IBRS Advisor Team

IBRS Advisor Team

Read latest work...

Connect with IBRS

Have a specific question for IBRS Advisor Team?


The Latest

2 November 2021: Two former Western Sydney TAFE (WSI TAFE) executives have been charged by the NSW Independent Commission Against Corruption (ICAC) for allegedly engaging in illegal solicitation and acceptance of $450,000 from IT consultancy firm Oscillosoft. The three-year investigation published its findings in a public report that revealed how the executives failed to comply with the proper IT procurement processes when they acquired the iPlan software program on behalf of the institute.

Why it’s Important.

IT-related fraud and corruption have grabbed the headlines in the past years, including:

  • the payment of false invoices in 2015 by a former IT manager who worked at several Australian universities 
  • the 2016 corruption investigation involving $1.7 million in payments for the personal business of an ICT manager at TAFE NSW South Western Sydney Institute 
  • the 2012 illegal ICT contractor recruitment by the head of ICT projects at The University of Sydney 
  • and just recently in 2020, the Australian National Audit Office (ANAO) investigated fraud allegations concerning $2.8 billion worth of procurement contracts by government agencies made with IBM. 

While these headline grabbing examples are concerning, the reality is questionable contracting and programming in ICT is far more pervasive than most executives would like to admit.

IBRS has seen multiple examples of this problem. 

Sometimes these have been uncovered as part of ‘project rescue’ engagements where IBRS has been asked to review why a project is failing and recommend remediation. This is the worst time to discover that the consulting services being procured are more or less thin air, as it means significant budget has already been spent. In one case, IBRS identified a project to implement a major information system had burnt through $3.5 million over three years without a single delivery milestone being met and no code being available for review. There was a ‘friendship’ between the contracting company and the ICT executive.   

In another case, IBRS uncovered consulting being awarded to a family member of the person granting the contracts, and the organisation had an ‘over-reliance’ on contracting.   

Neither of these situations may warrant a corruption investigation. Though they certainly skirted the edges of the law.

At other times, IBRS has uncovered questionable contracting and procurement as part of project assurance reviews. This is the best time to reveal problematic procurement, since it occurs earlier in the project cycle and thus heads off significant losses. More importantly, when staff know that such activities are likely to be exposed as part of the regular due diligence of project assurance, the temptation to engage in such activities that just barely skirt corruption is far less likely to occur.

There is a great deal of financial and reputational savings to be accomplished by putting appropriate governance, such as formal gateway reviews and project assurance programs, in place. 

That said, not every project needs a top-down approach to procurement. Still, the industry needs a more careful process of choosing the right level of governance and assurance for the right projects, taking into consideration the context and culture of each organisation.  

Who’s impacted

  • CIO
  • CFO
  • Procurement teams
  • Executive board

What’s Next?

For fraud and corruption to be prevented, better oversight by an institution's board should be extended to overriding controls, reviewing financial transactions and reporting processes, coupled with a program of project assurance.

Internal controls in payroll, procurement, inventory, sales and financial reporting must be proactive to prevent the manipulation of processes. 

Finally, organisations must review procurement processes regularly and amend sections that promote poor supervision and weak adherence to routine audits.

Related IBRS Advisory

  1. The difference between fraud and cybercrime
  2. Critical Controls for ERP Projects: The Human Factor
  3. Recognising cognitive biases for better decisions

The Latest

2 November 2021: The 2021 Australian Digital Inclusion Index indicates improvement in technology access, but many are still considered left out of the digital revolution.The recently published Index reports access to technology accelerated to 71.1 from 67.5 points the previous year, indicating significant improvement among middle-aged and senior Australians. It remains to be seen if this pace of progress can be sustained in the next year, considering the impact of the COVID-19 pandemic on online participation.

Why it’s Important

When planning digital engagement, service and marketing teams need to be aware that access to digital services is not ubiquitous. This is especially important for public sector organisations, where the failure of equitable delivery services may harm the most at-risk segments of society. However, it is also important for private sector organisations, as they plan multi and omnichannel services.

