TotalCIO


March 29, 2016  2:59 PM

What happens if FBI-Apple case goes back to court?

Jason Sparapani Jason Sparapani Profile: Jason Sparapani
Apple, Encryption, FBI

Apple won’t be forced to build new software that would let the FBI into the iPhone used by one of the shooters in the San Bernardino, Calif., attacks. The bureau withdrew its legal action against the tech company Monday, and the FBI-Apple case is closed — for now.

Here’s a possible future chain of events: Apple will patch any vulnerabilities that allowed the unnamed “third party” helping the FBI access encrypted data on the phone, the FBI will be locked out of another iPhone in another investigation — and the feds will be back in court demanding that Apple help it break into the device.

A win for the feds would send chills down George Do’s spine. The CISO for Equinix, a Silicon Valley provider of data center space, said that if Apple is forced to comply with the order, it would set a “dangerous precedent” — his words as well as Apple’s — that would alter how companies do everything from plotting security strategies to just doing business. (Do spoke to me before the FBI-Apple case was dropped.)

George Do

George Do

“It would turn our whole world upside down,” Do said. “Depending on where this falls, it has the potential to change things very fundamentally.”

In the FBI-Apple case, the bureau said the software — essentially a new version of the iOS operating system — could be made for just the one phone, and then Apple could discard it. But CEO Tim Cook has maintained there would be nothing stopping the government from demanding that Apple unlock other devices as well.

If law enforcement agencies have that kind of power, companies that make, say, security software or mobile devices, will have to change the way they build their products. Encryption, no matter how strong, will no longer be best way to keep data from prying eyes, Do said.

“They’ll have to find ways around those challenges to manage risk — and that’s going to be hard,” he said.

Consumers of that software, like Equinix, would be affected, too, Do said. Encrypted security tools may no longer be the go-to software for infosec teams. It may also force them to make tactical shopping choices — especially if a certain software or hardware company is known to be in the government’s line of sight.

“Maybe we choose the company that’s less on the radar than a big, giant Apple, right?”

March 21, 2016  3:11 PM

If grid goes down, public and private sectors on hook

Jason Sparapani Jason Sparapani Profile: Jason Sparapani
cybersecurity, Disaster Recovery, Private sector

If a cyberattack extinguished the power to the electrical grid in Wisconsin, leading to a prolonged blackout, Maj. Gen. Donald Dunbar would have a lot of work to do. He’d have to turn the wheels of the state’s cybersecurity response strategy. He’d have to mobilize the National Guard he commands to help utility companies quickly get the power back on and emergency teams get to people who need immediate assistance.

Before he could do any of that in the hypothetical future, though, he needs to ensure that there’s communication and cooperation among public and private sectors in the state.

“Because I don’t pretend for a second that the state of Wisconsin or the National Guard is going to come riding in on a white horse in a cyber-event and save the day,” said Dunbar, who is the senior adviser to the Wisconsin government on cybersecurity matters. He spoke to an audience of business and IT executives at the recent Fusion 2016 CEO-CIO Symposium in the state’s capital, Madison. “We all have personal responsibility; we have corporate responsibility when it comes to cyber.”

The U.S. runs on private industry, Dunbar said, and to get it running again after a power grid failure, corporations need to work with the state government on disaster recovery preparations.

Public and private sectors, activate

The first thing companies need to do is tell the government whether they would need help in case of a power-crippling cyberattack, Dunbar said. The banking industry, for instance, invests heavily in cybersecurity and wouldn’t need much assistance from the National Guard. “It’s not on my radar screen.”

Maj. Gen Donald Dunbar

Maj. Gen. Donald Dunbar, chief of the Wisconsin National Guard, discusses the need for government and private sector involvement in disaster recovery efforts at the recent Fusion 2016 CEO-CIO Symposium in Madison, Wis.

