Advice For the New CIO — Part 2

by Michael Whitehead

CIO-to-CIO Advice: You’re a New CIO, Now What.

The goal of the CIO has not changed – deliver value, drive business results, be an inspirational leader of people, and ensure technology innovation aligned to the broader business strategic direction is maintained. The tools however have changed. A decreasing role of traditional ERP, emergence of massive digital disruption, coupled with an ever demanding mobile customer base with an insatiable demand for immediate information gratification, within a social and collaborative workplace.

Challenges persist unabated for the CIO:

  • Security and Compliance incorporating, applications, infrastructure and data persist due to evolving regulatory complications, and an increasing internal and external threat environment. This massive increase in data volume is necessitating a rethink in the document retention, deletion and management areas
  • Governance – really managing demand and capacity to ensure aligned delivery of the most value adding technology solutions in resource and budget constrained times
  • New technology emergence is driving business process challenges within the business organizations that the CIO is either expected to be driving directly or aligning to
  • Everything as a service and all that that means
  • IoT, the what, how and where are the most effective uses of these technologies to ensure maximum penetration and benefit
  • An evolving talent market, with different styles, characteristics, work habits and perspectives on what the work environment should deliver and provide
  • Continued M&A activity requiring nimbleness and flexibility of technology architecture to accommodate a changing landscape of business requirements and demands


All of these are daunting for experienced CIO’s. In a role where a honeymoon period lasts probably as long as it takes for you to walk from the parking garage into the office, new CIO’s have to quickly assimilate into their environment and are expected to deliver almost from day one. Learn or know the business already, opine about everything that has a power button, the empathy and EQ of a psychiatrist, business savvy of Warren Buffett, and the insight into what needs to happen and change so that you can brief your Executive peers during your first meeting.

Not surprising then that the failure rate for new CIOs consistently ranges between 40% to 50%. New executives in this demanding space can however learn from the past mistakes of other IT leaders to improve their chances of success.

In order for any new leader, and especially a CIO, to quickly establish credibility which leads to trust they must think about focusing on some core elements during their first few months in the role.

How to be wildly successful:

  • Firstly, listen, listen, and listen some more. Preconceived notions or early assumptions of what is, has been, and should be, need to be based on fact, not assumption, prior experience, or single thread conversations.
  • Understand risk and threats especially within the technology function but also more broadly across the enterprise and IT’s role in it.
  • Assess your team. Remember, you have been hired to lead a core, strategic function for the enterprise. Leadership is about respect and trust. Your team will be a reflection on you, your organization, and your success. Make sure you have the best you can get around you. Leadership is not a popularity contest so if you need to make changes do so quickly, empathetically, aligned with HR, and ensure visible support to those leaving is provided. It is never personal.
  • Understand what the function is doing well, can be improved upon, but more critically what role should the IT function be playing within the broader enterprise. If this fact does not align with your understanding of the role, or why you were hired, then raise the flag quickly, professionally and ensure that the clarity is what you need to be confident in the support of your peers and the organization as a whole.
  • Assimilate the information, ask questions. If you don’t ask, people will assume that you know and base their impression, assertions on that. Do not be afraid to ask for clarification, or what something means. Acronym hell does exist! Ask someone to build you a list of all the company’s acronyms and take it with you. It will make being engaged in conversations easier when you understand the language of the company.
  • Look for quick and easy things to fix, and keep doing it. There will be a lot! Never underestimate the importance of this! It shows that you understand, can get things done quickly and aren’t going to mess around with the trivial.
  • Finally accept that your role is a business leader first and foremost and a technology leader second. Act like one!


Whether you’re brand-new to your IT leadership position or an experienced CIO, WGroup can help you navigate the new challenges facing IT executives today. We bring a powerful blend of experience, knowledge and analytical capabilities to deliver insight and value to your business. Our principals average over twenty-five years of experience and have had prior careers as CIOs, CEOs, CFOs, COOs and business leaders across various industries. Our fact-based analysis and economic models offer the transparency and insights you require to make intelligent decisions that drive your business forward. Contact us for an initial consultation at

Posted in Default | Comments Off on Advice For the New CIO — Part 2

Advice For the New CIO – Part 1

by Doug Smith

Advice For the New CIO – Part 1 of a 4-Part Series

Leveraging IT to drive business strategies

The new CIO works in a disrupted, digital world and must leverage new, rapidly changing ways of delivering IT services to drive business goals. These services have to be focused on driving the business strategies, while optimizing delivery quality and cost. The disruption factor can be immense if “going digital” will not accelerate business growth, enhance a competitive market position, or create differentiation. By leveraging resources, relationships, and innovative technology, new CIOs can overcome the challenges of the office and form the foundation for a successful tenure.

The New CIO

Dual challenges

New executive leader failure rate consistently ranges from 40 to 50%. The dual challenges for new CIOs are justifying your new role and justifying the business value of IT. Running IT is a business, and IT should be run as a business. New CIO’s have to embrace this concept and understand the skills and requirements needed to be successful.

What’s covered in this multi-part series?

This series of blog posts is designed to help current and future CIOs understand their place in the business world today and learn new strategies to handle issues related to security, correcting business and IT alignment issues, governance, XaaS, and strategic initiatives. It will help new CIOs achieve success in their first 90 days and lead IT transformation to help build the foundation of a winning organization.

  • Part 1: First 90 days – We’ll give a step-by-step breakdown of what new CIOs need to know for their first 90 days and beyond.
  • Part 2: Early wins – Securing early wins is critical to building relationships and securing your role in the organization. We’ll offer some suggestions for key targets in the first days on the job.
  • Part 3: Challenges – The first months of a CIO’s tenure are often the most challenging. We’ll cover some of the most common issues and strategies for dealing with them.
  • Part 4: Five key tips for the new CIO – CIO-to-CIO advice, curated from the experience of over a dozen former CIOs

The first 90 days

The first 90 days on the job for a new CIO set the precedent for your tenure. You must gain a clear understanding of the state of the company and IT, meet and build relationships with the team, and develop strategies to leverage resources to drive business and deliver more efficient and secure IT service.
This timeline will provide you with an overview of best practices for this critical early stage.

Days 1-45

The first days on any high level executive job will inevitably be filled with countless meetings, strategic consultations, and other measures to help orient the new executive. By taking advantage of this early period, and using it to build stronger relationships with the team and craft your directive for the future of IT in the company, you can help ensure the success of your tenure.

Key Questions:

  1. What are the top security concerns in the IT organization?
  2. What are employee thoughts about company policies, such as BYOD?
  3. What are the current structures of governance in IT? Are they thought to be effective? Whose needs do they not address? What are different players’ optimal spending priorities?
  4. What has been outsourced to XaaS? What would be further outsourced?
  5. What is the state of office relationships? Who is well liked? Who is respected? Who are the underperformers?
  6. Where is IT misaligned with overarching business goals?

1. Communicate

  • Communicate early and often.
  • Start by talking with peers and IT staff to understand the landscape and begin building connections.
  • Meet and hash out early priorities with the board, CEO, COO, CFO, and other business leaders.
  • Ask questions. Talk to employees, colleagues, and business leaders to learn how the business is functioning, what needs to be done, and where the business is headed.
  • Listen. The first month should be primarily focused on learning about the company and its people.
  • Share your goals and communicate who you are.
  • Communicate priorities in a 30-day outreach plan.

2. Evaluate talent

  • Find out who is underperforming.
  • Find out who has high potential and why.
  • Create a strategy to nurture talent and replace underperforming individuals.

3. Build relationships

  • Identify immediate concerns and challenges for business partners.
  • Find quick fixes that can help form the foundation for mutually beneficial relationships.
  • Talk to business leaders to gain a better understanding of the business’s strategic direction.
  • Determine which department carries the most weight in the organization. This will help you understand the company’s culture and where to focus your efforts.
  • Identify those who will help you advance your priorities (and those who will get in your way).

4. Assess and make goals

  • Conduct a full IT assessment and use it to develop a comprehensive strategy.
  • Evaluate security in IT. What are the weak points?
  • How is the organization using cloud technology?
  • Identify areas where XaaS could provide benefits.
  • Is IT aligned with business strategies?
  • Establish clear KPIs for yourself and your team aligned with your priorities.

Days 45-90

After you are oriented and have a solid footing as CIO, it’s time to start expanding on the foundation you have laid and implement plans of a greater scope.

1. Communicate

  • Keep channels of communication open.
  • Continually reiterate your goals and strategies to business leaders and employees.
  • Look for outside perspectives to gain greater insight into the company’s state and future.

2. Assess

  • Prioritize critical or at-risk areas for assessment.
  • Rapidly engage sourcing to meet gaps.
  • Set up VMO to help manage vendors and fill out the needs of the organization.
  • Conduct high-level assessments across all areas. Which areas are assessed will depend on organization type, health, and perceived maturity level.

3. Act on talent evaluations

  • Identify talent acquisitions that need to be made and positions that need to be eliminated.
  • Get the support of employees and leaders first.
  • Take steps to begin restructuring the organization.
  • Act quickly, respectfully, and decisively while restructuring.
  • Promote the changes as a positive for the company and recognize the contributions of effective employees.
  • Continue to fix simple problems quickly and maintain your role as an effective leader.

After day 90

As you continue the work started in the first 90 days, it is critical that you keep paying attention to how the business is changing and what impact your actions are having. Don’t be afraid to pivot or readjust your plans to better fit the business needs of the organization.

1. Communicate

  • Maintain and nurture the relationships you have built.
  • Continue to ask questions and learn about new opportunities.
  • Look for problems or concerns that need to be addressed.

2. Assess

  • Keep assessing your progress toward goals and the effectiveness of your initiatives.
  • Socialize your finding and solicit support from business partners.
  • Evaluate supplier performance and identify those that are providing your organization the greatest value.
  • Evaluate how your plan fits in with your risk-mitigation strategies and its impact against the existing workload.
  • Don’t be afraid to reevaluate goals and plans.

