How BYOD Already Helps Businesses and the Trends to Watch for 2016
With mobile Internet users expected to top 2 billion devices in 2016, it is no surprise that BYOD is a business trend that has taken off. BYOD is already helping businesses in key ways, and BYOD benefits and policies will continue to evolve in 2016.
However, BYOD can have a dark side that ultimately harms businesses instead of helping. Here are the things to keep in mind for all things BYOD in 2016.
BYOD Business Benefits
The immediately apparent benefit of BYOD policy is that it shifts the burden of cost to the user (the employee). Given that a cell phone bill can often run upwards of $80 per month, businesses save significant capital by letting the employee cover those costs.
While it might seem that employees would object to such a policy, the opposite is true. Employees typically love BYOD policies since employees have the smartphone or laptop they already own for a reason. Namely, they enjoy using the device.
Users will also typically buy cutting-edge phones and laptops for their own personal use, which can provide businesses with a performance advantage they would not otherwise have. Even better, tech enthusiast employees will upgrade to the latest technology more frequently than the typical company refresh would, which means the business can stay current without incurring costs.
Given these benefits, it stands to reason that BYOD will only continue to grow in 2016. Here are some of the trends to look for in the years ahead.
BYOD Trends to Watch
When BYOD started, it was often considered a privilege in the workplace. In 2016 and beyond, expect such policies to become required. Some experts believe that around half of the world’s employers will require employees to bring their own devices in 2016. Along those same lines, it is likely that fewer businesses will fully reimburse employee costs for personal device use.
Additionally, expect BYOD to have a new look in coming years. While BYOD devices were traditionally phones and tablets, the Internet of Things has broadened the possibility of BYOD. Wearable devices such as smartwatches, sensors and monitors can all play a role into a company’s BYOD policy and strategy. (Learn more about IoT here.)
Finally, it will become increasingly important for businesses to develop a comprehensive BYOD strategy. Businesses will need to create constant guidelines, strategies and requirements for BYOD use. Otherwise, businesses open themselves up to the risks inherent to BYOD use. (Learn how to assess risk vs reward by clicking here.)
The Downsides to BYOD
For all the benefits BYOD policies provide, they are not without risk. Businesses who have not adopted BYOD frequently cite their concerns about BYOD security, and their concerns are warranted.
When many devices are accessing business data, crucial business insights are more open to attacks than ever before. While the convenience of BYOD has always come with security risks, those risks only increase when more businesses adopt BYOD policies without implementing effective security measures.
WGroup can help with the security plan you need. Click here to learn about our security-as-a-service.
Businesses who decide to tap into the rapidly growing BYOD culture must understand the security threats inherent to BYOD. As a result, it will be easier to create vigilant BYOD policies and security policies to address BYOD security risks.
WGroup has helped CIOs, IT leaders, CEOs, and boards of directors assess and transform their IT strategic frameworks, governance structures, and operational processes to meet the sometimes competing demands of the business and emerging trends in IT. We adopt a pragmatic approach to implementing new IT capabilities that balances future needs with short-term improvements and benefits. Many IT transformations are designed to be self-funding, with subsequent phases exploiting the success of prior investments and improvements.
If you’re facing challenges in BYOD, IT transformation, cybersecurity, or all of the above, we invite you to discuss them with us, with no obligation. We’ll tell you how we can help. Click here to contact us for a consultation.
The rise in cybercrime led noted Internet security pioneer Eugene Kaspersky to dub the Internet of Things (IoT) the “Internet of threats.” While the threat of cyber-risks is very real, there are reasons to believe that Kaspersky’s pessimism is overstated. There are several reasons to remain confident in IoT security, including innovations in IoT app security.
The Importance of IoT Apps
In the vast world of IoT products connected to the Internet, there is a common theme among many of them. IoT products often use apps to help facilitate ease of use and convenience.
Given that applications are a fundamental component of the IoT process, IoT security and protection strategies should start with securing the application itself.
Applications can be secured and bolstered to defend against hacks and cyberattacks by application hardening and runtime protection. These techniques can be effectively implemented without affecting source code since guards can be automatically inserted into the binary code instead.
Subsequently, these guards can be protected in such a way that both the application itself and the guards are both protected. In turn, this ensures there is not a single-point-of-failure that hackers can easily exploit.
Device Makers Can Bake in Security
While app security is crucial and is often the best way to start securing the IoT, baking security into connected devices is also a helpful strategy. Experts suggest that such strategies prioritize safety in the design stage of connected devices, which in turn ensures that device manufacturers share some of the security responsibility.
Developers who think about solving security during the creation stage will help thwart security threats by considering how to create their devices in a way that repels cyber-risks.
Everyone Must Work Together
To successfully win the war for IoT security, consumers, businesses and developers must all do their share. Consumers must educate themselves on the value of creating strong passwords, and they must also regularly change these passwords.
And, while developers must implement security best practices as mentioned, businesses can create dedicated IoT security teams of specialists who ensure that security is a dedicated component of the business roadmap.
Finally, businesses should be honest with customers with regards to privacy policies. When all parties recognize and understand the security risks that face the IoT, everyone can work together to ensure that the IoT is secure. While hackers want to ruin — or exploit nefariously — the incredible innovation that is the IoT, it will not happen so long as everyone fully commits to the necessity of IoT security.
If you’d like to learn more in-depth insights on the Internet of Things, request a copy of WGroup’s ebook, Your Business And the Internet of Thingsby clicking here.
Organizing and Conducting Effective Multi-Vendor IT Governance Meetings
Managing multiple vendors requires a clear strategy focused on driving business goals, regular open communications, and strong leadership. Conducting effective governance meetings is a critical component of ensuring those pieces are in place. But in order for them to be productive, it is critical that business and IT leaders set the agenda and begin with the end in mind.
Conducting and planning effective vendor meetings can be challenging. Without a clear agenda, it is easy to get off-topic and focused on the wrong priorities. To prevent problems and have more productive multi-vendor meetings, it is important to understand your overall objectives, determine your specific needs, develop plans accordingly, and stay focused on achieving the end state.
What is effective IT vendor governance?
Among other things, IT governance allows companies to build better relationships with vendors, continuously improve service and innovate. Understanding what good governance looks like within your environment must be considered. There is no one-size-fits-all solution. Before planning a program of regular meetings, it is important to have a clear idea of where you are headed and what makes a governance strategy effective. Effective multi-vendor IT governance incorporates the right mix of skilled personnel, relationship building disciplines, and management tools and techniques from both you and the vendor.
Key tenets of IT governance include:
Quantitative and qualitative measurements
Candid information sharing
Continuous improvement and innovation
Ongoing opportunities for business value and growth
Key meeting topics
Setting the agenda for a multi-vendor governance meeting is critical to ensuring it is productive. IT vendor governance should cover six key areas: contracts, relationships, performance, projects, continuous improvement and innovation, and financials. Meetings should be structured around addressing several of these key topics.
Contract Management – Managing contractual commitments to agreements and service delivery models, dispute resolution, and maintaining contract legal documents are critical components of managing vendors. Key meetings include escalating issues and disputes (via predefined processes) and reviewing contractual deliverables and event triggers (e.g. adjusting SLAs, resource levels or pricing renegotiations).
Relationship Management – This area focuses on customer satisfaction, overseeing relationships to ensure alignment, and working with the vendor to manage risk. Key meetings and deliverables are overall program communications planning and execution, customer satisfaction survey reviews, and vendor risk assessments.
Performance Management – This area involves measuring and monitoring delivery performance in relation to SLAs, reviewing deliverables and trends, and monitoring aggregate incident, problem, root cause, and change management performance data for all relevant vendors. Key meeting topics include monthly performance measurement reports (with a rolling twelve-month performance period) and quarterly multi-vendor aggregated performance reports (e.g. Priority 1 incidents, Root Cause Analyses (RCAs), and change management success).
Project Management – In order to keep projects running smoothly, companies need to implement systems to measure and monitor project control and execution performance, review schedules, issues, risks and mitigating actions and compare budget to actuals, and estimates to completions. Key meetings include monthly measurement reports, quarterly multi-vendor reports, and aggregated performance reports.
Continuous Improvement and Innovation – Companies must constantly work with vendors to improve solutions, capture new markets, and reduce costs. Governance programs should be in place to establish multi-vendor processes for vendors to submit ideas, business cases, proposals, and hold briefings to discuss partnership and other innovation topics. Key meetings should include monthly reviews of individual submissions and client decisions on each and quarterly collaborations between clients and vendors to share strategic and tactical business and IT intelligence and information on emerging trends.
Financial Management – The financial management component of governance validates and manages costs, monitors the economics of contracts, and ensures that value propositions and expected benefits are realized. Key meetings are monthly invoice reviews, quarterly financial or budget scorecards, and value proposition management. Organizing productive, tactical, and strategic multi-vendor governance meetings can allow companies to take better advantage of IT vendor relationships. WGroup has the experience in working with cross-industry clients to determine your specific needs and assist in developing a customized multi-vendor IT governance program.
By establishing an ongoing program for all parties to regularly discuss goals, resolve problems, and set agendas, you can drive more aggressively towards successful relationships and achieving mutual objectives.
XaaS — Everything-As-A-Service Moves into the Mainstream
Everything as a Service (XaaS) is no longer a phenomenon, nor is it a passing fad. It is a strategy that should have already been adopted by CIOs and IT leaders. In fact, if you’re not already “on the train,” then you’ve probably missed it.
