This is my first post as the new Research Director for the Security and Risk team here at Forrester. During my first quarter as RD, I spent a lot of time listening to our clients and working with the analysts and researchers on my team to create a research agenda for the rest of the year that will help our clients tackle their toughest challenges. It was a busy Q1 for the team. We hosted our Security Forum in London, fielded more than 443 end client inquiries, completed more than 18 research reports, and delivered numerous custom consulting engagements.
In the first quarter of 2010, clients were still struggling with the security ramifications of increased outsourcing, cloud computing, consumer devices and social networking. Trends have created a shift in data and device ownership that is usurping traditional IT control and eroding traditional security controls and protections.
We’re still dealing with this shift in 2010 — there’s no easy fix. This year there is a realization that the only way that the Security Organization can stay one step ahead of whatever business or technology shift happens next is to transform itself from a silo of technical expertise that is reactive and operationally focused to one that is focused on proactive information risk management. This requires a reexamination of the security program itself (strategy, policy, roles, skills, success metrics, etc.), its security processes, and its security architecture. In short, taking a step back and looking at the big picture before evaluating and deploying the next point protection product. Not surprisingly, our five most read docs since January 1, 2010 to today are having less to do with specific security technologies:
I was able to catch pieces of live testimony in front of the House Financial Services Committee yesterday on the Lehman Brothers collapse (covered via live blog by the Wall Street Journal). It was interesting to watch former Lehman head Richard Fuld reluctantly attempt to explain to an understandably skeptical audience, “We were risk averse,” in the period leading up to the company’s collapse.
Meanwhile, Goldman Sachs is back in the spotlight after the SEC leveled charges of fraud against the company last week related to alleged misstatements and omissions in the marketing of specific financial products. While this seems like a relatively small initial shot at the large financial firms, the SEC appears to be reasserting its authority after a series of embarrassing stories have come out about failures of oversight including Madoff, Stanford, and now Lehman.
So what does all this mean for governance, risk, and compliance professionals?
It’s hard to tell what might come of the fraud charges against Goldman Sachs, but if anything, this appears to build a case for more rigorous compliance policies and manual oversight. It’s hard to see how automated controls could have helped here, but the case could involve substantial e-discovery to determine how certain marketing decisions were made.
TECH DEVELOPMENTS: Like half a dozen Forrester colleagues, I have been stuck in London since last week due to the Icelandic volcano's disruption of air travel. So, this allows me a UK perspective on IBM's results for Q1 2010. These turned out to be very much what I expected (see "US And Global IT Market Outlook: Q1 2010 -- The Tech Market Recovery Has Begun"). I thought IBM's revenues would grow by mid-single digits; in fact, they grew by 5%. I expected its software revenue growth to be in low double-digits; its hardware revenues to be around 3%-5%; its outsourcing revenues up about the same; and its consulting and SI revenues down by 5% to 10%. Again, actual results came in pretty close: software revenues were up 10.6%; systems and technology revenues up 4.9%; outsourcing (GTS outsourcing) up 6%; and IT consulting and systems integration services (Integrated Technology Services and Global Businesses Services) flat with the year before.
Based on the results we have seen so far from IBM, Oracle (quarter ending February 28), Accenture (quarter ending February 28), and Atos Origin, here's what I think we will see for vendors for the rest of the quarter:
Software will be strong, up 10% or more growth in US dollar revenues for most vendors. Microsoft will do better than this, thanks to strong sales from Windows 7.
Hardware will also be strong, with PC vendors posting 15% growth and server/storage vendors coming in around 5% to 8%.
IT consulting and systems integrations servies will still be down, lagging the upturn in software investment.
I haven’t been blogging or tweeting recently because I’ve been on an unprecedented two-week vacation, but didn’t want any potential burglars to know that. Now, thanks to Eykanmuckyourlifeup or whatever its called, that vacation has turned into an extended business trip states-side (see #ashtag). So I’m taking the opportunity to meet more clients on the smoke-free side of the pond, to help them with their software negotiations.
This is a busy time of year, particularly for Oracle and Microsoft deals in front of their financial year-ends of May 31st and June 30th respectively. One of software buyers’ frequently asked questions is, “what extra leverage does a vendor’s year-end really give us?”
The answer is in the title above. On the one hand, if your deal would give your sales rep a Spiff, an extra bonus for selling specific products, then he’ll be very keen to prevent your order slipping into next quarter, when the spiff may not be available. Even better, he’ll be desperate to close your transaction now if he needs it to make his annual target, to avoid becoming part of next quarter’s reduction in force (RIF) program.