3. Develop long-term goals

  • Develop a remediation strategy and investment plan.
  • Formulate a strategic link between internal technology and business strategy.
  • Facilitate key business drivers of success.
  • Compare all activities to predefined metrics to judge success and reevaluate as necessary.

Whether you’re brand-new to your IT leadership position or an experienced CIO, WGroup can help you navigate the new challenges facing IT executives today. We bring a powerful blend of experience, knowledge and analytical capabilities to deliver insight and value to your business. Our principals average over twenty-five years of experience and have had prior careers as CIOs, CEOs, CFOs, COOs and business leaders across various industries. Our fact-based analysis and economic models offer the transparency and insights you require to make intelligent decisions that drive your business forward. Contact us for an initial consultation at

Posted in Default | Comments Off on Advice For the New CIO – Part 1

3 Trends in IT Transformation for IT Leaders

by Domenic Colasante

Organizations often experience difficulty with IT transformation as it becomes more complex due to the addition of applications and infrastructure. The increasing reliance on dynamically shared resources makes this process more challenging, especially in a hybrid IT environment where some resources are on a cloud platform while others are on-site. The situation often occurs because organizations rarely eliminate their existing technology when they adopt new approaches. IT managers therefore require new methods of managing their environment efficiently to ensure business success. The driving factors in IT currently include the following:

  • Cloud computing
  • Mobile devices and BYOD
  • Big data

Cloud Computing

Cloud computing is becoming more popular because it allows organizations to obtain IT resources more quickly while reducing their cost. Small and medium-sized enterprises (SMEs) initially drove the adoption of cloud computing, although organizations of all sizes now use cloud. Organizations that need to acquire IT resources from Infrastructure-as-a-Service (IaaS) and Software-as-a-Service (SaaS) providers typically use a public cloud. However, organizations that wish to implement techniques such as virtualization internally are more likely to use a private cloud. Hybrid environments that use both public and private clouds are also common solutions in cloud computing.

The loss of control over resources is one of the primary disadvantages of using a public cloud platform. This tendency increases the challenge of resource management, making it more difficult to ensure that the provider is complying with service level agreements (SLAs). The dynamic sharing of resources on a public cloud also increases the difficulty of resource management.

Mobile Devices and BYOD

Employees often use their own mobile devices at work, causing many organizations to establish Bring Your Own Device (BYOD) policies. In most cases, IT managers must also support mobile devices provided by the company as well as desktops and laptops. The management of company-owned devices requires a Mobile Device Management (MDM) solution to back up the data on those devices and delete it if the device is stolen. However, managers also require some means of separating corporate data from personal data on employee-owned mobile devices so they can exert the necessary oversight over the corporate data. The existence of these different categories of computing devices means that IT managers have an increasing need for a centralized management solution that can handle devices in all categories, while retaining the ability to be configured for the specific needs of each device type.

Big Data

Big data refers to a data set that is challenging to process with traditional means due to its complexity or size, rather than a data set of a particular size. The use of big data is becoming more popular among organizations of all sizes due to its increasing availability from cloud providers and the growing recognition that big data has broad applications. Common business uses of big data include optimizing business processes, targeting customers and improving research.

Many of the challenges of managing big data are the same as those in traditional data analysis, such as ensuring authorized access to the data. However, big data also introduces additional management challenges, such the requirement to collect the data from a larger number of sources. Furthermore, the data must be stored and accessed in a manner that minimizes the impact its size has on performance. These challenges will increase as data sets continue to grow dramatically.

Posted in Default | Comments Off on 3 Trends in IT Transformation for IT Leaders

Disaster Recovery – Evolving From IT to Business Requirement

by Domenic Colasante

Disaster Recovery’s Top 5 Challenges

The increasing reliance on information technology (IT) means that organizations are also more vulnerable to system downtime. Today’s global markets also require IT systems to be available around the clock, since employees are always working. Any downtime in this operating environment quickly results in problems such as decreased productivity, reduced revenue, lost brand value and compliance issues.

Most organizations don’t deal effectively with the possibility of disaster recovery. Senior executives often consider it to be an IT problem, leaving it to the IT department to fix. This paradigm typically leads to the development of many tactical solutions to disaster recovery without a guiding strategy. However, disaster recovery is a business problem that requires a business approach to solve. The top five challenges in disaster recovery include the following issues:

Trouble in data center

  • Business needs
  • Downtime tolerance
  • Recovery time
  • Budget
  • Risk assessment

Business Needs

The general goal of disaster recovery is to keep the business running, regardless of the circumstances. It should be driven by business requirements rather than IT capabilities, meaning that you must prioritize business processes before you can implement disaster recovery (DRP). Depending on the organization, the most important process may be the online ordering system, e-mail capability, the SharePoint platform, or any other business-critical platform or application. Identifying these processes ultimately requires input from your business users.

Downtime Tolerance

An effective DRP also requires you to assess each application’s sensitivity to downtime. This information indicates the likely consequences of downtime in each area and provides the foundation for the DRP. Analysts use two metrics to measure downtime tolerance, including recovery point objective (RPO) and recovery time objective (RTO).

RPO is the amount of data that an application can lose before the loss becomes a significant problem for your organization. In other words, it’s the point in the past to which your DRP must recover data. RTO measures an application’s importance to current business operations. An application with a large RTO means that you have more time to recover the application before the organization will be significantly affected.

Recovery Time

An organization’s DRP often fails to describe what should happen once the backup media leaves the data center. However, it’s essential to know how to recover data after the disaster. The mere fact that you can access backup data off-site doesn’t guarantee that you will be able to recover your applications quickly enough to satisfy users. This capability also requires access to equipment that can restore the data or adequate bandwidth to restore the data from a cloud service provider.


Organizations often assign a budget to the DRP before they determine the financial risk of data loss and downtime. However, you must quantify the value of the data you could lose in an outage before you can determine what you should spend to avoid those losses. These losses should also include the financial penalties for failing to comply with government regulations.

Risk Assessment

Risk assessment involves identifying the specific events that qualify as a disaster, which is highly dependent upon the organization and geography. Natural disasters such as earthquakes and hurricanes are reasonable possibilities only in certain areas, while the risk of a network failure is more specific to the organization. It’s also important to realize that small losses caused by a particular problem can add up quickly when that problem occurs frequently.

Disaster recovery and business continuity are just a subset of the boardroom-level challenges faced by IT leaders today. WGroup has helped numerous CIOs assess and transform their IT strategic frameworks, governance structures, and operational processes to meet the sometimes competing demands of the business and emerging trends in IT. We adopt a pragmatic approach to implementing new IT capabilities that balances future needs with short-term improvements and benefits. Learn more by clicking here to visit

Posted in Default | Comments Off on Disaster Recovery – Evolving From IT to Business Requirement

IT Procurement: 5 Things You Need to Know

by Domenic Colasante

Modern procurement routinely requires client organizations to obtain needed goods and services while reducing costs. This process generally involves the client extending its influence over its suppliers and the spending of its own workforce. A common approach to this goal is to provide purchasers with tools that allow them to find what they need from an approved supplier, allowing the client to realize the savings that it has already negotiated with the supplier. The services that clients are seeking with IT procurement generally include source-to-pay technologies through a cloud platform with capabilities such as support for mobile devices and embedded analytics. This process requires you to consider issues in the following five areas:

  • Strategy
  • Insight
  • Efficiency
  • Collaboration
  • Compliance


The greatest value that procurement has for an organization is the ability to identify suppliers and evaluate the ones that offer the best value. Procurement also has the potential to reduce the client’s costs by diligently negotiating with suppliers. However, this strategy requires the client to possess the technology needed to ensure that purchases throughout the organization comply with the negotiated contract terms. Compliant purchasing will eventually translate into an improved profit margin for the procurement process. Clients should also use technology to automate the payment process, thus allowing personnel to spend more time in procuring IT services.


Procurement officials need insight into their organization’s business processes to make the best decisions. This insight is more beneficial when it’s delivered to mobile devices, allowing them to make those decisions at any time and from any location. Graphical presentations are particularly useful for comparing criteria between suppliers to identify those that provide the best value for the organization. Procurers can also obtain insight into business processes with embedded analytics, thus allowing them to manage their negotiations in real time. These capabilities increase their productivity by enabling them to make buying decisions more quickly.


An efficient procurement process increases purchase compliance and cost savings. The key capabilities of such a process include automation, collaboration and an effective workflow. User experience is one of the primary drivers of efficiency in procurement, so the workflow must be intuitive and easy-to-use to ensure rapid adoption. Easy navigation allows users to find what they need more quickly and therefore reduce processing time. It also lets users complete their work faster by helping them prioritize their actions.


The modern procurement process requires extensive collaboration. Traditional methods of communication such as e-mail and telephone inhibit collaboration since workers often miss calls and spend time locating a particular e-mail message. Procurement applications typically rely on collaboration through in-context social collaboration that embeds a conversational stream within a transaction screen. This capability allows the cross functional team to share information more easily and collaborate with other departments to negotiate contract terms. Additional collaboration capabilities of procurement applications include receiving requests for proposals (RFPs) and sending purchase orders to service providers.


Procurement applications that enforce compliancy reduce contract leakage by ensuring that users buy only through approved suppliers. They also simplify procurement by using document templates to guide users through the process of creating a contract. Furthermore, they decrease workload by generating deviation reports that describe the differences between the contracts and template. Procurement applications also help to streamline the procurement process by generating robust audit trails to enforce purchase behavior.

The Top 9 Trends in Vendor Management

IT procurement is transforming rapidly from adversarial purchasing and cost savings relationships to strategic partnerships with vendors focused on business outcomes. Advance your learning with a WGroup white paper, Top 9 Trends in IT Vendor Management. Click here to get your copy.

