Industry news

Outsourcing IT and business services save substantial amounts of money, but the savings for many firms businesses carries a hidden cost. Too many firms fail to recognise the increased security risks that come with outsourcing, and this extra risk is therefore left unmanaged.

One very effective way to reduce the risk is to keep outsourcing onshore, but this option has normally, until recently, meant higher costs. A new wave of programming technology is set to change this balance by eroding the price advantage of offshore outsourcing. Understanding the security risks of outsourcing IT offshore, and being prepared for increased efficiency of onshore IT competitors, is a must for all CIOs.

A recent report by data security specialists Techwave contained some very alarming findings that clearly demonstrated the inherent security risks of outsourcing. Of the 450 security breaches Techwave investigated in 2012, outsourced IT and business services were a factor 63% of the time. Even more frightening was the average detection time of a corporate security breach, which was a staggering 210 days.

Corporate security is not receiving the attention it deserves full stop, but anytime an outside company is involved in a sensitive area like IT, the risks become much higher. One security breach could easily wipe out any savings being realised by outsourcing, as well as cause enormous reputational damage. Outsourcing can and should continue where appropriate, but the risk it creates must be managed and reduced. Keeping your outsourcing partners close to home, where communication and monitoring is easier, is an important step.

The reason proximity reduces risk for IT outsourcing is because the greatest threats to any system’s integrity are not technological, but human. People choose weak passwords (most commonly ‘password,’ or when capitals and numbers are required, ‘Password1’), operate from shared user accounts where accountability can’t be traced, and discuss confidential company information on Facebook. Hackers know this, and exploit the human tendency to be carless with corporate security. Educating your employees to follow best practice is vital, but even with adequate time and a resources, rooting out risky behaviour is a difficult and thankless task. All of this is wasted, however, if outsourcing partners are holding open the back door to your systems through their own careless behaviour. Every CIO should be asking, ‘are my outsourcing partners as concerned with my company’s security as I am?’

Just asking the question is an important first step, but ensuring the right outcome is more difficult from thousands of miles away. Digital security is too important to manage with only emails and video chats. And when a crisis does hit, offshore outsourcing can exaggerate the problem, as NatWest learned to their cost late last year. When a human lapse led to a catastrophic failure of the bank’s UK-based software, managers were forced to get support by telephone from software engineers in Hyderabad. This extra layer of complexity made a difficult problem even more difficult to solve. When you need on-site help in a hurry, make sure your IT support is a train ride, not a plane ride, away.

The security benefits of onshore outsourcing are clear, but the higher cost will still be a barrier for many companies. This is set to change in the IT sector, however, thanks to new innovations in software design. Onshore IT workers are gaining access to new tools that will make them as efficient, or even more efficient, than their offshore competitors. As this trend becomes more pronounced, expect to see more and more IT outsourcing staying in the UK.

I will be writing about these new technologies, which I believe will revolutionise IT outsourcing, in a coming post on sourcingfocus.com.

A new funding law has been introduced by the U.S. government which prevents NASA and the Justice and Commerce Departments from procuring IT services developed by Chinese sources.

The new law prevents the departments from purchasing any IT products that has been produced, manufactured or assembled to any extent, by businesses that are subsidised, operated or owned by the Chinese state. The law will remain in force until September 30th 2013.

The legislation is the latest move by the U.S. in response to the alleged security threat that Chinese businesses pose to the western country.

The restricted agencies will only be able to procure goods and services from sources that have been given the all clear and pose no risk of cyber-espionage or sabotage.

China has been increasing linked to industry and state targets cyber-attacks, with the U.S. moving to openly confront China in a public domain.

The Chinese government has asked the U.S. government to remove the new laws, criticising their impact on international trade.

While the legislation will impact select U.S. government agencies and only be in effect until the end of September, the move hints at the pressure being brought into force against China, for its perceived role in cyber-warfare, with the U.S. threating to place a stranglehold on Chinese IT imports and services to the U.S., valued at $129 billion.