But many other businesses, communities and infrastructures are in the state’s line of sight — but the people in charge of them need to speak up so Dunbar knows what resources should go where. He said the state is now in talks with grocery store chains about their power-generation or backup capabilities. The National Guard may be able to ensure delivery of generators in populated areas to “get the power on and keep people fed in the community while the broader recovery happens.”

It’s a challenge to figure out the right chemistry of government and private sector involvement, Dunbar said. And there’s no finish line. He contrasted his present mission of ensuring readiness in the face of constant cybersecurity threats with flying in his early days in the military.

“You put the airplane in the hangar, you’re done. Well, there’s no getting done here,” he said. “It’s 2016. Long after we have departed this earth, this will be a problem for the people on the planet.”

Subsidized solar

Patrick Schiffman agreed that businesses and government need to team up and develop ways to respond to a widespread failure of the power grid. He’s IT manager at Nord Gear Corp., which produces motors and industrial components used in everything from conveyor belts to Ferris wheels. Together, he speculated, the public and private sectors could come up with creative strategies. Perhaps the government could give companies subsidies to build solar facilities; that way, they could operate without special assistance during a power outage. Or maybe the transportation industry could help the government get supplies to needed locations.

“It’s good that the discussion is happening versus, ‘Oh, we’ll be OK. We’ll figure it out when it happens.’ That’s not the answer,” Schiffman said.

Meantime, Nord Gear is making its own preparations for unforeseen events. The company is working to implement a cloud-based disaster recovery system, Schiffman said, “that will take our infrastructure, resources, our processes and be able to relocate them so we have business continuity of people, places and things,” he said. The company has six locations in North and South America.

“We’re assuming not all of them are affected at the same time because if they are, I’m not caring about the company anymore, right? There’s a bigger disaster that’s out there.”


March 18, 2016  5:53 PM

Leatherman Tool Group sees sluggish data center performance during ERP upgrade

Nicole Laskowski Nicole Laskowski Profile: Nicole Laskowski

The problem: Leatherman Tool Group Inc., a manufacturer of multifunction tools and knives based in Portland, Ore., updated its 20-year-old, DOS-based ERP system with Microsoft Dynamics AX, increasing the complexity of the system from one physical server to nine virtual machines. The upgrade to Microsoft Dynamics AX tied systems together that were previously siloed, enabling the company to better track products across the warehouse — from assembly to packaging to shipping. But it also created a new problem: slow data center performance, according to Dameon Kirchherfer, database and systems administrator at Leatherman.

The strategy: Because the new ERP system is dealing with an uptick in data volume, data movement and data complexity, performance issues were not unexpected, Kirchherfer said. In advance of the implementation, Leatherman purchased new hardware and back-end storage to mitigate those issues, but the data center performance issues persisted anyway. And the added complexity of the system made it difficult to pin down where the bottlenecks were occurring. The network and CPUs, for example, appeared to be functioning smoothly. “So we started our search into how we could speed up our data center,” he said.

The results: Leatherman turned to PernixData. Initially, the software helped reduce data latency by caching “hot traffic,” or traffic that needed to be moved the most frequently, closer to processors and RAM, according to Kirchherfer. And, it turned out, data latency was a symptom of another problem: The CPUs, which had been running at 50% utilization before the PernixData installation, couldn’t handle the speed at which the system needed to run. “So we upgraded our CPUs,” Kirchherfer said, providing Leatherman with improved performance speeds. Today, Leatherman uses PernixData’s infrastructure analytics product Architect to keep tabs on data center performance.


March 9, 2016  2:28 PM

Blockchain tech: U.S. representative calls on fintech community to educate Congress

Sue Troy Sue Troy Profile: Sue Troy

Blockchain technology — perhaps the hottest topic in the financial tech community — has finally made it on the radar of the U.S. Congress, but it’s been a long haul, much more education is needed and time is of the essence. Banks are scrambling to avoid disintermediation by the technology, according to U.S. Rep. David Schweikert, R.-Arizona.