Posted in Default | Comments Off on IT Procurement: 5 Things You Need to Know

How BYOD Already Helps Businesses

by WGroup

How BYOD Already Helps Businesses and the Trends to Watch for 2016

With mobile Internet users expected to top 2 billion devices in 2016, it is no surprise that BYOD is a business trend that has taken off. BYOD is already helping businesses in key ways, and BYOD benefits and policies will continue to evolve in 2016.

However, BYOD can have a dark side that ultimately harms businesses instead of helping. Here are the things to keep in mind for all things BYOD in 2016.

BYOD Business Benefits

The immediately apparent benefit of BYOD policy is that it shifts the burden of cost to the user (the employee). Given that a cell phone bill can often run upwards of $80 per month, businesses save significant capital by letting the employee cover those costs.

While it might seem that employees would object to such a policy, the opposite is true. Employees typically love BYOD policies since employees have the smartphone or laptop they already own for a reason. Namely, they enjoy using the device.

Users will also typically buy cutting-edge phones and laptops for their own personal use, which can provide businesses with a performance advantage they would not otherwise have. Even better, tech enthusiast employees will upgrade to the latest technology more frequently than the typical company refresh would, which means the business can stay current without incurring costs.

Given these benefits, it stands to reason that BYOD will only continue to grow in 2016. Here are some of the trends to look for in the years ahead.

BYOD Trends to Watch

When BYOD started, it was often considered a privilege in the workplace. In 2016 and beyond, expect such policies to become required. Some experts believe that around half of the world’s employers will require employees to bring their own devices in 2016. Along those same lines, it is likely that fewer businesses will fully reimburse employee costs for personal device use.

Additionally, expect BYOD to have a new look in coming years. While BYOD devices were traditionally phones and tablets, the Internet of Things has broadened the possibility of BYOD. Wearable devices such as smartwatches, sensors and monitors can all play a role into a company’s BYOD policy and strategy. (Learn more about IoT here.)

Finally, it will become increasingly important for businesses to develop a comprehensive BYOD strategy. Businesses will need to create constant guidelines, strategies and requirements for BYOD use. Otherwise, businesses open themselves up to the risks inherent to BYOD use. (Learn how to assess risk vs reward by clicking here.)

The Downsides to BYOD

For all the benefits BYOD policies provide, they are not without risk. Businesses who have not adopted BYOD frequently cite their concerns about BYOD security, and their concerns are warranted.

When many devices are accessing business data, crucial business insights are more open to attacks than ever before. While the convenience of BYOD has always come with security risks, those risks only increase when more businesses adopt BYOD policies without implementing effective security measures.

WGroup can help with the security plan you need. Click here to learn about our security-as-a-service.

Businesses who decide to tap into the rapidly growing BYOD culture must understand the security threats inherent to BYOD. As a result, it will be easier to create vigilant BYOD policies and security policies to address BYOD security risks.

WGroup has helped CIOs, IT leaders, CEOs, and boards of directors assess and transform their IT strategic frameworks, governance structures, and operational processes to meet the sometimes competing demands of the business and emerging trends in IT. We adopt a pragmatic approach to implementing new IT capabilities that balances future needs with short-term improvements and benefits. Many IT transformations are designed to be self-funding, with subsequent phases exploiting the success of prior investments and improvements.

If you’re facing challenges in BYOD, IT transformation, cybersecurity, or all of the above, we invite you to discuss them with us, with no obligation. We’ll tell you how we can help. Click here to contact us for a consultation.

Posted in Default | Comments Off on How BYOD Already Helps Businesses

The Internet of Things: Can It Be Kept Secure From Cyber-Risks?

by WGroup

Your Business and the IoT

Can the Internet of Things Be Kept Secure From Cyber-Risks?

More data has been generated in the past two years than the entirety of mankind’s history combined, and most of that data resides in the Internet. With so many devices, things and data connected to the Internet, it should not come as a huge surprise that cyber-risks are on the rise.

The rise in cybercrime led noted Internet security pioneer Eugene Kaspersky to dub the Internet of Things (IoT) the “Internet of threats.” While the threat of cyber-risks is very real, there are reasons to believe that Kaspersky’s pessimism is overstated. There are several reasons to remain confident in IoT security, including innovations in IoT app security.

The Importance of IoT Apps

In the vast world of IoT products connected to the Internet, there is a common theme among many of them. IoT products often use apps to help facilitate ease of use and convenience.

When these apps are not secure, the cyber-risk threat rises dramatically. Fortunately, there are easy steps that can be taken to ensure that IoT apps are protected.

Given that applications are a fundamental component of the IoT process, IoT security and protection strategies should start with securing the application itself.

Applications can be secured and bolstered to defend against hacks and cyberattacks by application hardening and runtime protection. These techniques can be effectively implemented without affecting source code since guards can be automatically inserted into the binary code instead.

Subsequently, these guards can be protected in such a way that both the application itself and the guards are both protected. In turn, this ensures there is not a single-point-of-failure that hackers can easily exploit.

Device Makers Can Bake in Security

While app security is crucial and is often the best way to start securing the IoT, baking security into connected devices is also a helpful strategy. Experts suggest that such strategies prioritize safety in the design stage of connected devices, which in turn ensures that device manufacturers share some of the security responsibility.

Developers who think about solving security during the creation stage will help thwart security threats by considering how to create their devices in a way that repels cyber-risks.

Everyone Must Work Together

To successfully win the war for IoT security, consumers, businesses and developers must all do their share. Consumers must educate themselves on the value of creating strong passwords, and they must also regularly change these passwords.

And, while developers must implement security best practices as mentioned, businesses can create dedicated IoT security teams of specialists who ensure that security is a dedicated component of the business roadmap.

Finally, businesses should be honest with customers with regards to privacy policies. When all parties recognize and understand the security risks that face the IoT, everyone can work together to ensure that the IoT is secure. While hackers want to ruin — or exploit nefariously — the incredible innovation that is the IoT, it will not happen so long as everyone fully commits to the necessity of IoT security.

If you’d like to learn more in-depth insights on the Internet of Things, request a copy of WGroup’s ebook, Your Business And the Internet of Things by clicking here.

Posted in Default | Comments Off on The Internet of Things: Can It Be Kept Secure From Cyber-Risks?

Multi-Vendor IT Governance – Begin With the End In Mind

by Steve Coper

Begin with the End in Mind:

Organizing and Conducting Effective Multi-Vendor IT Governance Meetings

Managing multiple vendors requires a clear strategy focused on driving business goals, regular open communications, and strong leadership. Conducting effective governance meetings is a critical component of ensuring those pieces are in place. But in order for them to be productive, it is critical that business and IT leaders set the agenda and begin with the end in mind.

Conducting and planning effective vendor meetings can be challenging. Without a clear agenda, it is easy to get off-topic and focused on the wrong priorities. To prevent problems and have more productive multi-vendor meetings, it is important to understand your overall objectives, determine your specific needs, develop plans accordingly, and stay focused on achieving the end state.

What is effective IT vendor governance?

Among other things, IT governance allows companies to build better relationships with vendors, continuously improve service and innovate. Understanding what good governance looks like within your environment must be considered. There is no one-size-fits-all solution. Before planning a program of regular meetings, it is important to have a clear idea of where you are headed and what makes a governance strategy effective. Effective multi-vendor IT governance incorporates the right mix of skilled personnel, relationship building disciplines, and management tools and techniques from both you and the vendor.

Key tenets of IT governance include:

  • Mutual respect
  • Quantitative and qualitative measurements
  • Candid information sharing
  • Continuous improvement and innovation
  • Ongoing opportunities for business value and growth

Key meeting topics

Setting the agenda for a multi-vendor governance meeting is critical to ensuring it is productive. IT vendor governance should cover six key areas: contracts, relationships, performance, projects, continuous improvement and innovation, and financials. Meetings should be structured around addressing several of these key topics.

Contract Management – Managing contractual commitments to agreements and service delivery models, dispute resolution, and maintaining contract legal documents are critical components of managing vendors. Key meetings include escalating issues and disputes (via predefined processes) and reviewing contractual deliverables and event triggers (e.g. adjusting SLAs, resource levels or pricing renegotiations).

Relationship Management – This area focuses on customer satisfaction, overseeing relationships to ensure alignment, and working with the vendor to manage risk. Key meetings and deliverables are overall program communications planning and execution, customer satisfaction survey reviews, and vendor risk assessments.

Performance Management – This area involves measuring and monitoring delivery performance in relation to SLAs, reviewing deliverables and trends, and monitoring aggregate incident, problem, root cause, and change management performance data for all relevant vendors. Key meeting topics include monthly performance measurement reports (with a rolling twelve-month performance period) and quarterly multi-vendor aggregated performance reports (e.g. Priority 1 incidents, Root Cause Analyses (RCAs), and change management success).

Project Management – In order to keep projects running smoothly, companies need to implement systems to measure and monitor project control and execution performance, review schedules, issues, risks and mitigating actions and compare budget to actuals, and estimates to completions. Key meetings include monthly measurement reports, quarterly multi-vendor reports, and aggregated performance reports.

Continuous Improvement and Innovation – Companies must constantly work with vendors to improve solutions, capture new markets, and reduce costs. Governance programs should be in place to establish multi-vendor processes for vendors to submit ideas, business cases, proposals, and hold briefings to discuss partnership and other innovation topics. Key meetings should include monthly reviews of individual submissions and client decisions on each and quarterly collaborations between clients and vendors to share strategic and tactical business and IT intelligence and information on emerging trends.

Financial Management – The financial management component of governance validates and manages costs, monitors the economics of contracts, and ensures that value propositions and expected benefits are realized. Key meetings are monthly invoice reviews, quarterly financial or budget scorecards, and value proposition management. Organizing productive, tactical, and strategic multi-vendor governance meetings can allow companies to take better advantage of IT vendor relationships. WGroup has the experience in working with cross-industry clients to determine your specific needs and assist in developing a customized multi-vendor IT governance program.

