications for business users . The downloading and use of such applications is another important aspect of consumerisation

Few such apps could be regarded as critical, but many offer useful information or support for mobile users. Enterprise attitudes to

these types of applications is, however, rather unforgiving, with many not allowing their use, often insisting on the use of

applications from corporate app stores only (Figure 14). This is not necessarily a problem, but a better

approach is to have a defined list of acceptable apps and work with users to manage that l ist to ensure that useful apps are permitted, but checked to ensure they do

not compromise security.

© Quocirca 2014 - 10 -

Data context and discrimination

Controlling the usage and flow of data woul d seem even more useful than managing devices or applications, especially in a world where unknown numbers of users will be bringing their own devices. However, most organisations are

typically drawn to managing things they can readily identify, hence the emphasis on devices and users, and struggle once matters become a l ittle less tangible. It is fair to say that a comprehensive

understanding of the varying value of different elements of data is rarely at the top of the agenda. Store it, back it up, keep it secure are the main priorities. This was all

well and good when all data sat safely inside a traditional IT perimeter delimited by firewalls, but changed as mobile working

took data out into the open and leaked further outside of the IT comfort zone with BYOD.

Today, however, the focus is sti l l on barriers controlling leakage and loss with Data Loss Prevention (DLP) being used more than

Digital Rights Management (DRM) (Figure 15). Given that data security is the issue most l ikely to be keeping respondents awake at night (Figure 6), it might

reasonably be expected that this would be an area where controls are being rigorously applied, but stil l a significant number have deployed neither DLP nor DRM. Looking at how and where data is permitted to be stored with BYOD reveals that very few companies have taken full

control of the situation (Figure 16). Many are avoiding the problem; a worrying percentage are not managing data at all, and over a quarter are dodging the issue by not allowing data to be stored on the devices at all. Unless they have deployed appropriate tools, they have no way to enforce this anyway.

Only around one in ten have deployed a container-based approach to create separated silos for corporate data no matter what device it

might be on; of these only a small percentage have used encryption. This is sl ightly at odds with Figure 13, where

many claimed to be triall ing containerisation – they are clearly at early stages in the trials. There are challenges with the use and licensing

of corporate containers on personally-owned devices, and these need to be addressed. Data is more routinely encrypted when stored in

the open within the device’s own fi l ing system, but stil l over half of the companies storing data this way use no encryption.

© Quocirca 2014 - 11 -

With increasing use of cloud-based storage services, especially for personal use, BYO devices bring further challenges for controlling the flow of corporate information. Over a fifth of companies say they do not permit BYOD access to

corporate documents, but the majority do allow some access to such documents from either corporate or consumer versions of cloud storage services (Figure 17). Most try to l imit this to basic documents,

where hopefully this means documents that are of use to the general running of the business or employee efficiency, but are not critical, secure or private.

Discriminating between different levels of security for different documents is important,

but it must be kept consistent and well communicated so that everyone understands their responsibilities and it is enforced with appropriate tools. DRM and DLP go hand in

hand with policies aimed at managing the use of public cloud storage.

This type of information discrimination should ideally go much further and take notice of the context surrounding the potential use of data. This means a deeper understanding of who, how, and where in relation to remote access to corporate information. Many companies seem to be fully aware of the basics of what is required – identifying the user and controlling flow to the

device itself – but some of the more subtle, yet potentially vital, elements of context are not deemed as important i.e. location, information classification and employee role (Figure 18).

Doing so may currently be regarded as

intrusive, but given that BYOD brings a higher level of choice, and therefore openness, which will only increase as devices continue

to evolve and more employees expec t freedom of choice, the need to be more precise with controls will also increase.

This is no longer about blanket approaches to security by the creation and enforcement of perimeter walls and fences, but a much more pinpoint and targeted protection of things of

value to the organisation. This precision, or ‘smart security’, requires better intell igence in order to be fully effective.

© Quocirca 2014 - 12 -

Conclusions

The old certainties are disappearing in the IT world. The old world of a comfortable and steady set of vendors, decisions made on technical capabilities, users happy with what was provided and all wrapped inside a controlled and

secured perimeter has gone. The reality is that things were never that simple, but sometimes they could be treated that way as it made life easier. Now, users want to make their own choices

because, as consumers, they are aware and comfortable with IT and they feel that the organisation’s own IT offering is often behind the curve. This may often be true and

it not only impacts on users, it impacts on the business. Too often in its relationship with the business, IT is seen as a cost, difficult, and

making seemingly arbitrary decisions – the ‘blockage in the end office’. It does not need to be this way.

