API Management has been touched upon by several articles in this weblog.  To expand on this topic to help us understand its function and strategic importance to operators I've put together a whitepaper with Sonoa Systems, a leading provider of API Management to companies such as MTV Networks, Alcatel Lucent and Guardian Life Insurance.  The API Management whitepaper is available here.  

To set the scene on what is covered in the whitepaper: within and between enterprises APIs have been used for over two decades, from the early days of EDI (Electronic Data Interchange) to today's rich RESTful protocols. The reason API Management arose is that delivering simplicity in APIs to developers involves significant complexity in operations for the provider, some of the issues include:

• Authentication and security from multiple providers;
• Multiple API calls and calls across multiple services;
• Different protocols, API versions, and interaction models;
• Variance in performance between different APIs;
• Composition of off-network APIs such as Facebook and Twitter
• Poor visibility into API performance;
• Limited troubleshooting and debugging capabilities for API calls;
• Limited bandwidth, connectivity issues over the wireless network;
• Scalability of the servers underlying the API endpoint;
• Limited memory, CPU, storage on the device limits the client-side API processing capability.

APIs are also fundamental to telecommunications; there is a very long history. Back in 1878 the world's first commercial telephone exchange was opened in New Haven, USA. The switch exposed an interface that enabled people to make requests to set up telephone calls. Over 130 years later telephony switches are still exposing an API for exactly the same purpose. What has changed is the magnitude of types of requests and the sources of those requests - people, computers, private branch exchanges, credit card machines, and many other clients.

As waves of technology have followed the birth of the Internet 40 years ago, enabling the emergence of the World Wide Web about 20 years ago, driving widespread broadband access over the past 10 years.  We have now reached a point where telecommunications and the web are merging into a powerful pervasive services platform.

Previous work has shown that capability exposure has the potential to raise average ARPU by 12-36%. There are many examples of operators today making money out of capability exposure such as Telenor's Content Provider Access which generates $100M per year. Globe in the Philippines generates 1000 new value added services per year with over 1B transactions; that project had an ROI (Return On Investment) of under 2 months. And Telus was able to launch 40 rather than 4 applications per year to its small medium business segment and lower its cost to launch new services by over 75%.

However, operators' networks remain surprisingly under-utilized by the millions of developers building the web; Apple shows the power of harnessing that community for just one proprietary handset. Critical factors in its success are providing direct access to a large engaged customer base; and of relevance to this discussion a rich, easy to use set of web-centric APIs within a common framework. Developers care about cash and/or fame - customers are necessary for both. Operators must reach a point where web developers consider an operator's STB as easy to reach as an internet site is today for the delivery of their services.

Wholesaling capabilities is a core competence of operators since the emergence of the intelligence layer on top of the telephony switch. As an example, 800 (free phone) numbers are a capability that is applied to many business problems. Operators do not create "airline customer complaint toll-free phone services," they enable businesses do that with the capability they wholesale. This is a critical point: APIs are not limited to consumer applications; rather, enterprises are major adopters of APIs. For example, in an enterprise workflow where a request to made for a new purchase, this triggers a message to the approving manager, who confirms the order is OK, and the order is placed. If the messaging and confirmation are done via an SMS or automated phone it can speed up a business processes from days to minutes - which is a very compelling business case.

As telecom and web merge the operator can wholesale a multitude of capabilities, including messaging, billing, click to call, mobile content, conferencing, location, single sign-on, address book, age verification, identity, profile, presence, call control, mobile lookup, IPTV content, connection status, quality of service, messaging short codes, video streaming, set top box APIs, mobile device APIs, to name just a few. All of these need to be provided under the secure policy control operators provide today for their customers. As these APIs are offered to web developers, most operators are struggling to provide the simplicity and scale necessary to gain adoption while maintaining security and reliability of these services.  The figure below shows the role of API Management.

Operators are sitting on a gold mine of capabilities. A new generation of applications are being built by a rapidly expanding pool of developers. These developers are trained in web applications and services, searching for differentiation, and driving consumer demand for mobile internet service. Success will be driven by the population of innovative apps, which in turn will be driven by the simplicity and consistency of access to the operator's capabilities.  API management plugs a critical gap in an operator's ability to monetize its existing capabilities and more importantly enable a rich, easy to use set of web-centric APIs within a common framework and a consistent security model to engage the millions of web developers building applications today.

