Sie sind auf Seite 1von 13

Defining Self-Service and Its Application to Identity Management

An IDC White Paper

Analysts: Ana Volpi and Charles Kolodgy Many organizations believe that effective processes should develop organically over time. However, when examined closely, these organic processes are clearly not as efficient and cost effective as they could be. As the economy experiences its peaks and valleys, companies are focusing once again on operational efficiencies, cost savings, and best practices. This renewed focus creates an opportunity for these organizations to better understand how self-service tools and technologies can be applied to improve person-intensive support problems. Regardless of the economy, IDC believes that successful organizations will find ways to leverage self-support solutions to improve efficiencies and lower costs. This white paper provides a greater understanding of the benefits and role of self-service solutions, specifically in relation to identity management. The paper includes several case studies of firms that have implemented self-service solutions to address password management issues. It also discusses the impact the solutions have had on these organizations from a technology and a business perspective.

Dynamics of Self-Service
Self-service is not a new concept. In fact, it has become commonplace in personal banking and at gas station service centers. More recently, self-service has emerged in the context of technical support. IDC defines self-service technical support as the ability of end users to resolve their own issues by using knowledge bases, automated support, or diagnostics technology. Self-service is a subset of the larger concept of esupport, which encompasses all methods of receiving support electronically. IDC broadly defines security as the methods deployed to ensure that only authorized entities are able to perform specified actions. IDC views self-service identity management as the natural intersection of self-service technical support and security that allows an organization to empower users to manage functions such as password management and user authentication in a highly secure environment. Many factors make self-service solutions appealing to businesses of all sizes and industries. The following sections discuss some of those factors.

5 Speen Street Framingham, MA 01701 Phone (508)872-8200 Fax (508)935-4015

Reduced Costs
When employees or ecommerce customers are able to resolve relatively simple and common problems on their own, an organization can immediately expect to reduce the volume of calls to its help desk.

One of the biggest reasons that self-service solutions are appealing is also the most obvious: cost savings. When employees or ecommerce customers are able to resolve relatively simple and common problems on their own, an organization can immediately expect to reduce the volume of calls to its help desk. Successful help desks can typically identify the most repetitive, easiest, or most burdensome types of requests and establish self-support solutions for these issues. By implementing a self-service solution, companies free their technical resources to focus on higher-value, more strategic issues. For many issues, self-service can also reduce the time an individual spends describing the problem to a help desk technician. With self-service, the user is able to skip the description of the problem and move directly to the process of resolving it. Meanwhile, by shortening the problem-resolution time, the user is then able to achieve productivity more quickly.

Improved Service Quality

Self-service is attractive to many organizations because it empowers users to solve their own problems rather than relying on people and resources that may not be immediately available when needed. This concept is particularly true in the context of identity management because the process of creating and managing account identity or resetting passwords can be very resource intensive. With a self-service solution, system administrators no longer need to get involved in resetting passwords. Employees who need password-reset help can access an intranet site or automated telephone system, answer several authentication questions, and walk through a process to reset their own password, without the need to involve help desk personnel.
Self-service solutions can benefit employees working remotely. With a 24 x 7 x 365 solution, employees can gain continuous access to the resources required to solve their IT problem.

Self-service solutions can further improve service quality because they can be available 24 x 7 x 365. Employees can access technical help or reset passwords at any time from anywhere. This continuous availability makes users more productive because they do not have to hope that the help desk is open or wait for a technician to return their call. Users benefit from self-service solutions in the following ways: Improved resolution time compared with the manual process Wider choice of options to meet their support preferences (e.g., Web, automated phone, and manual support)
Printed on recycled materials

Copyright 2001 IDC. Reproduction without written permission is completely forbidden.

External Publication of IDC Information and Data Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason. All other trademarks are the property of their respective owners.

Defining Self-Service and Its Application to Identity Management

Increased service quality for other support requests because help desk staff members are not occupied with repetitive calls (and users spend less time on hold) and can focus on more strategic issues Increased first-touch resolution

Increased Ability to Scale Support Operations

Support for electronic user accounts has typically been designed for employees of a single organization. However, as supply chains become integrated, eprocurement becomes more prevalent, and partners gain greater access to an organizations systems, account provisioning and password-resolution issues must scale to handle an increasing user population. Therefore, it is critical to create a support service that can scale in terms of numbers of users and across a number of applications. This capability is particularly necessary when introducing new functionality or, in the case of a merger, when adding a whole new user group that needs to be supported. Many organizations are realizing that their call volume is outpacing their ability to add help desk technicians to handle these calls. In this context, a self-service solution can address those demands without the need to hire additional help desk personnel, thus allowing the help desk to scale more effectively and efficiently.