For an enterprise, XaaS offers the chance to improve the way that IT serves you, your enterprise, and your customers. It is an enabler of the transformation of IT into an integral component of every part of the business. It offers the opportunity to deliver countless services over cloud, rather than focusing on local or on-site. To date, cloud has moved beyond its early stages of representing solely a means for off-site data back-up. Now, cloud has the ability to rapidly evolve and virtually support communications, content, commerce, applications, and almost anything that is thrown its way. In short, XaaS offers enterprises the opportunity to vastly enhance their use of software and hardware, as they optimize their entire approach to IT.
Over the past year, XaaS has shown a continued ability to provide enhanced agility, increased levels of innovation, faster response time, adaptive capabilities to changing markets, contained costs, and the reduced need for capital. Over the rest of 2016 it is expected that XaaS services will continue to expand, as CIOs and IT leaders who hadn’t already embraced XaaS play catch-up in an attempt to leverage the benefits of this innovative IT strategy.
Clinical service desks can bridge the gap between traditional IT help desks and more specialized customer service solutions designed for the medical sector. By having a skilled practitioner at the desk, solutions can help organizations deliver better, more effective care to patients while significantly improving productivity. But clinical service desk solutions are relatively new and jumping on the bandwagon without fully understanding what you need can lead to problems down the line.
1. The space has not fully matured
One of the most important things to know about clinical service desks is that they are a relatively new development and some solutions may not have reached the level of maturity your company requires. Unfortunately, healthcare providers looking for an implementation that follows industry best practices may struggle when they find that the rules of this space have not yet been completely written. This makes it difficult to contract with smaller providers that may not have yet proven their ability and may be unable to provide a convincing argument that their solution is strong and reliable.
In many cases, the relative immaturity of the space manifests itself through highly customizable, a la carte offerings. There is not yet a well-defined preset grouping of services and features that most companies offer. Although this provide great flexibility for customers that know exactly what they want, it can be confusing for customers that don’t. Organizations should strive to understand what’s available, and choose providers they can trust before moving forward with an implementation.
2. It’s important to decide who will be using the solution
Prior to contracting with a vendor or implementing a solution, it is critical that the organization understand how, and by whom, the clinical service desk will be used. In some instances, the solution is only used by physicians, in others physicians and nurses, and in still others by all clinicians. Different users have different needs, and deciding the scope and functionality required by the organization ahead of time will help set clear goals and allow you to work with vendors to find a solution that works for you.
3. Some solutions are purpose built around EMRs, some aren’t
Leaders of the clinical service desk space like Epic and Cerner have purpose built solutions designed to work effectively with EMRs and meet the unique needs of healthcare professionals. Other vendors may or may not have the level of maturity of these providers, and could potentially cause problems. Customers must carefully vet vendors and choose one that can deliver the functionality and expertise necessary to productively aid the practice.
4. Deciding how users get in touch is key
Ultimately, the way users interface with the service desk is critical to its day to day use. There are two primary options when it comes to communication, single and multiple phone lines. In the single phone line option, users call in and are routed to the necessary person via a phone tree. This provides simplicity by having only one number to remember and call, but navigating a phone menu can slow users down when they need information quickly. The other option is having two or more numbers. This may get users the information they need more quickly, but increases the complexity of the system.
5. Features vary from vendor to vendor
The services and features included in a clinical service desk solution can vary greatly. In some cases, solutions are only focused on EMRs. These tools are primarily designed to help healthcare providers solve EMR related problems and find patient info more quickly. Other solutions take a more comprehensive approach and offer one call fixes for any IT or EMR related issue. In some cases, this can take the place of a more generalized IT help desk solution and streamline the organization. However, these concierge solutions may not be able to offer the same specialization as more specific options.
Clinical service desks can provide significant boosts to productivity and quality of care in the medical sector, but they can also be challenging to navigate. Being a young space means there aren’t as many established best practices or predefined solutions. Ultimately, healthcare providers must carefully plan their clinical service desk strategy, define goals, and choose an option that meets their unique needs.
WGroup assists clients in the medical and healthcare sector with advisory services related to information technology, sourcing, service methods and service delivery. Visit our home page at www.thinkwgroup.com to learn more.
Contract renewals have a way of sneaking up on companies, catching them unprepared and without enough time to catch up. The pace of technology change is rapid. IT leaders need to use this as a chance for transformation. There is never as much time to properly prepare as you think, and taking the time to build and execute a well thought out renewal strategy is critical to achieving business objectives.
In this post we’ll discuss some strategies for planning contract renegotiations and rebid cycles and why it’s so important to have enough time for them.
Companies underestimate the time they’ll need
At WGroup, we’ve found the ideal window for starting to address contract renewal is 18 months. This leaves enough headroom for the work that needs to be done to successfully negotiate and implement new contracts while accounting for potential delays along the way. If you’re like most IT leaders, that’s much more time than you give yourself to prepare and execute a deal. But what goes into these 18 months, and why is it so important to have that much space to work in?
Strategy/Analysis Work (3 months) – One of the most important steps in contract renewals is forming a plan of attack to effectively address transformational technologies, changes to the service delivery model, and new business objectives. It is critical to have a clear understanding of what works and what doesn’t in the current agreement, what requires change, and what will drive business goals. Aligning the solution and SLA with business needs means carefully evaluating current performance and identifying areas that need improvement.
RFP Lifecycle (5-8 months) – This is probably the most variable period for contract renewals. Companies must allot a significant amount of time to see new solutions for vendors bid preparation and submission, bid evaluation, and negotiations. It is important to go slowly, and carefully evaluate every option. Make sure to evaluate how the new agreement and new solution will enable business agility, flexibility and speed.
Transition (6 months) – If your company decides to change vendors, or if the current vendor’s solution is dramatically altered, the IT organization needs to allot time to implement any changes. This may include periods for physical hardware and infrastructure changes, applications and tools replacements, training, and other preparations that the vendor must make. Allotting enough time for this period ensures that the process isn’t rushed and that an underdeveloped solution isn’t implemented.
Contingency Time – Never expect the best case scenario. Allocating extra time for course correction is vital. You may see something exciting that you had not thought of or considered that you want to take advantage of. The more time you have you not only get more leverage to get best deal but you also have more room to make sure you get right solution.
Above all, it is important to remember that this process cannot involve only the IT organization. Business leaders needs to be engaged in this cycle. IT must first ask the business what the desired outcomes are and how can these outcomes be reached. Adapting the contract renewal process to address business goals while allotting enough time to effectively meet those goals is at the heart of an effective contract renewal strategy. Don’t get caught without enough time and without a plan. Prepare for contract renewals early and use the extra time to make sure vendors meet your business’s real needs.
Building a Sustainable Governance, Risk and Compliance (GRC) Model
No one questions the business mandates to comply with Sarbanes-Oxley (SOX) controls. Organizations had no choice but to adhere to the new regulations. Over two decades after coining the term “cybersecurity”, many still struggle with cybersecurity risk management. 88% of organizations do not believe their information security fully meets their needs.1 Data breaches also are almost commonplace, as in 2015 breaches in business, government and healthcare organizations reached near record high rates.2
So are criminals just getting smarter, or is it more likely organizations are not allocating the proper resources to address these risks? Like the implementation of SOX controls, cybersecurity is an iterative exercise. In order to stop struggling to build a sustainable cybersecurity compliance program, organizations must develop more comprehensive governance, risk, and compliance (GRC) models.
What is at risk?
For Customers – Organizations always include meeting customer expectations as a business strategy component. It then follows that the risk of losing that customer is also critical to the business. The impact of breaches on customers is rapidly evolving. Risk is more than customers’ credit card numbers. Actually, for most retailers, there is little reason to even store that data. The customer has minimal liability in the event of a breach and relatively minimal inconvenience. It is now extremely easy to have credit cards replaced and issuers will always reverse illegitimate charges. The entire process is fairly painless and absolutely manageable. However, private information such as Social Security Numbers are another story. When that information is stolen, it is forever. Companies must understand the relative value of different types of information and their impact on customers in order to develop more effective solutions.
For the Company – Not all breaches bear the same risk, but they all have the potential to impact important company assets like brand image, organizational reputation, and finances. The court of public opinion will look at two specific areas: The organization’s due diligence efforts to manage the risk prior to an incident and its ability to communicate, react, and support their customer base after an incident. These key indicators are only addressed with a comprehensive GRC business strategy. Moving your business forward with GRC as a cornerstone will support growth and innovation while keeping risk in check.
Developing stronger GRC models
At WGroup, we believe a business driven mandate surrounding GRC is essential. It has to be a part of an enterprise business model where organizations need to expand, improve and innovate in order to actively address cybersecurity risk. Cybersecurity needs to be a part of your organization’s DNA. Companies should take the opportunities to transform GRC efforts as they implement new projects.
There are several components that a GRC strategy model should include:
– Commitment from top business leaders
– Organizational alignment
– People, Process, and Technology
– Operational Enablement
The GRC function is not just about protecting the confidentiality of information, but needs to be a more holistic methodology. In addition to safeguarding the company assets with tools such as encryption, a robust security framework should be implemented.