I know it is frustrating for many in the telecom industry that have just persuaded their management team to invest in API exposure, that we must now step-up-the-game and invest in API Management.  But we've got to try and increase our rate of innovation towards that of the internet to remain relevant to developers, partners and most importantly our customers.  The API Management whitepaper is available here.  

Patrick Murphy (email Pat) has just released an excellent report on the status of communication enabled business processes (CEBP) that is likely to become a reference text in the emergence of this important category for both operators and application developers.  

The report provides an overview of the CEBP industry relative to Telco APIs and voice centric application providers. After a minimum of 3 to 10 years of work by a wide range of service providers and application vendors the industry is at the end of its initial phase of technology-led innovation, this report provides important guidance on the next phase of business-led innovation. During the technology-led phase there have been successes, failures, consolidations, mergers, and acquisitions. However, IPOs, exits, or standalone profit centers within large companies have been few. Yet, revenue is being generated and hard earned profits ramped up by a few smart and well timed vendors. As with any technology wave, most firms will fail.  The report is pragmatic, it aims to help the reader improve their odds for Crossing the Chasm. Put simply the industry has reached the end of the beginning of CEBP innovation and Geoffrey Moore's Chasm is in front.
 
A review is provided of the emergence of CEBP, and some needed clarity on the relationship between CEBP and Unified Communications (UC).   Some vendors have attempted to muddy the water in claiming CEBP is enabled by their UC solutions, as they try to persuade enterprises / operators to buy / resell their UC platforms.  Relevant network API providers are reviewed, e.g. Orange, BT Ribbit, Voxeo, Broadsoft and ProgrammableWeb.com.  Several CEBP application vendors are case studied including Jott, Varolii, and eSTARA.  The conclusions provide both clear guidance on how to navigate the business-led innovation phase, as well as some all important market size estimates of CEBP, which is currently at $3-4B.
 

Mobile workers now account for over 25% of the worldwide worker population, about 750 million workers.  This is using a broad definition of mobile worker; one who works away from their main office, whether it is on the road, in a home office, or in locations away from their company's offices. 

Using a definition that focuses upon workers that use secure remote access to the enterprise LAN, then the number of global users is about 25 million, with a market size of about $3B in revenue. The 'other' 725 million mobile workers use a variety of solutions depending upon their needs and their IT department's policies: such as secure USB fobs, web browser based access, to simply allowing a laptop out of the office with company data (though increasingly we're seeing IT departments impose restrictions on this option given some high profile data losses.)  

I've reviewed some of these solutions in previous weblog articles: Secure Remote Access could be the Operators' Tipping-Point to becoming a Utility or a Managed Solution Provider and Start-ups to watch: The Key Revolution's Mobiu

What would appear at first blush to be just a matter of using IPsec (IP Security) or SSL (Secure Sockets Layer), has spawned a whole industry comprising the following groups:  

• Dedicated SRA (Secure Remote Access) providers such as iPass and Fiberlink providing a package of dial-up, Ethernet, WiFi and HSDPA access options bundled with a security package for the global traveler;
• Mobile operators' offers range from HSDPA and a simple connection manager, e.g. O2's Mobile Connection Manager; to complete packages of managed security and remote access, e.g. Vodafone's Secure Remote Access;
• Fixed and Mobile network operators offers similarly range from access centric to a complete managed solution across the corporate LAN as well as remote access, e.g. Orange Business Services (which is in part a resell of iPass) and BT MobileXpress;
• IT security vendors such as Symantec and Checkpoint with the unified threat management systems (both LAN, remote access and remote offices);
• Both local and global IT system integrators that package together solutions from the above providers; and
• The enterprise's IT department; and
• A variety of secure USB solutions such as Mobiu, a secure USB and service that backs up data to a secure encrypted online MobiVault; enables collaboration and file sharing in MobiRooms; and uses a SIM (chip used in mobile phones) equipped USB drive for secure two factor authentication and to provide portable applications, e.g. secure anonymous web browsing.

Below I show two simplified landscapes for 'Secure Remote Access' and 'Secure Anywhere Access (SAA) to your Data'.  The SRA landscape is split across fixed, converged and mobile-centric; and access-only, security and access, and security-only solutions.  The 'Secure Anywhere Access (SAA) to your Data' landscape splits across the three main offers of web browser-based, client-based and USB.  The main difference between these two landscapes is SRA is about remote access to the corporate LAN and the resources/tools that reside there, while SAA is focused on secure anywhere access to just your data.