By establishing an ongoing program for all parties to regularly discuss goals, resolve problems, and set agendas, you can drive more aggressively towards successful relationships and achieving mutual objectives.

Effective Multi-Vendor Governance

For a more detailed discussion of multi-vendor IT governance, see the full white paper, Effective Multi-Vendor IT Governance, at

Posted in Default | Comments Off on Multi-Vendor IT Governance – Begin With the End In Mind

XaaS — Everything-As-A-Service Moves into the Mainstream

by Domenic Colasante

XaaS — Everything-As-A-Service Moves into the Mainstream

Everything as a Service (XaaS) is no longer a phenomenon, nor is it a passing fad. It is a strategy that should have already been adopted by CIOs and IT leaders. In fact, if you’re not already “on the train,” then you’ve probably missed it.

For an enterprise, XaaS offers the chance to improve the way that IT serves you, your enterprise, and your customers. It is an enabler of the transformation of IT into an integral component of every part of the business. It offers the opportunity to deliver countless services over cloud, rather than focusing on local or on-site. To date, cloud has moved beyond its early stages of representing solely a means for off-site data back-up. Now, cloud has the ability to rapidly evolve and virtually support communications, content, commerce, applications, and almost anything that is thrown its way. In short, XaaS offers enterprises the opportunity to vastly enhance their use of software and hardware, as they optimize their entire approach to IT.

Over the past year, XaaS has shown a continued ability to provide enhanced agility, increased levels of innovation, faster response time, adaptive capabilities to changing markets, contained costs, and the reduced need for capital. Over the rest of 2016 it is expected that XaaS services will continue to expand, as CIOs and IT leaders who hadn’t already embraced XaaS play catch-up in an attempt to leverage the benefits of this innovative IT strategy.

Make sure to see our related blog posts on cloud and XaaS. Click Finding the Right Cloud Strategy For Your Company and How Cloud Computing Is Poised to Shift the Security Status Quo to learn more.

For an in-depth white paper on cloud, click here for The Top 5 Imperatives to Address in Your Cloud Computing Strategy

Posted in Default | Comments Off on XaaS — Everything-As-A-Service Moves into the Mainstream

Clinical Service Desks – 5 Things You Need to Know

by David Malicoat

Considering implementing a clinical service desk?

Here are 5 things you need to know

Clinical service desks can bridge the gap between traditional IT help desks and more specialized customer service solutions designed for the medical sector. By having a skilled practitioner at the desk, solutions can help organizations deliver better, more effective care to patients while significantly improving productivity. But clinical service desk solutions are relatively new and jumping on the bandwagon without fully understanding what you need can lead to problems down the line.

1. The space has not fully matured

One of the most important things to know about clinical service desks is that they are a relatively new development and some solutions may not have reached the level of maturity your company requires. Unfortunately, healthcare providers looking for an implementation that follows industry best practices may struggle when they find that the rules of this space have not yet been completely written. This makes it difficult to contract with smaller providers that may not have yet proven their ability and may be unable to provide a convincing argument that their solution is strong and reliable.

In many cases, the relative immaturity of the space manifests itself through highly customizable, a la carte offerings. There is not yet a well-defined preset grouping of services and features that most companies offer. Although this provide great flexibility for customers that know exactly what they want, it can be confusing for customers that don’t. Organizations should strive to understand what’s available, and choose providers they can trust before moving forward with an implementation.

2. It’s important to decide who will be using the solution

Prior to contracting with a vendor or implementing a solution, it is critical that the organization understand how, and by whom, the clinical service desk will be used. In some instances, the solution is only used by physicians, in others physicians and nurses, and in still others by all clinicians. Different users have different needs, and deciding the scope and functionality required by the organization ahead of time will help set clear goals and allow you to work with vendors to find a solution that works for you.

3. Some solutions are purpose built around EMRs, some aren’t

Leaders of the clinical service desk space like Epic and Cerner have purpose built solutions designed to work effectively with EMRs and meet the unique needs of healthcare professionals. Other vendors may or may not have the level of maturity of these providers, and could potentially cause problems. Customers must carefully vet vendors and choose one that can deliver the functionality and expertise necessary to productively aid the practice.

4. Deciding how users get in touch is key

Ultimately, the way users interface with the service desk is critical to its day to day use. There are two primary options when it comes to communication, single and multiple phone lines. In the single phone line option, users call in and are routed to the necessary person via a phone tree. This provides simplicity by having only one number to remember and call, but navigating a phone menu can slow users down when they need information quickly. The other option is having two or more numbers. This may get users the information they need more quickly, but increases the complexity of the system.

5. Features vary from vendor to vendor

The services and features included in a clinical service desk solution can vary greatly. In some cases, solutions are only focused on EMRs. These tools are primarily designed to help healthcare providers solve EMR related problems and find patient info more quickly. Other solutions take a more comprehensive approach and offer one call fixes for any IT or EMR related issue. In some cases, this can take the place of a more generalized IT help desk solution and streamline the organization. However, these concierge solutions may not be able to offer the same specialization as more specific options.

Clinical service desks can provide significant boosts to productivity and quality of care in the medical sector, but they can also be challenging to navigate. Being a young space means there aren’t as many established best practices or predefined solutions. Ultimately, healthcare providers must carefully plan their clinical service desk strategy, define goals, and choose an option that meets their unique needs.


WGroup assists clients in the medical and healthcare sector with advisory services related to information technology, sourcing, service methods and service delivery. Visit our home page at to learn more.

Posted in Default | Comments Off on Clinical Service Desks – 5 Things You Need to Know

When Is the Right Time for Contract Renewals?

by Domenic Colasante

When Is the Right Time for Contract Renewals?

Finding your company’s ideal renewal window

Contract renewals have a way of sneaking up on companies, catching them unprepared and without enough time to catch up. The pace of technology change is rapid. IT leaders need to use this as a chance for transformation. There is never as much time to properly prepare as you think, and taking the time to build and execute a well thought out renewal strategy is critical to achieving business objectives.

In this post we’ll discuss some strategies for planning contract renegotiations and rebid cycles and why it’s so important to have enough time for them.

Companies underestimate the time they’ll need

At WGroup, we’ve found the ideal window for starting to address contract renewal is 18 months. This leaves enough headroom for the work that needs to be done to successfully negotiate and implement new contracts while accounting for potential delays along the way. If you’re like most IT leaders, that’s much more time than you give yourself to prepare and execute a deal. But what goes into these 18 months, and why is it so important to have that much space to work in?

Strategy/Analysis Work (3 months) – One of the most important steps in contract renewals is forming a plan of attack to effectively address transformational technologies, changes to the service delivery model, and new business objectives. It is critical to have a clear understanding of what works and what doesn’t in the current agreement, what requires change, and what will drive business goals. Aligning the solution and SLA with business needs means carefully evaluating current performance and identifying areas that need improvement.

RFP Lifecycle (5-8 months) – This is probably the most variable period for contract renewals. Companies must allot a significant amount of time to see new solutions for vendors bid preparation and submission, bid evaluation, and negotiations. It is important to go slowly, and carefully evaluate every option. Make sure to evaluate how the new agreement and new solution will enable business agility, flexibility and speed.

Transition (6 months) – If your company decides to change vendors, or if the current vendor’s solution is dramatically altered, the IT organization needs to allot time to implement any changes. This may include periods for physical hardware and infrastructure changes, applications and tools replacements, training, and other preparations that the vendor must make. Allotting enough time for this period ensures that the process isn’t rushed and that an underdeveloped solution isn’t implemented.

Contingency Time – Never expect the best case scenario. Allocating extra time for course correction is vital. You may see something exciting that you had not thought of or considered that you want to take advantage of. The more time you have you not only get more leverage to get best deal but you also have more room to make sure you get right solution.

Above all, it is important to remember that this process cannot involve only the IT organization. Business leaders needs to be engaged in this cycle. IT must first ask the business what the desired outcomes are and how can these outcomes be reached. Adapting the contract renewal process to address business goals while allotting enough time to effectively meet those goals is at the heart of an effective contract renewal strategy. Don’t get caught without enough time and without a plan. Prepare for contract renewals early and use the extra time to make sure vendors meet your business’s real needs.

Posted in Default | Comments Off on When Is the Right Time for Contract Renewals?

Governance, Risk and Compliance — Building a Sustainable Model

by Brad Friedman

Building a Sustainable Governance, Risk and Compliance (GRC) Model

No one questions the business mandates to comply with Sarbanes-Oxley (SOX) controls. Organizations had no choice but to adhere to the new regulations. Over two decades after coining the term “cybersecurity”, many still struggle with cybersecurity risk management. 88% of organizations do not believe their information security fully meets their needs.1 Data breaches also are almost commonplace, as in 2015 breaches in business, government and healthcare organizations reached near record high rates.2

So are criminals just getting smarter, or is it more likely organizations are not allocating the proper resources to address these risks? Like the implementation of SOX controls, cybersecurity is an iterative exercise. In order to stop struggling to build a sustainable cybersecurity compliance program, organizations must develop more comprehensive governance, risk, and compliance (GRC) models.

What is at risk?

For Customers – Organizations always include meeting customer expectations as a business strategy component. It then follows that the risk of losing that customer is also critical to the business. The impact of breaches on customers is rapidly evolving. Risk is more than customers’ credit card numbers. Actually, for most retailers, there is little reason to even store that data. The customer has minimal liability in the event of a breach and relatively minimal inconvenience. It is now extremely easy to have credit cards replaced and issuers will always reverse illegitimate charges. The entire process is fairly painless and absolutely manageable. However, private information such as Social Security Numbers are another story. When that information is stolen, it is forever. Companies must understand the relative value of different types of information and their impact on customers in order to develop more effective solutions.

