Archive for the ‘outsourcing’ Category

Are managed IT services set to grow this year?

January 25, 2012

Business of all sizes and sectors across the country are still worried about the poor conditions of the current economic environment, which is not set to improve this year, as analysts and experts have already announced. With no way of avoiding this situation, organisations can only try to make the best of it, and perhaps use it as an occasion to really assess what expenses are essential to their business and how they can take advantage of the weakened financial setting. It is important to try to make the best of what one has and what is available in order for an organisation to survive or even grow during hard times.

Of course when money is tight the Service Desk is one of the departments more likely to suffer, with all the possible consequences on the rest of the business. With most IT projects scrapped from the beginning, it takes a good justification to invest in anything more expensive than a screen wipe. Yet correct management of the Service Desk, including continuous training of IT staff, an inexpensive absence cover system, continuous service improvement ethos, updating service management processes to the latest and most relevant best practices and meeting the appropriate targets can still be possible without incurring in eye-watering bills. This is the principle behind a Managed IT Service – a Service Desk can work to a good standard at all times, because someone else is taking care of it and all variable costs become fixed.

Various types of IT outsourcing have become popular in the last few year – from offshoring to cheaper countries to having only some Support staff managed by a provider. Different options work for different organisations, but generally speaking the popularity of one over another during a recession or uncertain economic environment depends on a series of factors and in particular: low risk; ROI; ease of adoption/set-up; as well as a financial factor.  In times like these, where one doesn’t want to be involved in large projects or revolutionise their whole IT department and have to re-think the way they deliver and use IT Support, a radical option such as offshoring or full outsourcing might not be ideal. With a Managed IT Service Desk, the ‘status quo’ of the IT department should not be affected as the expectation is the supplier will implement a robust framework which ensures that existing Service Levels are at least maintained, whilst transitioning the Service Desk to a ‘future state’ model over an agreed period of time.

This meets the requirements of ease of adoption and risk, as it is easier to set up, reverse, retake charge of or switch provider, when compared with a fully outsourced or offshore solution. This option can also assure a certain level of information security compared to a fully outsourced service, as the Service Desk will be based at close sight within the organisation’s premises (unless otherwise requested) and the system, and therefore the data stored and processed within it, is owned by the company. The minimised risk makes this a good choice when one cannot afford to take risks.

As for the financial factor, most outsourcing models will eliminate the cost of certain projects such as staff training or service management implementations, and make variable costs become fixed: the provider will agree to meet certain SLAs for a set price, and it is up to them to provide the appropriate staff upskilling, best practice processes and so on within their budget, in order to meet targets. But a managed IT service will not require the extra cost of moving the service desk elsewhere, hiring or buying new equipment, sending managers over to another place, city or country to check on how the service desk is doing and, also, the costs involved in switching back to in-house or to another provider if the initial project failed.

Finally, the return on investment is clear and demonstrable. Having an expert provider taking control of your existing IT Service Desk will increase productivity and efficiency, reduce the volume of incidents and Service failures and ensure a significant part of your IT spend is fixed and controlled, giving the company peace of mind (IT becomes someone else’s problem) and allowing business to function at its best.

With these premises, it is likely that managed IT services will be chosen over and over again as an option to meet the demanding IT standards of a modern-day organisation in a time when any investment must be carefully thought and justified, and the return on investment clearly proven. This much needed headache relief can allow companies to carry out their business without having to worry about the quality and sudden expenses related to their IT, and therefore get a better chance to survive or even increase their work in these hard times.

Pete Canavan, Head of Support Services

This article is on Sourcing Focus: http://www.sourcingfocus.com/site/opinionsitem/4807/

NEWS: Plan-Net wins 5-year IT outsourcing deal with Davenport Lyons

October 31, 2011

IT Services provider Plan-Net plc have agreed a 5-year IT outsourcing contract with the west end law firm Davenport Lyons.

Plan-Net will provide Davenport Lyons with a new virtual infrastructure and 24/7 support delivered from an onsite team and dedicated legal IT support centre based in central London.

Plan-Net Director Adrian Polley commented:

‘We are extremely pleased to be adding Davenport Lyons to our growing list of legal clients and look forward to delivering the high levels service required in this sector.’

  • For more information contact:

Samantha Selvini

Press Officer, Plan-Net plc

Tel: 020 7632 7990

Email: samantha.selvini@plan-net.co.uk

  • About Plan-Net

A specialist in transforming IT operations into high-performance, cost-efficient platforms for business success, Plan-Net works with clients of all sizes and needs to help them maintain high levels of service while still meeting demands for a reduction in IT spending.

Plan-Net has helped to enhance performance, flexibility, security, cost-efficiency and, ultimately, user productivity at clients large and small over the two prosperous decades of its existence.

Website: www.plan-net.co.uk

Blog: http://plannetplc.wordpress.com/

Twitter: www.twitter.com/PlanNetplc

The GLOCAL IT Service Desk

June 27, 2011

‘Stay local, act global’ is the new mantra for IT departments

With companies becoming increasingly international and IT support more and more remote, the IT Service Desk finds itself dealing with a user base that often extends to an EMEA or global level. The idea of outsourcing to a service provider seems now more than ever a convenient and cost-efficient solution to many organisations – in fact, the IT outsourcing industry in the UK is now generating over £40 billion a year, accounting for 8 per cent of the country’s total economic output, an Oxford economics research recently revealed. Delegating management of the IT Service Desk allows companies to focus on their business whilst leaving IT-related matters such as Incident, Problem and Request management with their associated headaches – to the experts.

