Managing Offshore IT

Before you jump the gun, this blog entry is not about American politics or its leaders. :-)  I came across this interesting writeup in informationweek.com analyzing the system and technology view, focused on how “Obama, Clinton, McCain Passport Breaches Expose Human, Not Tech Weakness.” The article begins by stating how the unauthorized access was caught by a monitoring system that was tripped when three State Department contractors accessed the electronic records.

Reading about this incident, I began reflecting on my experience with IT in the Government and the security policies and checks-and-balances inherent to managing such systems.

In my past life before I joined Infosys, I did a year long stint working with the State of Kentucky’s Department of Information Systems (DIS) working on their Income Tax management systems  at Frankfort, Ky. This was over a decade ago, and as I recall, issues regarding data privacy, especially as it pertained to taxpayer’s information was taken very seriously with Chinese Walls between the different development teams, production support and users. In this instance, the ‘users,’ were state employees who had access to view customer/taxpayer data. Those of us in the IT development group had no access to live databases and systems, and even the data used for testing and validations was masked.

The aspects of security breach and  inappropriate data access as highlighted by the recent incident are certainly going to have far reaching consequences, impacting those of us in the corporate world too. And if there is a discussion of IT security, can offshoring dimensions be far behind? I had briefly analyzed a few thoughts around “Security and Offshoring IT” in my blog a while ago and continue to reflect on the topic.

Bottomline: As the old adage goes, the chain is only as strong as its weakest link. Security breaches like that exposed by the recent incident should make us reflect on the Human and Technology aspects of securing data, and systems.

Posted by Mohan Babu K. at 10:58 PM | Permalink | Comments (0) | TrackBacks (0)

There are days when I really wish videoconferencing will mature to a point where it negates travel; or at least minimize it. Today is certainly one such day. I was scheduled to meet with a client to discuss their Enterprise Architecture initiative at their office. It was meant to be a day-trip and my flight was scheduled for 6.20 AM, reaching Anytown, USA at 8.30 giving me time to get a rental car and drive down straight for the meeting.

This itinerary meant that I had to leave home at 4.30 to drive down to the airport, park my car, and check in for the flight. In the morning rush, I decided to check my mails and voicemail on the blackberry after I had some wait-time at the airport. And was I surprised to see a note from Bob, the client VP of Strategy whose team I was meeting with:

We will need to reschedule our meeting for tomorrow.  I will have to be home tomorrow afternoon with my son who is sick.  We found out today he has strep throat.  My wife is out of town with her mom who is in the hospital, so I need to be home with the kids.  I still would like to meet on this and am hoping we can get together next week. 
Can you send a new invitation for next week?  I’m open Monday afternoon, Tuesday from 9 – 4, all day Wednesday, and Thursday after 2.
Thanks, and sorry for the last minute change.

And you would think that a seasoned road-warrior like myself would be slightly more prepared for this eventuality! During my drive back  from the airport, I was reflecting on the examples I had referenced in my book [Offshoring IT Services: Chapter 4] in the section “OF TECHIES AND TRAVEL.” And thankfully my ordeal wasn’t half as bad as experienced by some of our offshore folks traveling from halfway across the globe only to find that the client has canceled/postponed the project or meeting.

Fact remains that most of us in the business of sourcing continue to be at mercy of the culture where touch-and-feel-meetings continues to be the nature of business. This despite the fact that Video-conferencing technologies along with high-speed bandwidth have matured to a point where they are being used as serious business tools, albeit more for ‘internal’ business needs. Many Infosys teams routinely use VC and voice conferencing for internal meetings and most of our offices around the globe are equipped with state-of-the-art video-conferencing technologies and staff to support them. I had blogged about Video conferencing technologies earlier too. But it still makes one wonder why so few firms or sales-managers are able to nudge their clients towards adopting these technologies more often?

Is it topical that “Telepresence World 2008” conference is scheduled in London for today (In anticipation of the March 18 and 19); Speaking about the conference, Deb Shinder blogs “market research firm Frost & Sullivan announced that it expects revenues for the emerging telepresence industry to increase by nearly 850 percent in the next five years. It predicts total world-wide revenues will be around $1.4 billion by 2013.” Hopefully the gurus and analysts there will evolve strategies to nudge more of us towards VC.

Bottomline: While a few early adopters gain the cost benefits of the technology and also do some good for the global carbon footprint, I guess the rest of us will have to wait a few years for the Youtube generation to rise up the echelons of business and technology management to start driving wider adoption?!