It's surprising we've not seen a tighter bundling (convergence) of these offers.  For example, a HSPA USB fob that includes the functions and services of Mobiu (e.g. two factor authentication, secure storage and collaboration) and an integrated SRA service (leveraging the two factor authentication).  Rather than today's situation which requires multiple USB fobs, multiple clients, multiple service subscriptions and lots of individual bills.  It looks like here's yet another opportunity for operators to integrate their offers, save customers money, and win market share and new revenues.
 

The Key Revolution (TKR) has brought together the innovations of cloud computing and 'chip and pin' security technology to create a unique answer to the problem of secure remote working and collaboration with Mobiu. The service backs up data to a secure encrypted online MobiVault; enables collaboration and file sharing in MobiRooms; and uses a SIM (chip used in mobile phones) equipped USB drive for secure two factor authentication and to provide portable applications, e.g. secure anonymous web browsing.  Mobiu is based on technology created and patented by Vodafone, with a platform hosted by NTT and powered by Sun Microsystems.

Mobiu uses the secure 'chip and pin' (Personal Identification Number) technology, which banks use to reduce online banking fraud in the UK by 67 percent during the first half of 2007.  Single factor authentication of 'username and password' has been proven time and again as inadequate; its not how many bits are devoted to encryption, it's the human link in the security chain that is weakest. 

A study by digital communications agency @www, reveals that 61% of web users use the same password for all their online accounts.  According to RSA, the need for end-users to memorize passwords results in less secure management, with 25% of respondents storing a password spreadsheet or document on the PC, 22% said they record passwords on a PDA or other handheld device and 15% keeping a paper password record in an office/workspace.  People need easy to remember passwords and those passwords often prove easy to guess or are easily found, hence the need for another factor in the authentication process.

Chip and PIN provides two-factor authentication, that is a simple easy to remember PIN and a Chip module (SIM equipped USB), only when you physically have the Chip and you enter the correct PIN can access be granted, which enables Mobiu to provide secure access to your data.  Secure and encrypted online storage and back-up with MobiVault provides virtually unlimited storage, and can only be read by the Mobiu owner of that data and those Mobiu customers authorized by the owner of that data.  Should the Mobiu be lost, data is easily recovered from the MobiVault and the Mobiu can be immediately deactivated.

The Secure Remote Working Landscape breaks down into three broad technology segments shown in this diagram.

• Browser based.  Secure remote access services that use the web browser on any PC, generally taking advantage of the SSL VPN (Secure Socket Layer Virtual Private Network) capability provided by the browser.  The main weaknesses are it requires the browser have the latest secure updates, no malware (malicious software) present, and it generally only uses single factor authentication.
• Client based.  Secure remote access applications installed on the laptop.  The main weaknesses are it requires the user to carry around a laptop, but more importantly the data is stored on the laptop, so when the laptop is stolen the company's data is at risk, and it generally relies upon single factor authentication.
• Secure USB drive based.  These are USBs with software and/or hardware modifications to enable them to securely store data, however, most rely upon single factor authentication, rather than the more secure 'chip and PIN' technology, and do not offer the supported remote working and collaboration service package provided by Mobiu.

In the US there have been approximately 217 million records stolen in the past three years through laptop theft, 2005-2008, according to Paul Stevens, Director of Policy and Advocacy with Privacy Rights Clearinghouse (a private advocacy group).  At a typical cost of $182 per record, that's nearly $40B over three years!  FBI & CSI's annual Computer Crime and Security Survey of 2006 stated that 47% of computer security professionals surveyed reported a laptop theft over the past twelve months.

It's not a matter of if; it's a matter of when one of your company's laptop will be stolen.  So Mobiu gives companies the option to either avoid carrying laptops yet still work remotely, or if they do carry laptops store company data with a secure two factor authentication USB.

"But shouldn't our suppliers be building the developer programs?" I hear some operators asking. However, infrastructure suppliers make money by selling boxes, software licenses, maintenance and support; those suppliers do not understand the end customers as well as the operator. If they do, then the operator will likely not be independent for long. There is a new category of 'Application Aggregators' that bring a menu of applications, e.g. uLocate and Useful Networks aggregate location based applications; and are dependent upon mutual service success with the operator, not selling boxes or software licenses. The bottom-line is all operators will need to combine the application eco-systems of infrastructure and handset suppliers, application aggregators and their developer communities. Only those operators in a monopoly or have resigned themselves to be a utility bit-pipe provider need not worry about such issues.

