Industry news

Quest Software Inc. has received buyout offer worth about $2.15 billion from an unnamed party, a proposal superior to an existing offer that may create a bidding war for the business software maker.

Quest said it has received an offer of $25.50 per share from an undisclosed buyer.

Publication of sales achieved through the G-Cloud framework have revealed that the majority of purchases made to date have been for Huddle's collaboration software.

Huddle sales account for more than £400,000 of total sales of £453,000, with buyers of the software including the Ministry of Justice, the Department for Business, Innovation and Skills and the Department for Communities and Local Government.

The largest Huddle sale is for £251,000 to the Ministry of Justice, followed by similar deals for £70,200 to the Department for Environment, Food and Rural Affairs, and for £66,546 to the Department for Business, Innovation and Skills.

The BBC has reported that two North Yorkshire councils are to stop sharing services.

The site states the North Yorkshire councils are to end the sharing of some services after saying the arrangement was not working.

"Hambleton and Richmondshire district councils were among the first in the country to pool resources, setting up the scheme in 2009. Te councils share a chief executive and senior managers, as well as having a combined waste collection service.They said combined savings for both were more than £1m a year."

When it comes to data security, many firms decide they’re happy just to leave it to the experts, safe in the knowledge that they’ll keep their data under lock and key and away from harm. However, with such vast amounts of data leading to a dilution of the security process, how can a company ever be completely satisfied that the experts are doing an expert job?

Perhaps the most honest answer is that they can’t, and I’m sure that the old adage about ‘out of sight, out of mind’ is applicable to many in this instance – until something goes wrong! There are, however, steps that businesses can take in the way they draw up SLAs that can help them to mitigate the potential risks involved.

The first of these is to make sure that you have clear, up-to-date policies in place to govern your security processes. This includes ensuring that your suppliers have ‘skin in the game’ – that they’re likeminded companies who understand the industry and have a stake in the success of your company’s data security. One way to achieve this is by enforcing accountability with penalties invoked in the event of any breach.

Of course, I’m not naïve enough to believe it’s impossible for the best-laid plans to go awry, and so as the outsourcer you need to be sure you understand the data being outsourced, and are ready to ask yourself the right questions. For instance, if a breach occurs, would there be catastrophic consequences to the business? If the answer to this is yes, you may need to either reconsider or look at segregation of the data – either way there are likely to be cost implications to manage the risk.

This decision has to be taken by the person best placed to understand the potential IT security threat and business impact – the CIO. They need to be comfortable that the organisation’s appetite for risk is adequately mitigated with the supporting controls, tools and training in place.

With the CIO and fellow board members driving the security responsibilities of staff members, a secure business culture should follow. However, a business can only promote a culture of security if all staff members are complying with instructions. Clearly, before this happens, clear and explicit instructions on what should or should not be done, must be shared across the business with named individuals who have the accountability for security in each area. What you’ll see is that a culture of security will quickly become the norm, and when people understand and buy in to it, understanding the implications for both the firm and themselves if they aren’t ‘on-side’ and compliant will soon follow!

In summary, it’s important to make sure everyone is pulling in the right direction with clear accountability. You can’t just leave your data with another company and hope for the best; by creating stringent guidelines, for both your company and for service providers, the pieces of the data jigsaw should, with careful planning and monitoring, fall into place and stay there.

CIOs are finding themselves under increasing pressure as IT infrastructures become progressively complex, with the explosion of cloud services and exponential data growth becoming a problematic issue. Earlier this year MTI research found that nearly half of IT professionals in the UK (44 per cent) feel they don’t have the capacity to accommodate increased IT demands, while only one in nine feels they are fully resourced (11 per cent).

Time is becoming ever more precious to CIOs, whose roles have dramatically changed over the years with a more strategic focus. Today’s CIO’s are responsible for business transformation and play a vital role in helping businesses to gain the competitive edge through the use of technology. With the whole organisation looking to IT to lead innovation, CIO’s and their teams cannot afford to be distracted by time-consuming administrative tasks. To reduce their workload and IT administration processes, CIOs can take a step back and adopt managed services. This enables IT departments to outsource their IT to a technology consultancy that can take daily management tasks off their hands.

By operating robust managed services offering CIOs can significantly streamline their system administration tasks, freeing them to focus on more important tasks. The daily management of the IT environment is carried out externally, with the focus on the operations management of hardware and software whilst ensuring service delivery. Within this, the strongest focuses will be on capacity planning and provisioning, security management, proactive technical support and technical upgrades.