Improved Security
IDC believes that when the principles of self-service are applied to password and identity management, the level of security increases significantly. Kevin Mitnick, one of the most infamous cybercriminals, claimed that he did more damage with a call to a help desk than he ever did cracking an IT system.
Companies can use stronger authentication and have stronger and more enforceable password policies, and no one except the end user can view the passwords.

For example, when an intruder attacks a system, the perpetrator may create an account and then erase the log entry showing the creation of a new account. Thus, these illegal accounts may not show up to a system administrator. However, a self-service system that is tied to a service desk ticketing system or other data source provides the enterprise with an additional resource to improve its security process, while still protecting password and other account information. There are many weaknesses in current help desk processes, including careless authentication of users, inconsistent logging, and superuser power rights granted to help desk employees. A self-service solution improves authentication and logging while eliminating the need to provide help desk employees with superuser privileges. It also removes the need to share confidential password information over the telephone. Unfortunately, many businesses still view security as a hindrance or an additional cost. Yet, when implemented successfully, security applications can become a business enabler by reducing costs and improving the overall process. A self-service solution enables companies to implement stricter password policies.

Defining Self-Service and Its Application to Identity Management

Improved Security Policy Management

As IT infrastructures become more complicated, policy management becomes more difficult to administer. A self-service solution enables companies to simultaneously improve security management as well as security policies related to password length, password expiration, and password history and dictionary checks. Under a self-service structure, the password policies can be enforced automatically, thus reducing the burden on the security staff.

Enhanced Privacy Protection

By offering a self-service option, firms can protect user privacy, help users avoid embarrassment and the procrastination driven by embarrassment, and even eliminate the challenge of clearly communicating a problem over the phone.

Privacy has emerged as a key concern for many employees, and it is an important reason why many support functions have moved to a self-service model. No one relishes the thought of calling the help desk to report a forgotten password, particularly when the required authentication data is common, personal, or even highly sensitive in nature. By offering a self-service option, firms can protect user privacy, help users avoid embarrassment and the procrastination driven by embarrassment, and even eliminate the challenge of clearly communicating a problem over the phone. Meanwhile, the process of handling incidents such as password reset becomes more transparent to the end user while eliminating the need to share personal information during the authentication process. For example, users are not required to provide their mothers maiden name or other personal information to authenticate themselves to the support staff on the other end of the phone.

Recommendations for Selecting a Self-Service Solution

Companies should consider the following actions when choosing a self-service solution: Make sure the solution can grow vertically and horizontally. Any self-service solution should be able to grow in terms of sheer number of users, level of usage, and type of usage. Vertical growth refers to growth in the volume of users and overall usage of a system. Horizontal growth refers to the extension of a solution to solve other related problems. For example, a solution may originate as an automated resolution for a Web-based application but could also extend to support mainframes and other legacy applications. Many initiatives begin at the internal help desk level and move externally to include customers, suppliers, and partners. If an organization has systems accessed by these groups, it may be well suited for a self-service automation process in the future. Having the ability to leverage an already successful self-service solution can be a boon.

Defining Self-Service and Its Application to Identity Management

It is important that companies select a vendor that will leverage their existing infrastructure and that is capable of tight, application programming interface (API)level integration.