Schweikert — who spoke at last week’s DC Blockchain Summit in Washington, D.C., and serves on the House of Representatives’ Financial Services Committee — said he has been following cryptocurrencies and Bitcoin for a number of years. The DC Blockchain Summit was hosted by Georgetown University’s McDonough School of Business.

“I will make the argument right now that only six or seven of my brothers and sisters [in Congress] even understand the basic mechanics of the distributed ledger,” Schweikert said. To combat that knowledge gap, when The Economist published a cover story about blockchain technology last October, the Financial Services Committee bought dozens of copies of the issue to distribute to members of Congress, Schweikert said.

Schweikert suggested that banks and other financial services companies are “scared to death” that blockchain technology will put them out of business. “If you’re in the money transfer business, if you’re in the credit card infrastructure business, if you’re the old processing systems, is this technology basically your disruptive threat?” he said.

Schweikert pointed to blockchain technology’s potential to enable peer-to-peer value transfer between people — without requiring a bank or government to enable or execute the transaction — as an enormous threat to community and regional banks. This threat is especially pronounced when you consider that there are many millions of people in the world who up until now have been “unbankable” — without access to a bank account and therefore unable to participate in a credit-based economy. With blockchain technology, cryptocurrency and a mobile phone, these people can join the economy without ever doing business with a bank, representing a huge lost opportunity to financial services companies.

And it’s not just banks that face disintermediation, he said; any company that acts as a middleman in financial transactions is at risk. “Say you want to sell stock,” he said. “Could I buy it directly from you and never have to have it land in another platform?”

Schweikert said that while banks’ biggest problems used to revolve around regulatory compliance requirements, today the biggest threats they face are cryptocurrencies.

He finished up his talk with a call to action for audience members, many of whom are advocates of blockchain technology. “What I will beg of you is, for those of you who have relationships with those of my kind, those of us who get elected and think we already know everything: Educate us on the upside here before — and I don’t have a delicate way to say this — before the control freaks find some way to destroy the incredible good this could do to our economy and the incredible good this could do for our world.”


March 3, 2016  10:28 AM

RSA Conference 2016: Apple ‘goofed’ in data encryption fight with FBI

Fran Sales Fran Sales Profile: Fran Sales

SAN FRANCISCO — The debate on privacy vs. national security triggered by the recent Apple/FBI controversy lit up RSA Conference 2016, provoking sharp disagreement among panelists at one well-attended keynote. Leading cryptographer Adi Shamir said Apple had “goofed” and should have complied with the FBI, while data encryption expert Moxie Marlinspike applauded Apple’s stance, arguing that the company is performing a civic service by defying a court order.

The remarks came during Tuesday morning’s Cryptographers’ Panel, made up of pioneers and experts in the field of cryptography, which also included Martin Hellman, Professor Emeritus of Electrical Engineering at Stanford University, and Whitfield Diffie, cryptographer and security expert at Cryptomathic, both of whom received the 2015 A.M. Turing Award, or what moderator Paul Kocher of Rambus described as “the Nobel Prize for computer science.”

At the center of the panel discussion: the federal court’s ordering of Apple to help the FBI unlock the iPhone of one of the shooters in the Dec. 2, 2015, San Bernardino, Calif., terrorist massacre by creating new software to access the iPhone’s data. The FBI argues that refusing to do so compromises national safety, while Apple argues complying would create a “backdoor” that could set a precedent for creating systems to circumvent security.

The panel’s question: What impact will the possibility of technology companies being compelled by courts to create a tool that circumvents the security of their products have on national safety?

Most of the panel sided with Apple, saying that it would compromise national security.

MIT professor Ronald Rivest, who also heads the Cryptography and Information Security research group at MIT’s Computer Science and Artificial Intelligence Laboratory, said that compelling tech companies to provide extra keys or providing ways to dismantle their products’ security mechanisms is a can of worms unless Congress passes legislation that addresses thorny questions.