The Index provides important information that can help with planning digital services.

Some of the report's key findings necessary for policy implications include the following: 

  • The metro-regional gap has narrowed in different regional areas to 67.4 from 62.3 points
  • The national access score has improved to 70.0, but it is not shared evenly by all citizens, with 11 per cent of the population still being excluded
  • A slight boost in the digital ability score has been achieved at 64.4 points, although basic operational skills (setting passwords, connecting online, etc.) have dropped.
  • 14 per cent of Australians would need to pay more than 10 per cent of their income to afford a reliable internet connection
  • The gap between citizens with the lowest and highest income has slightly widened from 25.3 to 26.5 points.

These survey results indicate the need for solutions to remove barriers to inclusion, such as affordability of devices and lack of training for better digital literacy. In particular, the Index recommends improvement in network access and critical infrastructure through the ongoing pandemic, and provision of more affordable broadband connections across all regions and cities.

Who’s impacted

  • CIO
  • Managers
  • Business analysts

What’s Next?

When planning digital services, look for qualified sources of information on the extent to which the new services will be accessible and, importantly, who may be excluded. Discuss the impact of any exclusion on both those being excluded and your organisation. What additional, non-digital channels will be needed, and how will these channels eventually find their way back into the multi or omnichannel strategy?

Related IBRS Advisory

  1. Staff need data literacy – Here’s how to help them get it
  2. Trends for 2021-2026: No new normal and preparing for the fourth-wave of ICT

The Latest

22 October 2021: Google’s latest digital solutions, product features and partnerships were unveiled at Google Cloud Next ’21. In this three-day event, Google and Alphabet chief Sundar Pichai and Google Cloud CEO Thomas Kurian led the keynote sessions on Google Cloud’s improved customer ecosystem and security capabilities.

Possibly the most significant announcement at the event was around Google Distributed Cloud. The Google Distributed Cloud (GDC) platform allows deployment of Cloud-native architecture to private data centres. GDC Edge provides capabilities to run applications at the ‘far edge’ of organisations - IoT devices, AI enabled devices, and so on - via low-latency LTE, radio access network (RAN) networks, and newer 5G Core network technology.

Google Distributed Cloud does not require enterprises to connect to Google Cloud when using their APIs or managing network infrastructure. This is important for organisations (e.g. public sector, finance, health) needing to retain on-premises deployment for tighter control over security and compliance.

Why it’s Important

With GDC, all the top three hyperscale Cloud vendors now have options to run applications developed for public Cloud across private and semi-private infrastructure. Furthermore, all three vendors have approaches to ‘edge’ computing. This is a natural evolution of the operational practices, automation and management software, software defined networking and hyper-converged infrastructure (HCI) that sees the Cloud seeping back into all areas of ICT. As this trend continues, and the lines between where ‘Cloud infrastructure’ sits, organisations will need to make decisions on the key automation and management platforms they will adopt across Clouds.

More organisations have started looking for better solutions to place their Cloud resources anywhere and in any geolocation. This offers considerable reductions in latency by eliminating the distance between users and their content to ensure highly available data while keeping costs low.

Who’s impacted

  • CIO
  • Development team leads
  • Business analysts

What’s Next?

All the hyperscale Cloud vendors are offering this type of flexibility and they are strongly expected to improve over time. It will further drive hyper converged infrastructure (HCI) investments driven by the demand for cost-effective scalable storage with strong durability and availability guarantee.

Related IBRS Advisory

The Latest

22 October 2021: At Google Cloud Next ’21, Google announced the general availability of a PostgreSQL interface to its hyperscale, global spanning Spanner relational database. In short, this means that organisations that have applications that are compatible with PostgreSQL can now migrate to a highly elastic database that is significantly less costly, more robust than running PostgreSQL instances on virtual machines.

Why it’s Important

Google’s highly scalable Cloud relational Spanner database provides high-velocity transactions, strong consistency, and horizontal partitioning across global deployments. Like other specialised, serverless Cloud databases, Spanner previously required legacy (on-premises) applications’ data access layers to be reworked. 