U.S. calls on China to take steps on cyberattacks

China calls for cooperation over global cyber threats

EE has announced that it has successfully reached the halfway point in its goal to extend 4G coverage to 98 percent of the UK population by the end of 2014.

The service now covers 50 towns and cities, with the most recent rollout extending services to: Bradford, Bingley, Doncaster, Dudley, Harpenden, Leicester, Lichfield, Loughborough, Luton, Reading, Shipley, St Albans and West Bromwich.

EE is expecting to extend its coverage to 70 percent of the UK population by the end of 2013.

The telecommunications company said in a statement: "As 4G is switched on in each town and city, EE engineers turn their focus to increasing network density, ensuring the continued advancement of the service to increase speeds and further improve indoor coverage.”

EE earnings fall despite 4G head start

4G services go live

The British Chambers of Commerce (BCC) has announced that it expects the UK economy to avoid a triple dip recession.

The BCC has said that despite mixed results from the UK’s manufacturing sector, a strong performance by the UK’s service industry in the first quarter of 2013 will keep the economy growing.

BCC chief economist David Kern said that a recent survey revealed that official figures did not accurately portray the condition of the economy, painting a pessimistic outlook from results.

Results released by the Office for National Statistics showed a reduction of 0.3 percent in economic growth, with manufacturing shrinking further in the early months of 2013.

Mr Kern said in an interview with the BBC: "If an announcement of negative growth in the first quarter is misleadingly described as a triple-dip recession, confidence will again be damaged unnecessarily."

Fears rise over France becoming the eurozone’s next casualty

Overall IT spending is expected to increase gradually as the IT industry invests with rising markets as users begin to regain confidence in economic stability.

IT spending has seen modest growth in the latest quarterly spending forecast released by analyst giant Gartner.

Spending increased marginally on the back of a period of relative economic stability, with businesses being better prepared for future IT investment, having recovered from the depths of recession.

Device investment was identified as seeing significant increases, with Gartner forecasting an increase of 7.9 percent over 2013, reaching an investment total of $718 billion.

Richard Gordon, research vice-president at Gartner, described how business trends had helped to increase IT spending: “It’s not about everyone chucking money at IT. There is a shift to cloud computing, social media, mobile technology and growth in information”.

Public Cloud market to increase by $20 billion in 2013

Four major UK train operators drop lawsuits ranging up to £40 million against the government, for the failed procurement process for the Great Western rail franchise, which resulted in the bidding operators losing up to £10 million from the submission process.

Train operators National Express, FirstGroup, Arriva and Stagecoach placed lawsuits at the start of March, with a delay in proceedings after the operators agreed to negotiate further with the Department for Transport.

The announcement of the termination of the legal action comes in close proximity to Transport Secretary Patrick McLoughlin’s announcement of extensions to 12 rail franchises, and the creation of a new bidding process for the East Coast rail franchise.

One of the rail operators, National Express, is currently in negotiation with the government over an extension to its contract for the running of its c2c London train contract. The company announced a range of successful bids for contracts including the running of London coach services to Luton airport.

The rail operators have so far not provided a reason for the ending of their legal action.

Government places East Coast rail line up for bid

NOA Outsourced Applications Management Special Interest Group

Following on from the last Outsourced Applications Management SIG in 2012, this event focused on the rapidly changing application landscape, and how technology modernisation is shaping the way businesses are employing application integration to drive savings and efficiencies.

The 4th Outsourced Applications Management SIG was chaired by Andy Rogers of the NOA Council, Ivar Sinka, Principal at Capgemini, Steve Howes Managing Director of RSP, ATOC and Sinead Lynch Senior Associate at CMS Cameron McKenna.

Ivar Sinka of Capgemini opened up the presentations, introducing his talk on ‘Application landscape modernisation’ by describing the long history of application deployment and management up to the present day, describing how modernisation has allowed a greater range of businesses to take advantage of services, that had in the past been limited by traditional approaches, to a small percentage of businesses.

