We often hear about what is happening with the largest enterprises in the UK - those who are seen as making up the main part of “UK, plc”. However, there are few organisations with more than 1,000 employees, and even though they do make up around one third of the UK’s GDP, they are also far more distributed, with divisions, groups and even sub-companies headquartered in many different places, often to minimise the payment of taxes to the UK’s coffers.

Under the level of the large organisation comes the mid-market. For the purposes of this article, we’ll define this as those companies that employ between 100 and 999 people. According to the National Statistics Office, there are around 17,000 organisations that fall into this category, and again, they make up around one third of the UK’s GDP. As many of these organisations will be semi-private organisations, let’s call them “UK, Ltd”.

Quocirca has just carried out research for IBM, looking at how the mid-market deals with its data, and how it manages core financial processes and reporting. The findings show that much could be done by the mid-market to improve effectiveness and efficiencies, and Quocirca believes that if small changes could be made on a consistent basis across a broad group of the mid-market, the UK finances would benefit from many billions of pounds in improved revenues, margins and therefore tax payments.
As a starter, the research shows that the mid-market is highly pragmatic in how it obtains technology.  This should not be a surprise, but it does put paid to the perception that the mid-market is a pure Microsoft stomping ground. The vast majority of organisations have multiple different databases from different vendors, and are struggling in how best to pull these together.

More to the point when it comes to how they struggle is the fact that they tend to have high amounts of business-important data held in spread sheets - with many of these spread sheets stored locally to the originator on their PC. Such an approach minimises the capability for such data to be shared, and the majority of respondents felt that spread sheet issues combined with lack of access to all data sources meant that they had little faith in the data being presented to them, and that their decision making capability was therefore impacted.

To get around this, nearly one quarter of respondents used email as their prime means of sharing data. Not only does this lead to inefficiencies around data storage, with multiple copies of the same file being held in various in and out boxes, but it also means that no-one can be sure whether the version of the data they are looking at is the latest version or not.

Few respondents had moved to a fully automated business process model - the majority were working with large parts of their processes still be carried out in a manual, and often ad hoc basis. Indeed, many said that their processes had not changes for a long time - something that is hard to believe when the markets have been changing so much, and that mid-sized organisations must have high degrees of flexibility to be able to respond to such changes.

Just imagine - if each mid-sized organisation could move to a full shared data model, could apply business intelligence constructs to this through being able to aggregate and report on multiple different data sources, and then to use such knowledge to measure performance against key performance indicators (KPIs) and make the small changes that are continuously needed to ensure that an organisation meets its goals. 

If through better management of and reporting on data, combined with the use of reasonable performance management, the revenues of mid-market organisation could be improved by just 1% and profitability by the same amount, the impact on the 33% of the 2008 £1.41 trillion UK GDP at a performance and tax payable level could well help in bailing the whole of the UK from the current financial mess that we are in.

However, the greatest issue with the mid-market - inertia - may well be the one thing that stops this from happening. Although the research showed a reasonable understanding of the term “business intelligence”, it is still seen as being too expensive and complex for use in the mid market. “Performance management” was seen as being mainly around staff appraisals, not around monitoring the financial performance of the business itself. Business processes are seen as something where money can be saved by doing everything manually - and so introducing considerable errors and the need for extra time in dealing with these.

Come on , UK Ltd!  Relatively small changes can bring great rewards - not only for you as an individual, not only for your business, but also for the UK as a whole. And if anything needs help at the moment, it’s the overall economy.

Quocirca’s report on the research underpinning this blog item is available for free download.

By Clive Longbottom, service director

CSC this week hosted their EMEA Industry Analyst summit; Innoventure, in Paris. It was never quite explained what exactly an innoventure was but it sounds like a cross between innovation and adventure so perhaps it is like inventing something while dressing up in swashbuckling clothes. This potential for glory mixed with a lack of clarity unfortunately extended also to CSC's cloud strategy, which the vendor struggled to convincingly explain.