For the Company – Not all breaches bear the same risk, but they all have the potential to impact important company assets like brand image, organizational reputation, and finances. The court of public opinion will look at two specific areas: The organization’s due diligence efforts to manage the risk prior to an incident and its ability to communicate, react, and support their customer base after an incident. These key indicators are only addressed with a comprehensive GRC business strategy. Moving your business forward with GRC as a cornerstone will support growth and innovation while keeping risk in check.

Developing stronger GRC models

At WGroup, we believe a business driven mandate surrounding GRC is essential. It has to be a part of an enterprise business model where organizations need to expand, improve and innovate in order to actively address cybersecurity risk. Cybersecurity needs to be a part of your organization’s DNA. Companies should take the opportunities to transform GRC efforts as they implement new projects.

There are several components that a GRC strategy model should include:

    – Commitment from top business leaders

    – Organizational alignment

    – People, Process, and Technology

    – Operational Enablement

The GRC function is not just about protecting the confidentiality of information, but needs to be a more holistic methodology. In addition to safeguarding the company assets with tools such as encryption, a robust security framework should be implemented.

The National Institute of Standards and Technology (NIST) framework addresses not only protection, but other critical factors including:

    – Asset inventory, management, and governance

    – Data awareness, training, protection of data, policies and procedures

    – Anomaly detection and event management

    – Response planning, communication, analysis, and mitigation

    – Recovery plans, strategy, and lessons learned

IT security risks are relevant and growing. Companies need to understand new threats and how to take steps to manage them. By implementing more sustainable, comprehensive GRC models, organizations can significantly reduce risk of breach and reduce their cybersecurity risk profiles.


    1. EY’s Global Information Security Survey 2015

    2. Identity Theft Resource Center (ITRC) data breach reports

Posted in Default | Comments Off on Governance, Risk and Compliance — Building a Sustainable Model

Cloud Computing: Poised to Shift the Security Status Quo

by WGroup

How Cloud Computing Is Poised to Shift the Security Status Quo

While cloud computing received a significant amount of positive media attention in 2015, 2016 is poised to be the year that cloud computing truly shakes up the security status quo. Still, even after 2015’s positive media coverage led to a better appreciation of cloud services, enterprise workloads did not necessarily shift over to the cloud in large numbers. Expect that to change in 2016.

Here are a few reasons to expect cloud computing to shake up the security status quo in 2016.

Traditional Security Vendors Will Need to Adapt to the New Cloud Culture or Face a Decline

Traditional anti-malware and encryption companies may not have needed to accommodate the cloud culture in years past, but that should change in 2016. Anti-malware developers will likely focus on developing software that can seamlessly integrate with cloud platforms. This prediction, however, is not without its set of challenges.

Security vendors will need to work closely with cloud platforms since inserting third-party anti-malware solutions onto cloud platforms will not come about effortlessly. Still, expect cloud providers to create APIs and frameworks that help anti-malware vendors get their software onto the cloud. Since anti-malware products are not a cloud platform’s area of expertise, working with third-party vendors will help cloud platforms and traditional vendors alike.
Similarly, encryption companies stand to benefit from the move to the cloud as well. With the rise of mobile devices and cloud computing, there is an increased understanding that encryption is a security necessity at all times. Encryption vendors have a huge opportunity to create scalable and transparent solutions that will broaden the capabilities of encryption on a cloud platform.

Vendors who are incapable or unwilling to adapt to the new cloud security culture will likely face the threat of a decline in business.

The Rise in Cloud Security Will Place a Heavier Emphasis on Effective Security Policies and the CISO

The expected increase in cloud security implementation will ultimately demand a greater emphasis on security policy as well. While the majority of IT leaders now believe that cloud security is as secure or more secure than traditional on-premises software, effectively transitioning towards a cloud security environment can be complicated.

In a recent Cloud Security Alliance survey, 67.8 percent of companies noted that the greatest obstacle in moving towards a cloud system is the ability to enforce corporate security policies. As such, making an effective cloud security transition requires the right policies in order to make the move as seamless as possible. Companies with a CISO have an easier time achieving this goal.

The survey found that a CISO plays an integral role in developing security policies. As a result, a CISO makes it more likely that the company is prepared for cyberattacks, which is why companies who already embrace the cloud are more likely to have a CISO. More than 60 percent of companies have a CISO, and that number seems poised to increase with the continued rise of cloud computing security.

In effect, cloud computing is poised to demand industry changes as well as changes to the corporate culture of companies who make the move towards cloud security in 2016 and beyond.

Go more in-depth on cloud computing in 2016. Get the white paper, The Top 5 Imperatives to Address in Your Cloud Computing Strategy, by clicking here now.

Posted in Default | Comments Off on Cloud Computing: Poised to Shift the Security Status Quo

BYOD – How to Determine the Risk/Reward Calculation

by WGroup

Bring Your Own Device (BYOD) – The Risk/Reward Calculation

There are approximately 120 million Americans in the full-time workforce. According to Pew Research Center nearly two-thirds of American adults age 18+ own a smartphone. If we were to extrapolate the latter statistic by applying it to the former figure, we would find that hypothetically 76,800,000 Americans use their smartphone for work purposes. With these statistics in hand, it is safe to say that Bring Your Own Device (BYOD) has become a popular solution across any sized enterprise. However, despite the wide-reach of BYOD, companies still report that they are struggling to properly weigh the rewards vs. costs, as they attempt to adopt the potentially money-saving Information Technology (IT) solution.

The Rewards Associated With BYOD

In 2013 best-selling author, Managing Director at TCG Advisors, and Venture Partner at Mohr Davidow Ventures, Geoffrey Moore, infamously argued that CIOs needed to understand that employee brain patterns change directions when they have to think about accomplishing a task versus remaining free to creatively brainstorm a solution. With this theory for support, he went on to suggest that if you give employees technology that they love to use, then employees will be able to better focus on pattern recognition and other value-adding activities, rather than wondering what button should be pressed. In his words, “The amount of redirection of neurons when you have to do that [complete an assigned task on an unfamiliar device] and the interruption in the flow of imaginative thinking is much more dramatic than people actually acknowledge.” As outlined below, BYOD embodies Moore’s line-of-thinking and provides numerous rewards:

  • BYOD allows employees to use consumer technology that they are both familiar and comfortable with
  • Using BYOD at work can create a smoother transition into the workspace, which can improve productivity levels
  • BYOD

  • An increase in employee satisfaction has been shown to have a direct correlation to increased production and goal-oriented achievements
  • BYOD improves employee engagement levels both internally (with other employees or managers) and externally (in a client-facing environment)
  • BYOD policies can enhance recruitment efforts for the millennial generation
  • BYOD offers a viable solution to employees’ growing desire to work remotely with flexible work hours

The Costs or Risks Associated with BYOD

The inherent “cost” of BYOD IT is that it will open security risks or vulnerabilities that would not have otherwise been introduced into the work environment. Additional costs or risks that are associated with BYOD include:

  • BYOD allows employees to potentially walk security risks right in and out of the front door every day
  • IT departments must plan for new security risks. In planning for these risks, additional monies might be spent on employee training and ensuring that employee devices remain up-to-date with the latest security software
  • IT departments need to spend additional time setting up BYOD in the same way that they would set up company devices, which includes: legal, licensed software, screen locking, business-level encryption protocols, malware, spyware, and a secure program for remote system access
  • There is a greater risk that employees won’t follow proper security protocols. Cisco recently released a report which stated that only 2 out of 5 workers in the banking industry apply even the most basic of security settings to their smartphones
  • There is a greater risk that BYODs won’t meet security, governance, and compliance regulations

The use of BYOD is growing across industries; as it continues to grow so too do the associated rewards and risks. Businesses need to carefully analyze internal IT operations before they can make the decision to implement a BYOD policy.

Further reading:

Posted in Default | Comments Off on BYOD – How to Determine the Risk/Reward Calculation

Forming Strategic Partnerships With IT Vendors

by Mark Fullman

Forming Strategic Partnerships With IT Vendors:

Beyond Tactical and Transactional Relationships

Building strong, mutually beneficial relationships with IT vendors can make a significant difference in an organization’s ability to deliver on end user expectations, reduce costs, and drive business goals. But effectively evaluating vendors and forming strategic partnerships with those that meet your company’s needs can be challenging. Many IT organizations only focus on short term tactical and transactional relationships and don’t benefit from the synergy of a long term relationship.

Why are vendor relationships important?

It is natural to question the value of building long term relationships with vendors. The process requires commitment from the organization, regular review, and a considerable amount of time. However, there are many benefits to investing time and resources in the effort. Better partnerships can greatly improve productivity, lead to reduced costs and risk, and improve end user experience.

    Improved productivity – Developing, implementing and upgrading systems, applications, and services can be extremely time intensive. Working with companies that already know your organization’s infrastructure, systems, culture, and unique needs can speed project time, limit problems, and lead to a more satisfactory solution. You can also reduce the time needed to go through the competitive bidding process to get the project up and running faster.

    Reduced risk and costs – Working with a trusted supplier can reduce risk and costs caused by stalled projects or other issues. Close partners are also more likely to work with you if you need financing or to work out more suitable payment plans.

    Better end user experience – Trusted vendors often have a better idea of the unique needs and characteristics of your company. That means they can provide applications and services that work better for the end user or your customers.

Forming more beneficial relationships

Vendors are an integral part of your business’s strategic plan, allowing the IT organization to deliver effective services to employees and customers. But building mutually beneficial relationships with vendors takes time, personal connections, and effective review and analysis. Companies should treat the vendor vetting and relationship process with the same planning and care they would invest in any other critical business function.

    Start with small transactions – It’s never wise to invest too heavily in an untested partner. That’s why any vendor relationship should ideally start with small projects. This gives you time to see how the vendor operates and decide whether to continue the relationship with more significant stakes.

    Treat the vendor fairly – If you decide to invest time and effort into building a relationship with a vendor it is important to treat them fairly. A partnership is a two way street. You should always make an effort to always pay on time, provide ample lead time, and build personal connections with vendor representatives.

