Industry news

Part three: Romania as an outsourcing destination

The Czech Republic looks to be having something of a nearshoring and IT-driven boom, says Tomas Turkovic, head of outsourcing at Soitron UK. What lies behind this impressive record?

“The fastest growing economy in the European Union, with a 4.4% rise in GDP in the second quarter”

Pop quiz – which country do you think this statistic refers to – Germany, the UK, or the Czech Republic? It’ll come as no surprise to those familiar with the fast-rising country to hear it’s actually the latter. The McKinsey Global Institute has also pointed out that, along with neighbours Poland, Slovakia, Hungary, Romania, Bulgaria, Slovenia and Croatia, the country recorded average annual growth of 4.6 per cent from 2000 to 2008, among the best in the world.

It is probably also not a surprise to canny IT services buyers who’ve latched on to just what a great option for nearshoring the Czech nation has shaped up to be in the past few years.

“Nearshoring” is, of course, the now dominant trend in outsourcing – the utilisation of the skills and cost-benefits of working with expert providers in cost effective, nearby destinations, instead of farming the work out half-way round the world, with all the attendant distortions in time-zones and cultural mis-hits that can cause. And it’s the thrusting small economies of Central and Eastern Europe (CEE) that are proving to be the favoured nearshoring option for many British IT customers and firms – with Prague clearly the leader in the nearshoring pack.

A strong commitment to transparency – and innovation

What are the reasons for this Czech nearshoring strength? Observers see this as coming down, fundamentally, to a compelling combination of technical competence, language capability, political stability and the sheer advantage of proximity. Thus AT Kearney, the management consultancy that tracks the global sourcing market, in its 2014 Global Services Location Index, singled the country out as a great nearshoring location for continental Europe down to its “large software engineering talent pools”, while analyst group Gartner, which also closely tracks this scene, has identified the country as one of the top EMEA service locations now, along with Poland and Turkey.

In strict technical terms and exposure to important business processes, the country has long had an enviable reputation, even before the fall of Communism. Nowadays, its universities, led by the two main hubs of the Technical University in Brno and Prague, release a stream of accomplished graduates in engineering and computing, say commentators. In fact, Czech youngsters tend to gravitate towards very practical/vocational degrees as a rule, which helps cement their national reputation for a strong work ethic. Western firms working in the market here say they can easily access a wide variety of IT services skills, spanning an impressive range of business process outsourcing (BPO) competencies, a wide variety of application services, plus some infrastructure management capabilities.

In coding terms, open source and Linux are highly popular topics, with Czechs flocking to work in the growing number of shared service centres being opened up in the state. Firms you will see here include service providers with truly global delivery capabilities such as Accenture, Atos, CSC, Fujitsu, HP, IBM, Infosys, Tieto and T-Systems. It’s fair to say that the Republic is a highly-developed market with strong local presence of all the key players in the services market.

For a small country at the heart of Europe, meanwhile, it’s always been something of a necessity for Czechs to be multi-lingual. That legacy means you can bank on strong competence in core world business languages like English, German and Russian – another reason businesses are looking to Prague for nearshoring help.

Good coders who can speak your language are pretty common in the CEE area, though. What’s probably helping the Czechs compete so convincingly with their neighbours, though – a fact attested by that impressive GDP figure – is the political stability of the country, and its commitment to a strong and transparent business culture. To this end, the country’s administrators stress the importance to its entrepreneurs of good copyright, IP and EU data practices (something else UK customers like to see). That doesn’t mean Czechs just like ticking boxes and following rules, though. Execs who’ve worked with firms here often cite “a willingness to try new things” and “striving for excellence” as very common features of the working day.

Put all this together, and the third-party nearshoring metrics start to make sense. AT Kearney rates Prague as one of the top ten emerging cities for nearshoring work, for example – and the final bit of good news concerns local salary and benefits expectations, which are rated by those familiar with the job market here to be a bit higher than in Slovakia, but much less than in the UK or the rest of Western Europe.