Like several other vendors, including cloud enabling infrastructure providers like VMware, Microsoft and CITRIX, CSC recognises that there are a number of potential approaches to implementing the cloud architecture. CSC refers to cloud architectures implemented for single tenancy within an owned (or internal) datacentre as private clouds, and internet hosted multi tenancy external models as public clouds. The company uses the term hybrid clouds to refer to the mix of internal and external clouds that is really most likely to occur in a production, enterprise environment. While other vendors will interchange the terms "private" for "hybrid" while using "internal" where CSC uses "private", CSC's story is pretty much so far so good.

Where it all began to get a lot less clear was when CSC went on to explain that the internal cloud architecture was actually a simple extension of the existing datacentre architecture and therefore something that CSC has actually been doing for decades(!). Furthermore, internal, or in CSC's parlance "private" clouds are in fact "legacy". June 23rd 2009 thus goes in this writer's diary as being the date on which the first use of the term "legacy cloud" was heard. No doubt we will soon hear of "Cloud three-dot-oh" from some overly keen brand hack.

Moreover, CSC's states that the driving philosophy behind their cloud strategy is "If we're going to be disrupted, we may as well disrupt ourselves", inferring a forward looking and proactive strategy. However in relation to the question of how they see adoption of cloud architectures in the market playing out they state, "The market will decide and we will track the market direction and speed (before deciding on our own strategy)."  As any backseat driver knows you either need to climb into the driver's seat and grasp the controls, or you ought to stay in the back and be gracefully taken wherever the vehicle is headed - trying to steer from the comfort of the rear is however just distracting to everyone concerned.

All of which is disappointing, especially given the outsourcing vendor's clear strength in underlying datacentre infrastructure, courtesy of their extensive portfolio of global and high capacity computing estate. The vendor has no shortage of processing capacity, IT skills, IT enabled business transformation acumen, and a track record of delivering innovative projects to the likes of Zurich Insurance, British Post, SNCF and long list more. Having thus helped disrupt others in a positive way, they might therefore reasonably be expected to demonstrate more real progress toward "disrupting themselves" than they currently show.

The one bright indicator of CSC's intent is their push for use of the Security Content Automation Protocol (SCAP) as a method for advertising the security and trustworthiness of a cloud based service. SCAP provides for 15 assertions related to security state, and CSC intends to be able to assert capability in all 15 areas. whilst encouraging the use of SCAP as a de-facto standard across the ICT industry for deploying trusted cloud computing services. SCAP assertions can be consumed automatically by a potential cloud services customer, thus providing an initial and ongoing statement of security capability and state, which could furthermore also be tied to a SLA via contractual terms. CSC's intended reliance on SCAP demonstrates that at least from an info-sec point of view, they have a firm grasp of the minutia involved in actually delivering cloud architecture on a workable basis for the enterprise customer.

CSC's biggest problem in navigating a successful path around cloud will be to pay the same level of attention to detail to their overall cloud services go-to-market strategy as they are demonstrating toward the details of cloud security and trustworthiness. Cloud is more than technology architecture, it is also a shift in the customer relationship management, in the billing approach, and in the range of services of potential interest to the customer. CSC's stated intention to "disrupt themselves" is currently likely to be achieved only through inattention to the need to formulate and execute a joined up strategy. Hardly innovative, and hardly a swashbuckling adventure for CSC's shareholders and customers.  

By Simon Perry, principal associate analyst - sustainability

Many businesses will find that leasing a computing platform is more cost effective than buying one, especially with the current constraints on capital spending. In light of this it is good news that, as reported in Quocirca’s free report Managed Hosting in Europe, there is an ever-increasing choice of managed hosting providers (MHP) in Europe.

MHPs pre-configure hardware, networks, storage and infrastructure software for customers to run all types of business applications, from email to ERP. MHPs take on responsibility for keeping the platform up to date and will commit to higher service-level agreements than internal IT departments. Furthermore, hosted platforms are an ideal way to house applications that need to be shared among multiple organisations; this includes those of independent software vendors (ISV) as they join the rush to software as a service (SaaS) as an alternative way of delivering their products.