    Be demanding – Although you should always treat your partners fairly and build personal connections, it is important to remember that the needs of your own company come first. Don’t be afraid to ask a lot from your vendor and drive a hard bargain when it comes to price and performance.

    Regularly review performance – Be wary of partners who become too embedded in the organization resulting in poor performance to go unnoticed. It is important to guard against this by regularly reviewing vendors and addressing issues as they arise. If at any time a trusted vendor cannot deliver, don’t be afraid to request proposals from other sources.

We just published a terrific case study of a real-life example of a large company who valued strategic partnerships enough to completely rethink the way they measured their IT service provider. They reduced costs by over $100 million while increasing scope of services, aligning service delivery to business impacts, and improving end-user satisfaction. And here’s the kicker: They did it with their incumbent service provider and both parties are thrilled with the results. Learn how strategic partnerships helped them achieve this by clicking here to download Negotiating Better Solutions with IT Partners.

Posted in Default | Comments Off on Forming Strategic Partnerships With IT Vendors

Finding the Right Cloud Strategy for Your Company

by WGroup

Your employees love cloud computing. It lets them work anywhere, any time, on any device. For many people, that kind of flexibility in their work schedule is a big boost to their quality of life.

There are plenty of reasons for you to love cloud computing, too. Employee satisfaction leads to employee loyalty, which leads to employee productivity. You may even be able to move some employees to telecommuting positions, which will save your business money on office space and utilities.

If cloud computing is a smart decision, the tricky part is deciding which cloud. If you’re considering a move to the cloud, a third-party provider is a must.

Maybe you’re worried that a transition to cloud computing will disrupt your work environment. Maybe you’re worried that having important company information living in the online ether, instead of being stored in individual computers or in on-premise storage, will create security issues.

The good news is that both of these concerns can be completely alleviated by using a third-party cloud computing provider, rather than setting up an in-house cloud server.

A third-party provider will gradually move your company information over to its own servers without disrupting the flow of work at your business. Most of the work will be done after hours. When employees return to work, they will each get their own passwords, giving them access to the information they need to do their work. No downtime.

That’s just the beginning. With a third-party provider, security is greatly enhanced. The servers where your company information is stored are monitored around the clock. If there is any hint of an issue with security, such as someone trying to gain unauthorized access to your servers, the technicians will know right away and can respond before your information is compromised. It’s like having an army of security professionals watching your important company information all the time and keeping it protected.

Here’s one more way having your information stored away from your business headquarters makes sense. It’s protected from corporate sabotage and environmental disasters. If your business’s location is damaged or destroyed, you and your staff can continue to work from anywhere, because your information is safe.

For in-depth guidance on cloud computing, see our white paper, The Top 5 Imperatives to Address in Your Cloud Computing Strategy at

Posted in Default | Comments Off on Finding the Right Cloud Strategy for Your Company

Communicating Effectively in Times of Change

by David Malicoat

Times of significant change can cause stress, loss of productivity, and discontent within any organization, particularly in IT. Outsourcing, insourcing, mergers, and acquisitions can all create obstacles that prevent leaders from concentrating on accomplishing their goals. In order to overcome these problems, IT leaders need to have robust plans in place to harness the full power of their organization. One of the most important components of any plan for change is good communication. Without consistent, pointed messaging and patient listening, any changes will suffer from much greater pushback and create far more problems. One can never go astray by embracing and executing effectively on the fundamentals of organizational change.

How to communicate more effectively

IT leaders’ efforts during periods of transition should be focused on keeping everyone on the same page in terms of goals, processes, and what the changes mean. Everyone within the organization should have a clear understanding of what their new role will be, and what the future will look like. This requires clear and consistent communication from IT leaders.

Increase communication frequency – In this day of hyper transformation, changes happen rapidly, with shifting outcomes and expectations. Most leaders don’t communicate with their team often enough during these times. By keeping more constant contact with employees and communicating effectively, you can help assuage any doubts or uncertainty that the team may be having and keep everyone positively contributing towards the collective goal.

Improve communication quality – It’s not enough to simply flood your team with messages. The communication has to be both more frequent, and more importantly, more meaningful. Make memos, meetings, and other outreaches succinct and take extra time to cover the topics that employees need and want to know about. Of particular importance is a focus on how the changes will affect each individual and what their role in making it happen will be. This can both help improve team morale and keep employees focused on the organization’s mission.

Don’t overcommunicate – Although regular, high quality communication is key during periods of transition, it is still possible to overdo it. Make sure all of your communications have real value to the recipients. Don’t communicate just for the sake of communication. Too much can bog down employees and water down the messaging.

Listen – Another component to good communication is listening. Leaders must pay careful attention to how the changes are affecting their team. The leader must also be sensitive to what problems are arising, and listen for any suggestions that might make the process go more smoothly. This means taking time to get feedback from a wide variety of sources, including colleagues, business unit leaders, and individual contributors.

Maintaining high quality, frequent communication during periods of transition can be challenging, but it’s important to remember that it can mean the difference between success and failure. With more robust and consistent messaging, IT leaders can help keep their team happy and focused on their mission. The result is an organization that owns your message and uses it as the foundation of their daily hard work.

Posted in Default | Comments Off on Communicating Effectively in Times of Change

WGroup Announces New Principal Consultant: Bob Mack

by WGroup

WGroup is pleased to announce that Bob Mack has joined the firm as Principal Consultant. In this role, Bob will be responsible for supporting and leading client engagements focused on IT, Transformation, Strategies and Sourcing.

Bob is a diverse, “hands on” business executive focused on delivering transformational outcomes in fast-paced environments. With over 30 years of experience working for global Fortune 500 organizations, he has amassed a broad and deep tenure of IT executive and general management experience within the pharmaceutical/healthcare industry. He is an expert in tackling big, complex opportunities that challenge the status quo and create innovative approaches to driving new business value. He is most inspired by organizations that have a passion for excellence, a demonstrated sense of urgency, and a “start-up” execution mindset.

As an IT and business leader, Bob has an excellent track record of success with IT transformation and transition, sourcing, vendor management, mergers and acquisitions, global operations, cloud strategy/ execution, and technology strategy/implementations. He has been responsible for multi-million dollar budgets, and led technology operations for growing enterprises across multiple locations and countries.

Prior to WGroup, as SVP Business Services and Head of IT at Otsuka Pharmaceuticals, Bob was the Corporate Officer accountable for Information Technology, Facilities, Corporate Library, and other U.S. shared services. He consolidated multiple IT organizations into a unified highly valued structure complimented by strategic outsourced managed services. He achieved significant measurable improvements in business alignment, project delivery capacity, technology modernization, and customer service levels. He implemented IT portfolio management that governed IT investments across the organization resulting in delivering sustainable business enabling capabilities and supporting Otsuka’s diverse, unconventional thinking driven culture.

As CIO and SVP of Information Technology and Innovation at Reliance Life Sciences, Bob led the global IT function for a new venture life sciences startup funded by Reliance Industries, the largest company in India. As a member of the U.S. executive team, he provided IT alignment and technology leadership in support of Reliance’s business development efforts to support growth in their life sciences business.

As VP of Information Technology at Pfizer, Bob was responsible for establishing the newly formed Enterprise Solutions group. He spearheaded the establishment of Pfizer’s global IT shared services supporting 60+ market countries. He provided global leadership for a team of 180 colleagues across U.S., Europe, and Asia. Bob’s team implemented global ERP, HR and Supply Chain platforms across Pfizer leveraging an offshore IT strategic outsourcing model to drive quality, cost effectiveness, and scalability, including support for a Financial BPO in India.

Prior to Pfizer, Bob was with Pharmacia, which was then acquired by Pfizer. During the acquisition, Bob was appointed to a newly established senior executive IT position responsible for Business Technology support for Pfizer’s US Pharmaceutical Sales Organization. There, he directed integration efforts in support of Pharmacia acquisition, which rationalized IT assets and services resulting in significant operational efficiencies and OPEX savings.

Prior to Pharmacia, Bob entered the pharmaceutical industry joining French-based Rhône-Poulenc Rorer (RPR) as the IT executive accountable for all supply chain and manufacturing systems for RPR’s Americas region. Bob’s strategic role was to enable alignment and ERP standardization across the region. Bob’s tenure with RPR included recognition of an award-winning e-commerce capability enabling multi-channel collaboration with supply-chain partners and customers.

Bob has also held IT leadership roles at Crayola LLC (division of Hallmark Cards) and Air Products focused on application software service delivery supporting customer service, sales/marketing, distribution and manufacturing disciplines.

Bob has a Master of Science in Industrial Engineering from Lehigh University and Bachelor of Science in Business Administration from Bloomsburg University.

Posted in Default | Comments Off on WGroup Announces New Principal Consultant: Bob Mack

IT Outsourcing Alternatives: Emerging IT Markets Around the Globe – Part 3

by Doug Smith

IT Outsourcing Alternatives: Exploring the Emerging IT Markets Around the Globe

Part 3 of a Three-Part Series: Part 1 of this three-part series explored the advantages of South American and Latin American IT outsourcing solutions. Part 2 revealed that rural outsourcing is quickly becoming a viable IT solution for many United States-based organizations. In Part 3, the powerful Eastern European hub of Romania will be explored to better understand its IT outsourcing advantages.

Located on the Eastern border of the European Union, Romania is a short three-hour flight from London, the financial capital of Europe. For the past decade Romania has slowly been making a name for itself as an IT hub. Not only does it offer some of the lowest prices in the outsourcing business (thanks in part to the country’s low cost of living and low annual wages), but it provides companies with access to expert level IT technicians who are both proficient and driven to succeed.