The National Institute of Standards and Technology (NIST) framework addresses not only protection, but other critical factors including:
– Asset inventory, management, and governance
– Data awareness, training, protection of data, policies and procedures
– Anomaly detection and event management
– Response planning, communication, analysis, and mitigation
– Recovery plans, strategy, and lessons learned
IT security risks are relevant and growing. Companies need to understand new threats and how to take steps to manage them. By implementing more sustainable, comprehensive GRC models, organizations can significantly reduce risk of breach and reduce their cybersecurity risk profiles.
1. EY’s Global Information Security Survey 2015
2. Identity Theft Resource Center (ITRC) data breach reports
How Cloud Computing Is Poised to Shift the Security Status Quo
While cloud computing received a significant amount of positive media attention in 2015, 2016 is poised to be the year that cloud computing truly shakes up the security status quo. Still, even after 2015’s positive media coverage led to a better appreciation of cloud services, enterprise workloads did not necessarily shift over to the cloud in large numbers. Expect that to change in 2016.
Here are a few reasons to expect cloud computing to shake up the security status quo in 2016.
Traditional Security Vendors Will Need to Adapt to the New Cloud Culture or Face a Decline
Traditional anti-malware and encryption companies may not have needed to accommodate the cloud culture in years past, but that should change in 2016. Anti-malware developers will likely focus on developing software that can seamlessly integrate with cloud platforms. This prediction, however, is not without its set of challenges.
Security vendors will need to work closely with cloud platforms since inserting third-party anti-malware solutions onto cloud platforms will not come about effortlessly. Still, expect cloud providers to create APIs and frameworks that help anti-malware vendors get their software onto the cloud. Since anti-malware products are not a cloud platform’s area of expertise, working with third-party vendors will help cloud platforms and traditional vendors alike.
Similarly, encryption companies stand to benefit from the move to the cloud as well. With the rise of mobile devices and cloud computing, there is an increased understanding that encryption is a security necessity at all times. Encryption vendors have a huge opportunity to create scalable and transparent solutions that will broaden the capabilities of encryption on a cloud platform.
Vendors who are incapable or unwilling to adapt to the new cloud security culture will likely face the threat of a decline in business.
The Rise in Cloud Security Will Place a Heavier Emphasis on Effective Security Policies and the CISO
The expected increase in cloud security implementation will ultimately demand a greater emphasis on security policy as well. While the majority of IT leaders now believe that cloud security is as secure or more secure than traditional on-premises software, effectively transitioning towards a cloud security environment can be complicated.
In a recent Cloud Security Alliance survey, 67.8 percent of companies noted that the greatest obstacle in moving towards a cloud system is the ability to enforce corporate security policies. As such, making an effective cloud security transition requires the right policies in order to make the move as seamless as possible. Companies with a CISO have an easier time achieving this goal.
The survey found that a CISO plays an integral role in developing security policies. As a result, a CISO makes it more likely that the company is prepared for cyberattacks, which is why companies who already embrace the cloud are more likely to have a CISO. More than 60 percent of companies have a CISO, and that number seems poised to increase with the continued rise of cloud computing security.
In effect, cloud computing is poised to demand industry changes as well as changes to the corporate culture of companies who make the move towards cloud security in 2016 and beyond.
Bring Your Own Device (BYOD) – The Risk/Reward Calculation
There are approximately 120 million Americans in the full-time workforce. According to Pew Research Center nearly two-thirds of American adults age 18+ own a smartphone. If we were to extrapolate the latter statistic by applying it to the former figure, we would find that hypothetically 76,800,000 Americans use their smartphone for work purposes. With these statistics in hand, it is safe to say that Bring Your Own Device (BYOD) has become a popular solution across any sized enterprise. However, despite the wide-reach of BYOD, companies still report that they are struggling to properly weigh the rewards vs. costs, as they attempt to adopt the potentially money-saving Information Technology (IT) solution.
The Rewards Associated With BYOD
In 2013 best-selling author, Managing Director at TCG Advisors, and Venture Partner at Mohr Davidow Ventures, Geoffrey Moore, infamously argued that CIOs needed to understand that employee brain patterns change directions when they have to think about accomplishing a task versus remaining free to creatively brainstorm a solution. With this theory for support, he went on to suggest that if you give employees technology that they love to use, then employees will be able to better focus on pattern recognition and other value-adding activities, rather than wondering what button should be pressed. In his words, “The amount of redirection of neurons when you have to do that [complete an assigned task on an unfamiliar device] and the interruption in the flow of imaginative thinking is much more dramatic than people actually acknowledge.” As outlined below, BYOD embodies Moore’s line-of-thinking and provides numerous rewards:
BYOD allows employees to use consumer technology that they are both familiar and comfortable with
Using BYOD at work can create a smoother transition into the workspace, which can improve productivity levels
An increase in employee satisfaction has been shown to have a direct correlation to increased production and goal-oriented achievements
BYOD improves employee engagement levels both internally (with other employees or managers) and externally (in a client-facing environment)
BYOD policies can enhance recruitment efforts for the millennial generation
BYOD offers a viable solution to employees’ growing desire to work remotely with flexible work hours
The Costs or Risks Associated with BYOD
The inherent “cost” of BYOD IT is that it will open security risks or vulnerabilities that would not have otherwise been introduced into the work environment. Additional costs or risks that are associated with BYOD include:
BYOD allows employees to potentially walk security risks right in and out of the front door every day
IT departments must plan for new security risks. In planning for these risks, additional monies might be spent on employee training and ensuring that employee devices remain up-to-date with the latest security software
IT departments need to spend additional time setting up BYOD in the same way that they would set up company devices, which includes: legal, licensed software, screen locking, business-level encryption protocols, malware, spyware, and a secure program for remote system access
There is a greater risk that employees won’t follow proper security protocols. Cisco recently released a report which stated that only 2 out of 5 workers in the banking industry apply even the most basic of security settings to their smartphones
There is a greater risk that BYODs won’t meet security, governance, and compliance regulations
The use of BYOD is growing across industries; as it continues to grow so too do the associated rewards and risks. Businesses need to carefully analyze internal IT operations before they can make the decision to implement a BYOD policy.
Building strong, mutually beneficial relationships with IT vendors can make a significant difference in an organization’s ability to deliver on end user expectations, reduce costs, and drive business goals. But effectively evaluating vendors and forming strategic partnerships with those that meet your company’s needs can be challenging. Many IT organizations only focus on short term tactical and transactional relationships and don’t benefit from the synergy of a long term relationship.
Why are vendor relationships important?
It is natural to question the value of building long term relationships with vendors. The process requires commitment from the organization, regular review, and a considerable amount of time. However, there are many benefits to investing time and resources in the effort. Better partnerships can greatly improve productivity, lead to reduced costs and risk, and improve end user experience.
Improved productivity – Developing, implementing and upgrading systems, applications, and services can be extremely time intensive. Working with companies that already know your organization’s infrastructure, systems, culture, and unique needs can speed project time, limit problems, and lead to a more satisfactory solution. You can also reduce the time needed to go through the competitive bidding process to get the project up and running faster.
Reduced risk and costs – Working with a trusted supplier can reduce risk and costs caused by stalled projects or other issues. Close partners are also more likely to work with you if you need financing or to work out more suitable payment plans.
Better end user experience – Trusted vendors often have a better idea of the unique needs and characteristics of your company. That means they can provide applications and services that work better for the end user or your customers.
Forming more beneficial relationships
Vendors are an integral part of your business’s strategic plan, allowing the IT organization to deliver effective services to employees and customers. But building mutually beneficial relationships with vendors takes time, personal connections, and effective review and analysis. Companies should treat the vendor vetting and relationship process with the same planning and care they would invest in any other critical business function.
Start with small transactions – It’s never wise to invest too heavily in an untested partner. That’s why any vendor relationship should ideally start with small projects. This gives you time to see how the vendor operates and decide whether to continue the relationship with more significant stakes.
Treat the vendor fairly – If you decide to invest time and effort into building a relationship with a vendor it is important to treat them fairly. A partnership is a two way street. You should always make an effort to always pay on time, provide ample lead time, and build personal connections with vendor representatives.
Be demanding – Although you should always treat your partners fairly and build personal connections, it is important to remember that the needs of your own company come first. Don’t be afraid to ask a lot from your vendor and drive a hard bargain when it comes to price and performance.
Regularly review performance – Be wary of partners who become too embedded in the organization resulting in poor performance to go unnoticed. It is important to guard against this by regularly reviewing vendors and addressing issues as they arise. If at any time a trusted vendor cannot deliver, don’t be afraid to request proposals from other sources.
We just published a terrific case study of a real-life example of a large company who valued strategic partnerships enough to completely rethink the way they measured their IT service provider. They reduced costs by over $100 million while increasing scope of services, aligning service delivery to business impacts, and improving end-user satisfaction. And here’s the kicker: They did it with their incumbent service provider and both parties are thrilled with the results. Learn how strategic partnerships helped them achieve this by clicking here to download Negotiating Better Solutions with IT Partners.
Your employees love cloud computing. It lets them work anywhere, any time, on any device. For many people, that kind of flexibility in their work schedule is a big boost to their quality of life.
There are plenty of reasons for you to love cloud computing, too. Employee satisfaction leads to employee loyalty, which leads to employee productivity. You may even be able to move some employees to telecommuting positions, which will save your business money on office space and utilities.