The presentation entitled ‘Modernising RSP services’ by Steve Howes, Managing Director Rail Settlement Plan (RSP), ATOC (Association of Train Operating Companies), focused on transiting the outsourcing contracting model from BPO to an applications management service. Steve described how ATOC followed a similar process to the public sector in moving from BPO, to decide on the different available options, including IAAS or PAAS, or to outsource application management.

Steve described the main triggers for ATOS’ move to a service based on application management as:

1.Cost

2.Speed

3.Control

While application management delivers significant advantages, the committee highlighted how governance must avoid the obstacles of the service. Ivar described the inefficiencies and obstacles that are frequently impact on application contracts, including the tendency to artificially place a division between the development and lifecycle of applications.

The impact of out-dated applications

With the long history of application development and use, the market while rapidly developing, is not new. In many cases systems are already mature, with enterprise clouds having now been around for a number of years. Ivar described how a growing problem at enterprise level is the use of outdated software, saying: “applications are being continued to be used well after their sell buy-date”.

As applications and IT services as a whole become increasingly flexible allowing for an agile approach. Old out-dated applications are in-turn becoming increasingly limiting, threating to make modernisation difficult the older the system becomes, as it is made incompatible with new technologies.

Ivar discussed the growing shift in application control, with cloud frameworks now moving from being controlled by IT departments to being delivered based on a corporate focused perspective. Ivar described the changing landscape with 60 percent of decisions on where the cloud should be employed now being taken based on corporate strategy. The shift shows that the business benefits of the cloud are now being realised at a management level, as users increasingly look to move away from in-house IT, and instead turn towards a buy-as-a-service model.

The steering committee in sharing experiences of the dangers of out-dated services, heard an example of a 23 year old system used by a well-known retailer. The architects of the archaic system who understood its unique operation at a core level wanted to retire, while the retailer wanted to expand into Europe. In failing to update the system over such a protracted period of time, the company was forced to employ specialist’s business analysts who then unpicked code allowing the outdated system to be outsourced and in the process updated.

The importance of integration

The common practice of acquiring new technological and application systems suggests that there is a lack of integration. Entire services are being scrapped and replaced, or being duplicated with new services, rather than finding alternative options, waste is being generated from a lack of effective integration.

With an expanding market leading to a wider portfolio of applications and services becoming available to businesses, Ivar highlighted the increasing necessity of integrating and rationalising services. The high cost of integration with future and existing service architecture, represented biggest challenge for users in a recent study by KPMG on cloud adoption.

Businesses need to develop a governance model that promotes flexibility and agility to ensure that systems which involve multiple forms of applications, tools and processes, which can often change, are effectively managed.

It is important that users understand the fine line between application integration and avoiding waste through needless new application acquisitions, and how cancellation can be vital in allowing for modernisation, cost and security. It is here that rationalisation comes to the forefront of any decision making process. More than 80 percent of IT executives said that they were in need of such rationalisation in a recent Capgemini survey.

Ivar discussed the growing shift in cloud control, now moving from being controlled by IT departments to being delivered through a corporate focused perspective. Ivar described how the landscape is changing with 60 percent of decisions on where the cloud should be employed, now being taken based on corporate strategy. The shift shows that the business benefits of the cloud are now being realised at a management level, as users increasingly look to move away from in-house IT, and instead turn towards a buy-as-a-service model.

Regulatory awareness

Users must be aware of the different form of regulation which surround application services, issues of compliance and how business partners intact with applications and shared services. As technological developments become part and parcel of businesses business law has come to reflect this. Developments such as cloud have been impacted by the need for data regulation and security. With ATOS’ move to application management issues such as data regulation were a less of an issue based on the choice for the geographic location of the stored data, with datacentres being situated in Ireland under EU law, while the data itself was not highly sensitive by only recording select information and avoiding blanket coverage.