Choose a vendor that can connect to and leverage existing infrastructure. Most organizations are not willing to disrupt their existing infrastructure because a new solution requires a different environment. Therefore, it is important that companies select a vendor that will leverage their existing infrastructure and that is capable of tight, application programming interface (API)level integration. Existing hooks into popular applications will dramatically reduce the need for expensive custom integration. IDC believes that it is critical for companies to select a solution that not only protects investments made in current infrastructure but also is adaptable to future enhancements or changes to that infrastructure. Offer an intuitive interface. For any self-service solution to be successful, companies must develop an intuitive user interface that motivates employees to utilize the self-support process. No user training is required, although beta tests and usability testing may be useful for ensuring that new solutions are user-friendly enough to be widely adopted. Ideally, the help desk will develop a consistent and intuitive user interface while maintaining the ability to change back-end processes as necessary. Select a vendor with professional services and technical support experience. Most technology needs to be installed and often requires some level of integration. A strong vendor should have the resources and expertise to handle a variety of implementations. To reduce the number of technical surprises at implementation, companies should look for a vendor that has dealt with implementations in organizations or technical environments similar to their own. Another critical element of successful implementations is the ability to take into account the nontechnical issues that can inhibit adoption or derail a project, such as failure to market the solution or make users aware of its availability. An ideal vendor will understand that self-service is not just a new software application but a new process that needs some change-management savvy to succeed. Ensure a clear escalation path and multiple access points. Most users can recall a time when they needed help and went to a Web site or called for customer support, only to find that none of the menu items met their needs. Even with the most user-friendly design, self-service solutions will not be able to resolve every issue. In general, it is a good idea for companies to provide users with other methods of obtaining help in an easy-to-find location. Additionally, the self-service concept is not limited to access from a PC; users may need to access help in other ways. A strong solution provides multiple access options for users, enabling them to choose their preferred interface. For example, some organizations have integrated their telephone systems to allow users to reset passwords by following a menu of options available over the phone.

An ideal vendor will understand that self-service is not just a new software application but a new process that needs some change-management savvy to succeed.

Defining Self-Service and Its Application to Identity Management

Implement additional security features. Self-service solutions can add a number of security layers to the overall security infrastructure. In addition to their ability to combat social engineering, self-service systems can have password resets tied into the help desk system. This feature adds another layer of security with additional, more detailed audit trails. Also, companies should look for a system that has other compensating controls, such as email notification of password resets to the user and to the IT staff and lock-out notifications for failed self-service authentication. Finally, companies should look for a correlation system (examining different activities that in combination appear suspicious) that can be put in place as an intrusion detection function for the self-service system.

Implementation Issues to Consider

Companies should consider the following issues when implementing a self-service solution:
No single vendor can solve all self-service and esupport needs, so companies should look for vendors that offer strong integration with complementary third-party products.

Target tight integration. Standalone point products can be attractive because they typically can be easy to install and do one task well. But greater benefits can be realized by integrating selfservice solutions with existing systems. For example, if users can access a self-service solution via email, Web, chat, or the phone, they will quickly determine the method that most quickly resolves the problem. Integration can also tie together islands of information that would otherwise not be leveraged to make the complete solution more powerful. Finally, by integrating information into a common database, companies will no longer need to keep two separate databases up to date. No single vendor can solve all selfservice and esupport needs, so companies should look for vendors that offer strong integration with complementary third-party products. Make sure help desk metrics are adjusted. Anytime a help desk process is changed, the impact on metrics must be considered and adjustments made to ensure that comparable measurements will occur. Some organizations track every issue as a call ticket, while others track only those that require the assistance of a technician. Companies should consider the links they will need into their ticketing system. IDC recommends tracking both self-service incidents and incidents requiring intervention from a help desk technician. This approach allows the self-service process to mirror the manual, technician-based process and provides the most insight into the overall effectiveness of a self-service solution. For example, if self-service handles the easier calls, only the more difficult issues will remain, and they may lead to longer average call times. If companies do not understand the implications on metrics and make adjustments, positive self-service solutions may appear as metric failures.

Defining Self-Service and Its Application to Identity Management

Market new functionality to users. When rolling out a new solution that requires users to change a behavior or habit and adopt a new process, companies must effectively market this solution to end users. Rather than focus on the functionality, organizations must stress both how the solution will benefit the user and how to use it. Marketing efforts must be continuous to account for employee turnover and simple unfamiliarity with a solution. Consistency is critical as well. If companies tell users to reset their passwords via a new intranet self-service site and then take their password phone calls with no mention of the new site, adoption will lag behind expectations.

Case Studies
To better understand how self-service solutions can improve business processes, IDC interviewed three Fortune 500 companies that have implemented self-service solutions to address password and identity management issues. In each case, these solutions have had a significant impact on the organization from a technology and a business perspective.

A Large International Brokerage Firm

Business Drivers
The company determined that a large portion of its help desk calls were related to password resets.