The addition of a PostgreSQL interface greatly reduces development teams’ workload for migrating applications to Spanner. This has several knock-on impacts when migrating applications to the Cloud, including: 

  • reducing training  / new skills development, and allowing existing skills to be fully leveraged
  • reducing the vector for new bugs to be introduced
  • simplifies testing

Overall, this significantly lowers the cost and risk of moving an app to the Cloud. 

As always, the devil is in the detail. Cloud Spanner Product Manager, Justin Makeig posted that the platform does not yet have universal compatibility for all PostgreSQL features, since the company’s goal was to focus on portability and familiarity. However, IBRS has determined that even with the current level of functionality, the PostgreSQL interface for Spanner presents good value for teams looking to migrate legacy applications to the Cloud.

Google is not the only hyperscale Cloud vendor that has enabled this type of operability. However, Cloud Spanner is more economical than competitive hyperscale Cloud database products at this time.

Who’s impacted

  • Development team leads
  • Cloud architecture teams

What’s Next?

Google announced that it is planning to expand its Spanner integration to additional database standards. Data portability and migration of legacy applications to hyperscale Cloud is now a focus for many ICT groups. The availability of open standard SQL interfaces to database PaaS (platform-as-a-Service)  is expected to be a trend for application and data migration, especially where the applications are complex.

Related IBRS Advisory

  1. VENDORiQ: Google introduces Database Migration Service
  2. Enterprise resource planning (ERP) Part 5: Will automation of S/4HANA data migration make modernisation

The Latest

22 October 2021: Google introduced the Work Safer program at the Google Cloud Next ’21 event. The new program includes the Google Workspace suite of products, and adds several third party cyber security services for endpoint security and access to legacy solutions. In addition, Google unveiled upgraded devices, including new Chromebooks from HP.   

A new in-house Google Cyber security Action Team was also introduced in the event. The group will take the lead in developing cyber security and digital products by leveraging the capabilities of the Work Safer program and developing training and policy materials..

Interestingly, Google is offering a whopping 50% discount for the term of the initial contact for all products (its own and third parties) within the Work Safer program.

Why it’s Important

The aim of the Work Safer program is to reinvigorate interest in the Google Workspace ecosystem.  

Microsoft continues to have a near monopoly on the office productivity space, and is using that position to drive organisations towards its Azure Cloud ecosystem and its security ecosystem. Microsoft’s strength is its breadth of services, support for legacy solutions and resistance to change by both desktop teams and office staff.  Creating sufficient impetus for change to a light-touch, collaborative environment of the magnitude Google proposes is hard.

Google Workspaces has a far smaller attack vector compared to Microsoft. Its architecture has been firmly rooted in zero trust since its inception - from the devices all the way to the apps, storage and access controls. However, organisations that have not yet gone down the Google path retain a significant array of existing network investments, legacy solutions, mixed access controls and identity management, devices and so on. To meet these clients' needs, Google has partnered with CrowdStrike and Palo Alto Networks to come up with endpoint protection and threat detection solutions. The partnerships should not be viewed as “Google is backfilling weaknesses in its ecosystem” (which is something we expect to hear from Google’s competitors soon. Instead, these partnerships should be viewed as Google recognising its ecosystem will need to sit alongside ecosystems based on architectures that were conceived several decades ago and retain complexities that need to be addressed.

With more businesses shifting to a remote or hybrid work setup, the risks of ransomware attacks through phishing campaigns, malware infections and data leaks pose a threat to these companies’ data security practices. As such, Google easily benefits from its product’s value proposition already being consumed.   

Therefore, it would appear that Google’s messaging is on point. 

However, from roundtable discussions with digital workspace teams held this month, IBRS has confirmed that Australian organisations’ ICT groups and senior executives continue to resist a major step-change in the office productivity and device space. Rather, most organisations continue to look for ways to extract more value from their existing Microsoft contracts, increasingly looking to expand their investments into Microsoft’s E5 security offerings.  

In short, Google’s challenge is not convincing organisations they have a better, leaner security model. It is not even being less costly than Microsoft.  