Adrian Quayle of the NOA, described during a roundtable discussion, how data from applications is often requested as a viewable metric item by customers, wishing to understand how information retaining to them is processed. This is a request that is similarly made by business partners. Users need to understand the value of analytical capabilities in applications management and how control and analysis of in-house IT differs from remote services.

Sinead Lynch, Senior Associate at CMS Cameron McKenna, discussed the final hurdles of application contracts in: ‘The legal perspective’. Users of application management must have the foresight to address the exit phase, with clear principals and an exit plan that is maintained through the applications lifecycle. Key staff need to be involved at this stage, mirroring the beginning stages in having the relevant staff. Adrian Quayle, said: “There’s often a focus on the success of a project, while avoiding the thought of the end, failure or change of provider.”

Project management needs to include consistent meetings during a contracts lifecycle, alongside an individual who has final responsibility for the end phase throughout the whole of the contract.

In a fast moving IT environment, application management needs to abreast of the many obstacles that can potential de-rail a contract, in order to reap the rewards of a service that offers unparalleled cost-value, with increased agility and speed. Between the steering committee speakers the roundtable was presented with the key methods to ensuring good governance continues to deliver a modern and constant service from application management.

NOA Special Interest Group: Outsourcing Works in BFSI

Transport Secretary Patrick McLoughlin has announced the creation of a new bidding process for the running of the East Coast London to Edinburgh rail line.

The move away from public sector control follows the government’s takeover of the rail line in 2009, after National Express pulled out of the process during the height of the recession.

The management and maintenance contract for tender is expected to select a winning bid by February 2015.

The new tendering process will follow a new approach after the public procurement failing of the West Coast rail franchise procurement process, which resulted in significant losses for bidders.

Unions have been quick to attack the new procurement process, with Manuel Cortes, leader of the TSSA rail union, criticising public sector privatisation, saying: “The £50m West Coast line fiasco revealed that private franchises are a shambles.”

The procurement process for a new franchise for the West Coast rail service has now been delayed until April 2017, with Virgin Trains continuing to run the service in an interim deal.

Patrick McLoughlin said: "This programme is a major step in delivering tangible improvements to services, providing long-term certainty to the market and supporting our huge programme of rail investment.”

O2 selected for £2.6 million East Coast rail infrastructure contract

Global security giant G4S is facing high workloads in Cyprus as it works to prepare for the opening of two of the struggling countries’ biggest banks on Thursday.

Both the Bank of Cyprus and Cyprus Popular Bank have featured as part of the Cypriot Government’s move to reduce debt, with large depositors having had their accounts frozen under the bailout conditions agreed over the weekend.

G4S will oversee the openings of the banks after their closure over 11 days ago. The demand for the banks services are still expected to be high, after crowd gathered at banks at the height of the EU bailout talks.

Managing director of G4S in Cyprus, John Arghyrou, said to Reuters, that: “"I've never seen anything like it in terms of what is going on from a security perspective. I would say the workload has quadrupled because the whole system has changed."

Leaked letter reveals the struggle of G4S partners with asylum seeker contract

New regulation proposed by Europe's Digital Agenda Commissioner, designed to allow broadband to be delivered with fewer obstacles and at a cheaper rate.

The European Commission has estimated that by cutting red tape to broadband delivery projects, as much as €60 billion can be saved.

The main costs of broadband rollout projects relate to infrastructure construction projects, with 80 percent of costs stemming from civil engineering such as digging up land to insert fiber-optic cabling.

Digital Agenda Commissioner, Neelie Kroes, said: "The high cost of building new broadband infrastructure and relatively low density of demand in isolated and remote places, has sometimes deterred telecom companies from investing".

The European Commission have proposed that governments provide broadband suppliers with access to civil infrastructure, including conduits, ducts and manholes, in order to help reduce the costs of infrastructure deployments.

The proposed regulation would also see new buildings created with ducts in the architecture to facilitate broadband installation.

BT leaves competition behind in broadband project as final competitor exits