In the past hardware servers have been provided on dedicated basis for each customer, but now, MHPs are turning on mass to shared hardware infrastructure as they compete with emerging cloud platforms from Microsoft, Amazon, Google, Salesforce.com and others.

There are offerings for business of all sizes. At the enterprise end there are the big systems integrators that include managed hosting as part of a broader service offering. For small businesses there are communications providers that provide it as an add-on to network access services. Spanning the whole market are specialist MHPs whose raison d’être is the provision of enterprise-class compute platforms to all. These include NTT Europe Online, Rackspace Hosting, Savvis, Attenda, 7global and a host of other emerging vendors.

Quocirca hopes Computing readers will find the report a useful reference and also invites feedback via managed_hosting@quocirca.com for a second version of the report that will address any errors or omissions.

By Bob Tarzey, director, Quocirca

Though their lineage dates back to before World War II, ATMs in their modern form appeared widely on the high street in 1973. Since then they have bred like rabbits and spawned numerous cousins in the form of automated ticket dispensing machines and point-of-sale devices. They have also arguably created the payment services backbone that has enabled the “cardholder not present” transaction capability that is internet payment services.

Along the way ATMs have also fundamentally altered the relationship customers have with their banks. Gone are the days of queuing at inconvenient times in actual banks and dealing with real tellers, bank managers and advisors. All replaced with anytime, anywhere banking, in whatever currency of whichever country you’re standing in. Meanwhile branches have closed, and while almost everyone appreciates the convenience, there are many who rue the dehumanising of the bank/customer relationship.

All of this is worth keeping in mind as the NHS, and its international health care counterparts, dabbles increasingly in technology-enabled remote diagnosis and treatment of patients. The efforts of the NHS’ Aberdeen TeleHealth initiative, based in no small part on Cisco’s telepresence technology, have yielded some impressive results.

The NHS trials used high-definition telepresence communications, enhanced with customised cameras, scanners and a wide variety of other electronic diagnostic tools. The patient, normally assisted by a relatively unskilled helper (who may have no more than rudimentary first-aid skills), can be subject to an array of tests as well as being interviewed by the remotely located GP or specialist.

The healthcare service has field tested such diagnostic services in the remote wilds of Northern Scotland, out to the remote North Sea oil drilling platforms and with the communities on the Orkney and Shetland islands. Such communities are remote, sparsely populated, and suffer from a lack of dedicated and local health professionals. If enough trained personnel were to be supplied, they would be underworked - but horrendously expensive to maintain and manage.

The NHS trials have delivered impressive results, with the service reporting that diagnostic accuracy is on a par with in-person capability. While the telepresence approach requires availability of relatively high network bandwidth between the patient location and the remote healthcare professional, as well as a not-insignificant capital cost in technology, it is cost effective compared to providing comparable healthcare to remote communities via traditional means. Telepresence-based medicine makes it possible to more accurately and more rapidly diagnose a patient compared to the service that could be provided by way of the irregular in-person approach that such remote communities have historically suffered.

Such benefits are substantial, and it is clear that remote diagnostics provide important potential benefits in terms of service and cost. That said, it is also critical to remember that effective healthcare ought to be more than just treating patients as “units” to be pumped through an increasingly automated health service factory. Arguably, telepresence-based health services are another step down the path of dehumanising healthcare and turning it into an assembly line for the dispensing of treatments that address mainly the symptoms, and rarely proactively address the causes. The provision of telemedicine to a remote community that previously had no service is better than nothing, but is it the best we can do as a society?

The old bedside manner has to become the new telepresence-side manner. If some of the more mundane reviews and check-ups can be automated out of the health system - such as repeat prescriptions, blood pressure tests and anything else that can be made self service through web interface or remote monitoring - then more time should be freed up for the medical professional to spend in real consultation with the patient. This can then help with preventative treatment, so minimising reactive treatments, and again freeing up more time.

