Agile – Is it the new Insourcing?

Posted on : 23-08-2011 | By : richard.gale | In : Innovation

Tags: , , , ,

0

Business, IT, clothing are all similar in so much that they can lead and follow fashions & trends.

Looking at IT specifically there is a trend to commoditise and outsource as much as possible to concentrate on the core ‘business’ of growing a business. As we all know this has many advantages for the bottom line and keeps the board happy as there is a certainty of service & cost, headcount is down and the CIO has something to talk about in the exec meetings.

At the coalface the story is often a different one with users growing increasingly frustrated with the SLA driven service, business initiatives start to be strangled by a cumbersome change processes and support often rests in the hands of the dwindling number of IT staff with deep experience of the applications and organisation.

So a key question is –  How to tackle both the upward looking cost/headcount/service mentality whilst keeping the ability to support and change the business in a dynamic fulfilling way?

Agile is a hot topic in most IT and business departments, it emerged from several methodologies from the 1990’s with roots back to the ‘60s and has taken hold as a way of delivering change quickly to a rapidly changing business topology.

At its core Agile relies on:

  • Individuals & interaction – over process and tools
  • Customer communication & collaboration in the creation process – over agreeing scope/deliverables up front
  • Reactive to changing demands and environment – over a blinkered adherence to a plan

The basis of Agile though relies on a highly skilled, articulate, business & technology aware project team that is close to and includes the business. This in theory is not the opposite of an outsourced, commodity driven approach but in reality the outcome often is.

When we started working on projects in investment organisations in the early ‘90s most IT departments were small, focused on a specific part of the business and the team often sat next to the trader, accountant or fund manager. Projects were formal but the day to day interaction, prototyping, ideas and information gathering could be very informal with a mutual trust and respect between the participants. The development cycle was often lengthy but any proposed changes and enhancements could story boarded and walked through on paper to ensure the end result would be close to the requirement.

In the front office programmers would sit next to the dealer and systems, changes and tweaks would be delivered almost real time to react to a change in trading conditions or new opportunities (it is true to say this is still the case in the more esoteric trading world where the split between trader and programmer is very blurry).  This world, although unstructured, is not that far away from Agile today.

Our thinking is that businesses & IT departments are increasingly using Agile not only for its approach to delivering projects but also, unconsciously perhaps,  as a method of bypassing the constraints of the outsourced IT model – the utilisation of experienced, skilled, articulate, geographically close resources who can think through and around business problems are starting to move otherwise stalled projects forward so enabling the business to develop & grow.

The danger is – of course – that as it becomes more fashionable – Agile will be in danger of becoming mainstream (some organisations have already built offshore Agile teams) and then ‘last years model’ or obsolete. We have no doubt that a new improved ‘next big thing’ will come along to supplant it.

 

Time to think differently about your contractor and consultant engagement ?

Posted on : 22-08-2011 | By : john.vincent | In : General News

Tags: , , , ,

0

Last month we wrote an article around consulting services entitled “Tipping the scales from Risk to Reward”. This month we would like to explore a little further the whole question around augmenting capability.

Particularly in Financial Services, the use of individual contract resources has prevailed since the 1990’s, and for good reasons. Often contract staff have specific technical skills that are needed during projects or to manage demand. Indeed, we have many associates ourselves who have consulted for many years. But do organisations get value from these contractors or is it time to think a bit differently ?

We see a lot of organisations seeking to manage contract and consultant spend, which is good. We are all looking for improved efficiencies and increased value for money in terms of technology services. However, there are also many operating models, perceptions and working practices which are counter to this principle. Let’s look at a couple of common themes.

The “Perpetual Contractor”: How many times has a temporary resource been in for a period of time, only to have their tenure extended many times ? A few years ago 6 month or year contracts were not uncommon. Granted, theses terms have reduced to more short term rolling engagements, but still how often do these just keep renewing ? What happened to the original reason for bring them in ? Were deliverables ever defined ? It is easy to get good people in to shape a piece of work, and that is entirely valid, but at what point do they become surplus, or a “safety net”, ready for an uptick in demand or a pre-prepared budget cut sacrifice ?

The Rise of Managed Services: We’ve seen an increase in the amount of staff under this category over the past 2 years. However, is it really Managed Services ? By definition, it should include the transfer of functions to an organisation who takes responsibility for operations, service levels, managing refresh, capacity etc… However, it seems that in some cases Managed Service contract arrangement seem to have changed into simply a different way to employ contract staff. Sound familiar ? We have seen contract staff move from direct to a MS arrangement, actually at increase cost to the client. Recently we asked a senior technology leader about this practice as it seems counter intuitive to the efficiency drive. They told us that as staff under Managed Services are not visible from a headcount perspective it has the external effect of organisations seeming to reduce staff ( which analysts like ). Sensible in terms of shareholder value ?

It is often said that contractors are cheaper than consultants and at a pure a Day Rate discussion then there is often no argument. Indeed, the margin premiums charged by some consultancies does not represent good value, such as the Infrastructure SME on £400pd being billed at £1200pd, or the Regulatory PM on £700pd billed at over £2k. These scenarios do not demonstrate good value for either the client or the resource themselves.

Again, as we explored last month, clients are looking for greater value from their trusted advisors. We feel strongly that when deployed and managed correctly, consultant resources offer greater value, particularly when considering the scenarios previously outlined.

One mistake is that the problems are not defined properly right in the beginning. By clearly outlining deliverables at the start and not leaving an open ended or “PO based” draw-down, clients can ensure that they maintain greater control and align results to expenditure.

An output based approach and payment structure is more efficient than individual contractor resourcing.