BYOD might have brought many issues, especially those regarding security, to the

fore, but all it really does is highlight the need to be a l ittle more precise in the way in which corporate digital assets are managed, protected and used.

It is highly unlikely that the trend towards user choice and BYOD will reverse and, if anything, it has already spread to individuals

making even more of their personal choices around applications, cloud services and how they like to be identified. BYO does not stop

at devices. Those companies that understand and embrace this trend, and take the necessary

steps to manage it with precision, will reap the benefits. They already have a less stressful attitude to security, without being complacent (Figures 19 and 20).

Accepting that it is inevitable and managing it on your own terms is the best way to deal

with change. BYOD is just a current phase in the constant evolution of IT towards a more open, distributed and highly diverse collection of digital assets. The key for those tasked with managing IT for their organisation is to work out which digital assets they need to focus most of their attention on, and which they do not.

Reference

1. Fortinet Internet Security Census - October 2013

© Quocirca 2014 - 13 -

How to move from being a ‘denier’ to an ‘embracer’

Don’t be surprised if this year’s gadgets for geeks become next year’s employee tools You might not want to bring a wearable fitness device and link the alerts to the mobile phone you use for work, but

someone will and, if not this year, then next year. Some of these new devices may turn out to be short-lived fads, but for a while they will be important to someone. Adopting an open and completely flexible approach to devices, a broadly tolerant approach to managing applications and an infor med and discriminating approach to data will allow

for adaptation as technology evolves. Smartphones are not just phones with extras and tablets are not toys Both are powerful computing devices with advanced connectivity. Their screen size may differ, but that is unlikely to

stop them being used for the same sorts of applications. Sure, writing a document is easier on a laptop than tablet and much harder than either on a smartphone, but not impossible on any of them. Treat all connected, application-capable devices as logically the same, and fit policies to how they are used and not what they look like.

Get users involved from the outset – make sure it’s the full mix of job roles Even among companies that buy into BYOD there is an assumption that it should only apply to certain roles. Often part of the attempt to hold back the BYOD tide is to try to l imit it to senior executives and only then grudgingly allow

knowledge workers into the fold. The reality, once it is understood, that BYOD should encompass all device types is that it should also encompass all elements of the workforce. There may need to be different policies for different groups of employees, but an overarching BYOD strategy needs to cover all.

Drop the pretence about money – BYOD is not about savings There is l ittle point expecting BYOD to be all about cost savings, at least for IT. There may be some purchasing costs avoided and perhaps an increase in user self-support, but this will probably be outweighed by the need to develop

more precise and sophisticated policies, invest in management tools, deal with contract tariff costs and increase user training. There may be savings elsewhere in the business from knock-on benefits; perhaps in recruitment or productivity or an improvement in employee morale. By getting closer to the business, the IT function can better understand these wider benefits to the business and perhaps try to quantify them as part o f the appraisal of the value

of the BYOD strategy adopted. All bytes are not all equal – determine the difference in data value and vulnerability

A big element of opening up IT to allow employees to bring, use and connect their own devices to corporate networks and data is that there has to be greater sensitivity to what is appropriate use of particular data and information. First it is necessary to understand the value and risk to the business of specific bits of data, and apply policies around its use. With mobile use comes a greater degree of context awareness at the moment of access – where is the device,

what sort of network is it connecting across, can the user be verified? – that allows for policies to be created with more discrimination as to what is permitted when, where, how and by whom. There is always ‘an app for that’ – help users discriminate between good and bad

Part of the reason why personal choice of devices is so important is the range of applications that each platform makes available and the individual’s favoured portfolio of their preferred apps. However, not all platforms are equally secure, some attract more predatory malware and there are always different choices for applications that perform a similar

purpose. Consumer app stores have some rating and review information and some form of similar information and controls would be welcome in a corporate app store. For many, work/life separation no longer exists naturally so needs some artificial support

Most employees would be will ing to keep elements of work and personal l ife separate on their chosen devices, with the proviso that it must be easy to work effectively and not get in the way of personal usage. Segregation, containers, personas and virtual platforms or sandboxes are becoming more widely available and offer the combination of individual choice and organisational asset control that best meets the broader needs of mobile enterprise

management. These approaches are all worth exploring further.