Therefore, technology used correctly can create a virtuous circle - whereas used wrongly can be counterproductive. Let’s ensure that the healthcare beancounters don’t ruin it - and that healthcare professionals can get back to caring more about their patients, and focusing less on the profitability of the service.

Many people would complain already that they are treated as walking wallets rather than individuals by GPs, as they are herded through community clinics in 10-minute appointment increments. We need to be careful as we take this path that we do not end with unintended consequences whereby there is some added convenience to some, at the expense of degraded and dehumanised services to everyone.

By Simon Perry, principal associate analyst - sustainability

Recently, I saw something saying that every organisation should have a head of social media to spearhead its approach to using blogs, Twitter, Facebook, YouTube and the million or so other social media networks that the Twitterati now say have to be used for any organisation to stand a chance of surviving the recession.

It’s an easy statement to make, but what would the real role of such a person be?  Is it their responsibility to identify which social media sites should be used, and to ensure that they keep up to speed with any new sites? Should they be the ones that decide when a site is no longer the social media site de jour, and so when an organisation should drop its use? How about the actual outbound content?

The source of the need for a head of social media did say that this person would need an army of digital ambassadors, but who do they report to? Standard reports to their line of business managers with a dotted line to this HSM? And how would the HSM interact with marketing, with sales, with the web site developers – never mind with the CEO, the COO and the CIO?

As social networking sites are not technical, it is unlikely that they should fall under the remit of the CIO. It is far more likely that they would fall under marketing as the majority of such outbound communications do – and yet the digital ambassadors would have to come from across a broader slice of the organisation (product managers, technical staff, support personnel, etc). It is unlikely that marketing having fingers in everyone’s pies would go down well in this case.

In an earlier Quocirca blog item I wrote regarding the opportunities and threats that social networking provided to enterprises. There was one response based on the fact that few organisations provided policies and guidelines on using the telephone – and if you trust your workers, then you will have a well motivated and capable force for good in using social networking. Unfortunately, I cannot go along with this view. Many large organisations have recognised for a long time that first contact – whether it be via the phone, email, personal contact or whatever – is incredibly important.

Those who are in the front line of customer service receive full training in how to react on the phone to ensure that they present the right “front” to the organisation. That is why we hear the oft-repeated “this call may be recorded for training purposes” when we do contact an organisation.

But we can’t do the same with social media – the sites are not under our management, and we have no means of controlling the inbound “pull” from the prospect or customer. We probably do have some possibility of control over the outbound content itself – we can put in place some form of content filtering in the form of data leak prevention (DLP), but only where the outbound content is going through the corporate firewall. For anyone using a laptop away from their desk, or using their own machine back at home, we have effectively zero control - unless we enforce centralised control on all machines via proxies. Potentially possible with corporate-owned machines, but doubtful where the employee is using his or her own machine for mainly personal use.

So, is the role of the HSM one like the chief security officer, in that they are there as the Big Brother monitoring what is going on and being more “thou shalt not” rather than “thou mayest”? If so, they will be an abject failure – the vast majority of people hate being told what they cannot do in this way.

Anyway, social media should not be regarded as being separate from existing interaction channels – otherwise, we run the risk of creating and continuing silos of customer interactions. Education is key – ensuring that employees understand the need for positive positioning of the organisation through all interactions, whether this be face-to-face, phone, paper mail, email, faxes, IM or any form of social media. This then becomes a far more rounded position for someone within the organisation – part of the standard marketing communications (marcomms) function. Employees can be provided with overall guidance on what is expected, clauses can be written in to employment contracts. Fewer “digital ambassadors” are required – we don’t have “telephone ambassadors” or “email ambassadors”.

We may want to have some designated, named individuals who will be prominent in how the business Tweets, Blogs and Pokes. But, what we really need is for everyone within an organisation to understand how powerful any interaction with prospects, customers and the general public can be – and to try and make sure that any such interaction is done in as professional and positive manner as possible.