In addition, CIOs will also notice an increase in their organisational security and a reduction in downtime. The performance of their systems is routinely monitored externally through datacentres and networks that offer 24x7x365 support, all backed by service level agreements. This provides real-time detection of security threats and problems. A disaster that could previously have gone unnoticed until it caused several hours of downtime can now be spotted and solved by the service provider before it can affect the business.

The net result of this is an increase in organisational productivity, enabling CIOs to focus their attention on pressing business issues rather than having to waste their time worrying about day-to-day IT systems management and routine administrative tasks. Companies can outsource as little or as much of their IT needs as they like in the knowledge that their IT department’s workload is being freed up to deliver the strategic and competitive advantage that will help the business succeed in the current economic landscape.

By leveraging the right technology and working with a reputable managed service provider, businesses can rest assured that corporate data and information is kept secure outside their premises, whilst enhancing business continuity in the process. This enables early notification of potential problems, allowing staff to swiftly address issues without impacting on the company’s business – all without the involvement of the CIO.

Implementing solutions to meet the increase in demands are heightening the workloads of IT departments. Half of the respondents to our survey said the increased demands were “significantly” eating into their workload and one in six (16 per cent) indicated that the increased workload was “catastrophic” or “overwhelming.”

The good news for CIOs is that utilising remote managed services puts them and their IT departments in complete control of their organisation’s IT environment. CIOs no longer have to worry about the management of their company’s infrastructure as they now have a vital tool that helps them become more effective, and provides their organisation with reliable, flexible IT support.

Since the days of time sharing and bureau services in the 1970s, the IT industry has sought to provide organisations with outsourced services that enable them to move processes outside the organisation and run them at a lower cost and/or more efficiently.

Industry analyst Gartner reports that worldwide IT outsourcing (ITO) revenue totalled $246.6 billion in 2011, representing a 7.8% increase from 2010 revenues of $228.7 billion. Indian-based IT services providers and companies providing cloud-based services delivered the highest growth rates in 2011.

And the global outsourcing market is still growing, thanks to the need for companies to reduce internal costs in difficult economic conditions. According to a recent report by Global Industry Analysts, the international Business Process Outsourcing (BPO) market alone will reach $280.7 billion by 2017.

Finance & Accounting (F&A) outsourcing is expected to achieve the fastest growth among all horizontal BPO segments. This is being driven by the need to streamline costs and increase competitiveness, with F&A outsourcing a vital part of companies’ ability to achieve those objectives.

While outsourcing partners pride themselves on their ability to maintain high quality data management standards and reduce the costs of running processes, there is a vital piece of business activity that warrants particular scrutiny. This is the use of Excel spreadsheets: firstly as a means of sharing critical data between the company and outsourcing partner; and secondly as a component of key business processes that must remain in the company even after the outsourcing. When business processes are ‘split down the middle’ like this, one could argue that the job is only part done.

Outsourcing partnerships aside, the cost of managing spreadsheet risk is a major internal concern for organisations. Without expensive, inefficient manual checks, spreadsheet errors, or even fraud can propagate through budgets, financial statements, and pricing, leading to bad decision-making or even significant financial and reputational losses. The problem is that efficiently tackling these data management and risk issues can only be achieved outside the knowledge of IT departments as the data is held and generated in users’ own spreadsheets.

The challenge is exaggerated by the fact that spreadsheets are used everywhere, by companies of all sizes and across all sectors because they are so easy to use, low-cost, flexible and readily available. Indeed, organisations are often horrified by how many individual spreadsheets are used within their business, and commonly admit to having poor governance control over their use and maintenance.

But the prevalence of spreadsheets is not just the result of user short-cuts. Decades of multi-million investments in F&A software platforms such as treasury, tax, reporting and analytical systems show that they cannot keep pace with the needs of the business and the gap is filled with spreadsheets.

The reality is that spreadsheets – with all their associated risks and manual inefficiencies – will never disappear from the corporate environment. The adoption of proper management approaches therefore offers multiple opportunities to both companies and their outsourcers - all of which can benefit outsourcing relationships. So how can outsourcing partners deliver these benefits?

The good news is that the same tools used to manage spreadsheet risk internally can be applied in partnership with an outsourcing partner. ClusterSeven’s software, for example, can monitor this process, bridging the gap between client and BPO provider. ClusterSeven can work with clients to compile reports to monitor the quality of BPO service from a data security point of view.