If cloud computing is a smart decision, the tricky part is deciding which cloud. If you’re considering a move to the cloud, a third-party provider is a must.
Maybe you’re worried that a transition to cloud computing will disrupt your work environment. Maybe you’re worried that having important company information living in the online ether, instead of being stored in individual computers or in on-premise storage, will create security issues.
The good news is that both of these concerns can be completely alleviated by using a third-party cloud computing provider, rather than setting up an in-house cloud server.
A third-party provider will gradually move your company information over to its own servers without disrupting the flow of work at your business. Most of the work will be done after hours. When employees return to work, they will each get their own passwords, giving them access to the information they need to do their work. No downtime.
That’s just the beginning. With a third-party provider, security is greatly enhanced. The servers where your company information is stored are monitored around the clock. If there is any hint of an issue with security, such as someone trying to gain unauthorized access to your servers, the technicians will know right away and can respond before your information is compromised. It’s like having an army of security professionals watching your important company information all the time and keeping it protected.
Here’s one more way having your information stored away from your business headquarters makes sense. It’s protected from corporate sabotage and environmental disasters. If your business’s location is damaged or destroyed, you and your staff can continue to work from anywhere, because your information is safe.
Times of significant change can cause stress, loss of productivity, and discontent within any organization, particularly in IT. Outsourcing, insourcing, mergers, and acquisitions can all create obstacles that prevent leaders from concentrating on accomplishing their goals. In order to overcome these problems, IT leaders need to have robust plans in place to harness the full power of their organization. One of the most important components of any plan for change is good communication. Without consistent, pointed messaging and patient listening, any changes will suffer from much greater pushback and create far more problems. One can never go astray by embracing and executing effectively on the fundamentals of organizational change.
How to communicate more effectively
IT leaders’ efforts during periods of transition should be focused on keeping everyone on the same page in terms of goals, processes, and what the changes mean. Everyone within the organization should have a clear understanding of what their new role will be, and what the future will look like. This requires clear and consistent communication from IT leaders.
Increase communication frequency – In this day of hyper transformation, changes happen rapidly, with shifting outcomes and expectations. Most leaders don’t communicate with their team often enough during these times. By keeping more constant contact with employees and communicating effectively, you can help assuage any doubts or uncertainty that the team may be having and keep everyone positively contributing towards the collective goal.
Improve communication quality – It’s not enough to simply flood your team with messages. The communication has to be both more frequent, and more importantly, more meaningful. Make memos, meetings, and other outreaches succinct and take extra time to cover the topics that employees need and want to know about. Of particular importance is a focus on how the changes will affect each individual and what their role in making it happen will be. This can both help improve team morale and keep employees focused on the organization’s mission.
Don’t overcommunicate – Although regular, high quality communication is key during periods of transition, it is still possible to overdo it. Make sure all of your communications have real value to the recipients. Don’t communicate just for the sake of communication. Too much can bog down employees and water down the messaging.
Listen – Another component to good communication is listening. Leaders must pay careful attention to how the changes are affecting their team. The leader must also be sensitive to what problems are arising, and listen for any suggestions that might make the process go more smoothly. This means taking time to get feedback from a wide variety of sources, including colleagues, business unit leaders, and individual contributors.
Maintaining high quality, frequent communication during periods of transition can be challenging, but it’s important to remember that it can mean the difference between success and failure. With more robust and consistent messaging, IT leaders can help keep their team happy and focused on their mission. The result is an organization that owns your message and uses it as the foundation of their daily hard work.
WGroup is pleased to announce that Bob Mack has joined the firm as Principal Consultant. In this role, Bob will be responsible for supporting and leading client engagements focused on IT, Transformation, Strategies and Sourcing.
Bob is a diverse, “hands on” business executive focused on delivering transformational outcomes in fast-paced environments. With over 30 years of experience working for global Fortune 500 organizations, he has amassed a broad and deep tenure of IT executive and general management experience within the pharmaceutical/healthcare industry. He is an expert in tackling big, complex opportunities that challenge the status quo and create innovative approaches to driving new business value. He is most inspired by organizations that have a passion for excellence, a demonstrated sense of urgency, and a “start-up” execution mindset.
As an IT and business leader, Bob has an excellent track record of success with IT transformation and transition, sourcing, vendor management, mergers and acquisitions, global operations, cloud strategy/ execution, and technology strategy/implementations. He has been responsible for multi-million dollar budgets, and led technology operations for growing enterprises across multiple locations and countries.
Prior to WGroup, as SVP Business Services and Head of IT at Otsuka Pharmaceuticals, Bob was the Corporate Officer accountable for Information Technology, Facilities, Corporate Library, and other U.S. shared services. He consolidated multiple IT organizations into a unified highly valued structure complimented by strategic outsourced managed services. He achieved significant measurable improvements in business alignment, project delivery capacity, technology modernization, and customer service levels. He implemented IT portfolio management that governed IT investments across the organization resulting in delivering sustainable business enabling capabilities and supporting Otsuka’s diverse, unconventional thinking driven culture.
As CIO and SVP of Information Technology and Innovation at Reliance Life Sciences, Bob led the global IT function for a new venture life sciences startup funded by Reliance Industries, the largest company in India. As a member of the U.S. executive team, he provided IT alignment and technology leadership in support of Reliance’s business development efforts to support growth in their life sciences business.
As VP of Information Technology at Pfizer, Bob was responsible for establishing the newly formed Enterprise Solutions group. He spearheaded the establishment of Pfizer’s global IT shared services supporting 60+ market countries. He provided global leadership for a team of 180 colleagues across U.S., Europe, and Asia. Bob’s team implemented global ERP, HR and Supply Chain platforms across Pfizer leveraging an offshore IT strategic outsourcing model to drive quality, cost effectiveness, and scalability, including support for a Financial BPO in India.
Prior to Pfizer, Bob was with Pharmacia, which was then acquired by Pfizer. During the acquisition, Bob was appointed to a newly established senior executive IT position responsible for Business Technology support for Pfizer’s US Pharmaceutical Sales Organization. There, he directed integration efforts in support of Pharmacia acquisition, which rationalized IT assets and services resulting in significant operational efficiencies and OPEX savings.
Prior to Pharmacia, Bob entered the pharmaceutical industry joining French-based Rhône-Poulenc Rorer (RPR) as the IT executive accountable for all supply chain and manufacturing systems for RPR’s Americas region. Bob’s strategic role was to enable alignment and ERP standardization across the region. Bob’s tenure with RPR included recognition of an award-winning e-commerce capability enabling multi-channel collaboration with supply-chain partners and customers.
Bob has also held IT leadership roles at Crayola LLC (division of Hallmark Cards) and Air Products focused on application software service delivery supporting customer service, sales/marketing, distribution and manufacturing disciplines.
Bob has a Master of Science in Industrial Engineering from Lehigh University and Bachelor of Science in Business Administration from Bloomsburg University.
IT Outsourcing Alternatives: Exploring the Emerging IT Markets Around the Globe
Part 3 of a Three-Part Series: Part 1 of this three-part series explored the advantages of South American and Latin American IT outsourcing solutions. Part 2 revealed that rural outsourcing is quickly becoming a viable IT solution for many United States-based organizations. In Part 3, the powerful Eastern European hub of Romania will be explored to better understand its IT outsourcing advantages.
Located on the Eastern border of the European Union, Romania is a short three-hour flight from London, the financial capital of Europe. For the past decade Romania has slowly been making a name for itself as an IT hub. Not only does it offer some of the lowest prices in the outsourcing business (thanks in part to the country’s low cost of living and low annual wages), but it provides companies with access to expert level IT technicians who are both proficient and driven to succeed.
When most people think of Romania, they think of Count Dracula; however, the country’s young IT professionals are quickly changing that reputation. These individuals have helped Romania, and particularly its capital, Bucharest, step into the IT limelight. The following IT outsourcing advantages can be found in Romania:
In 2014 Romania’s second largest export was IT solutions to European and American companies. The National Bank of Romania reported that computer and information services exports had reached €1.4bn in 2013, which represents a 27 percent rise compared to 2012.One of the reasons that Romania is able to export viable IT solutions is due to the language proficiencies of its IT technical experts. The majority of IT workers are fluent in English, as well as German, French, Italian, and Spanish.
Clients turn to Romania for outsourcing services due to the previous experience, technology expertise, financial reporting, and high-quality proposal responses that Romanian IT firms offer. In short, Romania provides direct access to IT workers who have a highly specialized skill set and knowledge that is required for the most complex IT solutions
Quality services are provided at a significantly lower rate than companies would usually pay for in-house development. The higher quality services help companies improve their image and expand their business capacity through powerful IT solutions.
The Bottom Line
As with countries in South America and Latin America, as well as United States-based rural outsourcing, the Romanian IT outsourcing industry is growing at a rapid rate. It is primed for success in a global marketplace that is based on customer and business needs. In this vein, Romania attracts United States and Europe-based organizations due to the high level of technical and language skills of its IT workers, its proven IT industry, and the availability of a vast IT labor pool. If the Romanian IT outsourcing industry could find a way to bypass the potential time zone conflicts that dissuade some companies from hiring Romanian firms, then it may just become an unstoppable force.
IT Outsourcing Alternatives: Exploring the Emerging IT Markets Around the Globe
Part 2 of a Three-Part Series: Part 1 of this three-part series explored the advantages of South American and Latin American IT outsourcing solutions. In Part 2, the recently developed market of United States-based rural outsourcing will be explored.