It is, however, wrong to think that a ‘global’ desk has to be based in India, China or Poland. Such an off-shore or near-shore solution might not be safe enough for those companies which need to keep a high level of control over the data and IP processed by their IT system, such as those in the financial, legal and public sector. But an outsourced Global Support team does not actually have to be physically located abroad – the service just needs to be able to reach offices and branches across the world, which surprisingly can be done even from Sevenoaks, London or from your very own headquarters.

In addition to this, choosing a managed service rather than a fully outsourced solution can prove an even better arrangement. In fact, whereas with full outsourcing and offshoring the level of control over the IT department can never be full because the whole infrastructure usually belongs to the provider, a managed service can provide a safer solution for those organisations which are very careful about security, such as those whose very sensitive or precious data cannot risk being stolen, leaked or lost. Many companies simply see value in knowing the people responsible for assisting their business.

Although a solution which is 100% safe does not exist, retaining ownership of the infrastructure and keeping the Service Desk in the office or near the premises means that there is a lesser risk of data security issues getting out of hand, being reported too late or being hidden. By using a trusted provider and retaining a certain level of control over the department, the chances of a security breach are therefore minimised.

A Gartner research published last month revealed that IT outsourcing is increasing all over the world: global IT spend by businesses increased 3.1% in 2010 amounting to $793bn, a slight rise from the $769bn that was spent in 2009. This shows that the market is slowly going back to pre-crisis levels of 2008, after which it fell by 5.1%. Companies are spending more even if the economic climate continues to remain uncertain and the fear of a double-dip recession is still in the air – clearly they believe IT outsourcing is worth the risk, and this could be because of the flexibility it allows them to have.

Some Support solutions, in fact, enable organisations to increase and decrease the size of their IT Service Desk according to need. This could not be so easily done within an in-house service: engineers would have to be kept even when not fully utilised, meaning inefficiency occurs, made redundant during low service needs or made to work harder and longer at peak times. If we apply this to a global scale and the implication of different employment law for each country, it gets unnecessarily complicated.

A Support services provider should be able to add and take out engineers and move them around flexibly, and some even have a multisite team hired expressly to go where needed at short notice within the provider’s clients. With this level of flexibility, the ties that bind organisations to providers can be more an advantage than a disadvantage during global expansion or difficult and rocky economic times.

Martin Hill, Head of Support Operations

IT Support: grow-your-own or buy organic?

May 12, 2011

IT support staff are for many companies what vegetables are to your body – essential elements for efficient functioning and critical to avoid major failures. Exactly like cultivating your own greens, having an in-house IT team may give you a sense of trust and control unlike other solutions. However, it is also expensive and time-consuming, therefore not always convenient.

A ‘home-grown’ solution may suit larger organisations that either have the need to train analysts to use their self-developed software, have security or strategic reasons to have total control over the IT department or have the resources (financial, human and time-related) to train and manage a large IT personnel base – although this is quickly moving away from the norm for even these sizes of business.

Other organisations, smaller and more prone to seeking cost-efficiencies even outside of the office, might find an outsourcing or managed service solution more suitable. Of course, getting engineers from a service provider is like getting veggies from a market stall or through online shopping – it is generally easier and cheaper, but the risk is that they are not trustworthy. The engineers provided by a third party are completely out of your control: you don’t know where they come from, if they were trained correctly or if they will harm your company by stealing data.

But this might not be a huge problem for small companies for which IT is not strategic. A full outsourcing or offshoring solution could suit organisations which do not need engineers with very specific knowledge or strict SLAs and for which data security is not a major issue. However, companies which do need security and efficiency, but also to cut down cost and access expertise they lack internally, would need a solution that merges control with delegation.

Going back to the vegetables metaphor, to balance the need for quality and reliability with the desire to delegate cultivation and management, you would probably go to a trusted organic greengrocer’s, where products feature quality labels, PDO and organic certificates, and a reliable, experienced source.

It is in fact important to carefully choose a support provider that can meet your specific needs, with certified, trained and up-to-date engineers able to meet targets measured through KPIs. Managed services, moreover, will allow the organisation to keep some kind of control over the IT department while leaving its management to the experts.

All in all, there isn’t one best choice: an organisation might find advantage in keeping the department in-house, having a co-sourced solution or outsourcing management or the whole department to a third party. The important decision is to choose carefully based on the organisation’s features, needs and goals so that IT can be used as part of their overall strategy for business success.

