Insights and intelligence from analyst Freeform Dynamics on the here and now of IT IInsights and intelligence from analyst Freeform Dynamics on the here and now of IT Insights and intelligence from analyst Freeform Dynamics on the here and now of IT

Thursday, 22 May 2008

The outsourcing force

What does the future of development outsourcing look like? Freeform Dynamics has just completed some research that analyses the level of outsourcing IT managers are prepared to endorse.

There is an overall acceptance of how outsourcing can benefit various aspects of the development process. And when asked about the types of activities that should be kept in-house, IT managers tend to concentrate on strategic areas, such as requirements management and project management.

The key for IT leaders is the perceived importance of IT by the business. Freeform Dynamics has collated various sources of information ­ – and it appears that business generally considers IT organisations to be more important if they operate strategically.

While the significance of this statement might seem palpable, it is also true that not all IT organisations believe themselves to be strategic, and are not regarded by senior managers as a direct source of business advantage.

Outsourcing is often seen as a way of removing costs from the business. But Freeform research suggests there is less of a tendency to outsource development when the IT department sees external service provision in terms of cost.

Such a trend might appear counter-intuitive, but makes more sense if we consider the fact that the more progressive IT organisations will also have a more strategic view of the IT services being provided ­ – and of the crucial areas that should always be kept in-house.

We believe that an awareness of progression and strategy sets the scene for the future of how IT will be outsourced, not just in development but also in terms of operations.

The trick lies in differentiation ­ – that is, identifying which IT activities are important to the business. In fact, establishing differentiation should be the starting point for successful IT delivery in general, not just the sourcing aspect.

IT managers continue to call upon a broad range of sourcing strategies. And Indian service provision has come under a great deal of scrutiny recently, given the context of rising prices, security fears and specific relationship difficulties between clients and providers.

Such issues mean we are at an interesting juncture in the case of offshoring ­ – with the situation similar to when IT managers began to recognise that downsizing is actually “right-sizing”, and outsourcing should in fact be about “smart-sourcing”.

The bottom line suggests that IT managers are beginning to show a more mature approach to offshoring. In short, offshoring is not some sort of silver bullet and it needs due preparation to mitigate the risks involved.

A consulting contact suggested to me recently that there are many lessons to be learned, not least that the process-driven approach, which is often seen as the de facto approach for many Indian companies, is not always compatible with the ad hoc attitude of some UK-based organisations.

The importance of getting the communication interface right, and sticking to it, cannot be overstated ­ – a concept which will be familiar to many methodologists. Establish a successful interface and you will be in the best shape to approach an offshoring project.

Continuing globalisation means the offshoring market will continue to evolve and encompass more and more countries.

At the moment, we know of organisations that use development resources in Vietnam and Chinese outsourcing firms that are aiming to move up the value chain from manufacturing into design and, indeed, development.

Against such a background of transformation, the crucial issue is how IT managers can take advantage of offshore resources without falling foul of the additional complexities caused by using new locations.

As well as learning the basics of supplier management, organisations will also need to look to their own methodologies and processes ­ – and ensure that the transitions between in-house and outsourced activities are clearly defined, and will pose a minimal overhead to the business.

Such an approach might be easier said than done, but the benefits are there for the organisations that get their processes in good order.

Perhaps not every IT organisation views itself as progressive, but in the case of outsourcing and offshoring there are lessons to be learned from the leaders.

Jon Collins is service director at analyst Freeform Dynamics

Posted at 12:46 PM in outsourcing | | Comments (1) | TrackBack (0)

Monday, 28 April 2008

New technology brings new risks

The future of IT security seems like a straightforward discussion ­ – focused, straight and to the point.

Nothing, however, could be further from the truth. Businesses need to understand the risks and implement mitigating strategies if they want to keep ahead of the bad guys.

There are three types of organisation: those who get security and have ongoing risk management activities in place; those that understand security but struggle to implement appropriate measures; and those who think that e-crime will pass them by if they just keep their heads down.

For most, the future of IT security will be much like the present. There will always be people who spend most of their waking hours decoding encryption algorithms and looking for back doors into telephone networks.

But there is also an evolving economy built around the market value of credit card details and the ability to launch denial of service attacks from unsuspecting ­ – and generally poorly configured ­– home computers.

And IT leaders also need to consider risks caused by their own employees, be they through malice or stupidity. Internal workers have always posed the biggest threat to computer systems ­ – even before product categories, such as data leakage prevention, were posited.

So, what does the future of IT security include? As a starting point, it is worth reflecting on the wider long-term development of technology. There are a number of trends driving how organisations deploy and operate their IT systems ­ – and these threats will have a direct impact on a broad range of areas.

Outsourcing and offshoring

The offshore resourcing market continues to develop, with Indian companies such as Wipro setting up in the UK and other local companies expanding their offshore operations.

Security risks range from the difficulties associated with vetting offshore staff, to the challenge of maintaining business information at offshore locat ions.

Hosting and software as a service (SaaS)

We are not yet seeing wholesale mass adoption of the SaaS model, mainly because the technology is still maturing across areas such as data integration. The risks are similar to the information integrity concerns associated with outsourcing.

Service-oriented architectures and Web 2.0

Both of these topic areas share the risks of using distributed system architectures that may extend beyond the corporate firewall. As well as being open to confidentiality breaches and denial of service attacks, there are also threats surrounding the publishing of interfaces onto corporate systems. In some instances, the interface itself may be confined to company use.

Virtualisation and datacentre automation

Virtualisation offers a quick win for many organisations, helping IT leaders to consolidate applications onto a reduced set of physical servers. The centralised control of preconfigured virtual servers can reduce security risks. But there is also the issue of virtual server proliferation and the potential for mismanagement, which could potentially leave virtual servers open to breach.

Mobility and unified communications (UC)

Suppliers are working hard to deliver on the concept of enabling users to communicate with each other as simply and seamlessly as possible. But UC also presents a two-edged sword, and IT managers need to be prepared for exploitation problems, particularly around spam calls.

Social networking

We are already seeing some of the security challenges that social networking can pose in terms of privacy and identity issues, for example. There are other risks that, to our knowledge, no one has exploited, such as pulling together composite identities of individuals across social networking sites.

Social networking presents a range of personal security issues, but corporate implications across duty of care also create concerns.

The above list of potential risks demonstrates that continued vigilance is only part of the answer. Risk management processes and policies are also crucial, and should be a fundamental part of any organisation’s security strategy.

Moreover, all of the above risks share one important element: they affect all parts of the IT architecture. Such risks cannot be mitigated by tactically acquiring a specialist appliance and implementing it in the server room.

If IT security is to be characterised by having a far-reaching impact, so we need to consider how the roles responsible for IT security have a similarly far-reaching remit.

We are already seeing some organisations ­ – HSBC, for example ­ – combining their IT security function with a business fraud function, enabling the institution to deal with business and IT issues from the same point.

I have often characterised IT as a fire extinguisher industry, an analogy that makes sense if all people are doing is fighting fires. Challenges, such as the security issues listed above, will require us to move towards a prevention-based approach rather than a series of poorly-funded coping strategies.

And frankly, given that the trends are happening whether organisations want them to or not, the sooner we can get there the better.

Jon Collins is service director at analyst Freeform Dynamics.

Posted at 04:32 PM in communications, ecommerce, innovation, outsourcing, security | | Comments (0) | TrackBack (0)

© 1995-2006 All rights reserved