Further to this, there is a very real new business opportunity for BPO providers to take on spreadsheet operations themselves, rather than feeding data back for the client to analyse. This means that they take over the whole process of data management and governance, not just the non-spreadsheet parts. If the BPO provider does this then it provides much greater scope for process efficiencies – delivering wins for all parties.

All of the industry research points to a continued boom in outsourcing and BPO, particularly in F&A processes. The thorny issue of spreadsheet risk will not go away, and smart organisations and their outsourcing partners are increasingly looking for ways to address this challenge using proven tools already used to manage internal spreadsheets. The even smarter outsourcing companies will focus on a new revenue stream fuelled by their ability to manage spreadsheet risk on behalf of their clients.

While some might argue that ignorance is bliss, when an organisation’s security hangs in the balance remaining clueless isn’t a viable option. In this article, Jane Grafton of Lieberman Software dispels five common security myths.

All too often people hide behind what they ‘want’ to believe is true. Unfortunately, your personal beliefs and opinions will not prevent a ruthless individual from ransacking your network’s filing cabinets. The easy road is not necessarily the secure one so, rather than wait for a hacker or malicious insider to burst your bubble, here’s what misguided individuals tell me far too frequently.

Myth One: We passed our regulatory compliance audit - so our network is safe

If I had a brick for every time I heard this one I could build a wall around the equator a mile thick and two miles high. Just because you passed an audit does not mean you are hack proof. – Far too many large organisations on both sides of the Atlantic are testament to this fact.

There are a number of reasons for this. The most common is that IT departments will pull out all the stops to hit a certain number of audits per year, and forget about compliance on all the days in between. Another big concern is auditors may not always know where to look for the holes so they can be steered in another direction.

I give you fair warning - hackers won’t make an appointment to come ‘check’ your systems! Neither will they stumble accidentally across vulnerabilities in your enterprise. They know what they’re looking for and will strike on their terms.

Myth Two: Our passwords change regularly in line with regulatory mandates - so our network is safe

I’m sorry to be the bearer of bad news but, in my experience, this is unlikely to be accurate.

While user login credentials might be automatically prompted for change, it is the highly privileged administrator accounts that fall outside most automated solutions and therefore rarely altered. Of course, some of you may be thinking that you’ve got that one covered because your IT staff secures these privileged identities manually. All too often that simply isn’t possible. While not rocket science, the sheer magnitude of the task is to blame.

Someone physically connecting to machines, or even using scripts, to change passwords to comply with regulatory mandates is fraught with complications. Think of all the services running on machines with privileged credentials, including any interdependent services, which have to be appropriately stopped before a change can be made, then restarted. It’s a daunting technical task, prone to errors - not to mention time and labour intensive.

Myth Three: Our systems administrators don’t share their privileged logins – so our network is safe

Who are you kidding? The reality is convenience wins out over security.

Although I can’t name the company, a large US insurance provider believed its privileged logins weren’t shared but soon discovered that this perception was misguided. A branch office had been given the privileged login details to resolve a routine IT administrative issue. But, since the privileged password was never changed, staff at the branch office were free to change settings on their machines and install software at will for many months. And this wasn’t an isolated case. Others within the organisation had also been given these ‘keys’ to the network, and had gone on to share them with more employees, allowing the spread to creep around the entire enterprise.

Myth Four: Our IT team know who has access – so our network is safe

Okay, this one has a couple of threads to unravel.

Passwords for highly privileged accounts are often hardwired into applications, or given to contractors and outsourcers to use. Because these logins are shared it’s impossible to pinpoint exactly who, or even what, is behind the connection. Similarly, as we’ve already alluded, these passwords infrequently change, meaning someone who is no longer employed or contracted by the organisation could hijack these credentials and gain access.

In the case of administrative accounts, these exist in droves and, again, they too get shared. Because everyone uses the same common credentials to get into a machine and make changes at a highly privileged level you never really know who is responsible for alterations, or even has had access to sensitive data.

A final issue is people changing job roles within the organisation. If their credentials haven’t been changed then they may still have access to information or services that they no longer need.

Myth Five: Our existing Identity Access Management software is controlling users – so our network is safe

This is a common misconception. As we've already said, most organizations have no processes to control highly privileged administrator logins typically used for emergency firecall or routine administrative access.

To spell it out, all existing security solutions - firewalls, IAMs etc. don’t track and control privileged identities. The truth is that, unless it’s a specialised solution, it can’t!