Pete Canavan, Head of Support Services

This article has appeared on Computing magazine and Computing.co.uk: http://www.computing.co.uk/ctg/opinion/2069345/support-grow-organic


Surviving IT spending cuts in the public sector

February 15, 2011

How to create cost-efficiencies in the post-Spending Review scenario

After the announcement of 25%-40% budget cuts last year, it is reasonable to expect IT to be one of the departments to suffer the most in public sector organisations. However, cuts in IT support and projects may bring inefficiencies and disruptions, which can then lead to real losses and increasing costs.  More than ever, CIOs and IT Directors at public sector organisations are taking various options into consideration, from quick-fixes to farther-sighted ideas, trying to find a solution that will produce savings without compromising on service quality and data security, and perhaps even increasing efficiency. Here are some common ideas analysed:

Solution 1: Reducing headcount

Firing half of your IT team will produce immediate savings since you will not have to pay them a salary the following months, but when Support staff is insufficient or not skilled enough to meet the organisation’s needs it can lead to excessive downtime, data loss, security breaches or the inability to access applications or the database. A ‘quick-fix’ such as this represents a false economy. Reviewing resource allocation and improving skill distribution at Service Desk level, on the other hand, can be a valid solution. Indeed many IT departments can find themselves top heavy with expert long serving team members where the knowledge supply out-weighs the demand. A larger proportion of lower-cost 1st line engineers with improved and broader skills and a fair reduction of the more deeply skilled and costly 2nd and 3rd line technicians can not only reduce staff spend, but also create efficiencies with more calls being solved with first-time fix.

Solution 2: Offshoring

Although the thought of employing staff who only ask for a small percentage of a normal UK salary may sound appealing, offshoring is not as simple as ABC. It requires a large upfront investment to set up the office abroad, with costs including hardware, software, office supplies and travel and accommodation of any personnel that manages the relationship with the supplier. Organisations are not able to afford that kind of investment, especially since this solution only creates cost-savings in the long term – but the public sector needs cost savings now. Furthermore, the different culture and law can represent a risk to information security: data could be easily accessed by staff in a country thousands of miles away and sold for a couple of dollars, as various newspapers and TV channels have found out. With the extreme sensitivity of data processed by Councils, charities and the NHS, no matter how hard foreign suppliers try to convince the public sector to offshore their IT, it is unlikely this will happen – it is simply too risky.

Solution 3: IT Cost Transparency

Understanding the cost of IT and its value to the organisation, being able to prioritise and manage people and assets accordingly and knowing what can be sacrificed, can help identify where money is being wasted, which priorities need to be altered and what can be improved. For instance, do all employees need that piece of software if only three people actually use it more than twice a year, and do you need to upgrade it every year? Do all incidents need to be resolved now, or can some wait until the more urgent ones are dealt with? Do you need a printer in each room, and when it breaks do you need to buy a new one or could you make do with sharing one machine with another room? These and many other questions will lead to more efficient choices, but only after having identified and assessed the cost and value of each aspect of IT, including people and assets.

Solution 4: Cloud computing

There are contrasting opinions on this matter. The Government CIO, John Suffolk encourages the use of this service, and reckons that the public sector would be able to save £1.2bn by 2014 thanks to this solution. However, many believe that placing data in the hands of a service provider can be risky due to the highly sensitive nature of the data involved, so traditional Cloud computing may not be an ideal solution.

A shared environment such as the G-cloud, where various public sector organisation share private data centres or servers, may be a safer option that allows the public sector to achieve major efficiencies and cost savings, while minimising issues related to data security.

Solution 5: Shared Services

A shared service desk is not for everyone – it can only work if the organisations sharing have similar needs, culture and characteristics, and as IT can be a strategic advantage for competitive businesses, sharing the quality may mean losing this advantage. But for the public sector, this solution may be ideal. Local councils with the same functions, services and needs will be able to afford a higher level of service for a reasonable price, sharing the cost and the quality.

Solution 6: Service Management Good Practice

‘Doing more with less’ is one of the most used quotes since the recession started. And it is exactly what the public sector is looking for. Public organisations don’t want to be ITIL-aligned, obtain certifications, and tick the boxes. All they want is efficiency and cost savings – and through the right Service Management moves, after an Efficiency Review to find out what needs improvement and how, this can be obtained through the right choices regarding people, processes and technology.

Solution 7: Managed Services

A solution where the IT Service Desk is kept internal with its assets owned by the company, but managed by a service provider is becoming more and more popular among organisations from all sectors. When the sensitivity of data and a desire for a certain level of control over IT rules out full outsourcing, but in-house management does not allow to reach potential cost savings and efficiencies, a managed service may represent the ideal ‘in-between’ choice. The post-Spending Review public sector, then, may benefit from a flexible solution that is safer than outsourcing, but more cost-effective than an in-house solution.

Every challenge can be a new opportunity

Although budget reduction may affect investment in large IT projects and shiny new technology, it also represents the ideal opportunity to analyse what is essential and what is not, and to prioritise projects based on this. The public sector, then, find itself prioritising for effectiveness over compliance, cost-efficiency over cheapness and experience over offers, when choosing providers and tools for their IT. This will lead to the choice of solutions that will help organisations run more smoothly and safely, invest their resources better and, ultimately, deliver a service that will bring maximum customer and user satisfaction.

Martin Hill, Head of Support Operations

(also on Business Computing World: http://www.businesscomputingworld.co.uk/how-to-create-cost-efficiencies-in-the-post-spending-review-scenario/)

10 things we learnt in 2010 that can help make 2011 better

December 23, 2010

This is the end of a tough year for many organisations across all sectors. We found ourselves snowed-in last winter, were stuck abroad due to a volcano eruption in spring, suffered from the announcement of a tightened budget in summer, and had to start making drastic cost-saving plans following the Comprehensive Spending Review in autumn. Data security breaches and issues with unreliable service providers have also populated the press.