Posted by Mohan Babu K. at 01:18 PM | Permalink | Comments (2) | TrackBacks (0)

I was at a meeting with CXOs and technology leaders of a client recently when the topic jumped to Risk, Disaster Recovery and Risk Mitigation. And as expected, the first question that popped up was the recent Internet cable breakdown in Egypt [CNN article] and its impact on offshoring and our operations

Thanks to varied viewpoints of bloggers - Nicholas Carr, Blogger News Network  Marc Parent et al - the issues, including the ‘global security’ ‘sabotage’  and economic impact have been debated threadbare during the past few weeks. The media was also quick to ‘analyze’ the impact on software majors in South Asia, and naturally, Infosys figured in a fair number of articles too. [e.g Economic Times, Finance Week]

The question of Disaster Recovery, using this incident as a ‘case in point’ is bound to pop up during presentations by service firms that have operations in Asia and elsewhere. And I am sure issue figures in internal discussion at firms sourcing to their subsidiaries and captives too. In my mind, there are more than a few dimensions to consider while analyzing potential risks and disasters, including:

• The DR strategy and practice of your service firms and offshore partner(s). Case in point, Infosys’ world-class DR and risk mitigation plan that has stood the test of time during the past years.
• The DR and risk mitigation strategy in place in the geography you are sourcing to. [e.g. Is India or China or other country you are sourcing to vulnerable to threats? What are the Geo-Political risks, threats and mitigation strategies?]
• Aligning the DR plan for sourcing with your firm’s risk mitigation strategy [what is your risk tolerance? What is the nature of work being sourced? Do you want to work with the service provider to formulate a cohesive strategy or do you want to get inputs from external/third-parties?]

Back to our meeting with the client’s team; how did we address the query? There was no way I would brush aside the incident. After analyzing the facts of the case, we got around to discussing the ‘what if’ of such incidents, going back to the strategic impact of DR and risk mitigation, especially as applicable to their particular scenario…. essentially addressing their concern (Yes, these are the facts… but what does it mean to me and my firm’s sourcing strategy?)

And when one begins to take a more holistic view of Risk, Risk Mitigation and Disaster Recovery, incidents like the cable being cut in Egypt become yet another ‘case study’ added to the list.

Posted by Mohan Babu K. at 02:33 PM | Permalink | Comments (0) | TrackBacks (0)

My earlier blog post on Onsite Engagement Managers (EMs) generated a few interesting comments, by Akshay, Amit, and most recently by Big Kahuna who has an interesting viewpoint: 

“while I  do believe it's a very important role, I  also think the success of this depends on a) how it is communicated, across levels b) the authority vested in the engagement manager and c) will of the vendor's leadership/operational folks in actually actioning on perceived improvement areas.
My experience from a few years in this field (working for an i-banking kpo) is providers are fairly short sighted, constantly chasing monthly billing (acceptable), but not really focusing on offering an overall experience for the client.
While it is not likely to hurt vendors today (since clients don’t have too many alternatives), clearly down-the-line....when the market opens up (which it will), vendors that take a very bottom line driven approach will not be the better for it."

In a sense, Big Kahuna seems to imply that many EMs are snake oil salesmen who are “fairly short sighted, constantly chasing monthly billing,” a fact that may become more pronounced this month as we approach the fiscal year end. Speaking of viewpoints on EMs, I came across Steve Shu's blog that summarizes the essence of what an EM does

Engagement managers own the problem statement from the perspective of the customer, and thus, have the responsibilities to ensure that consulting team both structures the problem solving methodology correctly and executes on the problem solving methodology.

Besides customers, I would extend Steve's definition to include other key set of an EM's stakeholders – service firm’s employees -- that successful EMs focus on. While the ‘client is certainly the king,’ it is people, employees who work with teams that make a difference in delivering successful solutions to the clients.

During my years with Infosys’ I have worked with some really great EMs who effortlessly manage the (sometimes) diverging goals of stakeholders, including managing aspirations of the staff. Of course, I have on occasion come across the odd EM from my firm and other service organizations, who just doesn’t cut it as s/he is unable to get past a single-minded focus: either entirely on billing (as Big Kahuna mentions) or just bending backwards for every client request, refusing to say ‘NO’ even when unfeasible requirements come their way.

Bottomline: great Engagement Managers and client partners are worth their weight in gold and can make a huge difference to the divergent group of stakeholders: client teams, client and service firm’s management and employees.

Posted by Mohan Babu K. at 01:38 AM | Permalink | Comments (5) | TrackBacks (0)