This international brokerage firms main computer system has about 13,000 users spread across approximately 1,200 remote locations. Approximately 150 of these locations are wholly owned retail brokerage offices, and the remainder act as independent contractors. The company also has 13 international locations that require technical support, but the main help desk in charge of password resets was not open on a 24 x 7 basis. Therefore, non-U.S. users experienced significant periods of downtime because they were unable to have their passwords reset in a timely fashion. In addition, a number of traveling executives need to be able to access systems around the clock. The IT departments motto was Service first!, but users found their hold times growing. The company determined that a large portion of its help desk calls were related to password resets. In fact, 15% of its technical support calls are for password resets, totaling around 12,000 resets per month. At the same time that hold times were increasing, the number of users accessing the main system was also growing; however, the IT organization did not have the ability to add enough help desk staff to keep up with call volume. The company was also interested in moving from passwords without expiration dates to passwords that needed to be replaced every 90 days, but it feared the inevitable spike in calls. The goal for this large international brokerage firm was to implement a customizable, easy-to-use self-service solution that could reset Windows NT passwords across multiple domains without hefty hardware requirements. Because the project needed executive sign-off, the company was also looking for a cost-effective solution with a clear cost justification.

Defining Self-Service and Its Application to Identity Management

From a security perspective, the company felt that a self-service password-reset solution would be more secure than traditional reset over the phone with a help desk technician; that is, it felt that the task of collecting sensitive personal information for authentication was more secure when performed by a system instead of a human being. Given that the goal was to improve the password-reset process, the security of the solution itself was of paramount importance.

The company selected Courion Corporations PasswordCourier to provide a one-stop, self-service password-reset solution. Once it had selected the solution, the company was able to install the software and have it running as a beta test within eight hours. The company decided to authenticate identity against an existing human resources database, so data migration was not necessary. In fact, the products ease of use allowed the company to do most of the implementation work in-house. The system was configured to send emails to both the user and system administrator when a password was reset, so even though the solution isnt integrated into the existing call tracking system, its usage is still tracked. When the call tracking system is upgraded, the company plans to integrate both solutions. The company also underwent a security evaluation that had experts trying to break into the system, but they were unable to hack it.
When users call the help desk for password reset, staff members mention the self-service option.

Once the company had completed the beta test, it rolled out the product companywide through a marketing effort designed to educate users and drive adoption. When users call the help desk for password reset, staff members mention the self-service option. If users are not aware of the solution, they are encouraged to try the companys Web site. Because of the companys culture, users have the option to reset their passwords by either calling the help desk or using the self-service password management solution.

Cost Benefits
The company estimates that the cost of resetting a password over the phone is approximately 15 minutes at a cost of $25 per reset, including the cost of employee downtime. Currently, the self-service solution handles 56% of the password-reset requests, saving $25 per call and reducing overall call volume. Internal customer satisfaction has risen as users realize they can handle password resets quickly and efficiently on their own.

Improvement of Business Processes

International users and traveling executives, in particular, have benefited from the solution because it is available at any time.

Overall, the company believes that its employees are able to return to productivity much faster with the self-service solution than with manual reset. International users and traveling executives, in particular, have benefited from the solution because it is available at any time. The ease of use of the solution was cited as its biggest value. The IT

Defining Self-Service and Its Application to Identity Management

organization found implementation extremely user-friendly, and, since the system has been installed, administrators have virtually forgotten it exists, due to its reliability. As a result of the change in process, the company has been able to move from a policy where passwords never expire to one that forces expiry every 90 days, improving overall security. In short, the company is extremely satisfied with its new self-service password-reset solution and would recommend it to others.

A Large Aerospace Manufacturer

Business Drivers
This large manufacturer has multiple sites and systems and a diverse workforce with many employees who are not comfortable interacting with computers. As the company continues to grow through acquisitions, the number of different computer systems, applications, and networks has also grown significantly. As a result, it has become increasingly difficult to simultaneously meet the needs of its employees and keep costs down. Management recognized the need to move many functions to a Webbased, user self-service model. The efforts have spanned a number of functions and activities, including personnel issues (e.g., health coverage and 401(k) management) and computer system account provisioning and password reset.