Somehow the majority of us have managed to survive all that; some better than others. As another winter approaches it is time to ask ourselves: what helped us through the hard times and what can we do better to prevent IT disruptions, data breaches and money loss in the future?

Here are some things to learn from 2010 that may help us avoid repeating errors and at the same time increase awareness of current issues, for a more efficient, productive and fruitful 2011:

1- VDI to work from home or the Maldives

Plenty of things prevented us getting to work in 2010; natural disasters, severe weather and industrial disputes being the biggest culprits. Remote access solutions have been around for a long time, but desktop virtualisation has taken things a stage further. With a virtual desktop, you’re accessing your own complete and customised workspace when out of the office, with similar performance to working in the office. Provided there’s a strong and reliable connection, VDI minimises the technical need to be physically close to your IT.

2- Business continuity and resilience with server virtualisation

Server virtualisation is now mainstream, but there are plenty of organisations large and small who have yet to virtualise their server platform. When disaster strikes, those who have virtualised are at a real advantage – the ability to build an all-encompassing recovery solution when you’ve virtualised your servers is just so much easier than having to deal with individual physical kit and the applications running on them. For anyone who has yet to fully embrace the virtualisation path, it’s time to reassess that decision as you prepare for 2011.

3- Good Service Management to beat economic restrictions

With the recent economic crisis and the unstable business climate, the general message is that people should be doing more with less. It’s easy to delay capital expenditure (unless there’s a pressing need to replace something that’s broken or out of warranty) but how else to go about saving money? Surprising, effective Service Management can help deliver significant cost-efficiencies through efficient management of processes, tools and staff. Techniques include rearrangement of roles within the IT Service Desk to get higher levels of fix quicker in the support process, and adoption of some automatic tools to deal with the most common repeat incidents. Also getting proper and effective measures on the service, down to the individuals delivering it, helps to set the bar of expectation, to monitor performance and improve processes’ success.

4- Flexible support for variable business

An unstable economic climate means that staffing may need to be reduced or increased for certain periods of time, but may need rescaling shortly afterwards. At the same time epidemics, natural disasters and severe weather conditions may require extra staff to cover for absences, often at the last minute. Not all organisations, however, can afford to have a ‘floating’ team paid to be available in case of need or manage to get contractors easily and rapidly. An IT Support provider that can offer flexibility and scalability may help minimise these kinds of disruption. In fact, some providers will have a team of widely-skilled multi-site engineers which can be sent to any site in need of extra support, and kept only until no longer needed, without major contractual restrictions.

5- Look beyond the PC

Apple’s iPad captured the imagination this year. It’s seen as a “cool” device but its success stems as much from the wide range of applications available for it as for its innate functionality. The success of the iPad is prompting organisations to look beyond the PC in delivering IT to their user base. Perhaps a more surprising story was the rise of the Amazon Kindle, which resurrected the idea of a single function device. The Kindle is good because it’s relatively cheap, delivers well on its specific function, is easy to use and has long battery life. As a single function device, it’s also extremely easy to manage. Given the choice, I’d rather the challenge of managing and securing a fleet of Kindles than Apple iPads which for all its sexiness adds another set of security management challenges.

6- Protecting data from people

Even a secured police environment can become the setting for a data protection breach, as Gwent Police taught us. A mistake due to the recipient auto-complete function led an officer to send some 10,000 unencrypted criminal records to a journalist. If a data classification system had been in place, where every document created is routinely classified with different levels of sensitivity and restricted to the only view of authorised people, the breach would have not taken place as the information couldn’t have been set. We can all learn from this incident – human error will occur and there is no way to avoid it completely, so counter measures have to be implemented upfront to prevent breaches.

7- ISO27001 compliance to avoid tougher ICO fines

The Data Protection Act was enforced last year with stricter rules and higher fines, with the ICO able to impose a £500,000 payment over a data breach. This resulted in organisations paying the highest fines ever seen. For instance Zurich Insurance which, after the loss of 46,000 records containing customers’ personal information, had to pay over £2m – but it would have been higher if they hadn’t agreed to settle at an early stage of the FSA investigation. ISO 27001 has gained advocates in the last year because it tackles the broad spectrum of good information security practice, and not just the obvious points of exposure. A gap analysis and alignment with the ISO 27001 standards is a great first step to stay on the safe side. However, it is important that any improved security measure is accompanied by extensive training, where all staff who may deal with the systems can gain a strong awareness of regulations, breaches and consequences.

8- IT is not just IT’s business – it is the business’ business as well

In an atmosphere where organisations are watching every penny, CFOs acquired a stronger presence in IT although neither they nor the IT heads were particularly prepared for this move. For this reason, now the CIO has to find ways to justify costs concretely, using financial language to propose projects and explain their possible ROI. Role changes will concern the CFO as well, with a need to acquire a better knowledge of IT so as to be able to discuss strategies and investments with the IT department.

9- Choose your outsourcing strategy and partner carefully

In 2010 we heard about companies dropping their outsourcing partner and moving their Service Desk back in-house or to a safer Managed Service solution; we heard about Virgin Blue losing reputation due to a faulty booking system, managed by a provider; and Singapore bank DBS, which suffered a critical IT failure that caused many inconveniences among customers. In 2011, outsourcing should not be avoided but the strategy should include solutions which allow more control over assets, IP and data, and less upheaval should the choice of outsourcing partner prove to be the wrong one.