So – technical nous, language fluency, a great location at the heart of Europe and competitive budgets. We can expect Czech Republic nearshoring to grow significantly this year, and exponentially in the next five.

Czech Strength in Numbers

• ICT professionals: 156,000 (2014)

• 56 percent of the population have tertiary degrees (2014)

• Exporting of IT services: €1.58 billion (2013)

• 10 percent increase in IT outsourcing year on year (2014)

• Investment in IT R&D: €336 million (2013)

(source: Czech Statistical Office)

Soitron Group has been helping its customers build and retain a competitive advantage thanks to the smart use of IT solutions for over 24 years.

For more information regarding Soitron, visit the company's website.

Part five: Turkey remains a serious outsourcing destination

Research conducted by Bain, the management consultants, on behalf of the Financial Times has found that the “exuberant” rise in NHS outsourcing seen since 2012 has come to an “abrupt halt” this year.

While £5.8 billion worth of NHS work was tendered out to private companies in July, the total value remained consistent with the previous year – a stark contrast to the annual 14-15 per cent growth in the total value of contracts outsourced between 2012 and 2014, following the introduction of the Health and Social Care Act.

The FT suggests this is due to a high number of NHS outsourcing failures during that period. Examples include Circle Healthcare’s takeover of Hinchingbrooke Hospital and Serco’s contract to run community care services in Suffolk. Despite the private companies involved typically shouldering the blame for these cases, it is likely that the failures have been due to faults on both sides: experts have suggested that many NHS tenders are too loosely worded, and that buy-side contract negotiators have rushed too quickly into overly large contracts.

Despite this stagnation, there’s little doubt that service providers will have plenty of further opportunities to compete for NHS work in the future, as the health service struggles to deal with mounting cuts and deficits.

Just a few months ago, Capita signed a contract worth up to £1 billion to provide the NHS with back office services – the success of this contract will be a key indicator as to whether the NHS and the private sector are capable of turning around this poor outsourcing record.

For weekly news updates, subscribe to our email newsletter.

Related: iGov survey: Majority of NHS heads believe outsourcing is essential to future of health service

John Cridland, director-general of the CBI, has accused David Cameron’s government of loading too many burdens on to businesses, making the prospect of outsourced contracts from the public sector far less appealing.

He commented: “The danger… is that you thin the market because people say… actually it’s not in my shareholders’ interest to take this work, I can’t make a difference… I’ve got other things my bid team can go for in other countries.”

Cridland’s concerns include private companies having to take sole responsibility for the increased costs that will result from the new national living wage, affecting their profit margins without any additional incentives for taking on public sector work being provided.

For weekly news updates, subscribe to our email newsletter.

Related: Local government outsourcing doubles under coalition, with a further rise expected

BPO and contact centre provider Firstsource Solutions has launched the world’s first ever university-accredited degree for employees working in customer contact management.

The BSc degree, accredited by Ulster University, will be delivered through an online curriculum, and is aimed at call centre team leaders and mid-managers looking to become professionally certified in their field. The subject matter is intended to reflect the changing nature of the contact centre industry, touching on data analytics and digital channels of communication such as social media and webchat, while also encompassing the industry’s more traditional elements, including recruitment, training and building customer loyalty.

Firstsource’s president of customer management Gavin Snell commented: “The customer contact management industry is now a vital engine of jobs and skills in the UK, especially among young people. It is therefore right that this sector gets the professional recognition it deserves.

“This partnership will give those employees who did not get the chance of higher education the opportunity to gain a degree, proving an attractive incentive for future employees of the company. It will also help further professionalise the contact centre industry and raise standards for our clients and, in turn, improve services for customers.”

Students will be able to enrol on the course from September 2015 onward.

For weekly news updates, subscribe to our email newsletter.

Have you considered professional training in outsourcing?

The National Outsourcing Association provides a wide variety of workshops, training and qualifications taking place in 2015 and beyond, ideal for those looking to hone their outsourcing management skills.

G4S has won a seven-year contract valued at £50 million to provide security at 21 key sites where the Thames Tideway Tunnel is being constructed.