The term “rural outsourcing,” or “ruralsourcing,” was first dubbed in a 2010 CNN Money article. The premise for the term was simple — smaller towns needed jobs, offered a cheaper cost of living, and had the talent needed to provide viable IT solutions at a 25 to 50 percent lower cost. To date, rural outsourcing has grown to become a sought-after IT sourcing solution for companies that want to experience the benefits of outsourcing without the disadvantages of turning to an offshore option.
At its core, rural outsourcing offers urban-based companies the same basic benefits of other traditional outsourcing arrangements.
Immediate access to technological expertise
Resources that the IT client would otherwise lack internally
IT help and solutions when they are needed and wanted. Additionally, these solutions are provided on a purely contractual basis without the extensive overhead that a full-time employee incurs
While the aforementioned advantages have given rural outsourcing a strong footing in the IT sector, its true strength lies in additional attributes.
Cost advantages have helped rural outsourcing become a viable solution in the past few years. As a general rule of thumb, the cost of living in rural areas is lower than urban settings, which directly equates to reduced labor rates for the same technical expertise
Rural outsourcing solutions typically operate within the same time zone. If, however, the chosen IT provider is in a different time zone than the continental United States-based client, then the maximum time difference would be three hours (as is the case between Eastern Standard Time and Pacific Standard Time)
English is the de facto national language of the United States, which means that rural outsourcing solutions eliminate the “language barrier” issue of traditional offshore outsourcing options. Rural outsourcing also eliminates potential cultural clashes or issues.
Hiring a United States-based firm is generally a more politically acceptable outsourcing alternative for many U.S companies. In fact, hiring domestically might improve a company’s ability to uphold their mission statement or corporate values.
The Bottom Line
Rural outsourcing is a viable option that will continue to grow as political entities encourage companies to create, hire, and grow their organizations within the United States’ borders. This being said, whenever an organization is considering hiring within the global marketplace, they must first determine their customer and business needs. Only by determining and weighing the needs of these factors, can an organization more effectively evaluate IT outsourcing alternatives. Just as the South American and Latin American markets are ripe for exploration, the rural outsourcing market will become a choice for many American organizations, particularly government entities, who will want to capitalize on its low cost and high-value IT offerings.
IT Outsourcing Alternatives: Exploring the Emerging IT Markets Around the Globe
Part 1 of a Three-Part Series
For years the term IT outsourcing has been synonymous with sending work over to India. But as India’s IT outsourcing market has become overrun, other countries around the world have begun to step-up as viable alternatives. This three-part series will explore the emerging markets that have begun to take on work that may have been automatically routed to India just a few years ago, as IT outsourcing moves to different sectors across the globe.
IT Outsourcing Makes Its Way To South America and Latin America
The potentially greatest benefit of IT outsourcing is also one of its stumbling blocks — geographical location. When you outsource an IT project you no longer have to worry about location restrictions, paying relocation fees, or wondering if that senior IT director will really leave his hometown to come work for you. IT outsourcing provides the best of the best, without the hassle of wooing a certain skill set.
Additional benefits include:
Enhanced skill set. — Outsourcing provides you with access to the brightest minds across the globe.
Higher education for your team. — IT outsourcing opens several educational doors for your team. It allows you to recruit someone who can elevate the educational level and skill set of your internal team, while costing less than a typical IT director’s yearly salary.
Improved collaboration — Outsourcing allows you to gain both a bird’s eye view and a detailed look at your IT problems, as well as their inherent solutions. In short, outsourcing creates a collaborative environment that typically delivers the optimal results.
With the aforementioned benefits of IT outsourcing in mind, many countries have tried to topple the reigning king of outsourcing — India. To date, Latin American and South American countries have quickly risen through the ranks to become sought-after IT providers. Mexico, Argentina, Bolivia, Brazil, Chile, Colombia, Costa Rica, Mexico, Nicaragua, Panama, Peru, and Uruguay all provide IT outsourcing solutions with a number of unique advantages.
Latin American and South American countries are typically in the same time zone as the majority of U.S. states. This means that a full workday overlap can occur, which enhances the ability for educational and collaborative opportunities.
There are many cultural similarities between the U.S. and South and Latin American countries. Many U.S. IT firms prefer to work with IT specialists from Argentina, due to the fact that the country shares a similar culture. The closer the cultural similarities, the easier it is to establish a certain level of comfort and trust on the given project, and the easier it is to create open lines of communication.
Labor is still relatively inexpensive in Latin and South American countries, especially when the accelerated skill set is considered. Additionally, India is currently experiencing an increase in the cost of living, which has subsequently driven up the cost of IT outsourcing.
As the population of native Spanish speakers continues to increase within the United States’ borders, the appeal of working with Spanish cultures grows. Generally speaking, U.S. workers have an easier time understanding English that is spoken with a Spanish accent versus English that is spoken with an Indian accent.
Geography is one of the biggest benefits of IT outsourcing; however, it can also be a challenge. Fortunately for Latin American and South American countries, it is fairly easy to reach their borders with a short flight from the U.S. Conversely, traveling to India to review work with your chosen IT team is a lengthy and expensive process.
As the list of advantages continues to grow and the countries begin to invest more money into their IT infrastructure and development, Latin America and South America will steadily become the chosen source for IT outsourcing solutions. Stay tuned for Part 2 of this three-part series, published at http://thinkwgroup.com/insights/#/journal, where we will explore rural regions of the United States and the domestic IT sourcing solutions that they provide American companies.
If you’re at a point where re-evaluating your sourcing strategy, providers, or locations makes sense, WGroup can assist you with IT outsourcing advisory services, including strategy, provider evaluations, site risk evaluations, and much more. Visit http://thinkwgroup.com/services/sourcing/ to learn more.
All companies, from SME’s to multinational enterprises, struggle with balancing investment in applications. With the dizzying array of options, it can often be difficult to know where and how to spend limited financial resources. These five steps will get you started optimizing your organization’s application portfolio, improving IT outcomes, and increasing the cost effectiveness of IT initiatives.
Look at the whole enterprise – It is extremely important that IT leaders seek to align IT objectives with broader business goals. Look at how applications will affect costs, productivity, sales, and user experience for the entire company, and use that to inform application investment decisions. Many IT departments take an insular approach to applications, considering only those they directly manage. However, this doesn’t reflect today’s reality. Technology is a major component of almost every business function, and IT must work closely with the entire company to achieve positive results.
Set prioritization criteria – There is no way to optimize your company’s application portfolio without first setting criteria for prioritization. In order to do this, leaders must consider several factors. Cost, reusability, strategic importance, regulatory requirements, and a wide range of other issues must be evaluated based on your individual company’s needs and goals. Take time to carefully analyze how each of these factors will affect your organization and prioritize applications across the enterprise based on your analysis.
Think long term – Although one application may appear more cost effective or functional today, it is important to take a long term view when making decisions. Maintenance costs, usability, upgradability, vendor support, and SLA’s can all have a major effect on the total cost and value of a particular application. Don’t overlook these factors.
Engage shadow IT – One important part of taking a company wide view of application optimization is looking at shadow IT. Many IT leaders do not have the resources to focus on technology managed outside of their own department, but it can have a major impact on them despite this. When users inevitably come back to IT with problems related to their own shadow initiatives, it becomes IT’s responsibility. That’s why it’s important for IT leaders to understand that although you can’t, and shouldn’t, stop all shadow spending, you can help influence it. IT leaders can guide other business leaders and point out potential security, performance, or compatibility challenges. By working with other leaders, rather than against them, CIO’s can make greater strides towards more efficient business wide IT.
Continually review the portfolio – It is important to remember that portfolio optimization is always a work in progress. As technologies and the company’s needs change, so should your portfolio. CIO’s must regularly review application portfolios to ensure that they are still driving business goals and retire those that aren’t. It is also important to stay aware of current trends and advancements to take advantage of new developments.
Building a robust application portfolio optimization strategy requires cross departmental collaboration, dedication, and a deep knowledge of current technology and company needs. This can often be challenging for IT leaders, but the benefits can drive business goals and make IT more efficient and more cost effective. Taking the time to develop an effective, informed ongoing strategy for your application portfolio management is critical to the success of any CIO.
In this last part of the post we address the legal side of IT purchases. While no one wants to focus on litigation, legal components can be critically important to the purchasing lifecycle. In addition, we will discuss some “deal closers”.
Legal – Contracted legal terms and conditions rarely avail themselves, but when they do, it is typically problematic to the business environment. Here are some areas that top our list:
1. Force Majeure (beyond the reasonable control) – There are a few items beyond the reasonable control of a party like “acts of god” or war. Items like shipping delays, labor disputes, and telecommunication often get bundled into force majeure language but can be managed in an alternative manner. These items should not be classified as force majeure issues.
2. Governing Law and Venue –Typically, you want the governing law and venue to be based in the state where your business is headquartered. UCITA states (MD, VA) laws tend to be pro-licensor. Other states, like TX, MA, CA, IL, IA, and HI tend to be complex. New York is a reasonable alternative but the ultimate choice should be one that you are comfortable with and does not present a disadvantage to your organization.
3. Intellectual Property (IP) Indemnification – Always be sure to protect against IP infringement. There should be no limit on liability and only 3 acceptable resolutions to IP infringement: repair, replace, or a full refund.