© Quocirca 2014 - 14 -

BYOD index by country and vertical market

The idea of this survey was to gauge the respondent’s , and their organisation’s , attitude around the concept of bring your own device (BYOD) and the security of the hardware, applications and software concerned . The research was

conducted with 700 telephone interviews of those responsible for information and data security in their respective organisation, across several European countries and regions (comprised of neighbouring countries) to aid analysis and understanding.

Thus the Nordics includes 25

interviews each from Denmark, Sweden, Norway and Finland; DCH comprises 75 from Germany and 25 from

Switzerland; Benelux 50 from each of Belgium and the Netherlands; Iberia 75 from

Spain and 25 from Portugal. There were also a total of 100 interviews each in UK, France and Italy.

In order to allow for analysis of how the BYOD trend will

develop, a repeatable system of scoring the questions in the survey has been developed. This will provide a measurable

baseline score covering the maturity of BYOD adoption and related views on security, with 4 major sub-indices and an

overall rolled-up index. The results are shown in

Figures 21 and 22, with a breakdown by region and vertical market. The numbers are generated from weighting

the answers in the survey to generate an overall picture, and a higher number on the index indicates a greater level

of acceptance or interest in the issue.

Demographic splits of interviewees

About Oracle With more than 390,000 customers - including 100 of the Fortune 100 - and with deployments across a wide variety of industries in more than 145 countries around the globe, Oracle offers an optimised and fully integrated stack of

business hardware and software systems. Oracle engineers hardware and software to work together in the cloud and in the data centre - from servers and storage, to database and middleware, through applications. Oracle systems:

Provide better performance, reliability, security, and flexibil ity

Lower the cost and complexity of IT implementation and management

Deliver greater productivity, agil ity, and better business intell igence

For customers needing modular solutions, Oracle's open architecture and multiple operating-system options also give customers unmatched benefits from best-of-breed products in every layer of the stack, allowing them to build the

best infrastructure for their enterprise.

About Quocirca Quocirca is a primary research and analysis company specialising in the business impact of information technology and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth

insights into the views of buyers and influencers in large, mid-sized and small organisations. Its analyst team is made up of real-world practitioners with first-hand experience of ITC delivery who continuously research and

track the industry and its real usage in the markets. Through researching perceptions, Quocirca uncovers the real hurdles to technology adoption – the personal and political aspects of an

organisation’s environment and the pressures of the need for demonstrable business value in any implementation. This capability to uncover and report back on the end-user perceptions in the market

enables Quocirca to provide advice on the realities of technology adoption, not the promises.

Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC

has the ability to transform businesses and the processes that drive them, but often fails to do so. Quocirca’s mission is to help organisations improve their success rate in process enablement through better levels of understanding and the adoption of the correct technologies at the correct time.

Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of long term investment trends, providing invaluable information for the whole of the ITC community.

Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that ITC holds for business. Quocirca’s clients include Oracle, IBM, CA, O2, T-Mobile, HP, Xerox, Ricoh and Symantec, along with other large and medium sized vendors, service providers and more specialist firms.

Details of Quocirca’s work and the services it offers can be found at http://www.quocirca.com Disclaimer:

This report has been written independently by Quocirca Ltd. During the preparation of this report, Quocirca may have used a number of sources for the information and views provided. Although Quocirca has attempted wherever possible to validate the informati on received from each vendor, Quocirca cannot be held responsible for any errors

in information received in this manner. Although Quocirca has taken what steps it can to ensure that the information provided in this report is true and reflects real market conditions, Quocirca cannot take any responsibility for the ultimate reliability of the details

presented. Therefore, Quocirca expressly disclaims all warranties and claims as to the validity of the data presented here, including any and all consequential losses incurred by any organisation or individual taki ng any action based on such data and advice.

All brand and product names are recognised and acknowledged as trademarks or service marks of their respective holders.

REPORT NOTE:

This report has been written independently by Quocirca Ltd to provide an overview of the

issues facing organisations seeking to maximise the effectiveness of today’s

dynamic workforce. The report draws on Quocirca’s

extensive knowledge of the technology and business arenas, and provides advice on

the approach that organisations should take to create a more effective and efficient

environment for future growth.