“Suppose we lived where this compelling can be done. Under what circumstances can this be done? How is the tradeoff done? Can anyone be compelled to do anything? Congress has to pass the law,” said Rivest, adding that the greater good of the country depends on both strong security and citizens’ right to have private conversations.

Hellman agreed, but added that he sympathizes with the FBI’s frustration and understands that its interest is not just in getting access to the data on a particular device, but with preventing crime.

“I think [FBI Director] Jim Comey is wrong, but we need to have a discussion on what is right for the country as opposed to what’s right for individual agencies,” he said.

Shamir, professor of computer science at the Weizmann Institute of Science in Israel, was alone in opposition, saying that while he is aware of the possibility of this case setting a precedent, the FBI is asking Apple to do something very specific.

“The FBI will give Apple a particular phone … to do something Apple is capable of doing,” he said. “It has nothing to do with placing backdoors in millions of phones throughout world.”

Shamir added that he believes the FBI has the advantage over Apple in this instance and that the tech giant made several “goofs.”

First, he argued, Apple made the argument that it is technically unable to help the federal agency with the investigation, but the argument failed because the FBI was able to point out specifically how Apple would be able to do so: create custom iOS software that would bypass or disable the iPhone’s security mechanism that limits how many times incorrect passwords can be entered.

“[Apple should] put out a new, updated system that will really prevent the FBI from [compelling Apple] to help them in the future, so that it is really able to make the argument,” Shamir said.

The second mistake Apple made, he said, is picking the wrong battle in what has been an ongoing issue while the FBI picked the ideal one to force its position.

“Almost everything is aligned in favor of the FBI. Even though Apple has encountered this in other previous cases, they decided not to comply this time,” he said. Apple should have complied this time and waited for a better “test case,” one in which its odds are better, Shamir added.

Marlinspike, founder of Open Whisper Systems, a nonprofit company that develops encryption software, aligned with the rest of the group.

Had FBI officials been able to access the data on the device, they likely would not have found much – there probably would not have been anything incriminating on the device; plus, the FBI already has a wealth of evidence, he said.

“The FBI already has all the certified call logs from cell phone carriers. It already has access to [the phone’s] iCloud backup,” said Marlinspike. “What the FBI seems to be saying is, ‘We need this because we might be missing something.’ … And the FBI seems to be saying we should consider their surveillance capability as something that is for our social good, and I don’t necessarily think this is true,” he said.

He put the Apple vs. FBI dispute on par with the legalization of marijuana and the legalization of gay marriage.

“How do we know we wanted to legalize marijuana if no one had been able to successfully consume marijuana because our laws had been perfectly enforced? … These developments would not have been possible without the p­ossibility to break the law,” he said.


February 29, 2016  11:59 PM

Consumer privacy rights herald ‘third wave’ of Web content management

Linda Tucci Linda Tucci Profile: Linda Tucci
Data protection, Web content management

Kevin Cochrane was on the line from Paris. The chief marketing officer at Jahia Solutions, a Web content management software provider, Cochrane had a vendor pitch to make  — but not before prosecuting a case for consumer privacy rights.

Cochrane, who’s been a CMO at Agari and at Open Text, and before that, the vice president of digital marketing at Adobe, believes a new age of  Web content management is upon us — a “third wave” as he puts it.

Today, companies can no longer simply point customers the way to their online brands and goods, as they did in the first wave of Web content management. Nor is it enough to offer targeted, pertinent, personalized goods and services to customers, as businesses learned to do in the second wave. In 2016, it’s incumbent upon companies to take hold of the entire customer experience.

“That means taking responsibility for every customer interaction, online and off, whether directly through an employee or indirectly through a web site, to ultimately determine the lifetime value and happiness of the customer,” Cochrane said.