4. Limitations of Liability – Vendors always want to limit their liability and typically is an arbitrary amount that is less than the overall value. Liability caps are acceptable as long as they are mutually (painful). Base liability caps on direct damages only specifically excluding damages from IP infringement and breach of confidentiality or gross negligence/willful misconduct.
5. Statute of Limitations – Keep an eye out for language that artificially limits your legal options and deviates from the governing venue limitation statutes.
6. “Missing Documents” and URLs – Many contracts reference and incorporate external documents. This is not troubling unless the documents can be amended at the sole discretion of the vendor. Allow for notification of changes to the referenced documents and your ability to terminate the contract should a modification be detrimental to your company.
7. Regulatory Compliance – Understand the compliance regulatory implications of your industry and how the vendor manages their own compliance efforts and facilitates yours.
8. Contract Terminations – There are very few reasons for termination of a perpetual license (which is a company asset) other than non-payment of the initial license.
9. Audits – License compliance audits are fine but they should be mutual, narrow in scope, limited to no more than once a year, and the costs borne by the auditing party. To minimize your business disruption, try to limit the audits to attestation of compliance. If you are out of compliance, license “true-up” costs should be based on your discounted volume pricing.
It’s time to finish the deal, but what other items can add value to your organization and minimally impact your vendor?
1. Training – Minimal impact to the vendor’s margin and potential high value to your success
2. Points of Contact – allow for more than the vendor specified maximum
3. Look to the Future – lock in discount percentages for other products in your vendor’s portfolio
4. Add-ons – Don’t neglect software options that can present a significant cost and often get shadowed by the core product negotiations.
5. “Your business to keep” clause – provide ability to migrate away from a vendor without penalties for reduced services during the migration. The vendor’s incentive to accept this language is the prospect of continued income stream.
6. Limit end of term contract extensions – Require the vendor to provide you an end of term notification well before your obligation to renew. Until renegotiated, renewal terms should automatically convert to month to month with the same existing terms and costs.
Transitioning from one IT service provider to another can be a stressful, drawn out process that leads to lost productivity and poor outcomes. Many organizations are underprepared and rush into a transition without a well formulated plan. But it doesn’t have to be this way. If the right steps are followed, changing IT service vendors can reduce costs and improve the performance of services, allowing the IT department to more effectively drive business goals.
This article will discuss three keys to making a successful IT service transition and forming the foundations for a productive relationship with the new vendor.
Full organizational participation
One of the greatest points of failure in an IT service vendor transition is a lack of participation within the organization. It is important to remember that success will require substantial effort and foresight. In order to carry out an IT service provider transition, it is absolutely critical that the company be fully committed to the process. Leaders within the IT organization and within the business should work together to ensure the transition is successful and that the goals of the entire organization are met. There should also be robust data gathering prior to making the transition in order to develop consistent metrics and to build a plan to achieve those metrics. As the process unfolds, there should be structures in place to continually implement the plan’s components and continually adapt it based on failures and changing needs. Transitioning always takes longer and is more difficult than the company thinks, it’s important to remain committed to a strong plan in order to see it through to the end.
Transition governance structures
Keeping a transition plan on track and ensuring that the current and future provider deliver expected services while under contract requires robust governance. A skilled team should be in place to oversee the transition, track progress, and make adjustments. This team should regularly meet with senior management and stakeholders to maintain alignment with broader business objectives and ensure accountability.
In order to effectively implement governance, it is important to build a plan based on trackable work. This means creating a timeline for the transition period with regular milestones agreed upon with the IT service vendor. These milestones should be based on the accomplishment of business driven goals, with payment made to the vendor upon successful completion. This helps ensure that the vendor stays motivated to complete projects successfully and in a timely fashion. There should also be mechanisms to rapidly resolve any disagreements within the organization or with the vendor to keep the transition from stalling.
Strong transition team skills
Above all, it is key for companies not to underestimate the work and skill required to successfully transition IT service vendors. If the company doesn’t have the necessary experience, they won’t know what’s coming and won’t be prepared to deal with problems. For example, one common pitfall is failure to properly manage the incumbent vendor during transition. If the incumbent loses out to another vendor during the bid process, they are often very unhappy, and may severely cut efforts to provide good IT service. Knowing how to manage situations like these, and tailor a plan to ensure that any problems are quickly addressed, is extremely important to a successful transition. Companies must have the right people on their side in order to balance speed and risk and work with the company and vendors to facilitate a seamless transition.
In the first part of this post, we outlined pricing and licensing techniques. In this second part of the three-part series of posts, we will address maintenance and professional services.
Maintenance – Maintenance is not just for repairing defects but primarily for functional and other improvements. Pricing varies widely: 15-22% or more annually of the purchase price. There are situations where maintenance is not warranted. For example, hardware with a 3 years NBD warranty or desktop productivity software that is not upgraded at least once every 3 years. Regardless, there are some basic guidelines when purchasing maintenance. Maintenance costs should be based on the NET cost of the product after all discounts. Future increases in maintenance costs should be limited to a maximum of 2-3% per year and/or costs locked in for several years. It is beneficial to waive the cost of the maintenance for the first year, especially if the maintenance clock starts ticking in parallel to the implementation.
Your company will be impacted if your vendor gets acquired. Protecting against negative affects is critical. Negotiate “end of life” business requirements that include transition to new versions or product lines, locking in sunset support to meet migration requirements, and credits for sunk costs to offset transition costs. New functionality should not trigger an increase in maintenance costs. Ensure that product enhancements are included in the maintenance costs. Most importantly, but often bypassed, is ensuring end of life software functional replacements are provided at no additional cost (primarily seen during an M&A event). A new product (a new potential maintenance stream) that encapsulates the old functionality should be provided free. If the vendor cannot segregate the “added functionality” from the old, then require the additional functionality to be provided at no cost.
Some vendors create maintenance dependencies between components (line items). Beware the all or nothing clause prohibiting the removal of individual maintenance components. Each component should stand on its own unless it is a pre-requisite for another. It is also a good idea to specify maintenance reinstatement fees and business downturn clauses that allow for service level reductions.
Establish SLA’s that are not only based upon standard metrics like response and repair time but align with your internal business requirements. Allowing vendors to earn back penalties for exemplary performance can be an incentive. When problems arise, make sure that you have the ability to escalate problem severity.
Implementation Professional Services – It is a good practice to tie payments to implementation milestones, using acceptance testing where possible, and in some cases, a holdback percentage on payments until the project is completed.
Ensure that the work performed is the company’s asset to use as desired. Payment for services does not mean you own the end product. Ensure contracts specify the services are “work for hire” and include intellectual property assignment or at least an unfettered right to use in the ordinary course of your business operations.
Manage your contractors as you would your own employees. You control their “acceptability”, adherence to your company policies, service termination, etc. Preserve a “first right of refusal” for extending the services of key contractor resources. In addition, ensure agreed timelines are maintained even if a service provider needs to replace a contractor. Always pre-approve assigned contractors.
Remember that contracted professional services are outsourced services. Outsource the service but never outsource the management. It is your responsibility to control the services provided as well as their time, travel, expenses, and invoices.
In the third part of the series we will cover important legal concepts and additional opportunities.
Great disparity exists in an imperfect technology marketplace. No two companies pay the same for technology, pricing fluctuates widely, sellers have a distinct advantage over buyers and they rarely have “real-time” access to market pricing. Most purchasers ignore the potential impact of future business model changes in their negotiations.
In this multi-part series, we will review best practices to improve negotiating skills and positions when acquiring technology outlining procurement, maintenance, professional services, legal, and some miscellaneous opportunities. Technology negotiation is not about a “WIN-WIN” but more about being “TOUGH BUT FAIR” in order to provide you reasonable pricing and establish/maintain an ongoing valued-added mutually respectful vendor/customer relationship.
Software & Hardware, Pricing
The elusive search of the right price versus retail. It takes time to find the “basement”. Utilize the outlets that are available to you: research analysts, peer networking, price negotiating companies, competing offers, etc. Of course, the end of fiscal period deal can result in additional savings, however, the general rule of thumb is: the deal available today will be available tomorrow (regardless of the sales pitch).
Pricing is not just about the selling price. Try to lock in future pricing or discounts. Exceptions include, price erosion prone markets (like storage) which can always be negotiated at a later point in time. Base your payments on your acceptance and full production use, not on delivery or invoicing. Depending on the product and implementation timeline this could defer some expenses for many months. The downstream maintenance costs are also positively impacted.
Software & Hardware, Warranty and Licensing
Most vendors differentiate between warranty and maintenance periods. Extend the warranty as long as possible and ensure that maintenance runs serially to the warranty (atypical in the industry) and all the maintenance value added services are provided as a component of the warranty.
It is very easy to buy low cost servers with 3-year next business day repair/replace warranty for no additional charge. Round the clock coverage with four-hour response is an upcharge that needs to be evaluated against a low cost spare pool and reduced MTTR (mean time to repair) service levels.
There are more licensing models today than ever before. Perpetual, Subscription (XaaS), Hybrid, etc. and various license compliance metrics multi-core processor counts, user count, company revenue, etc. Staying on top of the right choices is purely a business decision surrounding your company’s business model, culture, and cash flow.