No need for a head of social media then – just a marcomms expert who can keep their finger on the changing face of the multifarious means of interacting with others...

By Clive Longbottom, service director

Early social networking sites tended to fall in to one of two camps – the “hey, I’m here, anyone remember me?” consumer-oriented sites, or the “I want to extend my circle of professional contacts” type of semi-business sites. Those in the decision-making parts of the business sector tended not to be impressed by being poked by people having placed items on their fun wall, and consumers had little interest in Chinese widget manufacturers having researched through LinkedIn and finding that they would be a perfect match for being an outlet for the company’s goods.

But all of that has changed. The current darling of the social networkers, Twitter, is an interesting (as in the Chinese semi-threat of “may you live in interesting times”) mix of consumer and business broadcasts and more constrained responses that the business sector seems to be picking up on. Similarly, YouTube has become a major place for organisations to provide educative videos on their products, or viral marketing videos. Even Facebook has dedicated sites for companies and products, and has become a rallying point for market activists seeking to influence company strategy through Facebook hosted protests.

As new channels for marketing and customer experience management, all to the good. The reach of an organisation is now massive through using such sites, and there are no technical upkeep costs – someone else is providing the physical platform and managing the underlying software.

But there is one issue that is becoming more apparent. A social network capability under the name of the organisation is controllable. But individual accounts are not.

In the old days, an employee may have had a company mobile phone, an email address and a couple of other bits. Once sacked/made redundant/leaving, all of these could be controlled by the employer, not only trying to reclaim any hardware, but also reclaiming the underlying capability – emails were to the corporate address, telephone numbers under the corporate plan. Even if the employee was a known name in their own right, they had to start from scratch in the big wide world using new contact details.

Now, individuals are king. Some Twitter accounts may be in the name of the organisation, but the ones that are being followed strongly are those that are in the name of the individual – it is their thoughts that matter. While everything is going well, the organisation has a great synergistic relationship with the individual. The individual pushes the company, the Twitter followers are inculcated by osmosis.

But, here we are in a downturn, and companies are making people redundant by the tens of thousands.  Mergers and acquisitions are happening, and people are moving around all over the place. All these social networking accounts belong to them – not to the business. Those who are following the individual carry on receiving the information without needing to change anything.

The ex-employee, once the darling of the company, now becomes an unknown force – they have certain knowledge of the inside workings of the organisation and may have views that the organisation may not want putting out in the public domain. The reach they had before is still as strong – and anything juicy will get re-Tweeted or posted, and they will gain even more followers.

Even employees get it wrong – look at the Waitrose, Virgin Atlantic and other cases where employees have made disparaging remarks on social networking sites – and these have been picked up and re-posted until the press come across them. Telstra, the Australian telco, has provided employees with a 6-page guide to use of social networking, and requires employees to apply a disclaimer to any comments that could be seen to be either pro or con Telstra itself.

And the further problem is that there is not a lot that can be done about it. Yes, employees can be warned and educated as to what is expected of them, and certain rules can be built in to the contract of employment. But with ex-employees, it’s a bit more difficult. They may have signed a confidentiality agreement, but how do you enforce it? Once the genie is out of the bottle, it can’t be put back, and the damage is already done. Only fear may win the day – write in to agreements that any redundancy payment is dependent on adhering to the confidentiality agreement: if broken, the company can reclaim all monies paid.

The world has changed – wherever possible, a business needs to be able to position itself through the social networking media as best it can, and needs to leverage the pull of its key personnel. But, educate wherever possible, cover as many possible problems as can be planned for – and make sure that you have a rebuttal team available to face down any untruths that ex-employees do post as individuals. But, if it’s the truth, no matter how unpalatable it is, that has to be one of the downsides of a more open global village.

By Clive Longbottom, service director

BT announced this month that the company intends to cull its workforce to the tune of 15,000 workers, with CEO Ian Livingston citing “an unacceptable performance in BT Global Services” as being one of the more significant performance disappointments for the year to date. No doubt those workers will be a little disappointed themselves as they join the thousands the company has already shed over the last few years, as will shareholders as their dividends were halved. 