It is literally resistance to change.

Who’s impacted

  • CIO
  • Development team leads
  • Business analysts

What’s Next?

Even if an organisation is unlikely to switch to Google Workspace, it is beneficial to review Google’s architecture and which aspects can be applied to the existing architecture.

Organisations should also consider running Google Workspaces experiments with groups of remote / hybrid workers that have less connection with legacy solutions.

Related IBRS Advisory

  1. Deciding between Google G Suite and Microsoft Office 365
  2. Considering Chromebooks Part 1: Show me the money!
  3. Chrome OS: Follow the money

The Latest

22 October 2021: Microsoft recently unveiled the latest versions of its Surface line of devices with versatile form factors to cater to different use cases. Highlights include the redesigned 13-inch Surface Pro 8 tablet with 11th generation Intel processor, the portable Surface Go 3, the laptop/tablet Surface Pro 7+, the pocket-sized Surface Duo 2, and the highly anticipated Surface Laptop Studio.

Why it’s Important

Microsoft released its redesigned Surface lineup form factor alongside its rollout of Windows 11 earlier this month. While there are plenty of improvements in the new lineup, most are best described as evolutionary: more computing power, refinement of form factors, etc. 

However, two products stand out as potential new niche market makers: the Duo 2 and the Surface Laptop Studio.

The Duo 2: Win-Win or Double-Trouble?

IBRS has obtained a Surface Duo 2 and finds it fits somewhere between a smartphone and a tablet… yet not quite matching either role. While Samsung found some success with its Galaxy Z Fold device as a smartphone, the Duo 2 tends more towards the tablet end of the market.

If the Duo 2 is to be successful, it will be due to Microsoft defining a new niche for mobile prosumer (professional- level consumers). The success of the device will indicate that there is no single market niche for foldable devices (as they are currently being touted), but several sub-niches tied more to screen size, onscreen keyboard capabilities and photography prowess.

On the flip side (pun intended), first impressions of the Duo 2 suggest it may be a workable alternative to the semi-ruggedised, larger format smartphones which are making inroads against traditional fully-ruggedised tablets. 

The additional screen space and size of the on-screen keyboard, positions the Due 2 slightly above most of the large format phones for field workers. It is even passable (just) for running remote virtual desktop applications. 

Surface Laptop Studio: Solves the problem you didn’t know you had

IBRS has also trialled the Surface Laptop Studio. IBRS believes this device serves a new niche between more traditional laptops (such as the Surface Book) and hybrid devices (such as the Surface Pro).  

The Laptop Studio has a hinge at the back to help set up the device in three versatile constructions: a regular laptop, a ‘stage’ mode where the screen is closed when streaming or engaged in video calls, and the ‘studio’ mode where the screen slides out flat, effectively turning the device into a graphic-intensive tablet.

From observations during ‘digital workspace’ consulting engagements, IBRS has noted that the Surface Pro is often used as a ‘primary desktop’ (meaning, used mostly when seated as a staff-members regular desk and in the home office). The weakness here is that the device is better suited for mobile (nomadic) work.

The Laptop Studio is more geared towards a desk-top experience, while also providing for flexible user configuration. For example, it features more connectivity ports, but less focus on the battery 

Microsoft is not the only company implementing a new form factor to cater to users’ needs for devices that straddle between existing designs. Acer’s ConceptD 3 Ezel and HP’s Spectre Folio also share the same form factor as the Surface Laptop Studio. 

It is likely this ‘desktop oriented yet flexible’ form factor will gain ground as more organisations adapt to the demands of hybrid working. It is not enough to consider someone working between multiple office locations as being a ‘remote worker’. Rather, they are full-time office workers that may wish to move between locations, while gaining the ability to host video conferencing, engage in pen / tablet creative work, and switch back to having a more traditional desktop experience.

Who’s impacted

  • Procurement
  • Digital workspaces / end-user computing teams

What’s Next?

The evolution of end user devices is ongoing - albeit slowly and with more than a few dead-ends. Manufacturers continue to experiment with new market niches, as organisations become more selective with devices that meet specific needs.  