The proposed 25 kilometre tunnel is London’s biggest investment in sewerage in over 150 years, and will prevent roughly 20 million tonnes of untreated sewage from being discharged into the River Thames each year.

When construction is at its peak, G4S expects to have up to 330 employees working to protect the £4.2 billion construction. In mid-August, Accenture was also brought on board – the company’s cloud-based ERP software is being used to support financial planning and procurement throughout the lifetime of the project.

For weekly news updates, subscribe to our email newsletter.

Related: G4S and Serco keep hold of Ministry of Justice criminal tagging contracts

Global BPO provider Aegis has plans to increase its number of employees – currently at 40,000 – by another 4,000 this financial year.

The company’s CEO Sandip Sen has said that he expects this increase to be accompanied by double-digit financial growth, setting an overall target of $500 million in revenue.

The demand for Aegis’ services comes largely from e-commerce firms spread across India, the rest of Asia and Africa. 27,000 of the firm’s employees are currently based in India, where the business expansion is expected to take place.

For weekly news updates, subscribe to our email newsletter.

Related: Vodafone India considers replacing IBM in $1 billion contract

Industry body NASSCOM said that Robotic Process Automation (RPA) is expected to gain greater acceptance in the Indian business process management (BPM or BPO) sector.

In a report prepared in partnership with research and advisory firm Everest Group, goes on to say RPA is expected to impact about 6-8% of overall Business Process Management spending by 2017 compared to less than 1% now.

Furthermore, the report says that RPA is now fast emerging as an unassisted automation approach that offer high value creation at relatively lower risk. It deliver significant cost savings better service delivery and manageability, and quicker time-to-value. According to the report, cost savings for example through RPA in Finance & Accounting can range from 13-20% for offshore operations and around 60-67% for onshore operations.

The report said “regulated industries with high-volume, transactional business processes are adopting the RPA faster with BPM spends impacted by automation in these industries have grown at a compound annual growth rate of over 100 per cent over the last two years. RPA is now being implemented by BPM service providers for transaction processing and data entry in high-volume, repeatable, and computer-centric processes.”

For weekly news updates, subscribe to our email newsletter.

Do you want to learn more about how robotics will shape the future of outsourcing?

The EOA Leadership Summit on 8th October in Lisbon features an open workshop on integrating automation in your organisation. Book your place today!

The City of London Police have awarded IBM a contract to provide fraud & cyber reporting as part of a wider transformation plan. The contract worth £33m will see IBM support the London City Police’s National Fraud Intelligence Bureau (NFIB) with the intention of improving efficiency & quality of services.

The contract allows the service to be scaled depending on changing needs of the organisation through the use of technology and other functional advances.

For weekly news updates, subscribe to our email newsletter.

Related: Met Police to outsource IT to Steria

Xoomworks has opened a new nearshore outsourcing centre in Sofia, Bulgaria with the aim to expand their Application Development & Quality Assurance capabilities. London based Xoomworks Technology Outsourcing specialises in technology services for clients in the gaming, travel and finance sectors.

The new office in Sofia follows on from their success with their first nearshore office in Cluj, Romania. Bulgaria is ranked number 9 for outsourcing destinations in AT Kearney’s 2014 Global Services Location Index and was selected due to their highly skilled developers, strong English skills & cultural compatibility.

Xoomworks is shortlisted for Outsourcing SME of the Year at the NOA Awards

For weekly news updates, subscribe to our email newsletter.

Related: Cerdo Bankpartner Nearshores Payments to Finland’s Tieto

In a global environment, IT responsibilities are increasingly being outsourced and proving to be a popular tool for organisations seeking to reduce costs effectively. The number of third party personnel given long term access to organisations’ critical systems and sensitive information is growing rapidly and these third parties are becoming increasingly essential to many businesses and IT operations. They may operate a network infrastructure, maintain a web site or provide email or CRM services or perform a myriad of other invaluable IT services. Adopting outsourcing as a tool for IT processes invariably involves an organisation trusting an outside party with a variety of sensitive information, be it customer or financial data, which in turn comes with its own risks. Third parties are beginning to reap the benefits of user monitoring for their own activities within the client network, as this way they can prove what they did and did not do. Having an activity monitoring tool in place, enables third parties to increase their transparency and customers can put more trust in a third party solution provider when their activities are transparent and they can see in real time who accessed what sensitive data and what is happening in their IT systems.