Managing the customer digital experience includes protecting consumer data and ultimately, in his view, enabling consumer privacy rights. “This is about making certain that we’re transparent about the consumer data we have, why it is delivering value to the consumer and putting consumers in charge of their digital lives,” he said.

Content management software in three waves

So what’s the pitch? In the Jahia world view of the Web content management software market, this third wave follows much the same pattern as the previous two: disruptive technologies change the conversation between consumers and the brands they do business with.

Browser, personal email. The market for Web content management software — the first wave — was created in 1999 following two technology disruptions: the advent of the modern Web browser and the rise of consumer email. Companies could  build a web site and marketers could reach consumers in their homes with links that took them to that web site. By 1999, consumers were beginning to appreciate the convenience of shopping online. “And companies realized they needed to move from traditional marketing activities to marketing online,” Cochrane said.

Facebook, the iPhone. The market for Web experience management software — the second wave — was created in 2009, “again after three years of digital disruptions,” Cochrane said. In 2006, Facebook opened up to the world, and people didn’t have to be a student at Harvard to build digital social connections with family and friends. A year later the iPhone debuted, followed by the worst consumer financial crisis since the Great Depression.

“Marketers recognized that consumers didn’t just want convenience. They wanted immediacy in terms of feedback from their family and friends on their smart phone before making the critical decision to part with their hard-earned cash in a turbulent economy,” Cochrane said. Web experience management was all about targeted experiences on mobile devices and social networks.

Big data, IoT. “Now we’re at the forefront of the third wave,” Cochrane said. In 2013, with the popularization of big data and the availability of Hadoop, it became possible to process large volumes of consumer data for customer insights. A year later, the Internet of Things became manifest in wearables such as Fitbit and programmable, sensor-driven thermostats and security systems (e.g. NEST).

“What that meant was not only could you — in real time — process more data, you could collect more data than ever before about where the consumer is in the moment,” Cochrane said. “Consumers in the first wave wanted convenience; then they wanted immediacy. What they really want now is intimacy.”  We don’t want to have to explain ourselves to a brand every time we interact with it.

Consumer privacy rights made easy?

Of course, Jahia can help do that — it sells technology that collects all this customer data, analyzes it and makes it available in real time to employees so companies can forge intimate customer relationships.

But, as Cochrane points out, customer intimacy depends on trust. So, in partnership with the Apache Software Foundation, Jahia is building infrastructure for consumer data privacy and protection — offering consumers the ability to click on a link, see what companies know about them and exercise their consumer privacy rights to delete the data permanently, anonymize it or stipulate that the data not be sold to a third party.

Sounds good, right? But will companies buy into it? “Brands that want to be leaders will be the ones to move faster and say, ‘You can trust your online experience with us; you can trust that personal engagement and intimacy because we are protecting your data,'” Cochrane said.

Consumer privacy rights as competitive advantage. I’ll believe it when I see it.


February 29, 2016  6:11 PM

The four facets of an Agile PMO

Nicole Laskowski Nicole Laskowski Profile: Nicole Laskowski

The Agile project management office (PMO) leverages the centralized portfolio management team to deliver on projects and products faster, said Michael Nir, president and founder of Sapir Consulting US and author of the book The Agile PMO. At last week’s Society for Information Management Boston chapter meeting, Nir identified four ways PMOs can do that.

Remove waste. “If there’s one thing a PMO can contribute on a portfolio level, it’s to start looking at what stands in your way of delivering value,” Nir said.

During his presentation, he identified two types of waste: process waste and project product waste. Process waste includes cumbersome documents that take a long time to create but no one bothers reading. A 30-plus page project charter is an example. Project product waste includes the development of product features no one will use.

Prioritize projects. For many PMOs, that means reworking the intake process for projects. Nir recommended PMOs apply Kanban, a manufacturing process developed by Toyota that uses visual cues to trigger an action.

One of the characteristics of Kanban is to use a pull system, enabling teams to take on projects when they’re ready, rather than a push system, which creates a queue of work.