The company has implemented a number of personnel and self-help activities using existing Web-based services. However, the biggest challenge has been in the area of password resets. Initially, the company implemented a self-service password-reset solution that was rather costly but not very effective. Therefore, the firm created a requirements document and had its contracting department solicit bids from a number of vendors. The request for proposal (RFP) had three key requirements: The solution had to be either Web- or phone-based; not include additional client software; and meet the companys security requirements. Courion, with its PasswordCourier solution, was the only company to respond to the RFP and meet all the requirements. PasswordCourier has been installed and is currently being rolled out across the organization. Because of the complexity of the companys computer systems and the size of the organization, the solution is designed to move beyond the 89,000 accounts currently accessible under the system to eventually serve the 1 million accounts companywide. Given the high-tech nature of its work, the company is extremely concerned with security. It has strong password policies that are dictated by system type and by location. As part of its security process, PasswordCourier sends a confirmation email to the user when 9 Defining Self-Service and Its Application to Identity Management

a password has been reset, and the companys self-service password resets are tracked by its help desk trouble ticket system. These capabilities were important factors in the companys selection of a self-service password-reset solution.

Cost Benefits
Because of the various computer systems the manufacturer runs, password resets can cost between $40 and $200, depending on the system. However, by utilizing self-service password management, the company has reduced costs dramatically.

Despite being a large organization, the company has found that help desk costs do not scale very well; in fact, they have been a challenge to control. Because of the various computer systems the manufacturer runs, password resets can cost between $40 and $200, depending on the system. However, by utilizing self-service password management, the company has reduced costs dramatically. Of those systems in which the solution has been deployed, 70% of the password resets are being executed in a self-service manner. The solution has also greatly reduced the strain put on the help desk at specific times during the year. At the end of the calendar year, the company closes down for two weeks, and the first few days following the shutdown are typically referred to as Hell Day by the help desk staff because so many people have forgotten their password. However, with the Courion PasswordCourier solution in operation, the first Monday of the new year generated call volume that was higher than normal but relatively manageable. The rest of the week consisted of a normal volume of calls to the help desk. Management noted that Hell Day did not occur with the Courion solution in place.

Improvement of Business Processes

The company decided to implement a password-reset solution to alleviate the burden on the IT staff of resetting passwords for the disparate systems. Because less than 20% of the companys employees account for 90% of all password resets, the company recognizes the need to target certain user groups as the solution is rolled out across the entire organization.

A Large Financial Services Institution

Business Drivers
Like many companies in todays economy, this large financial services institution is looking for ways to reduce costs. One task that doesnt produce any value for the organization but is a major cost burden is password reset handled by help desk employees. As a multibilliondollar financial services firm, the company maintains strict password management policies. These policies include password expiration every 30 days and password dictionary checks (words found in a dictionary are prohibited) and history checks (ensuring people dont reuse a recent password). Changing the password policies to make the password-reset process

Defining Self-Service and Its Application to Identity Management


To save money and improve productivity, the company needed a solution that would make the password-reset process easier without jeopardizing the existing level of system security.

easier was not an option. To save money and improve productivity, the company needed a solution that would make the process easier without jeopardizing the existing level of system security.

The firm selected Courions PasswordCourier to provide self-service password-reset functionality. The main selection criteria were ease of use, low cost to implement, and expected return on investment. Given that the company is extremely concerned with contracting outside vendors and the solution was relatively simple to install and configure, the company did most of the installation work in-house. At closely held institutions such as this, security concerns are always paramount. After careful consideration, the security organization supported the use of PasswordCourier, believing that it would improve security by removing the human element associated with help desk authentication and even reduce the number of people who write down their password. The solution, which currently supports approximately 6,000 users, handles about 1,500 password resets a month. The system is tied into the help desk ticket system so password resets are monitored.

Cost Benefits
For this large financial services organization, 60% of the password-reset requests are now handled by the selfservice solution.

For this large financial services organization, 60% of the passwordreset requests are now handled by the self-service solution. Although total call volume to the help desk has not decreased, because Lotus Notes was being rolled out simultaneously, the company is working closely with Courion to add self-service functionality to Lotus Notes. However, the company has managed to reduce the number of help desk staff without any impact on service. Instead, the Courion solution has helped reduce the time it takes staff members to resolve problems. Before implementation, a password reset would take approximately 10 minutes, followed by another 10-15 minutes to make the reset password available. Now the whole process takes only 2-3 minutes and has significantly reduced the costs associated with employee downtime.