Another is hiring the wrong type of consultants. Clients of hire them based on a specific overall capability, previous engagement track record or existing relationship.  However when they assign the follow-up work to the same consultants they run the risk that the consultants are getting farther and farther away from their core expertise and clients receive less value.

Finally, a lot of companies let the consultants decide the problem themselves. The consultants will often put it in their own context in order to get the business.

These observations may sound basic but we hope that they resonate, and they certainly are still current.

Of course, these views are open to challenge.  However, times are different now – we all need to take a look at how we deliver transparency of value on both the Buy and Sell side.

InDorse Technologies’ Watermarking and Tagging Plugs Gaps in DLP and DRM systems

Posted on : 22-08-2011 | By : jo.rose | In : Innovation

Tags: , , , , ,

0

On their own, DLP and DRM system are not failsafe. Some apply draconian rules that slow down business processes or generate many false-positives, which require resolution time. Others may be ineffective because they are out of sync with the business operations simply because permissions applied through an Active Directory or LDAP system are out of date.

Most common security approaches are based on the thought that “The good guys are the inside, and the bad guys are on the outside”. Yet, when Carnegie Mellon ran a study of over 18,000 inadvertent data leaks – including PII, Business planning, financial, sales and marketing material – they found that the leakage sources were: 11% from internal users, 10% from partners and supply chain and 79% from customers. The clear message here is that whilst DLP and DRM have their roles, they do not or cannot impose the same controls over external parties who have access to information/files.

Customer Use Case

As a global software giant based in the Northwest US found, they could not use a single DRM or DLP system beyond its boundaries to impose the same rules on its partners or supply chain. They had a critical requirement to protect their IPR and copyright on upcoming software product releases, which needed to be shared with major CPU processing and hardware partners. As long as information within each division was stored on internal EDM and SharePoint systems, it was generally considered secure. But, risks of leakage escalated as soon as outsiders were involved. They needed to know what was being shipped around the business or within the extended supply chain and especially gain knowledge of what happened to it in the ‘wild’.

Their response was to create a business operation and security approach for:

  • Inspiring a security conscious culture both inside their business and in their supply chain;
  •  Allow business processes to function without delay but monitor the movement of files with alarms that trigger swift remedial actions;
  •  Where appropriate, build Chinese Walls between departments, divisions, as well as their suppliers and customers.

InDorse Watermarking and Tagging Augments DLP/DRM

The company applied a level of classification based on the content and context of the file, which  could be a document, spreadsheet, a screenshot image and or graphic.  For this company, the classification determined where and how InDorse Technologies solutions are applied.

Enabling a Security Conscious Culture

Employees and partners, especially if they are to receive information on a “need to know” basis, now sign up to a security policy.

When a document is classified for a given level of security or business impact, the InDorse watermarking solution InDIA™ (InDorse Image Assurance) automatically applies a relevant visible watermark to the file.  The watermark alerts the user to the level of risk and consciously or subconsciously reminds them that they must take extra care in the use, storage and sharing of that file.

Protecting IPR and Copyright of Images – Invisible Watermarks

Invisible watermarks can be applied to documents and images to validate and prove the ownership and origin of the file. This is particularly useful in brand protection and product release management.  InDorse web crawling services can find and report on watermarked files found on unapproved or ‘grey market’ sites.  In banking and finance, watermarked images can help in either forensic investigations or for finding and taking down sites used for scams such as phishing.

Creating Chinese Walls between Divisions and External Resources

The company took an innovative approach to augmenting their DLP. They enabled  their content-aware network switches to automatically pick up the watermarks and, based on rules, block their exit or allow them to pass.  Also, when files watermarked as high business impact or other classification arrive in a Sharepoint folder where they should not be, an alert is triggered and sent by the security monitoring system to a dashboard to advise the security controllers or owners of the file location, original source and time of arrival.  This approach allows business operations to continue, but triggers swift remedial actions to recover and relocate the file to (say) an encrypted folder.

Tracking and Tracing File Openings

InDorse Call-Home™ tags, tracks and reports on file openings both inside an outside of the business.  An API triggers the automatic tagging of files upon an event, such as attaching it to an email or when it is downloaded from an extranet portal or external web sites.  Valuable information for Security and Business Intelligence on the use of files is reported in an SQL database.  Reports may include file name, date of tagging, IP and DNS address of openings, name of person to whom it was originally sent, number of openings, etc.

Combining Watermarking and Tagging

For the above described company, as the classified files leave the protection of the secure Sharepoint or EDM system, InDorse injects the appropriate watermark.  If it is a PDF, additional security features such as encryption and password protection can be added.  The file is then made available via a folder or portal for users to be invited to come and collect.  This approach is particularly useful in extended supply chains or for very sensitive documents. For example, when the user comes to collect the file, an API can create a custom Tag for that individual user and the IP address where they are located.  If the file is subsequently reported as appearing in locations where it should not be found, investigations into why and its remediation can be swiftly enabled.

Augmenting DLP and DRM

The use cases described in this article can be applied across industries as:

  • Most organisations need Chinese Walls one minute and openness the next.
  • The business intelligence from the opening of files can provide additional protection, forensic investigation support or be used to see the effectiveness of communications, e.g., it might be more important to see who has NOT opened a “must read” document or an important proposal.

InDorse customers are using InDIA and Call-Home for a wide range of uses, including finding out which files are never opened so that they can be eliminated from the business to save effort and effectively tier storage. Being able to assure regulators where sensitive files are and when they are being opened also helps protect businesses and their customers from risk.

Because InDorse allows business to operate yet be monitored for breaches, watermarking and tagging are an ideal complement to any DLP and DRM system.

For more information contact us at info@broadgateconsultants.com.