The 15,000 to go this year is on top of 15,000 last year. 30,000 is one of those nice round numbers that is of course recognised as being large, but at the same time somehow doesn’t quite sink in, but for sure it’s a lot of workers.

For perspective, its about five BMC Software sized companies worth, or if Symantec AND CA shut up shop completely tomorrow you would have about the same number of staff out of work. That’s a lot of ICT industry expertise suddenly let loose, and BT isn’t of course the first. Sage Software offered all of their 2,200 UK employees voluntary redundancy in April, while at the smaller end of the redundancy scale Barclays dropped 400 IT workers back in January, AXA 350, and Sun is culling even as they head into an acquisition by Oracle that will surely result in further wielding of the HR knives. It’s hard to count all ICT sector job losses accurately, but one senses that between 100,000 and 200,000 losses globally in the previous twelve months might be around the right mark (and that may well be wildly conservative).

Of course not all of those workers will be technical experts, especially those being let go from vendors, including BT’s disappointing Global Services division. Back office support staff, sales, sales support, a range of managers, as well as project managers and delivery types will also have been culled, along with those who have a degree of hands-on technical expertise. A veritable smorgasbord of ICT sellers, doers, coders and assorted hangers on suddenly swelling the available resource market. The question is; where do they all go?

Those with a vendor-related sales background who at least interview well, will no doubt find opportunities in the marketplace amongst competing vendors which themselves are looking to refresh their own underperformers with some new blood. All of which is a “good news, bad news” scenario for the individuals concerned and is a churn that makes no real difference to the overall size of the available employment-seeking pool.

Services and channel partners of culling product vendors will find themselves able to snap up choice ex-vendor staff with the hope that they are equipped with a bulging LinkedIn (or FaceBook for the younger ones) contacts list along with their relevant product and business skills. But that still leaves a lot of people with no obvious place to go as the global economy continues to lurch between reports of green shoots and warnings of further bankruptcies and hiccups. Meanwhile, no one seems to think that the far-side of any eventual recovery will restore it all to the halcyon days of yore.

In a time of more fluid credit we might have seen nascent entrepreneurialism and talent translate into a rash of technology and service startups. While a percentage will no doubt successfully walk that path (<1% perhaps?) again that still leaves a lot more unaccounted for. Optimistically the “green economy” will eventually provide new opportunities, however for many that will neither come soon enough nor provide an easily traversed path, coming as it does with a different set of skills requirements. Overall, its not a pretty picture at all and one that just begs for some alternative good news stories to provide a contrasting scene so if you have one, let us know as we’d like to hear it.

By Simon Perry, principal associate analyst, sustainability

It is so easy to get swept up with the positive messages put out around the UK Government’s Digital Britain strategy, especially when the Chancellor pulls an investment rabbit from the hat of his latest budget in the form of £750m Strategic Investment Fund to drive innovation and mentioned it alongside the dream of ‘universal high-speed broadband to all’. The only real sum committed, however, was the £100m for the Digital Region project, Yorkshire Forward.

While any investment is welcome, it is a small part of what is required to approach the needs outlined in the interim ‘Digital Britain’ report. These in themselves are only a fraction of what is really required to bring the UK up to the level of it being able to directly compete with neighbouring Western European countries, let alone those in the East, Asia and the Americas which are pushing broadband speeds and access ubiquity much further. This will need more commitment from the likes of BT, Virgin Media, Carphone/Tiscali and other internet service providers, and an incentive for them to invest.

What the Chancellor should be reaching for is ‘carrots’ not ‘rabbits’.

A village in South West Wales, Ferryside, demonstrates in a microcosm the issues for individual consumers, the communications challenges faced by the UK and how sorry the state of the infrastructure really is. It also highlights how far priorities have been misplaced, whether deliberately or through ignorance, and how this then fails to adequately address the basic community needs or does little to encourage investment in services that will add real social and local value. Communities need services and nurture, not simply diversion and entertainment, but these are not always the top of the list.