Last December I wrote about Building B2B Technology Markets, looking at how to penetrate a market with almost none of the traditional characteristics of a mature technology market? As technology vendors increasingly look to emerging markets as a significant opportunity and source of growth, this question becomes more pressing. The report explored some of the elements of Cisco’s Country Transformation initiatives in order to identify steps in the process of building market infrastructure:
For example, the report looked at partnering with governments to encourage market-friendly policies and investment in the necessary technology infrastructure to support market development and overall economic growth. And, from a sales perspective, trade associations provided an alternative channel to reach small and medium businesses in markets where distributors and resellers weren't available.
But, another element critical to successful market development is the ecosystem of partners developing solutions specific to the particular market, or even just contributing local innovation for new approaches to broader global issues. Building B2B Technology Markets discussed finding local organizations to act as partners in the market, and even investing in educational initiatives, but missed the next step of how to help create these new local ecosystem partners.
During a recent set of interviews with IT service providers on how they help their client’s innovate, I had the opportunity to speak with K Ananth Krishnan, CTO at Tata Consultancy Services (TCS). Ananth described to me what I consider to be one most progressive innovation programs I encountered during these interviews – it was consistent with TCS’s capabilities, holistic in scope, and has the potential to be a important part of the company’s long-term evolution.
A few key findings from my discussion with Ananth:
Today, Oracle announced yet another acquisition - this one of Phase Forward, a clinical research suite that helps life sciences companies manage their R&D process. Oracle paid $685 million in cash for this acquisition. While my research role focus does not encompass life sciences software specifically, Oracle's overall apps strategy is definitely of interest to me. My thoughts about this deal are as follows:
Oracle continues to aggressively acquire industry-specific applications to complement its core ERP solutions (e.g., EBS, PeopleSoft, J.D. Edwards, and the yet-to-be-released Fusion Applications). Industry apps enable Oracle to achieve deeper relevance with specific types of businesses, and sell them additional products, including middleware, integration accelerators, BI, databases, core ERP applications, and now even computer hardware.
The Phase Forward clinical trials software puts Oracle into the mix in large pharma accounts, where SAP tends to have the lion's share of the wallet for applications.
Healthcare overall is a massive market opportunity for which Oracle has only scratched the surface. Oracle only recently established a Health Sciences Global Business Unit, and more acquisitions can be expected in and around the healthcare ecosystem. Healthcare provider solutions may fit into this build-out at some point.
Your thoughts on Oracle's apps strategy and portfolio? Feel free to comment here.
Recently, I discussed complexity with a banker working on measuring and managing complexity in a North American bank. His approach is very interesting: He found a way to operationalize complexity measurement and thus to provide concrete data to manage it. While I’m not in a position to disclose any more details, we also talked about the nature of complexity. In absence of any other definition of complexity, I offered a draft definition which I have assembled over time based on a number of “official” definitions. Complexity is the condition of:
Recently, I’ve been getting more inquiries around risk based testing. In addition to agile test methods and test estimation, test teams turning their eyes to risk based testing is just another positive step in integrating quality through out the SDLC. Yes, I still see QA engineers as having to put their evangelist hats on to educate their developer brothers and sisters that quality is more than just testing (don’t get me wrong, consistent unit and integration testing is a beautiful thing), however, any time that business and technology partners can think about impact and dependencies in their approach to a solid, workable application elevates quality to the next level.
Keep asking those questions about risk based testing – and make sure that you’re covering all of the angles. Make sure that you’re covering:
The word for “crisis” in Chinese apparently comes from two roots meaning “risk” and “opportunity” – there is both a downside, and the potential for an upside. That’s how César Alierta, Telefónica Chairman and CEO, began the opening keynote of their 2010 Leadership Conference in Miami (where I spent several days last week). For Telefónica, that definition has played out with the global economic crisis. While results in Spain have been their downside, Latin America has been the opportunity. Telefónica has a presence in 15 countries in Latin America (and 42 countries worldwide), with offerings in mobile and fixed telephony and in IT services. Not all offerings are available in all markets but in many countries Telefónica has leveraged a strong position in one offering to expand into the others becoming the first integrated operator in the region.
According to José Maria Pallete, CEO of Telefónica Latinoamérica, Latin America represents 65-70% of their total customer base, 40% of revenues and about 40% of the operating income. In the enterprise space (as opposed to consumer services), 37% of Telefónica revenue comes from Latin America. That corporate segment (including public sector) marked double digit growth in Latin America in 2009, with its biggest markets in Brazil and Mexico.