10- Education, awareness, training – efficiency starts from people

There is no use in having the latest technologies, best practice processes and security policies in place if staff are not trained to put them to use, as the events that occurred in 2010 have largely demonstrated. Data protection awareness is vital to avoid information security breaches; training to use the latest applications will drastically reduce the amount of incident calls; and education to best practices will smooth operations and allow the organisations to achieve the cost-efficiencies sought.

Adrian Polley, CEO

This article has been published on Tech Republic: http://blogs.techrepublic.com.com/10things/?p=2100

Taking the third option

October 26, 2010

Many organisations are moving to a ‘best of both worlds’ between insourcing and outsourcing – Managed Services.

Efficient management of IT Support has become a crucial issue for organisations across all sectors. It is being increasingly recognised not only as a means to improve the whole business, but also as an instrument to create strategic advantage and added business value.

Many organisations identify two distinct types of management options for their IT Support – controlled and visible in-sourcing and the apparently cost-efficient outsourcing.  But for organisations dealing with high value users, non standard applications or sensitive data, outsourcing can represent too big a risk, leaving the single option of keeping IT Support in-house. Financial institutions, law firms, professional services businesses and some sections of the public sector may well then believe that they have no option but to ignore a potentially sizable benefit in cost and efficiency.

However, there is a third option embraced by a diverse pool of organisations such as software giant Microsoft, public sector body Serious Fraud Office and law firm Simmons & Simmons that allow the utilisation of outsourcing benefits with none of the drawbacks – the Managed Service.

A recent survey of CIOs showed that 19 per cent of those interviewed are already using Managed Services for their IT Service Desk, and that number is expected to rise to 34 per cent towards the middle of 2011. According to participants in the CIO Market Pulse Survey for Management Excellence they chose Managed Services primarily due to a lack of appropriate internal resources, a desire to retain control and the need to reduce costs.

A Managed Service was seen as the best option for their organisation because it was thought to be less risky than traditional outsourcing and more efficient than internal management. In fact, this solution can be regarded as more than just the halfway house between insourcing and outsourcing, it is now in many cases a superior solution incorporating all the best features of both and none of the weaknesses.

Its main strengths are similar to those of outsourcing – for instance, the provider manages all aspects of the function, from staff to operations and is responsible for Service Level Agreements and TUPE. The differences mainly involve the physical location of the team, with a Managed Service utilising the clients office space and infrastructure and an Outsource placing the team anywhere in the world.

Although outsourcing is universally assumed to be the cheapest option since it is often carried out in countries where the cost of labour is very low, statistics show that overall cost savings often don’t exceed a mere 10-15%. In fact, when the possible degradation of service and inevitable cultural changes are forced into the user base and given a cost, the actual saving can be in low single digits. The problem becomes even more acute when the user base comprises staff who generate income streams or are a high salary cost to the business.

Using high value users’ time to prop up a poor performing support function can easily be costed and the results are startling. Using just an average user cost to a business  of say £20 p.h., simple maths demonstrates that 30 extra minutes per month per user spent interacting with a poor Service Desk, in a 2000 user business will cost it £240,000 p.a. in lost working time. Using the same equation with a Doctor, Lawyer or Banker’s costs produces frightening numbers.

Moreover, offshoring presents an increased risk of data security breaches: there have been many stories in the press of offshore employees selling credit card, health and other personal details collected from client databases.  It can be difficult to control and monitor an office located on the other side of the globe, but the problem of data security does not end with offshoring – even when the outsourced support function is located near the client’s office, all information stored and processed in the systems owned by the provider is at risk, and so is the intellectual property.

If the function is run on the client site and the assets are owned by the client, there is a sense of control over the data and intellectual property. These characteristics make Managed Services similar to insourcing. However, unlike an in-house solution, management of operations, processes and staff is left to the expertise of professionals who are measured via SLA and more often than not, subject to penalties for failure to perform.

Little wonder then that organisations across all sectors are embracing ‘the third option’. Microsoft made headlines when a press release announced that their Service Desk, desk-side services and infrastructure and application support were managed onsite by a provider. Although some of the firm’s critics took it as a sign of weakness, assuming that a software company should be an expert at managing the Service Desk as well, the IT community understood that it was a strategic move driven by the desire to create cost-efficiencies in a safe way. If the likes of Microsoft choose managed services over in-sourcing and outsourcing as the best solution for them, it is likely that the model will apply for many other organisations where control and cost reduction is vital.

It appears that instead of forcing more organisations to offshore to cheaper countries, the economic environment is leading to managed services becoming the favoured choice. According to the CIO survey, 40 per cent of organisations are adopting this option as a result of the economic climate for different aspects of their IT. In comparison, only 26 per cent are turning to outsourcing and 29 per cent are keeping services in-house.

Taking all of this into account, the evidence appears to suggest that the future of IT Support as a business enabler rests on finding the right balance between control and delegation, thus ensuring efficiency meets security in an environment which remains in sight and firmly in mind. Although outsourcing and insourcing still have a place in many organisations, as sourcing models mature and evolve it is becoming apparent that a significant number of organisations will move towards more bespoke, internally managed solutions to meet their particular needs.

