I promised my wife way back when we started dating that she need not be a "football widow" every Sunday during the season. However, our relationship has spanned roughly the same time period as the unmitigated success of my New England Patriots and during that period she has come to know that my availability and attention during weekends from early January through the Super Bowl in early February are going to be dependent upon the NFL's playoff schedule...especially when the Patriots are involved.
Fortunately, not only does she not get angry, but also she supports it, even though she dislikes sports. We've hosted Super Bowl parties and in preparation I happily do the "grunt work" and "food prep", but I yield the responsibility for organizing all the other elements of the party to her. Why?
Because much like organizations making a decision to outsource work, she knows what she's doing better than I do.
Back in September in "Clouding the Outsourcing Issue, part 1," I likened the decision to outsource to a "Hail Mary" pass in football because much like this desperation pass, companies often view the relinquishment of control over a project when outsourcing as a "hope and a prayer" type of approach. But sometimes there's no other option. In-house teams can’t keep up with the latest developments in hardware, software, network architecture and the like; meanwhile outsourced teams are more focused on making money than on providing solutions and service.
This already confusing argument is now being further convoluted by a new option: cloud computing.
Charlie Babcock, in a recent InformationWeek article calls cloud vs. outsourcing, “The Next Battleground.” Naysayers will claim that cloud technology isn’t mature enough to enter this debate, but I believe with the use of powerful automated analysis and measurement solutions, the visibility IT teams gain provides the control necessary to manage a cloud-based network effectively. It's just this kind of control that companies fear they lack when they outsource a project, so perhaps the cloud would provide them with the kind of "close to home" comfort level they seek.
A November 2011 PricewaterhouseCoopers survey of 489 IT executives, cited by Babcock, reports 77 percent of surveyed companies have started or have plans for some form of cloud computing and 64 percent said the cloud will be the “best way” to manage infrastructure three years from now.
Babcock adds that IBM, HP and others, who have deep connections with companies based on longstanding outsourcing relationships, do not necessarily have a leg up on Amazon, Rackspace and other cloud infrastructure providers. Outsourcers that add cloud services may keep the customer, but they will lose some of their profits, since racks of commodity services will replace the highly-specialized IT services they previously provided.
There’s lots more bad news for traditional outsourcers: 55 percent of those surveyed believe private cloud service providers will be best equipped to provide cloud infrastructure three years from now, versus 39 percent who believe traditional outsourcing companies will be. And, even among companies currently working with traditional outsourcers, 52 percent said providers with a cloud focus will be the best infrastructure partners in the future.
Respondents believe cloud-only service providers will be able to combine the managed infrastructure of an outsourcer, with customers becoming responsible for managing workloads. In this scenario, if the customer instructs the service provider to run a series of applications at a given day and time, they can be certain it will happen, barring some type of service interruption.
Babcock writes that private cloud services are available both on-premises or over the public cloud. When offered through the public cloud, the services typically include hardware isolation from other customers’ content, encrypted communications over a VLAN or secure line, and secure data handling procedures.
John Chapas II, an attorney with Reed Smith LLP, offers some related opinions in a Boardmember.com article earlier this year. He comments that both outsourcing and cloud computing strategies come with potential security issues around sensitive information.
When maintained in-house, IT teams are able to easily determine if data is protected at a level required by the company and the company has control over modifying data security and completing upgrades. This level of control is especially important where there are legal requirements surrounding data security and breach disclosure. These legal requirements focus on sensitive information, such as nonpublic personal information (e.g., Social Security numbers and credit card numbers). He adds that many states now have legally required remedies for data security breaches, such as written notifications to affected individuals. For an extensive breach, these notifications are not only time-consuming, they are also terribly expensive.
When a company outsources or employs a cloud infrastructure, the company no longer maintains control of security. This loss of control can be problematic since the company is still responsible for protecting the data and the same remedies apply if there is a breach.
Company IT and legal teams should require either the outsourcing or cloud service provider to possess and maintain security measures that meet the company’s legal and fiduciary responsibilities. This can include all requirements for data security such as encryption, vulnerability testing, audits, passwords, firewalls, et al.
Whether it’s cloud or outsourcing, company managers often rely on the vendor’s reputation, when they should be scrutinizing the contract to ensure the vendor meets data security requirements. With appropriate verbiage in the agreement, the vendor might initially meet the company’s date security requirements at the outset, but then make changes to security policies that would put the company out of compliance.
It’s pretty clear the moving infrastructure to the cloud (IaaS) is here to stay and will be an increasingly viable option for company IT teams. Regardless of whether data is maintained in house, outsourced or managed in the cloud, an automated solution to analyze and measure software quality should be an essential part of the solution.
When company IT teams are considering either outsourcing or cloud-based strategies, they should require vendors to include ongoing software analysis and measurement as part of the offering, and this requirement should be written into the contract. Structural analysis and measurement solutions are as important to business continuity as firewalls, antivirus software and robust storage solutions.
Well, time for me to get on my "game face" and decide which team I want to see the Patriots beat on January 14. Meanwhile IT teams should be getting on their own game faces because when it comes to managing and protecting their company’s critical information assets effectively, whether it's done in-house or via an outsourced or cloud solution, every day is the playoffs.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.