by David Bradshaw, 17 May, 2012 | feedback
Top Line: CIOs have to get their companies’ websites into compliance … eventually
Cookie Day is not about fundraising for good causes. Rather, it's the legal obligation that all UK websites need to ask for “informed consent” from website visitors before downloading cookies to the browser. This is not just a UK thing; the requirement comes from the EU Privacy and Electronic Communications Directive, and the UK deadline is 26 May. This deadline has already been extended by a year, and a last-minute further extension looks highly unlikely.
The UK government has admitted that the majority of central and local government websites will not meet the deadline. Thought there are no reliable figures, it is widely believed that the commercial sector is even further behind.
Bottom Line for ICT Buyers:
1. So much for the full force of the law; there seems to be little immediate danger of serious consequences from missing this deadline – at least for now. In an interview with Econsultancy, a digital marketing and ecommerce community, UK Information Commissioner Dave Evans took a relatively relaxed approach towards immediate compliance. However, he made it clear that his agency will monitor how companies and sectors are progressing towards compliance.
2. Doing nothing at all is therefore not a long-term option. In the interview, Evans said that a complete refusal to do anything at all about gaining permission would make his organization pay more attention to the companies or sectors involved.
3. Gaining consent may be a smart move anyway. “Permission marketing” (popularized by author Seth Godin) builds stronger ties between customers and vendors by obtaining customers’ overt consent to be approached by marketeers. This was a bit too “touchy-feely” for many e-marketeers who just wanted to play the numbers game by sending out mass emailings, but in tough economic times it may be more cost-effective to identify your core customers and to target your web marketing on them.
by David Bradshaw, Juan Sacchi, Kevin Bailey, 16 May, 2012 | feedback
Top Line: While security in the cloud is has similarities with traditional security issues, there are some crucial differences
While the benefits derived from cloud computing are evident, concerns about security in cloud-based services are discouraging many organizations from moving their strategic assets from traditional IT delivery models towards the cloud. In particular, information security is becoming a more complex issue, increasing its visibility and relevance as a strategic concern. Customers and vendors alike must rethink aspects of their security strategy.
Bottom line for ICT Buyers:
1. IDC has identified several key security areas of security-related concerns around cloud computing, including:
• Location: cloud vendors must commit to where the information is going to be stored, and if there are specific regulatory requirements, they must give contractual commitment about where the information is stored,
• Protection & Encryption: cloud services vendors approaches in these areas vary, particularly in the case of encryption, and ICT buyers need to ensure that any concerns they have are properly addressed,
• Service Availability & Reliability: most public cloud services providers currently do not offer guaranteed services levels or availability, instead relying on publishing their availability record, which may or may not be acceptable to CIOs,
• Recovery: customers need to know, in the case of partial or total disaster, how quickly the services they use will be completely restored,
• Regulation & Compliance: these are relatively known issues in a traditional IT environment, but they require more attention in the cloud.
2. A "one size fits all" approach to cloud security will not work. Different cloud implementations and different cloud delivery models have different focus points and pain points. End users should select security vendors and systems integrators that focus on the areas that are most appropriate to the cloud implementation being protected, that have a track-record in helping their clients gain a balanced understand the security implications of the different cloud services (rather than simply advocating their own cloud services as a solution to every problem), and that define and implement appropriate polices and controls in order to achieve successful and secure cloud implementations.
3. Enterprises should look for partners with whom they can confidently have long-term and strategic relationships. Customers will need support in the definition, integration, implementation, and management of security policies, as well as with the controls covering hardware and software technologies. Subsequently, all these will need to evolve over time as the business requirements change and as the cloud services supporting the business also change. That requires long-term commitment from both sides, and a good working relationship.
For more details, see: "Security Services in Cloud Computing," IDC # SP51U, May 2012.
by Douglas Hayward, 14 May, 2012 | feedback
Top Line: End-user demand for business consulting is surprisingly resilient, in part because consulting is now pragmatic and hard-nosed.
IDC has just published its forecasts for business consulting demand in 2012-2016, based in part on our annual survey of consulting buyers' sentiment. Overall, we found that business consulting buyers are more cautious and conservative than a year ago, which is understandable given the reduction in business confidence since mid 2011.
Compared to the previous survey (where we interviewed CIOs in October 2010), the percentage of organizations saying they were not planning to start a new business consulting project stayed the same at around a third, but the percentage of organizations saying that they plan to start a project halved from around a half to about a quarter. This reflects the increased levels of caution among enterprise consulting buyers in late 2011 and early 2012.
And yet ... despite business consulting being a "discretionary" spending category, we forecast that end users will in fact buy slightly more business consulting in 2012 than they did in 2011. Why so?
Bottom Line for ICT buyers:
1. At ground level, today's business consulting project is not about writing "blue-sky" reports that clients stick on their bookshelves; it's about hard-headed cost cutting and corporate risk reduction. Consulting buyers we surveyed reported that their top three 3 business drivers as cost reduction, operational efficiency, and regulatory compliance (in that order). Clearly, "cost is king" in Europe, but if consulting can delivery quick cost efficiencies, then even the most hard-nosed buyers will continue to consume business consulting services however "discretionary" they are. Particularly so when consultancies agree to be paid by results – one very large consultancy we know currently has 15% of its UK revenues "at risk" (i.e. dependent on performance). That, as the consultants (rather annoyingly) say, is "skin in the game".
2. Interestingly, the number of European organizations that have actually started (as opposed to planning) a new business consulting project is higher in our latest survey than in the October 2010 survey. Of course, this may reflect a time lag projects that have just started in 2012 may have been planned and approved before European businesses started to take fright at the macroeconomic outlook in mid 2011. But it looks like business consulting projects approved in 2011 were framed well enough to avoid cancellation when the economy turned business confidence sour. To us, that indicates that business consulting buyers are mature and pragmatic.
3. Looking forward, we see uncertainty and caution in corporate consulting spend. We think that many European organizations started freezing or cutting their plans for new business consulting spend in 3Q 2011, and that they followed this up in the 2012 budget planning process with either a ban on major new spend proposals, postponement of plans, or at the very least a cranking up of the criteria that new projects have to meet in order to be approved. But the pragmatic, cost-reduction and risk-reduction nature of most business consulting work (we estimate that only 16% of business consulting work in Europe in 2011 was strategy consulting) means that projects are still going ahead – for now, anyway.
Recommend this service to your friends.
IDC's European ICT Advisory Alerts are a unique new service from Europe's leading ICT research and consulting firm. They give ICT buyers and decision makers access to concise, unbiased real-time opinion and guidance from IDC's top analysts across the continent.
The alerts are distributed to end users, sourcing advisors, and journalists. Subscribers can choose daily or weekly frequency, and can suspend or cancel their subscription at any time.