The same technique can be applied to portfolio management by gathering all project requests and then prioritizing them into a backlog. Nir argues PMOs are in the best place to take on the prioritization task, as they have no horse in the game.

Allocate resources. If resources aren’t allocated strategically, businesses may find themselves in a classic airlines situation: If a plane breaks down or flights are delayed because of weather or a pilot becomes too sick to fly to a point where passengers have to be rerouted, an entire segment of the day’s plan collapses, he said.

“The solution is to use capacity allocation that works,” Nir said. He recommended CIOs read Critical Chain, a “business novel” written by Eliyahu Goldratt. The book takes a close look at the critical chain of project management, an approach developed by Goldratt that prioritizes resources as a major consideration for managing projects well.

Agile leadership. In a hybrid Agile/waterfall organization, executives and Agile teams aren’t speaking the same language and aren’t looking at the same key performance indicators. PMOs can be instructive in getting the two teams to see eye to eye. “You need to talk and agree,” Nir said. From his experience, that’s easier said than done. In one example from his own consultancy practice, Nir said he had to make the waterfall practitioners sit down with the Agile practitioners so that they could walk through the Agile manifesto together and negotiate basic terms.

“If we don’t do that up front, we’re going to pay for it later on by having disagreements,” he said.

In part one of this two-part blog post, Nir explains why PMOs are best positioned to become ambassadors of Agile.


February 29, 2016  6:05 PM

PMOs could benefit from supporting, adopting Agile

Nicole Laskowski Nicole Laskowski Profile: Nicole Laskowski

Adopting Agile methodology for IT seems like a no-brainer these days. But CIOs may not anticipate the complications — such as the culture and language barrier — Agile can create. Agile methodology, a alternative to the rigid, sequential waterfall methodology, breaks projects into smaller pieces, enabling teams to work in an iterative fashion and to change directions when needed.

When adopted by software development teams, Agile shakes up the workflow and introduces new terms such as “scrum master” and “sprint” into the software development team’s everyday vocabulary. But the executive management team often continues to work — and often has to work — in a style driven by top-down control, according to Michael Nir, president and founder of Sapir Consulting US and author of the book The Agile PMO.

Instead of adopting one methodology over the other, some companies, especially large corporations and regulated industries, may benefit from a hybrid approach that marries Agile and waterfall project management together. One best practice that can make the transition a little easier? Finding an intermediary or a translator to help executives and Agile teams get on the same page.

Nir argues that no office is better positioned to do this than the project management office (PMO), a team that oversees the project portfolio across the enterprise to ensure that projects come in on time, on budget and within scope. PMOs often standardize how work gets done within an enterprise, how projects get funded and how the portfolio is managed.

“One of the problems we’re seeing when we’re rolling out program management initiatives, whether they’re PMOs or just portfolio projects: We tend not to think end-to-end agility,” Nir said during his presentation at last week’s Society for Information Management (SIM) Boston chapter meeting. Instead, agility is associated only with the software developers. “We think about the [software] teams, the scrum masters. But this is not the only agility the business needs to adopt if we want to move toward a functioning PMO and a functioning value-driven portfolio.”

Taking a more holistic approach to agility couldn’t hurt many PMOs, suggested Nir, citing Gartner and ESI International research findings that 30% to 50% of PMOs fail.

In part two of this two-part blog post, Nir lays out four tips on how to become an Agile PMO.


February 29, 2016  5:06 PM

Students’ tech smarts pose challenge for college IT teams

Jason Sparapani Jason Sparapani Profile: Jason Sparapani
CIO, College, IT

Kids today. They’re a tech-savvy bunch. At least, that’s the popular notion.

“They’re very facile with their fingertips. Whenever I watch somebody type on an iPhone or read the newspaper on the iPhone, I’m always quite amazed at it,” said Robert Juckiewicz, vice president of IT at Hofstra University. “But they don’t have a very good understanding of anything underneath.”