Beware of the “appliance” pricing trap. Your vendor will love to charge you for the software every 3 or so years when the appliance hardware platform is no longer supported. Ensure you protect your software investment (by far the majority of the cost) when refreshing appliance hardware platforms.
Regardless of the licensing model, address future pricing up front. Stay away from increases based on your company growth. Your company’s success should not necessarily translate to an increased income stream for your vendor. Most vendors are more than willing to allow for “organic” growth if you protect them from lost revenue due to an acquisition. Also, let accumulated subscription fees act as prepaid perpetual license fees (just in case your business model changes).
In our next part of the series, we will cover maintenance and professional service components.
Originally published in December, 2015, this blog article has been one of the most popular we’ve posted. Now, we’re also offering it in a PDF e-book format so that you can download it and share and forward to your associates. Click the link at the bottom of the article to get your copy.
Your Business and the Internet of Things:
The emergence of IoT, potential pitfalls and why you should care
There’s been a lot written about the Internet of Things (IoT), but many people don’t have a firm grasp of its current state today and how it will affect their business. In this article, we will explore the booming growth of IoT, what it means for companies now, and how your business can leverage it to drive business goals.
What is IoT?
In short, the IoT is a network. Just like the Internet connects people, the IoT connects devices. This way, a wide range of physical objects can exchange and transmit data. What this means in practice is that things like refrigerators, cars, manufacturing equipment, and HVAC can be controlled, monitored, and analyzed in much the same way that computer systems can. This can provide incredible benefits to consumers and business, allowing for increased efficiency, marketing opportunities, reduced costs, and innovative new products.
The IoT is evolving rapidly from a mere novelty to an integral part of the modern economy. Its first iteration was a prototype soda machine that could tell researchers at Carnegie Mellon University its current stock levels and whether drinks were cold. Today it encompasses a wide range of devices, technologies, and functions and is only expected to continue evolving for the foreseeable future.
The Internet of Things is truly emerging. Gartner predicts that by 2020 there will be 26 billion units and IoT related products and services will generate revenues in excess of $300B. There is little doubt that the IoT is already significant and that by in the next decade an enormous number of devices will have network connected functionality. This trend is driving substantial growth for businesses and allowing them to improve operations and develop new products, providing an estimated economic value add of $1.9 trillion across sectors by 2020.
The “basket of remote controls” problem
Unfortunately, rapid growth also poses potential problems. Businesses must be aware that the IoT is developing in a disorganized fashion. New technologies are being added device by device, vendor-by-vendor, with little to no coordination. This means that devices from different manufacturers may not be able to communicate or users may have to coordinate across several different interfaces to track all their devices.
For example, someone may have a Fitbit device, an Apple iWatch, and an Internet enabled home security camera. These devices, and others, connect according to vendor-specific protocols and technologies such as WiFi or Bluetooth which prevent their linkage under common access and management frameworks. This problem is made even worse by the fact that each vendor requires ad-hoc device configuration according to their own IP, DNS address, password, and naming standard requirements.
IoT may be exploding, but it will be several years before a standard emerges that make it easier to leverage. This situation is akin to having a basket of remotes, with each one operating a different device in the entertainment center. This state of affairs is still very fluid, even as new technology leaders are joining forces to create standards for communication between devices.
Why is this happening?
The scenario we see developing in IoT is not unique. Practically every major technology started with an abundance of incompatible vendor offerings. Early day computers operated according to vendor-specific platforms until de-facto or government standards were introduced. Before TCP/IP became the standard protocol, there were a wide range of networking options including NetBIOS/NetBEUI, UUCP, and AppleTalk. In all cases, the trend has been the same. As these technologies matured, a standard emerged to which most companies adhered. IoT is, in all likelihood, following a similar pattern of progression.
What is the future of IoT?
In order to leverage the power of IoT most effectively, companies need to understand how the new technology will likely progress. IoT will follow a trajectory similar to past technologies. This includes five distinct stages that companies should closely monitor to determine their strategy.
Hype – This is the peak of expectations for a new technology. In IoT terms, this can be thought of as the point when network functionality was added to devices primarily for a novelty factor, but the technology was not in widespread use.
Vendor driven zoo – In this transition period, vendors are beginning to realize the potential of a new technology and each racing to develop the standard. This leads to a number of competing technologies, making it difficult for consumers and other businesses to choose and use products effectively. This is the stage we are currently in.
Consolidation – This is an intermediate stage between the vendor driven zoo and standardization. There will be a decrease in the number of competing technologies, but still no uncontested standard.
Standardization – In this stage, a standard emerges and other technologies fade into the past. Companies should pay careful attention to signs of this stage to stay ahead of the curve and not get stuck with legacy technology.
Commoditization – This is the final stage of an emerging technology, when the standard is so ubiquitous that it becomes a commodity. This is the current stage of technologies like TCP/IP.
What will drive IoT adoption?
The keys to enabling IoT across a greater number of devices are pervasive networking, sensors, and actuators. These technologies will make IoT more cost effective and more powerful, expanding the scope of its viability.
Pervasive networking – In order for devices to stay connected, there must be more widespread access to WiFi, Bluetooth, and 4G/5G data. Another roadblock is the limited number of IPV4 addresses available. The protocol provides only 4.3 billion address, with many available only for special uses. As of September 2015, four out of five North American internet registries exhausted allocation of all blocks not reserved for IPv6 transition. IPv6 provides for 3.4 x 1038 unique addresses, more than enough for the foreseeable future, but the new protocol is not ubiquitous. If billions more devices are going to be connected to the Internet, there must be a broader deployment of IPV6 address protocols capable of uniquely identifying every possible device in the universe.
Sensors – The availability of low cost sensors such as RFID readers or machine recognition devices will further expand the area of applicability for IoT. As costs and ubiquity of these technologies increases, IoT will become more powerful and cost effective.
Actuators – Actuators allow network connected devices to actually do control things. Many of the most exciting IoT applications will require the addition of actuation devices that can be remotely controlled to perform specific functions.
What can companies do today?
The last thing any company wants is to end up with the Betamax equivalent of IoT. But that doesn’t mean that you should wait to act until things become clearer. An even worse scenario than picking an unpopular technology is getting left behind by not adopting any IoT technology at all. Being reactive, rather than proactive, will only lead to missed opportunities. It is unwise to wait until a competitor or disruptive new entrant takes your business.
The time to frame IoT strategy is now
Leveraging IoT in a future forward way means aggressive adoption while still having an awareness of current limitations and potential pitfalls. Start by gathering your team and envisioning how your products will fit into an IoT enabled world. What enhanced functions would it provide? How can IoT best be implemented?
Choose a participation model
There is a wide range of ways IoT can be implemented in your company. Before moving forward, it is important to think about how your company’s products and solutions fit into a network connected framework. You will need to reach an internal consensus on what participation models you will pursue and in what timeframe. The below models capture various levels of IoT implementation, with each progressively more involved than the last.
Model 1 – Focus only on leveraging the IoT reach capabilities for promotional and advertisement purposes. This primarily means tracking user activity, delivering location aware ads, and developing promotions such as automatically reminding users when their device needs to be replaced or upgraded.
Model 2 – This model involves a more proactive stance to IoT. Companies will envision and prototype current product extensions by adding IoT functionality. An example of this might include adding basic network controls to an existing line of thermostats.
Model 3 – IoT will offer many opportunities for companies to innovate and develop new products to take advantage of emerging functionality. In model 3, companies will offer unique additional functionality and products that use IoT.
Model 4 – In this model, companies are actual IoT players, rather than simply users. This means that they develop and introduce components or services to augment actual IoT capabilities. This role involves more innovation in the IoT sphere and represents the first level in which companies may actually influence the future of the technology.
Model 5 – In this stage, IoT becomes a significant part of company strategy. This involves implementation of IoT core technologies across many areas and a role in developing standards and the direction of technologies according to your business needs.
What are the best strategies for models 1 and 2?
For companies targeting the lower levels of IoT implementation, there may not be significant will or resources available to track emerging standards and develop new technologies. However, in order to stay ahead of the curve, it is important to begin investing now. Some key strategies for success at these levels include:
Stay vendor neutral – Do not lock up to a particular IoT vendor’s vision yet. It is too early to know which technologies will still be around in the next five years. Companies should instead focus on identifying potential partnerships that might provide an early adopter advantage. In particular shop around for potential IoT development houses that can help you implement IoT more effectively.
Identify component gaps – Look for areas that your company needs to work on to bridge the gap between product ideas and current technology. For example, your idea may require a new type of sensor or actuator dongle that you can develop and patent with the help of external manufacturers. This will help form the foundation for a future IoT strategy.
Begin R&D – After identifying gaps between your current technology and IoT vision, initiate an R&D effort to begin bridging that gap and prototyping possible extended functions and products.
Hire talent – Without the right people, your company cannot develop innovative, effective IoT products. To stay ahead of the competition, start hiring and developing skills now, rather than later. Keep in mind that this talent does not have to be internal. Many companies can benefit from third party consultants and outside companies to help track standards closely and to keep a pulse on the rapidly changing IoT field. It is also important to have people to consider the potential security threats that the new technology can pose and ensure that your products are safe.
Evaluate core architecture – Many companies believe that strong mobility services are all about having beautiful, modern apps. Although a nice UI helps, it is important to remember that most functionality occurs on the backend. Re-evaluate your core architecture to ensure that the central systems can provide the required business processes and data access necessary to support IoT in your business.