When most people think of Romania, they think of Count Dracula; however, the country’s young IT professionals are quickly changing that reputation. These individuals have helped Romania, and particularly its capital, Bucharest, step into the IT limelight. The following IT outsourcing advantages can be found in Romania:

  • In 2014 Romania’s second largest export was IT solutions to European and American companies. The National Bank of Romania reported that computer and information services exports had reached €1.4bn in 2013, which represents a 27 percent rise compared to 2012.One of the reasons that Romania is able to export viable IT solutions is due to the language proficiencies of its IT technical experts. The majority of IT workers are fluent in English, as well as German, French, Italian, and Spanish.
  • Clients turn to Romania for outsourcing services due to the previous experience, technology expertise, financial reporting, and high-quality proposal responses that Romanian IT firms offer. In short, Romania provides direct access to IT workers who have a highly specialized skill set and knowledge that is required for the most complex IT solutions
  • Quality services are provided at a significantly lower rate than companies would usually pay for in-house development. The higher quality services help companies improve their image and expand their business capacity through powerful IT solutions.

The Bottom Line

As with countries in South America and Latin America, as well as United States-based rural outsourcing, the Romanian IT outsourcing industry is growing at a rapid rate. It is primed for success in a global marketplace that is based on customer and business needs. In this vein, Romania attracts United States and Europe-based organizations due to the high level of technical and language skills of its IT workers, its proven IT industry, and the availability of a vast IT labor pool. If the Romanian IT outsourcing industry could find a way to bypass the potential time zone conflicts that dissuade some companies from hiring Romanian firms, then it may just become an unstoppable force.

Make sure to visit the WGroup Insights blog at to stay up-to-date with the latest in outsourcing news, strategy, and point of view.

Posted in Default | Comments Off on IT Outsourcing Alternatives: Emerging IT Markets Around the Globe – Part 3

IT Outsourcing Alternatives: Emerging IT Markets Around the Globe — Part 2

by Doug Smith

IT Outsourcing Alternatives: Exploring the Emerging IT Markets Around the Globe

Part 2 of a Three-Part Series: Part 1 of this three-part series explored the advantages of South American and Latin American IT outsourcing solutions. In Part 2, the recently developed market of United States-based rural outsourcing will be explored.

The term “rural outsourcing,” or “ruralsourcing,” was first dubbed in a 2010 CNN Money article. The premise for the term was simple — smaller towns needed jobs, offered a cheaper cost of living, and had the talent needed to provide viable IT solutions at a 25 to 50 percent lower cost. To date, rural outsourcing has grown to become a sought-after IT sourcing solution for companies that want to experience the benefits of outsourcing without the disadvantages of turning to an offshore option.

At its core, rural outsourcing offers urban-based companies the same basic benefits of other traditional outsourcing arrangements.

  • Immediate access to technological expertise
  • Resources that the IT client would otherwise lack internally
  • IT help and solutions when they are needed and wanted. Additionally, these solutions are provided on a purely contractual basis without the extensive overhead that a full-time employee incurs

While the aforementioned advantages have given rural outsourcing a strong footing in the IT sector, its true strength lies in additional attributes.

  • Cost advantages have helped rural outsourcing become a viable solution in the past few years. As a general rule of thumb, the cost of living in rural areas is lower than urban settings, which directly equates to reduced labor rates for the same technical expertise
  • Rural outsourcing solutions typically operate within the same time zone. If, however, the chosen IT provider is in a different time zone than the continental United States-based client, then the maximum time difference would be three hours (as is the case between Eastern Standard Time and Pacific Standard Time)
  • English is the de facto national language of the United States, which means that rural outsourcing solutions eliminate the “language barrier” issue of traditional offshore outsourcing options. Rural outsourcing also eliminates potential cultural clashes or issues.
  • Hiring a United States-based firm is generally a more politically acceptable outsourcing alternative for many U.S companies. In fact, hiring domestically might improve a company’s ability to uphold their mission statement or corporate values.

The Bottom Line

Rural outsourcing is a viable option that will continue to grow as political entities encourage companies to create, hire, and grow their organizations within the United States’ borders. This being said, whenever an organization is considering hiring within the global marketplace, they must first determine their customer and business needs. Only by determining and weighing the needs of these factors, can an organization more effectively evaluate IT outsourcing alternatives. Just as the South American and Latin American markets are ripe for exploration, the rural outsourcing market will become a choice for many American organizations, particularly government entities, who will want to capitalize on its low cost and high-value IT offerings.

Posted in Default | Comments Off on IT Outsourcing Alternatives: Emerging IT Markets Around the Globe — Part 2

IT Outsourcing Alternatives: Emerging IT Markets Around the Globe — Part 1

by Doug Smith

IT Outsourcing Alternatives: Exploring the Emerging IT Markets Around the Globe

Part 1 of a Three-Part Series

For years the term IT outsourcing has been synonymous with sending work over to India. But as India’s IT outsourcing market has become overrun, other countries around the world have begun to step-up as viable alternatives. This three-part series will explore the emerging markets that have begun to take on work that may have been automatically routed to India just a few years ago, as IT outsourcing moves to different sectors across the globe.

IT Outsourcing Makes Its Way To South America and Latin America

The potentially greatest benefit of IT outsourcing is also one of its stumbling blocks — geographical location. When you outsource an IT project you no longer have to worry about location restrictions, paying relocation fees, or wondering if that senior IT director will really leave his hometown to come work for you. IT outsourcing provides the best of the best, without the hassle of wooing a certain skill set.

Additional benefits include:

  • Enhanced skill set. — Outsourcing provides you with access to the brightest minds across the globe.

  • Higher education for your team. — IT outsourcing opens several educational doors for your team. It allows you to recruit someone who can elevate the educational level and skill set of your internal team, while costing less than a typical IT director’s yearly salary.

  • Improved collaboration — Outsourcing allows you to gain both a bird’s eye view and a detailed look at your IT problems, as well as their inherent solutions. In short, outsourcing creates a collaborative environment that typically delivers the optimal results.

With the aforementioned benefits of IT outsourcing in mind, many countries have tried to topple the reigning king of outsourcing — India. To date, Latin American and South American countries have quickly risen through the ranks to become sought-after IT providers. Mexico, Argentina, Bolivia, Brazil, Chile, Colombia, Costa Rica, Mexico, Nicaragua, Panama, Peru, and Uruguay all provide IT outsourcing solutions with a number of unique advantages.

  • Latin American and South American countries are typically in the same time zone as the majority of U.S. states. This means that a full workday overlap can occur, which enhances the ability for educational and collaborative opportunities.

  • There are many cultural similarities between the U.S. and South and Latin American countries. Many U.S. IT firms prefer to work with IT specialists from Argentina, due to the fact that the country shares a similar culture. The closer the cultural similarities, the easier it is to establish a certain level of comfort and trust on the given project, and the easier it is to create open lines of communication.

  • Labor is still relatively inexpensive in Latin and South American countries, especially when the accelerated skill set is considered. Additionally, India is currently experiencing an increase in the cost of living, which has subsequently driven up the cost of IT outsourcing.

  • As the population of native Spanish speakers continues to increase within the United States’ borders, the appeal of working with Spanish cultures grows. Generally speaking, U.S. workers have an easier time understanding English that is spoken with a Spanish accent versus English that is spoken with an Indian accent.

  • Geography is one of the biggest benefits of IT outsourcing; however, it can also be a challenge. Fortunately for Latin American and South American countries, it is fairly easy to reach their borders with a short flight from the U.S. Conversely, traveling to India to review work with your chosen IT team is a lengthy and expensive process.

As the list of advantages continues to grow and the countries begin to invest more money into their IT infrastructure and development, Latin America and South America will steadily become the chosen source for IT outsourcing solutions. Stay tuned for Part 2 of this three-part series, published at, where we will explore rural regions of the United States and the domestic IT sourcing solutions that they provide American companies.

If you’re at a point where re-evaluating your sourcing strategy, providers, or locations makes sense, WGroup can assist you with IT outsourcing advisory services, including strategy, provider evaluations, site risk evaluations, and much more. Visit to learn more.

Posted in Default | Comments Off on IT Outsourcing Alternatives: Emerging IT Markets Around the Globe — Part 1

Optimizing Your Application Portfolio in 5 Steps

by Carlton Greene

All companies, from SME’s to multinational enterprises, struggle with balancing investment in applications. With the dizzying array of options, it can often be difficult to know where and how to spend limited financial resources. These five steps will get you started optimizing your organization’s application portfolio, improving IT outcomes, and increasing the cost effectiveness of IT initiatives.

  1. Look at the whole enterprise – It is extremely important that IT leaders seek to align IT objectives with broader business goals. Look at how applications will affect costs, productivity, sales, and user experience for the entire company, and use that to inform application investment decisions. Many IT departments take an insular approach to applications, considering only those they directly manage. However, this doesn’t reflect today’s reality. Technology is a major component of almost every business function, and IT must work closely with the entire company to achieve positive results.

  2. Set prioritization criteria – There is no way to optimize your company’s application portfolio without first setting criteria for prioritization. In order to do this, leaders must consider several factors. Cost, reusability, strategic importance, regulatory requirements, and a wide range of other issues must be evaluated based on your individual company’s needs and goals. Take time to carefully analyze how each of these factors will affect your organization and prioritize applications across the enterprise based on your analysis.

  3. Think long term – Although one application may appear more cost effective or functional today, it is important to take a long term view when making decisions. Maintenance costs, usability, upgradability, vendor support, and SLA’s can all have a major effect on the total cost and value of a particular application. Don’t overlook these factors.

  4. Engage shadow IT – One important part of taking a company wide view of application optimization is looking at shadow IT. Many IT leaders do not have the resources to focus on technology managed outside of their own department, but it can have a major impact on them despite this. When users inevitably come back to IT with problems related to their own shadow initiatives, it becomes IT’s responsibility. That’s why it’s important for IT leaders to understand that although you can’t, and shouldn’t, stop all shadow spending, you can help influence it. IT leaders can guide other business leaders and point out potential security, performance, or compatibility challenges. By working with other leaders, rather than against them, CIO’s can make greater strides towards more efficient business wide IT.