The upshot of this is that care should be taken when developing ‘personas’ for digital workspaces. Keep in mind that a persona is not solely related to a staff member’s ‘job’ (which is really multiple different types of jobs). It needs to factor the environment, the tasks performed in the context of the environment, and the staff's ability to switch between different devices based on needs at any given time.

In addition, when determining mobile force field device needs, do not limit the evaluation to the features of fully rugged products. Instead, consider the lifecycle of the products and software dependencies. Only then should an organisation decide which available devices on the market can best cater to the work contexts and personas you have.

Related IBRS Advisory

  1. Redefining what ruggedised means
  2. The use and abuse of Personas for end-user computing strategies
  3. Examples of Persona Templates
  4. VENDORiQ: Samsung unveils new smartphones

The economic benefits are revealed in a report produced by IBRS and Insight Economics and commissioned by enterprise software firm TechnologyOne and quantify for the very first time the $224bn economic opportunity that can be unlocked if the public and private sectors embrace new innovations and replace redundant IT platforms with next-gen Software-as-a-Service (SaaS) technology.

According to the report, every year more than $70bn of the $98bn spent in Australia on software is directed towards legacy on-premise platforms, which costs the economy billions and has a detrimental environmental impact through higher emissions.

Full Story.

Artificial intelligence (AI) is an emerging technology that can be applied across business lines and yield significant results when aligned with business priorities. Assessing the AI maturity of your organisation can assist in providing AI roadmaps and aid in developing strategies and business cases.

The purpose of this presentation kit is to provide an AI maturity model in the analytics space. The proposed maturity model can be applied to any type of industry. Log in and click the PDF above to download the 'Analytics Artificial Intelligence Maturity Model' presentation kit and discover:

  • An IBRS AI maturity model that provides the foundation to apply the existing AI technology where it matters to the business
  • Guidelines to evolve into the future, whereby only limited data is available to make informed decisions
  • Next steps for your organisation

Read more

The Latest

16 August 2021: VMware and AWS announced that VMware Cloud had been independently assessed by an Information Security Registered Assessors Program (IRAP) assessor against the Information Security Manual (ISM) PROTECTED controls.

Why it’s Important

IBRS has noted that VMware Cloud is becoming increasingly popular as a management platform for hybrid Cloud. Its main attraction is that it offers a smooth ‘lift-and-shift’ of on-premises vSphere environments to a hyperscale over time, with different aspects of the data centre ecosystem running in the Cloud and/or on-prem. The VMCloud approach is particularly attractive for heavily regulated organisations and agencies, since it supports Amazon Elastic Compute Cloud elastic, bare-metal infrastructure. 

By assessing the VMCloud service, public sector customers have the opportunity to accelerate their Cloud migration, moving more of the load from on-prem environments to Cloud, while retaining operational consistency with their on-prem data centre.

While VMware Cloud IRAP for PROTECTED status is very much welcome, there is also the risk that IRAP is treated more as a ‘check-box’ in a security policy, rather than a foundation on which to build robot security practices. Many Cloud breaches are not the result of zero day exploits or misconfigurations from vendors (despite recent issues with Azure) but rather weak configuration management. This is exacerbated by the ongoing skills shortage in Cloud engineers, plus the even more critical shortage of cyber security professionals.

VMware Cloud provides common approaches to managing the Cloud environment, but it is only as good as the attention to detail given to the configuration of the environment. Tools such as GorillaStack can assist, but operational security is ultimately a matter of practice.

Who’s impacted

  • CISO
  • Cloud teams

What’s Next?

When considering Cloud management tools, security certifications and IRAP assessments are a sign that the vendor has best practices in place, but are not a panacea for mitigating risk. Treat them accordingly. 

Related IBRS Advisory

  1. Cloud Security Considerations – Lessons from the Frontline
  2. PROTECTED Cloud: Cyber considerations
  3. The value proposition for PROTECTED Cloud
  4. Why Cloud Certified People Are in Hot Demand
  5. VENDORiQ: Microsoft Cloud Database Security Flaw - A Nightmare or a Wake-up Call?