Richard Forkan, Director

Find this article on Outsource Magazine: http://www.outsourcemagazine.co.uk/articles/item/3589-taking-the-third-option

The peculiarities of Metro Bank’s IT outsourcing model

October 20, 2010

Recently-launched Metro Bank has made headlines these last few months for more than one reason: it is the first high-street bank to launch in over 100 years; it follows a retail store model, offering longer opening hours and no weekly closing day; and virtually all of their IT is outsourced to a Managed Services provider.

The news of a bank outsourcing its IT does not come as a complete surprise, as many banks outsource certain functions such as software development, IT Support etc. There are elements of novelty in this choice, though – for instance the fact everything but security and the local networks and terminal devices is being outsourced, which puts a lot of technology in the hands of the provider. It is also unusual that they have chosen a new provider, niu Solutions, which is a merger of four different IT and telecom providers and has little track record as a unified company. And finally, what is most interesting about Metro Bank’s set-up is that they are using a new ‘pay-as-you-grow’ Managed Service model that is highly-virtualised, flexible and scalable – something only a start-up is likely to have considered.

Some publications reported that the bank is using cloud computing, but they are probably mistaking the somewhat flimsy term with plain virtualisation. This is not a shared service – the bank has paid upfront for the hardware and has employed the provider to manage their systems, which run remotely from two data centres in the UK.   While it’s likely that the provider will be looking to add customers to the model, there’s little doubt that Metro will insist upon a high degree of separation of “their” equipment in the provider’s datacentre to help minimise security risks.

With any financial firm, but particularly a retail bank, information security is an overriding concern.  As well as the detailed personal and financial records they hold for their customers, there is also concern about who has access to the various financial systems that are used for recording and executing financial transactions.

Locating kit at a provider’s premises introduces a transfer of control issue, but Metro bank will mitigate that by ensuring data at rest is encrypted, and that the right security standards are enforced at the provider’s datacentres.

Clearly it is in the provider’s interest to supply a good and secure service to retain their clients and their reputation, and the advantage of dealing with a supplier is that roles and responsibilities should be clearly defined and contracted.  This is in contrast to relying on internal staff – the assumption might be that this improves security, but it also introduces the risk that there is less formality and, consequently, fewer proper control measures.

The biggest concern in a modern bank is logical security, rather than physical. Access to accounts and key financial systems will be highly restricted and audited. Since operational security at Metro Bank is retained in-house, the risks of a provider’s rogue employee having the level of access necessary to steal data or using the system for criminal purposes is relatively low.

A concern in any outsourcing arrangement is the financial stability of your chosen partner.  Such concerns would be particularly acute for Metro Bank as there would be serious repercussions if, for example, a company failure meant it couldn’t get access to its systems.  Clearly Metro will have done its homework on its chosen provider and insisted on various safeguards and insurances.

The new ‘pay-as-you-grow’ model appears to be convenient especially because of its scalability potentials – after an upfront payment for hardware, the bank pays a cost per user and increases its spend as the client and user base grows. With any new venture, it can be difficult to predict what the level of growth will be, and by adopting this model Metro will only pay for the growth as it’s achieved – rather than needing to make significant upfront investments to ensure growth isn’t hindered. Also, by leaving IT to the experts the bank is able to concentrate on customers and operations without having to worry about IT availability and support, sure of getting a high quality service thanks to SLAs.

This model is certainly interesting, but needs to show it can work in order to gain more trust among both banks and bank customers, and therefore be embraced by a larger number of companies. Retail banking is a better candidate for the model than, say, Investment Banking where the breadth of systems typically used and high-speed real-time requirements for data delivery might deter the organisation from being so bold. Nevertheless, this innovation can create many benefits from a business point of view: if this model manages to work over time, it could create many more opportunities for service providers to enlarge their range of work, and for banks to embrace cost-efficiencies that will enhance their competitive value and, ultimately, their potential for success.

Adrian Polley, CEO

Are you Off-Sure about your IT Service Desk?

July 15, 2010

No matter the economic climate, or indeed within which industry they operate, organisations are constantly seeking to lower the cost of IT while also trying to improve performance. The problem is it can often seem impossible to achieve one without compromising on the other and in most cases, cost cutting will take prevalence, leading to a dip in service levels.

When things get tough the popularity of off-shoring inevitably increases, leading many decision-makers to consider sending the IT Service Desk off to India, China or Chile as a convenient solution financially – low-cost labour for high-level skills is how offshore service providers are advertising the service.

In reality things are not so straightforward. The primary reason for off-shoring is to reduce costs, but according to experts average cost savings only tend to lie between 10-15%, and what is more, additional costs can be created – research shows, in fact, that they can in some cases increase by 25%.

Hidden costs, cultural differences and low customer and user satisfaction are reasons which have made nearly 40% of UK companies surveyed by the NCC Evaluation Centre change their mind and either reverse the move – a phenomenon known as ‘back-shoring’ or ‘reverse off-shoring’ – or think about doing so in the near future. Once an organisation decides to reverse the decision, however, the process is not trouble-free. Of those who have taken services back in-house, 30% say they have found it ‘difficult’ and nearly half, 49%, ‘moderately difficult’. Disruptions and inefficiencies often lead to business loss, loss of client base and, more importantly, a loss of reputation – it is in fact always the client and not the provider which suffers the most damage in this sense.