  5. Continually review the portfolio – It is important to remember that portfolio optimization is always a work in progress. As technologies and the company’s needs change, so should your portfolio. CIO’s must regularly review application portfolios to ensure that they are still driving business goals and retire those that aren’t. It is also important to stay aware of current trends and advancements to take advantage of new developments.

Building a robust application portfolio optimization strategy requires cross departmental collaboration, dedication, and a deep knowledge of current technology and company needs. This can often be challenging for IT leaders, but the benefits can drive business goals and make IT more efficient and more cost effective. Taking the time to develop an effective, informed ongoing strategy for your application portfolio management is critical to the success of any CIO.

You may also be interested in Fighting Rising IT Costs With Application Portfolio Rationalization. Click here.

Posted in Default | Comments Off on Optimizing Your Application Portfolio in 5 Steps

The Art of Negotiating with Your IT Service Providers – Part 3

by Brad Friedman

In this last part of the post we address the legal side of IT purchases. While no one wants to focus on litigation, legal components can be critically important to the purchasing lifecycle. In addition, we will discuss some “deal closers”.

Legal – Contracted legal terms and conditions rarely avail themselves, but when they do, it is typically problematic to the business environment. Here are some areas that top our list:

1. Force Majeure (beyond the reasonable control) – There are a few items beyond the reasonable control of a party like “acts of god” or war. Items like shipping delays, labor disputes, and telecommunication often get bundled into force majeure language but can be managed in an alternative manner. These items should not be classified as force majeure issues.

2. Governing Law and Venue –Typically, you want the governing law and venue to be based in the state where your business is headquartered. UCITA states (MD, VA) laws tend to be pro-licensor. Other states, like TX, MA, CA, IL, IA, and HI tend to be complex. New York is a reasonable alternative but the ultimate choice should be one that you are comfortable with and does not present a disadvantage to your organization.

3. Intellectual Property (IP) Indemnification – Always be sure to protect against IP infringement. There should be no limit on liability and only 3 acceptable resolutions to IP infringement: repair, replace, or a full refund.

4. Limitations of Liability – Vendors always want to limit their liability and typically is an arbitrary amount that is less than the overall value. Liability caps are acceptable as long as they are mutually (painful). Base liability caps on direct damages only specifically excluding damages from IP infringement and breach of confidentiality or gross negligence/willful misconduct.

5. Statute of Limitations – Keep an eye out for language that artificially limits your legal options and deviates from the governing venue limitation statutes.

6. “Missing Documents” and URLs – Many contracts reference and incorporate external documents. This is not troubling unless the documents can be amended at the sole discretion of the vendor. Allow for notification of changes to the referenced documents and your ability to terminate the contract should a modification be detrimental to your company.

7. Regulatory Compliance – Understand the compliance regulatory implications of your industry and how the vendor manages their own compliance efforts and facilitates yours.

8. Contract Terminations – There are very few reasons for termination of a perpetual license (which is a company asset) other than non-payment of the initial license.

9. Audits – License compliance audits are fine but they should be mutual, narrow in scope, limited to no more than once a year, and the costs borne by the auditing party. To minimize your business disruption, try to limit the audits to attestation of compliance. If you are out of compliance, license “true-up” costs should be based on your discounted volume pricing.

It’s time to finish the deal, but what other items can add value to your organization and minimally impact your vendor?

1. Training – Minimal impact to the vendor’s margin and potential high value to your success

2. Points of Contact – allow for more than the vendor specified maximum

3. Look to the Future – lock in discount percentages for other products in your vendor’s portfolio

4. Add-ons – Don’t neglect software options that can present a significant cost and often get shadowed by the core product negotiations.

5. “Your business to keep” clause – provide ability to migrate away from a vendor without penalties for reduced services during the migration. The vendor’s incentive to accept this language is the prospect of continued income stream.

6. Limit end of term contract extensions – Require the vendor to provide you an end of term notification well before your obligation to renew. Until renegotiated, renewal terms should automatically convert to month to month with the same existing terms and costs.

Posted in Default | Comments Off on The Art of Negotiating with Your IT Service Providers – Part 3

IT Service Provider Transition – 3 Keys to Making it Flawless

by Tony Ross

Transitioning from one IT service provider to another can be a stressful, drawn out process that leads to lost productivity and poor outcomes. Many organizations are underprepared and rush into a transition without a well formulated plan. But it doesn’t have to be this way. If the right steps are followed, changing IT service vendors can reduce costs and improve the performance of services, allowing the IT department to more effectively drive business goals.

This article will discuss three keys to making a successful IT service transition and forming the foundations for a productive relationship with the new vendor.

  1. Full organizational participation

  2. One of the greatest points of failure in an IT service vendor transition is a lack of participation within the organization. It is important to remember that success will require substantial effort and foresight. In order to carry out an IT service provider transition, it is absolutely critical that the company be fully committed to the process. Leaders within the IT organization and within the business should work together to ensure the transition is successful and that the goals of the entire organization are met. There should also be robust data gathering prior to making the transition in order to develop consistent metrics and to build a plan to achieve those metrics. As the process unfolds, there should be structures in place to continually implement the plan’s components and continually adapt it based on failures and changing needs. Transitioning always takes longer and is more difficult than the company thinks, it’s important to remain committed to a strong plan in order to see it through to the end.

  3. Transition governance structures
  4. Keeping a transition plan on track and ensuring that the current and future provider deliver expected services while under contract requires robust governance. A skilled team should be in place to oversee the transition, track progress, and make adjustments. This team should regularly meet with senior management and stakeholders to maintain alignment with broader business objectives and ensure accountability.

    In order to effectively implement governance, it is important to build a plan based on trackable work. This means creating a timeline for the transition period with regular milestones agreed upon with the IT service vendor. These milestones should be based on the accomplishment of business driven goals, with payment made to the vendor upon successful completion. This helps ensure that the vendor stays motivated to complete projects successfully and in a timely fashion. There should also be mechanisms to rapidly resolve any disagreements within the organization or with the vendor to keep the transition from stalling.

  5. Strong transition team skills
  6. Above all, it is key for companies not to underestimate the work and skill required to successfully transition IT service vendors. If the company doesn’t have the necessary experience, they won’t know what’s coming and won’t be prepared to deal with problems. For example, one common pitfall is failure to properly manage the incumbent vendor during transition. If the incumbent loses out to another vendor during the bid process, they are often very unhappy, and may severely cut efforts to provide good IT service. Knowing how to manage situations like these, and tailor a plan to ensure that any problems are quickly addressed, is extremely important to a successful transition. Companies must have the right people on their side in order to balance speed and risk and work with the company and vendors to facilitate a seamless transition.

Learn more about maximizing your vendor management with our white paper, The Top 9 Trends in Vendor Management, available at

IT leaders who are contemplating a change in IT service provider can rely on WGroup’s advisory services. See for more information.


Posted in Default | Comments Off on IT Service Provider Transition – 3 Keys to Making it Flawless

The Art of Negotiating with Your IT Service Providers – Part 2

by Brad Friedman

In the first part of this post, we outlined pricing and licensing techniques. In this second part of the three-part series of posts, we will address maintenance and professional services.

Maintenance – Maintenance is not just for repairing defects but primarily for functional and other improvements. Pricing varies widely: 15-22% or more annually of the purchase price. There are situations where maintenance is not warranted. For example, hardware with a 3 years NBD warranty or desktop productivity software that is not upgraded at least once every 3 years. Regardless, there are some basic guidelines when purchasing maintenance. Maintenance costs should be based on the NET cost of the product after all discounts. Future increases in maintenance costs should be limited to a maximum of 2-3% per year and/or costs locked in for several years. It is beneficial to waive the cost of the maintenance for the first year, especially if the maintenance clock starts ticking in parallel to the implementation.

Your company will be impacted if your vendor gets acquired. Protecting against negative affects is critical. Negotiate “end of life” business requirements that include transition to new versions or product lines, locking in sunset support to meet migration requirements, and credits for sunk costs to offset transition costs. New functionality should not trigger an increase in maintenance costs. Ensure that product enhancements are included in the maintenance costs. Most importantly, but often bypassed, is ensuring end of life software functional replacements are provided at no additional cost (primarily seen during an M&A event). A new product (a new potential maintenance stream) that encapsulates the old functionality should be provided free. If the vendor cannot segregate the “added functionality” from the old, then require the additional functionality to be provided at no cost.

Some vendors create maintenance dependencies between components (line items). Beware the all or nothing clause prohibiting the removal of individual maintenance components. Each component should stand on its own unless it is a pre-requisite for another. It is also a good idea to specify maintenance reinstatement fees and business downturn clauses that allow for service level reductions.
Establish SLA’s that are not only based upon standard metrics like response and repair time but align with your internal business requirements. Allowing vendors to earn back penalties for exemplary performance can be an incentive. When problems arise, make sure that you have the ability to escalate problem severity.

Implementation Professional Services – It is a good practice to tie payments to implementation milestones, using acceptance testing where possible, and in some cases, a holdback percentage on payments until the project is completed.

Ensure that the work performed is the company’s asset to use as desired. Payment for services does not mean you own the end product. Ensure contracts specify the services are “work for hire” and include intellectual property assignment or at least an unfettered right to use in the ordinary course of your business operations.

Manage your contractors as you would your own employees. You control their “acceptability”, adherence to your company policies, service termination, etc. Preserve a “first right of refusal” for extending the services of key contractor resources. In addition, ensure agreed timelines are maintained even if a service provider needs to replace a contractor. Always pre-approve assigned contractors.

Remember that contracted professional services are outsourced services. Outsource the service but never outsource the management. It is your responsibility to control the services provided as well as their time, travel, expenses, and invoices.

In the third part of the series we will cover important legal concepts and additional opportunities.

Posted in Default | Comments Off on The Art of Negotiating with Your IT Service Providers – Part 2