Improvement of Business Processes

The time required to execute password resets with a self-service solution compared with a manual reset has been reduced remarkably. However, the biggest challenge of the self-service solution has been effectively marketing the solution to end users. In addition, some of the help desk personnel have felt somewhat threatened by this automated solution. After the firm installed the Courion solution, management quickly realized the need for programs that encourage usage. Courion has played an active role by making recommendations based on best practices adopted by other companies in similar situations. The


Defining Self-Service and Its Application to Identity Management

company now runs contests for the help desk staff by rewarding those who register the most end users. This registration typically occurs when an employee calls requesting a password reset. Both the help desk staff and end users have started to reap the benefits of the self-service solution. The Courion solution not only removes the awkwardness for employees during a password-reset request but also significantly reduces the time needed to resolve those requests.

It is important to understand the potential benefits and overall impact that a self-service solution can have on an organization. IDC believes that companies that successfully implement a self-service solution can experience reduced costs, higher levels of service quality, improved security, and enhanced user privacy. Selecting a vendor that can integrate the solution into an existing infrastructure and has both professional services and technical support experience are key factors to implementing a successful self-service solution. These three case studies prove that firms in a variety of industries have already experienced reduced operating costs and improved efficiencies by implementing a self-service identity management solution.

Defining Self-Service and Its Application to Identity Management


Corporate Headquarters 5 Speen Street Framingham, MA 01701 508-872-8200 IDC Canada 36 Toronto Street, Suite 950 Toronto, Ontario Canada M5C2C5 416-369-0033 IDC Irvine 18831 Von Karman Ave, Ste 200 Irvine, CA 92612 949-250-1960 IDC Mountain View 2131 Landings Drive Mountain View, CA 94043 650-691-0500 IDC New Jersey 120 Wood Ave South, Suite 509 Iselin, NJ 08830 732-632-9222 IDC New York 2 Park Avenue Suite 1505 New York, NY 10016 212-726-0900 IDC Texas 100 Congress Ave, Suite 2000 Austin, TX 78701 512-469-6333 IDC Washington 8304 Professional Hill Drive Fairfax, VA 22031 703-280-5161


IDC Austria c/o Loisel, Spiel, Zach Consulting Mayerhofgasse 6 A-1040 Vienna, Austria 43-1-50-50-900 IDC Benelux (Belgium) 29 Avenue Louis Gribaumont B-1150 Brussels, Belgium 32-2-779-46-04 IDC Benelux (The Netherlands) A. Fokkerweg 1 1059 CM Amsterdam The Netherlands 31-20-669-2721 IDC Central Europe (ECE) Male Namesti 13 Praha 1 110 00, Czech Republic 420-2-2142-3140 IDC Central Europe (Germany) Nibelungenplatz 3, 11th Floor 60318 Frankfurt, Germany 49-69-90502-0 IDC Central Europe (Switzerland) Niederlassung Zerich WTC, Leutschenbachstrasse 95 CH - 8050 Zerich Switzerland 41-1-307-1000 IDC Egypt 39 Iraq Street Mohandesseen, Cairo, Egypt 20-2-336-7355 IDC France Immeuble La Fayette 2, Place des Vosges, Cedex 65 92051 Paris la Defense 5, France 33-14-904-8000 IDC Hungary Nador utca 23, 5th Floor H-1051 Budapest, Hungary 36-1-473-2370 IDC Israel 4 Gershon Street Tel Aviv 67017, Israel 972-3-5611660 IDC Italy Viale Monza, 14 20127 Milano, Italy 390-2-284-571 IDC Nigeria House 2, C Close, 403 Road, 4th Avenue New Extension, Festac Town Lagos, Nigeria 234-1-883585 IDC Nordic (Denmark) Jagtvej 169B DK-2100 Copenhagen, Denmark 45-39-162222 IDC Colombia Carrera 40 # 103-78 Bogota, Colombia 571-533-2326 IDC Mexico Select - IDC Av. Nuevo Leon No. 54 Desp. 501 Col. Hipodromo, Condesa C.P. 06100 Mexico, D.F. 52-5-256-1426 IDC Venezuela Calle Guaicapuro Edif. Torre Seguros Alianza Piso 6, Ofc. 6-D, El Rosal Caracas 1060, Venezuela 58-2-951-3270 IDC Nordic (Finland) Jarrumiehenkatu 2 FIN-00520 Helsinki, Finland 358-9-8770-466 IDC Nordic (Sweden) Box 1096 Kistagngen 21 S-164 25 Kista, Sweden 46-8-751-0415 IDC Poland/ProMarket Wrobla 43 02-736 Warsaw, Poland 48-22-754-0518 IDC Portugal Av. Antonio Serpa, 36 Piso 9 1050-027 Lisbon Portugal 351-21-796-5487 IDC Russia c/o PX Post, RDS 186 Ulitsa Zorge 10 Moscow 125525 Russian Federation 7-501-929-9959 IDC South Africa c/o BMI-TechKnowledge 3rd Floor, 356 Rivonia Blvd. PO Box 4603, Rivonia, 2128 South Africa 27-11-803-6412 IDC Spain Ochandiano, 6 Centro Empresarial El Plantio 28023 Madrid 34-91-7080007 IDC Turkey Tevfik Erdonmez Sok. 2/1 Gul Apt. Kat 9D; 46 Esentepe Istanbul, Turkey 90-212-275-0995 IDC U.K. British Standards House 389 Chiswick High Road London W4 4AE United Kingdom 44-20-8987-7100