The Latest

22 September 2021: Six months after GorillaStack has released capabilities to monitor and apply rules to any AWS events, it has added similar functionality to Azure. The new service enables greater governance and automation of Azure. The new Azure service focuses on identifying when bad changes - particularly those that may impact security - occur.

Why it’s Important

As previously discussed, Aussie born GorillaStack is one of the earliest vendors to address the complexities of Cloud cost management.

Since its inception, GorillaStack has evolved into a more expansive Cloud monitoring service, with a growing focus on security and compliance. In March 2021, GorillaStack announced real-time event monitoring for AWS. With this announcement, it expands the monitoring of events to Azure, and confirms IBRS analysis that Cloud cost optimisation and security compliance go hand-in-hand. In short, enforcing configurations for security follows the same processes and uses common architectures as enforcing financial governance within Cloud infrastructure. 

Who’s Impacted

  • CIO
  • Cloud teams 

What’s Next?

When reviewing solutions for Cloud cost optimisation through compliance, consider the extent to which the service can also assist with tightening up security. Conversely, when looking at tools to help enforce Cloud security compliance, consider how these may also be used to manage costs.

Related IBRS Advisory

According to a landmark economic analysis from IBRS and Insight Economics, Australia’s Federal and State government sector could unlock an $62 billion ‘digital dividend’ by replacing old technology with Cloud-based Software as a Service systems (SaaS). 

In their report, “The Economic Impact of Software-as-a-Service”, IBRS and Insight Economics set out to analyse, for the first time, the savings from modernising IT systems across a range of industries including government, education, health & aged care and financial services.

Full Story.

The Latest

27 August 2021: Security flaw hunters at Wiz were able to obtain the security keys that control access to Microsoft’s Azure Cosmos DB, and demonstrate that it was possible to access customers’ Azure Cosmos DB.  

Why it’s Important.

This flaw is especially worrying, because all Cloud vendors and many independent security advisors, including IBRS, have been advocating that Cloud security is generally of a far higher standard than that achieved by most in-house data centre teams. IBRS stands by this claim. But this does not mean Cloud vendors will not make security mistakes. And when they do, they will impact large numbers of organisations.

There is no evidence that this security flaw - likely an operational oversight - has been exploited. Once it was identified by Wiz (on the 9th August) and flagged with Microsoft (on the 12th August), the existing keys were quickly re-secured. Unfortunately, the keys in question are fundamental security assets that Microsoft cannot change. Therefore, Microsoft emailed the customers (on the 26th Aug) requesting they create new keys, just in case the previous keys had fallen into the hands of bad actors. It is estimated that 3300 customers have been impacted. 

To mitigate this issue, Microsoft advises Cosmos DB customers to regenerate their Cosmos DB primary keys immediately.

Unfortunately, just because there is no evidence the flaw had been leveraged, organisations should assume the worst. It is well publicised that state-actors hoard such flaws for intelligence gathering. In this case, paranoia may be justified.

More importantly, the situation highlights the need to take a multi-level approach to security in the Cloud. Relying on security protocols to secure an essential asset places organisations at greater risk of these hyper-scale security flaws.  

For example, in this situation, organisations that have behavioural/usage pattern analytics monitoring the database would likely have been altered should any bad actor start to access the database, and remedial action would be triggered. Furthermore, data from such monitoring could be used to determine the likelihood that the security flaw had been exploited - something few Azure Cosmos DB customers can confirm at the moment. 

Another example is using encryption services, these services should be leveraged extensively. Assume data assets will leak and repositories (including databases) will be breached, base encryption strategies on the sensitivity of the data. 

A migration to the Cloud can often improve the security stance of an organisation, but only if security is treated as a multifaceted, ‘trust nothing’ (akin to zero trust) philosophy is taken.

Who’s impacted

  • CISO and security teams
  • Cloud architects
  • Cloud migration teams

What’s Next?