Data security is another great concern in off-shoring. An ITV news programme recently uncovered a market for data stolen at offshore service providers: bank details and medical information could be easily bought for only a few pounds, often just from call centre workers. Of course information security breaches can happen even in-house, caused by internal staff; however, in off-shoring the risk is increased by the distance and the different culture and law which exist abroad.

Not a decision to be taken lightly, then. Organisations should realise that the IT Service Desk is a vital business tool and while outsourcing has its advantages, if they do it by off-shoring they are placing the face of their IT system on the other side of the planet, and in the hands of a provider that might not have the same business culture, ethics and regulations as they do.

So before thinking about off-shoring part or the whole IT department, organisations would be wise to take the time to think about why their IT is so expensive and what they could do to improve it, cutting down on costs without affecting quality, efficiency and security and moreover, not even having to move it from its existing location.

Here are some measures organisations could take in order to improve efficiency in the IT Service Desk while at the same time reducing costs:

Best practice implementation

Adoption of Best Practice is designed to make operations faster and more efficient, reducing downtime and preserving business continuity. The most common Best Practice in the UK is ITIL (Information Technology Infrastructure Library) which is divided into different disciplines – Change Management, Risk Management, Incident Management to name but a few.

ITIL processes can be seen as a guide to help organisations plan the most efficient routes when dealing with different types of issues, from everyday standard operations and common incidents up to rarer events and even emergencies.

Whilst incident management seems to be easily recognised as a useful tool, other applications of ITIL are unfairly seen by many as a nice to have. But implementing best practice processes to deal with change management, for example, is particularly important: if changes are carried out in a random way they can cause disruptions and inefficiencies, and when a user cannot access resources or has limited use of important tools to carry out their work, business loss can occur – and not without cost.

Every minute of downtime is a minute of unpaid work, but costs can also extend to customer relationship and perhaps loss of client base if the inefficiencies are frequent or very severe.

Realignment of roles within the Service Desk

With Best Practice in place, attention turns to the set-up of resources on the Service Desk. A survey conducted by Plan-Net showed that the average IT Service Desk is composed of 35% first-line analysts, 48% second line and 17% third line. According to Gartner statistics, the average first-line fix costs between £7 and £25 whereas second line fixes normally vary from £24 to £170. Second and third line technicians have more specific skills, therefore their salaries are much higher than the ones of first line engineers; however, most incidents do not require such specific skills or even physical presence.

An efficient Service Desk will be able to resolve 70% of their calls remotely at first line level, reducing the need for face-to-face interventions by second line engineers. The perception of many within IT is that users prefer a face-to-face approach to a phone call or interaction with a machine, but in reality the culture is starting to change thanks to efficiency acquiring more importance within the business. With second-line fix costing up to 600% more, it is better to invest in a Service Desk that hits a 70% rate of first-time fix, users for the most part will be satisfied that their issues are fixed promptly and the business will go along way to seeing the holy grail of reduced costs and improved performance simultaneously.

From a recent survey carried out by Forrester for TeamQuest Corporation, it appears that 50% of organisations normally use two to five people to resolve a performance issue, and 35% of the participants are not able to resolve up to 75% of their application performance issues within 24 hours. Once you calculate the cost of number of staff involved multiplied by number of hours to fix the incident, it is not difficult to see where the costly problem lies. An efficient solution will allow IT to do more with less people, and faster.

Upskilling and Service Management toolset selection

Statistics show that the wider adoption of Best Practice processes and the arrival of new technologies are causing realignments of roles within the Service Desk. In many cases this also involves changes to the roles themselves, as the increased use of automated tools and virtualised solutions mean more complex fixes can be conducted remotely and at the first line. As this happens first line engineers will be required to have a broader knowledgebase and be able to deal with more issues without passing them on.

With all these advancements leading to a Service Desk that requires less resource (and therefore commands less cost) while driving up fix rates and therefore reducing downtime it seems less and less sensible for organisations to accept off-shore outsourcing contracts with Service Level Agreements (SLA’s) that guarantee a first-time fix rate of as little as 20% or 30% for a diminished price. It seems the popularity of such models lies only in organisations not being aware that quality and efficiency are something they can indeed afford – without the risk of off-shoring.

The adoption of a better toolset and the upskilling of first-line analysts, especially through ITIL-related training, will help cut down on costs and undoubtedly improve service levels. However while it will also remove the necessity to have a large amount of personnel, especially at higher level, the issues with finding, recruiting and training resource will still involve all the traditional headaches IT Managers have always faced. With this in mind it can often be prudent to engage with a service provider and have a co-sourced or managed desk that remains in-house and under internal management control. Personnel selected by an expert provider will have all the up-to-date skills necessary for the roles required, and only the exact number needed will be provided, while none of the risks associated with wholesale outsourcing, or worse, off-shoring, are taken.

Improving IT infrastructure and enhancing security

Improving efficiencies in IT does not begin and end with the Service Desk of course. The platform on which your organisation sits, the IT infrastructure itself, is of equal importance in terms of both cost and performance – and crucially, is something that cannot be influenced by off-shoring. For example, investing in server virtualisation can make substantial cost savings in the medium to long term. Primarily this arises from energy saving but costs can also be cut in relation to space and building and maintenance of physical servers, not to mention the added green credentials. Increased business continuity is another advantage: virtualisation can minimise disruptions and inefficiencies, therefore reducing downtime – probably the quickest way to make this aspect of IT more efficient in the short, medium and long term.