In researching application developer communities across a number of industries, reviewing with the creators and community members the successes and failures, here are some topics to consider if an operator decides to build a developer community:
 
Audience:

• Know your geeks (application developers). For many operators there are local SIs (System Integrator) and VARs (Value Add Reseller) already solving the customers' problems, this is a critical group to bring on board. This generally addresses the SMB (Small Medium Business) segment, but there are also local developers applicable to other customer segments, they're not all based in Silicon Valley or LA. And localization will become critical for an operator's long-term success against GMAY (Google, Microsoft, AOL and Yahoo!).
  
• Know your early adopters. These are generally high spending customers that will trade some of their time for exclusive access to the latest applications and have their opinions matter.  This is of great value to geeks as they lack customer access that operators can provide.

Tools and Education

• The program needs to use the latest protocols, environments and community tools. Check out Saleforce.com's Appexchange; and Orange's Widget, picture sharing and OpenID APIs. To win, an operator must educate (marketing); to educate an operator must speak (blog); to speak an operator must do/show (code examples and success case studies). The more code examples the greater the addressable pool of geeks, because less able but perhaps more innovative geeks can then "cut and paste" capabilities together.
• Do not require registration or login to educate, only have registration if the geek wants to make money. Beta programs (without a clear path to cash), NDAs and legal documents will kill any community no matter how large the operator.

Communications and Marketing

• Community communication by the operator needs to be made by Geeks, e.g. bloggers, writers; IRC (Internet Relay Chat) / wiki / forum addicts; regular conference presenters that draw a crowd; and have a track-record in writing code samples and helping others geeks.
  
• Have a "Geek Advisory Board" with expertise in the platforms, customer verticals and known to the geek community.
  
• Sell your best geeks, others will follow. Communicate success stories from the community's launch. Contextual application search to help customers find preferred/certified applications that are relevant to a customer's particular circumstance is vital.

Metrics

• Program must be aligned with the operator's overall business goals. Metrics include things such as number of new geeks, number of downloads, number of active developers, number of transactions, revenue generated from APIs.

Biz Model

• The business model must be baked into the API. Ultimately, the Telco API is just a big business development deal. If the Telco API helps geeks make money, then so does the operator.

Integration

• The application developer community should not be owned by the CTO. After building the brand and the network, the application developer community is the next most important leg of an operator's business. It must be owned by the CEO, and integrated into Marketing's processes, so the innovations get out to the customer and are effectively monetized by the operator.

The above topics may appear obvious in building an application developer community, but the challenge is getting them simultaneously implemented.  Have a look at the many developer communities being launched against these 6 topics. An operator's application developer community is not a lab's project, nor something that can be released as a Beta; it's a core business assets, on a par with brand and the network, and must be led from the top.

Ovum predicts the number of HSDPA connections will reach 16.5 million by the end of 2008 in Western Europe, thanks in part to the simplicity of plugging in a USB HSDPA modem and it just working rather than the complex configurations and reboots of a data card; as well as the simplicity and attractiveness of the pricing plans at just 15 GBP per month.  Mobile operators are now working on providing value added services on top of this mobile broadband access.  One such service is secure remote access (SRA), i.e. enabling secure access to the corporate LAN and protecting remote corporate devices (laptops and smart-phones).  SRA can add $15-$30 per device per month in ARPU (Average Revenue Per User).

What would appear at first blush to be just a matter of using IPsec (IP Security) or SSL (Secure Sockets Layer), has spawned a whole industry comprising the following groups:  

• Dedicated SRA providers such as iPass and Fiberlink providing a package of dial-up, Ethernet, WiFi and HSDPA access options bundled with a security package for the global traveler;
• Mobile operators' offers range from HSDPA and a simple connection manager, e.g. O2's Mobile Connection Manager; to complete packages of managed security and remote access, e.g. Vodafone's Secure Remote Access;
• Fixed and Mobile network operators offers similarly range from access centric to a complete managed solution across the corporate LAN as well as remote access, e.g. Orange Business Services (which is in part a resell of iPass) and BT MobileXpress;
• IT security vendors such as Symantec and Checkpoint with the unified threat management systems (both LAN, remote access and remote offices);
  
• Both local and global IT system integrators that package together solutions from the above providers; and
• The enterprise's IT department.

To expand a little more on what SRA covers: for global access it's about providing connectivity to the corporate LAN and internet through WiFi, hotel Ethernet, dial-up and mobile broadband.  On security it covers: anti-virus, firewall, anti-spyware; encryption of traffic between the PC and corporate LAN; multi-factor authentication; data protection including encryption, device control, information policy, back-up and restore; one stop connection client; policy management and control of end user behavior to meet IT policies; management reporting; central portal providing IT with improved visibility and control; all backed up with Professional Services and Help Desk.  