  • If you are an Azure Cosmos DB client or have instances in development teams, immediately regenerate the primary keys for these databases.
  • Review your Cloud solution designs - including those of ‘lift and shift’ of legacy systems - to identify where single points of security failure could occur. Consider remediation strategies using multi-facilitated security services risks. Such effort needs to be balanced against business risk and information sensitivity. 

Related IBRS Advisory

  1. Cloud Security Considerations – Lessons from the Frontline
  2. CyberArk launches AI-powered service to remove excessive Cloud permissions
  3. New generation IT service management tools Part 2: Multi-Cloud management

The Latest

19 August 2021: Microsoft has announced pricing increases for its Office 365 and Microsoft 365 offerings, which has resulted in a great deal of media coverage.Microsoft is at pains to point out that it has not increased its prices on 365 for a decade, and during that time has added a great deal of functionality (20+ applications) to the portfolio.

The Specifics

Microsoft is still working through how the new pricing will be applied in the Australian market and an announcement is expected soon. IBRS will perform a detailed cost analysis at this time. However, Microsoft has confirmed that any changes to local pricing will mimic the North American price changes. 

Based on the US data, enterprise and business plans will see increases in March 2021. Based on US$, the dollar amounts range from US$1 to US$4 per user per month, or US$12 to US$48 per user per year, with the percentage increases running from a low of 9% to a high of 25%. Microsoft F-series licences for frontline workers and Microsoft 365 E5 are not subject to price increases. Consumer and education-specific plans (the A-series) are also unaffected by the price increases.

The new pricing structures will disproportionately impact small businesses and those with the lower levels of the Microsoft suite, while enterprises with E5 licences will be left unscathed. That in itself reveals Microsoft’s clear intent to nudge the market towards its E5 offerings. It is estimated that only 8% of Microsoft customers globally opt for E5 licensing, though IBRS has seen strong interest among Australian organisations to at least explore the more expansive capabilities found in E5.

At this time, we believe the majority of IBRS clients will see price increases in the lower range. However, given that Australia has been one of the fastest adopters of Office 365, and has for decades suffered from ‘the Australia tax’ of software vendors, the increases will still be felt deeply across the industry.

Why it’s Important.

For many IBRS clients, the immediate impact is the need to set aside extra budget for its existing 365 environment. 

Something that is not gaining attention is that the new pricing also increases the cost of Microsoft’s Unified support, since it is calculated as a percentage (10-12%) of the overall Microsoft spend. IBRS recommends that organisations set aside a budget for this increase as well.

However, the price increase is not the full story. A closer look at how the new pricing is structured, plus other less publicised changes, suggests it is geared towards making E5 licences more attractive to mid-sized organisations. 

The increases came shortly after Microsoft announced that its perpetual-licence Office would see a 10% increase and that its service for Office would drop from 7 years (it was previously 10) to just 5. Even more telling is that Microsoft has effectively engineered a one year ‘gap’ in N-2 support for Office (with the persistent licensing model), which forces organisations with older Office Pro licences to either purchase an upgrade sometime before 2023, or migrate to Office 365. 

In summary, Microsoft’s recent changes to Office licensing are a strategy that makes the price difference from E3 to E5 licensing less imposing and makes sweating perpetual Office licences far less attractive, if not unworkable. The savings from sweating Office licences over a five-year period are still there, but they are significantly lower than with seven-year cycles.

IBRS has long stated that Microsoft’s goal is not necessarily to drive up ICT budgets. A closer look at the additional capabilities found in E5 licensing reveals that most are aimed at moving Microsoft into adjacent product sets. For example, the additional security capabilities that become available with E5 licensing are clearly aimed at security incumbents, such as Symantec. Microsoft’s E5 strategy is to pull ICT budget away from competitors and into its own coffers. It is about carving out competition.

Who’s impacted

  • CIO
  • CFO & procurement
  • Digital workspace teams

What’s Next?