Alongside the myriad of new technologies aimed squarely at improving efficiency and performance sits the issue of Information Security. With Data Protection laws getting tougher due to the new 2010 regulations, forcing private companies to declare any breaches to the Information Commissioner who has the right to make them public, and facing them with fines up to £500,000, security is becoming even more of an unavoidable cost than ever. Increased awareness is needed across the entire organisation as data security is not only the concern of the IT department, but applicable to all personnel at all levels. The first step in the right direction is having a thorough security review and gap analysis in order to assess compliance with ISO 27001 standards and study any weak points where a breach can occur. Then workshops are needed to train non-IT staff on how to deal with data protection. Management participation is particularly important in order to get the message across that data safety is vital to an organisation.

Taking a holistic view of IT

Whatever the area of IT under scrutiny, the use of external consultancies and service providers to provide assistance is often essential. That said, it is rare to find an occasion where moving IT away from the heart of the business results in improvements. The crucial element to consider then is balance. Many organisations, as predicted by Gartner at the beginning of this year, are investing in operational rather than capital expenditure as they begin to understand that adoption of the latest tools and assets is useless without a holistic view of IT. When taking this methodology and applying it to the Service Desk it soon becomes apparent that simply by applying a Best Practice approach to an internal desk and utilising the new technologies at your disposal, the quick-fix cost benefits of off-shoring soon become untenable.

Pete Canavan, Head of Support Services

This article is featured in the current issue of ServiceTalk

Public sector, private data – is outsourcing the Service Desk too risky?

June 3, 2010

As the Treasury announce cuts amounting to £6.25bn, £95m of which deriving from a reduction in IT spending, attention is once more directed towards outsourcing as a means to reduce IT expenditure. But Information Technology stores and processes large amounts of personal, sensitive and confidential data, and when it comes to the public sector it can have a very high level of sensitivity, hence a lot of trust is bestowed upon personnel that have access to it. It is already difficult to place confidence in in-house staff, due to the high number of data breaches that are perpetrated by internal staff, backed up by statistics, but the option of off-shore outsourcing elevates the threat level from code yellow to code red.

Widespread use of Cloud computing is unlikely to become a reality in the foreseeable future: strict regulations relating to the Data Protection Act, which the public sector in particular follows religiously, make it virtually impossible to obtain assurances that the data stored outside the organisation’s premises is adequately controlled and kept secure. However, remote access provided to support staff based at another location, be it in the same or another country, still presents a risk in that information can still be collected and recorded. 

With the government CIO, John Suffolk, encouraging the use of outsourcing to countries offering cheaper labour as a cost-cutting strategy, it is time to understand to what extent this can be done and if the public sector can really benefit from off-shoring the Service Desk after all.

Organisations in the public sector are essentially different from private companies: although it seems obvious, it is important to bear in mind that they are funded by British taxpayers, and therefore work for them. However, providing access to personal and sensitive data to companies thousands of miles away and outside the European Union which have different culture, ethics and laws might put the safety of their personal details at risk. For instance, information such as identity, financial and health records can fall into the wrong hands and be used for malicious intent. Not long ago, ITV found that British medical and financial records held abroad could be bought for just a few dollars. No matter how ‘rare’ this event might be, it is not a risk Britons are prepared to take, if the decision were up to them.

It is certainly difficult for organisations in the public sector to carry out a satisfactory level of service when their budgets are being reduced, but it is important to think about the consequences of outsourcing the IT department: a move initially intended to save money can end up making the organisation lose money as a result of large fines and court cases, and most importantly, it can lead to a loss of credibility and reputation.

Recognising a ‘safe’ provider is not easy, especially as identification of a risky supplier often only happens once a breach has been committed, when it might be too late for an organisation to escape liability and to save face. However, it is possible to assess a provider’s trustworthiness before a breach occurs: they should follow Best Practice and have a mature Information Security Management System in line with the ISO 27001 standard, assessed through an independent security review, risk assessment and gap analysis.

There are also better alternatives to extreme or risky versions of outsourcing. For example, the IT department can be kept internal, for better control, but be managed by a third party which is aware of the stringent safety measures necessary for working in this peculiar sector. That said, most information security breaches pertain to threats inside an organisation and are in many cases not a malicious act but a consequence of ignorance, frustration or lack of risk awareness. Well-trained and appropriately-skilled Support staff can reduce these security incidents to a minimum, as would implementing organisational-wide information security awareness sessions.

Management commitment within the industry is especially important to convey the significance of protecting personal and sensitive data and the seriousness of breaching the Data Protection Act, which does not only concern IT staff. Extensive training is necessary to raise awareness across the entire organisation – whenever there is a data breach it is never the provider that suffers the worst consequences, but the organisation’s reputation.

 

David Cowan, Head of Infrastructure and Security

This opinion piece appears in this week’s Dispatch Box on Public Technology: http://www.publictechnology.net/sector/public-sector-private-data-outsourcing-service-desk-too-risky


Follow

Get every new post delivered to your Inbox.