So which supplier will dominate?  Based on a recent enterprise survey I ran in the UK, Germany and the US it very much depends upon what the enterprise is buying.  If it's a security solution, then it will be from an IT security vendor or a managed solution from an operator or IT system integrator.  If it's remote access, then the operator (fixed and/or mobile) is the likely choice.  For secure remote access, the choice is a little more complex, and will depend more upon the type of enterprise and its situation.  For example, a large financial services enterprise, with a large IT department will have a tendency to build a solution from an IT security vendor.  Though with that said we are seeing departments within large enterprise select an operator's SRA for their team. For a SME, which has a LAN security solution, but not the remote access component, a solution from an operator will likely be their choice.

This situation puts the operator in an interesting position, it can choose to be:

• Just an access provider, which sets it on the path of being a utility;
• Find a mix of security and access that meets a segment of the enterprise, which is difficult as enterprise IT providers already bundle remote access security solutions into their unified security solutions; or
• Deliver a complete managed access and security solution, which given Verizon Business bought CyberTrust and Vodafone bought Aspective shows this is a growing focus for those operators strong in the enterprise segment.

Perhaps secure remote access will be the tipping point upon which an operator breaks-through and delivers managed services to its enterprise customers, or secede the space and focuses upon access and being a utility.

The telecom press normally focus upon consumer based services, such as MobileTV, mobile gaming, or mobile access to MySpace or Facebook.  Behind the scenes is the less glamorous but more profitable enterprise communications scene with services such as:

• Visual Voicemail: speech to text (note its recent appearance on the iPhone);
• Unified Business Communications: bringing together many communication services into a single integrated experience;
• Mobile SSL VPN (Secure Socket Layer Virtual Private Network): secure remote access for employees on the road;
• Integrated Enterprise Applications: simplifying the mobilization of multiple business applications;
• Mobile Device Management: simplifying the software and control problems on mobile phones, e.g. encryption and device lock-down; and
• Multi-National Managed Mobile Service: simplifying and lowering the cost of mobile services across multiple countries.

Looking at a couple of these services in more detail.  Visual voicemail provides the convenience of accessing voicemail using existing graphical message management user interface.  It avoids the hassle of calling and then listening to voicemail serially, enabling simple forwarding, inclusion into to-do lists, data capture into business processes, and recording and search for archiving purposes.  SpinVox provides a hosted solution with revenue share.  Most voicemail vendors have this feature, but limitations of voice recognition technology have historically limited roll-out.  Pricing of SpinVox in the UK is £3.00 ($6 USD) for 10 conversions, £5.00 ($10 USD) for 20, or £9.99 ($20 USD) for 50, with £5.00 the most popular option.  SpinVox claim 6 million people will 'experience' their service in 2007.

"Business Together", from Orange Business Services (OBS), is a unified communications solution across both fixed and mobile enterprise devices.  It provides a single interface for collaborative work within enterprises by real-time access to companies' collaborative applications, such as web, audio & videoconferencing, databases, e-mails and instant messages. The solution is available from a PC, an IP phone (Nortel i2002 and Nortel i2004) or a mobile smartphone (Blackberry 8700f, Sony Ericsson P910i, Nokia E61).  Features include 'Click to -call, -conference or -IM'; both instant (presence based) and invited multimedia collaboration, and a unified message store.  All provided as a managed service.

Providing an easy to use unified mobile experience is strategically important in meeting the threat posed by Microsoft's Office Communicator Mobile.  Orange is also launching "Business Together with Microsoft," which will use the Microsoft client.  This is a good example of strategy many operators could consider; note Orange launched the own-branded product first.  The system is hosted and starts at 15 euros per user per month ($20USD).

The Vodafone Applications Service (VAS) enables mobile users to remotely interact with their business applications (for example, Siebel, Oracle, Remedy, salesforce.com and SAP) from their BlackBerry, Pocket PC or Symbian device from just one client.  It's a hosted solution targeting the SME (Small Medium Enterprise), SOHO (Small Office Home Office) and OPB (One Person Band).  Vodafone UK launched the service in April '07.  It's relatively unique as Vodafone's competitors (Orange, O2 and BT) have not taken such an integrated and hosted solution. The VAS uses the Dexterra SmartClient that runs on Symbian, Windows Mobile (Smartphone and Pocket PC), BlackBerry and Linux devices to talk to the Dexterra Concert Platform in the Vodafone network. 