Now, how many of you thought you were safe prior to reading this article? While the majority of organisations are ignorant to the reality of the security within their enterprises, ignorance is not an excuse should your systems be breached. Instead, regain control of your enterprise by following these five rules:

1. Don’t focus purely on passing an audit. Instead remember that your end goal is continuous compliance. You can achieve positive results by viewing each potential security hole as something to investigate and mitigate rather than a crack to be papered over.

2. Ensure all default passwords are changed before deploying any new devices or programs in a networked environment. This can be easier said than done – as there could be more published default logins and developer back doors on your network than anyone might know.

3. Configure all privileged accounts to require password changes every 60 days at the most – using unique, complex passwords for each account in the network.

4. Store all passwords in an encrypted format, only accessible with delegated and audited super-user privileges.

5. Employ automated tools that will inventory all privileged accounts, monitor for anomalous behaviour, audit all activities and control their management consistent with the FDCC (federal desktop core configuration) standard.

Since the early 2000’s, US based Hedge Fund and Private Equity managers have looked across the Atlantic as a way of expanding their businesses. In some cases it was to have actual portfolio managers operating in the UK, whereas in others it was to have a European research and/or marketing capability. Being in Europe allows the business to access markets and knowledge not easily available in the US. Crucially, it also opens the door to a larger, more diverse investor base.

Irrespective of the rationale for setting up in the UK, they all face the same challenges: different regulations, different taxing regimes, different employment laws and importantly, a different business culture.

Historically, US businesses have not always been keen on outsourcing in their own country. However, the exploits of Bernard Madoff have unwittingly forced US fund managers to outsource their fund administration function (pricing of positions, etc.) as investors are now unwilling to invest in a fund where the pricing is not performed independently.

On the other hand, when setting up in the UK fund managers eagerly embrace outsourcing. The reason? Simple: they don’t understand how things are done in the UK and find it much more economical and efficient to outsource the knowledge that they lack. They could of course hire a team of support staff internally but as they usually work to a budget, this would tend to be much more expensive. As such, they only hire core staff and outsource most other functions.

But cost isn’t the only reason. Afraid of employment laws that are more draconian than they are used to, US managers don’t like the idea of hiring vast numbers of staff that could be expensive and troublesome. In addition, there is another employment matter to consider: the career of the non-core staff they are hiring. Do they really want to develop the career of a payroll technician? How do they go about staff training them? What career path are they going to have? These are problems for the outsourced service provider, not the fund manager, which makes outsourcing a more attractive option.

Another benefit for US managers is the ability to scale up or down should the business either grow or shrink. Again, this allows the team to focus on managing money whilst the outsourced service provider reacts to the resourcing needs.

The changing regulatory landscape currently being dictated by Europe is causing the greatest challenge and potential obstacle to managers coming to the UK. Whilst the full impact of this is not going to be felt for a few years yet, US managers are keeping a close eye on developments. However, by having a fully scalable back office function due to outsourcing, the manager is more readily keeping his options open to change.

In a nutshell, the full benefits of outsourcing are seen in US inbound set ups; flexibility, scalability, cost savings, depth of local knowledge and control.

More than £4bn of outsourcing tenders is currently under negotiation, according to a study of contracts the Official Journal of the European Union.

According to today’s Financial Times, this has led to many City investment analysts – who have conducted research into outsourcing companies’ bid pipelines - predicting an outsourcing boom.

Martyn Hart, Chairman of the National Outsourcing Association said:

“Pressure on the public sector to make cost reductions has made for a healthy pipeline for many outsourcing suppliers, particularly now that tender costs have been reduced through ‘de-formalisation’ of the bid process. Having learned to engage suppliers earlier in the process, expect more business process outsourcing, as the public sector learns how to get itself a better deal. Commoditised IT can save around 10% annually, but only accounts for 5-6% of government spend - BPO can offer savings on a much grander scale. Expect those companies that offer both ITO and BPO services to be most coveted by City investors. And, to ensure Outsourcing Works, the government must invest the time to up-skill its people. Only through proficiency, experience and knowledge-sharing can the public sector maximise the cost and service benefits of this outsourcing boom.”

Cumbria County Council has rejected bids from BT and Fujitsu to provide its superfast broadband roll-out across the region.

The central government funded project planned to give 90% of homes in Cumbria a minimum of 25Mbps broadband speed by 2015.

Despite the tech giants being the final two in the process for the £40m contract, Cumbria CC has decided that neither bid is suitable.

A statement from Cumbria County Council said: “Cabinet received detailed submissions from the final two potential suppliers (Fujitsu and BT) and despite a lot of progress being made, neither of the final tenders had completely fulfilled the original and full requirements of the procurement process,”