What is the best strategy for model 3?
Most of the recommendations for models 1 and 2 also apply to model 3, except your investment on R&D, involvement with standards, and identification of partners’ efforts will more closely mirror the recommendations for models 4 and 5 below.
What are the best strategies for models 4 and 5?
Companies targeting levels 4 and 5 likely already have a much clearer understanding of the most effective strategies and need less guidance. They should keep the advice for models 2 and 3 in mind, but take it further by getting more involved and staying proactive.
Get involved with standards – Don’t allow other companies to decide on the future of IoT. Form coalitions with other leaders and get involved today to steer standards towards technologies that will be beneficial to your company
Invest in R&D – At this stage, model 4 and 5 companies should be making significant investments in R&D and hiring staff with the skills necessary to make their goals a reality.
Identify partnerships – By developing technologies with other companies, you can help create more robust and innovative IoT offerings. Emerging technologies demand cooperation.
Although IoT is rapidly shifting and there is no clear standard, your company cannot afford to ignore it. Network connected devices will become ubiquitous with or without you, and it is important to stay proactive to monitor emerging trends and form partnerships to remain competitive. In order to benefit from the new technologies, companies must be aware of the potential for certain technologies to rapidly fall out of favor and dark horses to emerge victorious. At this stage, it is important to remain vendor neutral, but begin planning for a future in which a standard emerges. IoT is coming, by planning for the future standardization and commoditization of the technology, your company can gain a competitive advantage and drive business goals.
Did you know that ITIL 2011 has 26 process towers and you could measure more than 200 elements within those towers to gauge effectiveness of each process? As you can imagine, measuring more than 200 elements would take a staff of two or three just to collect and analyze the data.
Deciding on the meaningful elements to measure is key to the success of your ITIL implementation. One must start with a basic evaluation of the maturity of each ITIL process tower implemented. The table below can be used to measure each of the processes in place.
Does not Exist
No evidence of any activities supporting the process being evaluated.
Random activities supporting the process are observed, but no one is aware of how each activity relates to the other.
No formal documentation or dedicated resources identified to own the process.
Activities support the process but there is no measurement of the effectiveness of the process.
A tool is in place to support the process, resources are defined but roles and responsibilities are not clearly defined between the resources and other functional IT areas.
Process is defined and measured.
Resources understand their roles and responsibilities.
Processes are measured and reviewed on a regular basis.
Management conducts formal improvement planning and resources are measured on their effectiveness.
Processes are well defined, measured and continuous improvement is in place.
Linkage between processes are defined and understood by all in the organization.
Process have direct links between IT and corporate policy, continuous improvement is embedded into the process and teams.
Any organization should strive to at least achieve a maturity level 3 and have well defined processes in place for the ITIL process towers implemented. One should also review the process towers not implemented and develop a roadmap to continue to introduce ITIL processes and enhanced the processes in place to improve IT service management and operations.
What’s the “magic” in identifying the right service elements to measure which will drive value?
There are some basics that will yield the most benefit to drive the desired outcomes for your customers. These basics are considered the fundamental IT service management processes that provide the organization the necessary process framework to operate and expand capabilities.
Focus on the core: Incident, Problem, Change, Availability and Service Catalogue. WGroup recommends measuring and tracking the following:
Service Catalogue Request Management
Percentage of time a service request is fulfilled with in the expected time
Mean time to restore service
Count of Incidents by priority
% of incidents which caused lost sales, product or SLA penalties.
Root Cause Analysis responsiveness – expected time for the RCA to be created
% of SEV 1 and 2 incidents where root cause was identified and corrected
Number of undocumented/unauthorized changes
Number of failed changes as a percent of all changes
Count of changes by category (critical, standard, etc.)
Count or percent of changes that caused outages
Organizations that embrace ITIL standards and drive continuous improvement realize operational efficiency benefits that translates into overall service improvement and lower operating costs. Some organizations fear ITIL because it appears to be too complex, time consuming and costly. Service management requires an investment in tools, technology and people and should be a journey versus a destination. These five (5) process areas represent a service foundation that every IT organization needs to be proficient in order to provide good fundamental IT services.
The Internet of Things: What is in store for 2016?
The Internet of Things (IoT) is built on a network of cloud computing and data-gathering sensors. It is mobile, it is virtual, and it is soon to be everywhere. At an IT conference in September 2015, Marty Trevino, Organizational Architect and Senior Strategist for the National Security Agency was quoted as saying, “In a few years the average person will come into contact with more than 5,000 connected devices on a daily basis.” This astounding prediction doesn’t seem so outlandish when you examine current IoT trends.
Current and Future IoT Trends
With inventions like the all too popular FitBit, which tracks all sorts of personal daily exercise and movement data, IoT has quickly made its way into our everyday lives. Consumers can now wear connected technology, they can control their home’s heating and cooling systems from afar, and they can even receive alerts from their appliances about needed maintenance. In short, IoT has become a well-established member of the private sector. But what about the public sector?
Experts predict that IoT will become a large part of the public sector starting in 2016. Gregory Crabb, Acting Chief Information Security Officer and Digital Solutions Vice President for the United States Postal Service (USPS) was quick to point out that, “At the Postal Service, we’ve been looking at connected devices for over 20 years. Our goal is to take these connected device and make our business more efficient and effective.” The USPS is planning on deploying more than 200,000 mobile delivery devices to mail carriers in the near future. These IoT devices will help to improve the customer experience by tracking and recording a wealth of delivery information. From the best time to deliver packages to certain customers to the expected delivery time period, the USPS is looking forward to re-vamping the mail delivery industry with the help of IoT.
Other public sector agencies have announced that IoT solutions will continue to be explored in 2016. The reason behind the additional exploration can be summarized in a word, “data.” As seen with the latter USPS and FitBit examples, the amount of information that an IoT device can gather is staggering. The efficient and effective collection of relevant data could be incredibly beneficial to public sector agencies that are struggling with meeting key milestones on limited budgets. However, the large amounts of data collected does present a certain set of new challenges, such as the network size needed to handle the data to the security of information that is collected.
In 2016 look for the public and private sectors to adopt more IoT devices, while simultaneously conducting risk analysis to combat future IoT challenges. The amount of data that an organization can retrieve with IoT devices will continue to grow, which will require organizations to actively combat the aforementioned challenges, while also endeavoring to fully understand all of the new data. As the use of IoT expands in 2016, be on the lookout for new organizational policies and guidelines that are designed to reap the benefits of IoT devices and also protect the end user.
WGroup helps companies embrace new technology and align IT with business objectives. Visit http://thinkwgroup.com/services/ to see how we can help you with your IT transformation.
As IT professionals, our job is to align technology with business objectives, helping the business drive increased revenue and performance. That can be challenging, as for many shops, the operational burden of IT has not gone away.
Finding the balance between maintaining a quality lights-on operation, managing costs, and driving operational improvements to a higher IT maturity level is a significant challenge. The day-to-day complexity of managing an IT organization requires full attention and the lion’s share of available resources.
There’s limited bandwidth to focus on process improvements. IT has to keep pace and provide value during a time where disruptive technologies are changing the way services need to be delivered. The business expects IT to provide technology services in support of the business strategy and to demonstrate technical leadership that could influence market differentiation. These expectations require IT to provide consistent quality of service and develop capabilities that lead to technical innovation. To support this, IT must have a level of IT service management maturity to be able to manage demand and the quality delivery of that demand.
So how do you know where you are and where you need to go? First things first: conduct an IT service management (ITSM) assessment to baseline your current level of maturity, identify gaps, and develop an improvement plan. With an assessment, the end-to-end process framework and organizational capabilities are baselined to provide a platform to build upon. Developing a service-improvement plan emphasizing process improvements, capabilities, and agility will improve IT’s ability to adapt to change and sustain the quality delivery of services.
Specifically, being able to outline the key service delivery constraints by identifying root cause is a way to link the symptoms to problems and fixes that improve service and benefit the IT team and customers alike.
The illustration below is an example of a high-level assessment that outlines common IT constraints and potential impacts to the ITIL processes.
Common IT Service Delivery Constraints
Addressable ITIL Process
Delivery Lead Times
Quality of Service
Ability to Scale
Cost of Service
Lack of Innovation
Overall IT Ineffectiveness
Business Relationship Management
Service Portfolio Management
Financial Management of IT Services
Service Catalog Management
Service Level Management
IT Service Continuity Management
IT Security Management System
Transition Planning & Support
Service Asset & Configuration Management
Release & Deployment Management
Service Validation & Testing
Continuous Process Improvement
This high-level assessment provides a starting point for potential areas of process improvements. Another level of detailed analysis would be required to assess each underlying process and the details needing to be addressed (resource, process, technology). Each process in itself is as an integral part to the overall ITSM delivery model.
Periodic assessments and service-improvement plans should be routine. IT is expected to constantly improve service delivery while providing value, and not necessarily by way of long-term projects. In essence, you have to change the tire while the car is moving. An assessment will provide insight to a path forward, but time is of the essence. Using a time-to-value approach will provide guidance in setting priorities on the list of improvement activities. Implementing improvements that yield some immediate benefit (time-value) demonstrates progress while the longer-term improvement plan is implemented.
These improvements to service and capabilities are visible and will boost IT’s value to the company. Easier said than done? Sure, but worth it.