What are the risks?

Almost all organisations and sectors are faced with the problem of managing security breaches caused by insider threats to vital computer assets. Giving responsibility to external IT contractors could be seen as an even greater security risk as it can potentially weaken the protection controls and increases the number of third parties having the same privileges and access rights as employees.

Without the appropriate inbuilt protections a shift to the use of outsourced IT along with the high rate of worker turnover in outsourcing can lead to an increase in vulnerability for organisations, ranging from the loss of intellectual property, to the possibility of high value knowledge being transferred to a competitor or other external source. This provides the opportunity for malicious actors, who have access to sensitive information which can harm the organisation and its reputation.

The common theme of recent, high-profile breaches is that they were carefully planned and went undetected for some time with the attackers moving freely inside the victim’s IT environment. For example, a former employee at Home Depot who was authorised to have access to computer systems, leveraged that access to obtain credit card information from Home Depot tool rental transactions.

Malicious insiders hold an advantage over an external hacker in that a company’s primary security tools are often designed to protect against external threats, not against trusted employees. A malicious insider has the potential to cause huge amounts of damage to an organisation and possesses many advantages over an external attacker. For example, they often have privileged access to facilities and sensitive information, have knowledge of the organisation, how its processes work and are able to distinguish the location of valuable assets. Insiders will know in what way, what time, where to attack and how to cover their tracks after the attack which is precisely why organisation needs to recognise the need for IT security measures for privileged users.

How to overcome the security risks of outsourcing

But what measures can enterprises adopt in order to stop their sensitive data from being compromised by these third parties? In order to mitigate this risk, it is necessary to develop stringent safeguards and integrate activity monitoring capabilities when organisations employ outsourcing contractors for their IT responsibilities. Firewalls and standard application protection are not enough for protecting against insider threats. When trying to reduce the risk of sensitive data being compromised, adopting a holistic view to IT security can benefit the organisation. An approach which organisations are adopting in order to close the blind spot of traditional security monitoring tools and uncover risks that many security tools cannot identify, is through the use of examining a user's behavioural patterns. This is carried out through analysing how we interact with IT systems which can leave a recognisable fingerprint that can then be detected. Users log into to the same applications, do the same things while working and access similar data. These profiles are then ‘learned’ and can be compared in real-time to the actual activities of a user to detect irregularities and differences in behaviour. Once the abnormalities are detected, counter actions can be applied to stop an ongoing attack or to investigate the event further.

Malicious insiders have been proven to behave differently compared to normal employees. If a resigned employee of the outsourcing company plans to steal company data, real-time user behaviour technologies enable organisations to detect this abnormal activity and will alert the relevant security team in real-time for further investigation. By detecting deviations from normal behaviour and assigning a risk value, it helps companies focus their security resources on the most important events and also allows them to replace some controls, yielding greater business efficiency. Adding more tools that restrict users won’t make your company safer, it will just make your employees less productive.

As well as identifying the unusual activities within a system, the reaction to this unusual activity is important when trying to significantly reduce the time a malicious attacker has before any counter measure is taken. By utilising different machine learning algorithms which work autonomously, organisations are now able to learn about user behaviour quickly and efficiently before it’s too late. In the majority of attack scenarios, the high-impact event is preceded by a ‘reconnaissance phase’. The swiftness of detection and response to this phase is critical when preventing any further high-impact activity from occurring. Likewise, being aware of the normal habits of high risk users is also valuable.

As outsourcing continues to gain in popularity, the threat of malicious insiders will grow in. However with the right security software in place to monitor the activity of these third parties, it is possible to mitigate the risks of opening up your sensitive data to outside agencies, as well as ensure compliance with regulations requiring the careful monitoring of data access.

www.balabit.com