When examining the enterprise market some factors make it an early adopter of new mobile services:

• 'Fashion' is less important, enterprise can enforce handset restrictions that would generally impose significant limitations on a mass-market service;
• Higher propensity to pay, which is also reflected in being able to pay for higher performance devices; and
• Sophisticated requirements: mobile email began in business and we're starting to see it be positioned as a consumer service.

Now looking at the list and seeing what potential cross-over could exist into the consumer world.  Visual voicemail has already started with the iPhone.  Integrating all the messages, IMs, voicemails, etc into an easy to use graphical interface such as "Orange Business Together" would definitely meet an emerging market need.  As more consumers use services such as family finder, navigator, and local search, it would be nice to have an integrated experience.  Rather than jotting down addresses then entering them into the navigator application - if only all mobiles had a simple "cut and paste" function...

UC (Unified Communications) brings together the communication and data networks of an enterprise.  The Innovative Communications Alliance (ICA), led by Nortel and Microsoft, is creating the hype surrounding UC.  The purpose of this article is not to discuss UC within the enterprise, rather look at the emerging mobilization of UC and the impact it could have on mobile operators. 

North American Mobile Office revenues are predicted to reach $6-7B in 2011, their current CAGR (Compound Annual Growth Rate) is about 40%.  In Europe, Vodafone's Mobile Office service has done well with roughly 2M customers.  As 'human latency,' that is the time it takes for decisions to be made, becomes increasingly important to the performance of businesses.  Enabling employees to be easily contactable and have access to the enterprise applications and data regardless of location is becoming mission critical.

Looking at the benefits of UC mobilization for the three main actors:

• For customers, mobilizing UC helps in removing some of the communications complexity, e.g. multiple voicemail boxes, multiple messaging platforms, multiple identifies and phone numbers.  Doing a quick tally, I currently have 5 mobile numbers (a US postpaid mobile and prepaid SIMs for the UK, Singapore, UAE and France), an office number, 6 IM/VoIP accounts, and 6 email addresses that I know of.  There are simply too many choices and not enough success with today's disparate communication tools.
• For enterprises, UC helps reduce human latency, enabling employees and partners to get in contact as soon as possible to speed up decision making, improving the company's competitiveness and efficiency.
• For mobile operators: mobilizing UC is strategically important as voice becomes just another application on enterprise IP networks, so they must deliver the UC solution else risk significant voice and VAS (Value Added Service) revenue erosion.

Some of the trends impacting this emerging landscape are:

• Enterprise vendors are using the ubiquity of IP to make communications just another "application," e.g. Avaya, Cisco, IBM, Microsoft, Nortel and Oracle.   Microsoft Communicator Mobile will present a significant threat as the corporate directory, messaging, presence and potentially VoIP could be driven 'over-the-top' of the operators network.
• Ultra-mobile PCs and increasing broadband wireless speeds will make the mobile channel 'more' transparent to IP based communications.  Blurring the difference in experience between a 'phone on the go' and the 'PC in the office.'
• Existing mobile email vendors are moving into the UC and enterprise application space, e.g. RIM.  Enabling the Blackberry junkies to use the device beyond email.
• Hosted enterprise software, e.g. Salesforce.com, has achieved broad market acceptance, creating opportunities for all players to mash-up integrated enterprise solutions.

In this emerging environment what is an operator to do?  Recent enterprise market studies show they still prefer to look to the operator for mobilization solutions.  But given the size of the market and the number of innovative players all trying to leverage their incumbency in the customer's experience, the current preference may not be around for long.

• Partnering with the UC vendors is essential, even through there is a potential long-term risk of from UC vendor's handset clients, UC is going to happen within the enterprise first, and be mobilized second.  There is no option but to work with the incumbent UC vendors. 
• For converged operators with an established enterprise solution business, offering a hosted UC solution with mobilization will be attractive to a number of enterprise segments.  Though an emerging issue will be the integration of this with enterprise applications and data, that is being able to mash-up the hosted solution into the enterprises' data and processes.
• For mobile-only operators the key is to focus on having a best in class mobile solution that can work across a number of UC platforms.  For example, having the UC client and other mobilization application driven from a common user interface.
• Regardless of operator, the over-riding need is to deliver a tight integrated customer experience.  Offering and charging for separate services, e.g. presence, collaboration, messaging, email, directory, security, and enterprise integration will ensure an enterprise goes elsewhere.