Ferryside, along with its near neighbour Llanstephan, were the flagship locations for the analogue to digital TV switchover in 2005, with locals being offered free digital set-top boxes as the analogue signals were switched off. This frees up spectrum to sell to other service providers, and provides a few dozen extra channels to everyone instead of the previous four or five - revenue for the government, and entertainment for the people. However, like many rural or semi-rural parts of the UK, even without a recession and the credit crunch, the villages really need a communications infrastructure to support vital community services – jobs, education and care – and not a greater choice of ‘reality’ TV programmes or shopping channels.

While the entertainment has become digital - although not perfectly as even digital TV coverage is patchy - other communications methods struggle in Ferryside. Mobile phone signals are patchy, with only one operator covering the majority of the village and another’s signals only appearing when the phone is held above the edge of a jetty over the river estuary (tides permitting). With either mobile carrier the poor signals and coverage means 3G or mobile broadband is still a distant dream.

Fixed line broadband performance is also typical of many remote communities. No fibre, only copper – old at that. The exchange is offering ADSL, but most subscribers consider 0.5Mb/s to be the best they will get, no matter how close they are. This is way below the goal of Digital Britain’s 2Mb/s – and that is hardly a stretch goal, even for minimum national coverage.

So why is faster broadband important, even perhaps a regional imperative, especially when times are financially constrained?

It is vital for digital inclusion, addressing rural poverty and giving communities the tools they need to survive and thrive. All communities form and grow around communications links. At one time it was seaports, rivers and canals, and then railway and motorway networks. The industrial age has given way to the digital age, and communities – for social and commercial reasons – are forming around the new IP networks. Access, capacity and speed if restricted will have serious social and commercial repercussions, and governments around the globe seem to be recognising this.

While remote, Ferryside does at least have a communications legacy from a different industrial past that many in the UK have lost – a railway station. It was built to serve the holiday needs of coal miners from the Welsh valleys and remains as a vital lifeline linking the community to the local major towns of Carmarthen, Swansea and beyond. The UK government has an opportunity to leave a similar digital legacy to future generations in all rural and semi-rural areas as well as the rest of the UK, providing it can keep its investment on the right track. However, its timetable is looking delayed, its signalling is poor and other countries are already pulling away.

Rob Bamforth, Principal Analyst

Many companies say their employees are their most prized assets, but perhaps only a few of them believe it when they say it. The experiences of employees demonstrate the reality of the message, and as I joined Sun Microsystems in July 1989, I was cynical, but willing. However, around the same time that this young company was saying publically, “The network is the computer”, Scott McNealy, founder and long-time CEO, was enthusing internally a more personal ethic, reflecting a positive attitude for employees of all abilities.

He said: “Work hard, play hard, change the rules, and win”. This typified the culture of the brash, fast moving Californian workstation company from the 1980s that eventually became the cheerleader for open systems, IP networking, ‘the dot in dotcom’ and the inevitable inventor of something like Java. Quite an attitude and in the 1990s even Oracle described itself as the second most arrogant IT company. It meant, after Sun. Ironic, eh?

With an acerbic (some would be less charitable) CEO, who famously laid into Microsoft (the dark side), IBM (the big blue whale) and many other companies (nobody wants to get Wang’d or DEC’d), what else could Sun be described as, but arrogant?

At many times, especially in the first fifteen years, it looked rightly so. It was relentlessly successful at inventing cheaper, faster hardware, capitalising on its channel and partners, and reasonably successful at developing software. It pioneered open platforms, trying to create competitive suppliers for its SPARC processor chips, encouraging Sun clones while SPARCstation workstations were booming and of course the Java platform.

While other companies stumbled, the similarly once great DEC in particular, Sun soared, and then started to believe it was something other than an innovative technology company. It moved into services, attempted solution selling and drifted from another of McNealy’s famed comments: “All the wood behind one arrow” to more of a prevaricating quiver.