IDC Asia/Pacific (Hong Kong) 12/Floor, St. Johns Building, 33 Garden Road Central, Hong Kong 852-2530-3831 IDC Asia/Pacific (Singapore) 71 Bencoolen Street, #02-01 Singapore 189643 65-226-0330 IDC Australia Level 4, 76 Berry Street North Sydney NSW 2060, Australia 61-2-9922-5300 IDC China Room 611, Beijing Times Square, 88 West Changan Avenue, Beijing, P.R. China, 100031 86-10-8391-3456 IDC (India) Limited Cyber House B-35, Sector 32 - Institutional Gurgaon - 122002 Haryana, India 91-124-6381673 to 80 IDC Japan 10F The Itoyama Tower 3-7-18, Mita Minato-ku Tokyo 108-0073, Japan 81-3-5440-3400 IDC Korea Ltd Suite 704, Korea Trade Center 159-1, Samsung-Dong, Kangnam-Ku Seoul, Korea 135-729 82-2-55-14380 IDC Malaysia Suite 13-03, Level 13, Wisma KiaPeng No. 3, Jalan Kia Peng 50450 Kuala Lumpur, Malaysia 6-03-2163 3715 IDC New Zealand Level 7, 246 Queen Street Auckland, New Zealand 64-9-309-8252 IDC Philippines 7F, SEDCCO 1Bldg Rada Street Corner Legaspi Street Legaspi Village Makati City, Philippines 632-894-4808 IDC Taiwan Ltd. 10F, 31 Jen-Ai Rd, Sec 4, Taipei 106, Taiwan, R.O.C. 886-2-2731-7288 IDC Thailand 27 Soi Charoen Nakorn 14 Charoen Nakorn Road, Klongtonsai Klongsan Bangkok 10600, Thailand 66-2-439-4591-2 IDC Vietnam 37 Ton Duc Thang Street Unit 1606 District-1 Hochiminh City Vietnam 84-8-910-1235

IDC Miami Latin America Headquarters 8200 NW 41 Street Suite 300 Miami, FL 33126 305-267-2616 IDC Argentina Trends Consulting Rivadavia 413, 4th Floor, Suite 6 C1002AAC, Buenos Aires, Argentina 54-11-4343-8899 IDC Brasil Alameda Ribeiro Preto, 130 cj 41 01331-000 So Paulo SP Brazil 55-11-253-7869 International Data Corp. Chile Luis Thayer Ojeda 166 Piso 12 Providencia, Santiago 9, Chile 56-2-231-0111

IDC is the foremost global market intelligence and advisory firm helping clients gain insight into technology and ebusiness trends to develop sound business strategies. Using a combination of rigorous primary research, in-depth analysis, and client interaction, IDC forecasts worldwide markets and trends to deliver dependable service and client advice. More than 700 analysts in 43 countries provide global research with local content. IDCs customers comprise the worlds leading IT suppliers, IT organizations, ebusiness companies and the financial community. Additional information can be found at IDC is a division of IDG, the worlds leading IT media, research and exposition company.

Sponsored by Courion 01-117SERVIC2974 August 2001

IDC 5 Speen Street Framingham, MA 01701 (508) 872-8200 Fax (508) 935-4015