In the Australian market, IBRS sees few enterprises still on persistent licensing for Office. Globally, Australia has been an early adopter of E3 licensing, though until the mass push to work from home in 2020, many organisations did not take full advantage of the additional features and collaboration capabilities of the 365 platform. Furthermore, Google Workspaces is only making marginal increases in the local market, meaning Microsoft has little real local competitive forces working to temper it in the office productivity space (though this is not the case in other markets in the Asian region).

Therefore, the question for organisations is, is this strategy to push customers from existing E3 licences to E5 licences a trigger to start re-evaluate ways to leverage more value from the Microsoft ecosystem (that is, double-down on Microsoft).  

Organisations may respond to this price increase and Microsoft’s strategy to push customers from existing E3 licences to E5 licences as a trigger to:

  1. Re-evaluate ways to leverage more value from the Microsoft ecosystem (that is, double-down on Microsoft).  Just prior to this announcement, IBRS had drafted a paper on how to decide between E3 and E5 licensing. It is due for publishing in the coming month. However, if you wish an advance (draft) copy, please request it from nbowman@ibrs.com.au. It is focused on how to evaluate the additional benefits of E5 in the context of your existing software ecosystem.
  2. Set up a ‘plan b’ for enterprise collaboration. In a practical sense, this would likely be a shift to Google Workspace for part of the organisation, coupled with a percentage (generally 20-30%) of the organisation also having Office software, though not necessarily Office 365.  
  3. Set aside 12-15% extra budget for the existing E3 environment, plus a similar increase for support of the Office environment, and re-evaluate the situation in 2-3 years

IBRS also recommends considering what will happen in another 10 years, when many organisations have migrated to E5 (which is likely). What new business risks will emerge from this? Migrating from Office 365 E3 to a competitive product (e.g. Google or Zoho) is hard enough. When E5 features are fully leveraged, the lock-in is significant, but so too is the value. At the end of the day, the ultimate risk factor is trust in Microsoft not to engage in rent-seeking behaviour.

Related IBRS Advisory

  1. Pros and Cons of Going All-In With Microsoft
  2. Special report: Options for Microsoft support - Key findings from the peer roundtable: August 2020
  3. The journey to Office 365 Part 6: Mixing up Microsoft’s 365 licensing and future compliance risks
  4. DXC Technology and Microsoft collaborate on workplace experience
  5. AIP Should be Essential to Any O365 and Workforce Transformation Strategy
  6. AIS and Power BI Initiatives
  7. Microsoft Pivots to Target Verticals

The Latest

12 August 2021: TechnologyOne released a significant report based on a six-month long study into the economics of Cloud computing and SaaS among Australian organisations.  

The study, which was independently conducted by IBRS and Insight Economics, explored the tangible costs associated with migrating to the Cloud, with both IaaS and SaaS journeys investigated. An economic analysis of the data collected through 67 in-depth case studies with CIOs and C-suite executives, additional interviews, and over 400 respondents, revealed a $224bn economic dividend for the Australian economy, prompting TechnologyOne to term the report "too big to ignore".

Why it’s Important.

While the report is aimed at policymakers and strategies looking at the macro-economic impact of technology, it also details the costs and benefits of Cloud adoption by industry sectors, providing IT strategists with realistic benchmarks. 

When developing the methodology for the report, IBRS and Insight Economics took a ‘no free lunches’ approach to data collection. Unlike other reports on the benefits of Cloud migration, the study took into account the costs of, and time needed for transition, including training, change management, skills (and skill shortages) and the fact that many organisations will need to retain on-premise environments to support legacy and home-grown applications for years to come. In addition, only productivity benefits that had been measured were included in the analysis. 

As a result of the evidence-only approach to the study, the ‘direct returns’ on Cloud migration detailed in the report are both far lower and far more realistic than those found in studies conducted in the USA and Europe.

The report may be accessed here: https://toobigtoignore.com.au/

Who’s impacted

  • Cloud migration teams

What’s Next?

The conservative approach to the study, the rich data collected, means that organisations still struggling to make a business case for SaaS have practical benchmarks and economic modelling to call upon.

Related IBRS Advisory

  1. The economic impact of software as a service in Australia
  2. Get board agreement to the Cloud strategy