Had the ‘prized assets’ lost their belief? In a way, yes: employees were less focused, the company had expanded, the gene pool diluted. It wasn’t that Sun stopped recruiting good people or that everyone was slacking, but something was missing. It was a loss of belief in being the underdog, taking on the world, making a difference. The focus turned inward, not outward.

Some of that change was good and necessary – sorting processes, maturing of attitudes and so on – but there was a loss of competitive spirit and a lack of focus on the needs of the customer. Cost centric replaced customer centric, and with external pressures mounting from the collapse of the dotcom boom and new brash, fast moving competitors, the internal focus intensified and Sun followed DEC down the route of a death of a thousand cuts.

Much of the energy dissipated as long-serving employees left or were cut over the years, leaving technology designs, patents, brands and trademarks floundering behind, along with manufacturing capabilities and several important pieces of software. But this is intellectual property, not intellect, and the spark of Sun had long dimmed before the embers were poked over by IBM, and were finally acquired by Oracle.

So, did Oracle buy a whole Sun? Well, it has acquired some valuable technology assets, but not the Sun belief and attitude of old. That had already been spread elsewhere into the ecosystem, with some former solar particles (employees) expending their energies on other technology challenges and others ready to commit time to very different activities. Oracle may have bought the mass, but perhaps not the energy of the dying star.

Rob Bamforth. Principal Analyst

Recent news that employees working in government departments have lost or mislaid over 1,000 laptops, more than 500 phones or mobile email gadgets and over 700 other mobile devices – probably memory sticks, cameras and so on – is no surprise. Mobile security, despite all the technology that can be applied, is reliant upon the attitudes of individuals, and past Quocirca research has shown that this is often pretty lax – from the top down.

Those that carry the gadget need to feel they carry the can for the care of the mobile tools provided to them for their work, and this has to be encouraged with the right messages from the top. The attitude of “get away with whatever we can as long as it is within the rules” that appears to pervade the upper echelons of the public sector - in particular, politicians - does not bode well for getting juniors to remember not to leave their BlackBerry in the back of a taxi or on a seat in the local coffee shop.

These devices carry increasingly large amounts of data as well as potentially granting network access to further restricted services or applications. While the use of passwords, PINs and encryption should prevent the contents from being casually photographed from across the street – unlike plain paper documents  – many users left to their own devices are pretty lax with their use of password and PIN protection, and even authenticated users will often allow anyone to inadvertently see the contents of their screens.

Of course systems and technology can be put in place to coerce or compel users into more secure practices. But we all know what happens if this is pushed too hard without any buy-in or user acceptable automation. Forcing users to change passwords every month means they oscillate between two rather than constantly create new ones, making them use complex random sequences means they will write them down, and mandating the use of numbers as well as letters will mean all too simple substitution – e.g. ‘3’ for ‘e’ – and guess how difficult that is to crack with brute force?

Even sophisticated security software does not fix the problem of hardware being mislaid, and if over-engineered may introduce layers of options that are difficult to implement and do little to create a positive user attitude.  When a software vendor in the 1990s touted 256 possible levels of security, the vast majority of implementations consisted of only two – full on, or full off. Too much choice leads to complexity and problems, making it harder to explain to the workforce how they should operate.

Security strategy for information and devices on the move needs to be simple and consistent. Outside of the control of the workplace it is critical to encourage an attitude of physical care first – keep secret information from prying eyes and pay extra attention to small or vulnerable items. Technology can then be used to support good user behaviour as transparently as possible and policy should be put in place and over communicated to reinforce correct behaviours, and punish poor ones.

Finally, this has to be driven and endorsed from the top, as senior managers (including senior politicians for the public sector) set the tone, which other employees will follow. The issue of dealing with information security on the move should be permanently in the back of everyone’s mind, and not just brought to the forefront when a leak or breach occurs – or when one appears in the media.

By Rob Bamforth, Principal Analyst