So IT at the Hempstead, N.Y., school has a computing support center to help students work through issues they have with software or other technology. And it holds technology fairs where they can play with circuitry, learn about coding or dive into virtual reality with Google Cardboard, the low-cost, smartphone-enabled headset.

It’s a way to show students how technology could serve them in their careers, Juckiewicz said.

To today’s college students, born in the mid- to late 1990s, the staticky racket of a dial-up Internet connection is the sound of a long-ago era. They’ve looked to technology for entertainment, in video games and the iTunes store, and interactions with peers, through social media. Tech has played a part in their educations, too, with tablets and cloud-based software helping to form the way they see and understand the world. The challenge for college IT teams today is to cater to students’ proclivity for technology and even use it as a positive force in their educational development.

Using technology for good

And a challenge it is. Not all students know how mobile devices work, but most of them have one or more — and they expect to use them everywhere. For Juckiewicz, that frames tough questions for IT: How do you support thousands of different devices on campus at any given time? And how do you use those devices, and emerging technologies and software, for learning and teaching?

The IT team works to answer the first question, on networking and mobile infrastructure. For the second, it involves faculty, helping professors and lecturers use technology like smart devices to improve how they teach and, perhaps more important, how students learn.

“So what we struggle with in faculty computing and student computing is, how do you use all of this [technology]?” Juckiewicz said. “It’s great that you’ve got it, but who cares if it’s not doing something good?”

Students as teachers

For Eric Hawley, CIO at Utah State University, students’ knowledge of and familiarity with technology is very much a boon.

“In many ways students come in and they change the way we work,” he said. “They come in with different communication practices, different preferences.”

Hawley cited the school’s learning management system, which tracks and delivers coursework online, as an example. Students can choose how faculty and staff communicate with them, with assignments showing up in Google Calendar and announcements made over Twitter or Facebook.

For Hawley, that means giving students — plus faculty and staff and even IT units outside of his central IT department, what he calls “the edge” — flexible platforms, like Google Apps and Box.com, to work with. They handle all the complexity and integration of delivery formats.

“One of the great things about the technology is you sort of get this strange new mix-up,” Hawley said. “Everything is standardized, yet the edge can consume it in 15 different ways.”

For how college IT teams are handling shadow IT, read “University IT departments struggle to stay always open, always secure.”


February 29, 2016  11:03 AM

Robots, security as a service, cloud galore, shape ITO-BPO 2016 outlook

Linda Tucci Linda Tucci Profile: Linda Tucci
cloud

Heads-up from the ITO/BPO experts at global law firm Mayer Brown — look for dozens of new developments in the IT and business process outsourcing market in 2016. Among the trends outlined in the firm’s recent webinar:

Attorneys Rebecca Eisner, Paul Roy, Brad Peterson and Dan Masur, partners in Mayer Brown’s business and technology sourcing practice, see 2016 ITO-BPO market changes as falling under four broad themes. Here’s a recap of the highlights.

1.  Emerging technologies transform ITO-BPO services

Paul Roy_mayer

Paul Roy

Cloud goes mainstream. Everyone wants a piece of the cloud services market — traditional ITO/BPO providers, which now are making cloud a standard part of their services, as well as software and products companies seeking to defend and expand their turf. As a result, cloud vendors are losing their special status (and just maybe their “my way or the highway” attitudes) as more flexible and customized ITO/BPO services come on the market. “Buyers should develop well-organized approaches to buying cloud,” Roy said.

Here come the robots. ITO and BPO companies are “close to exhausting opportunities to move work closer to lower cost people,” Roy said, and are moving the work to machines. “For example, in BPO we are seeing this with automated email and document scanning that gathers the required data for automated entry and routes that data to the various business functions,” he said. Buyers with contracts designed to purchase human labor “will need to re-evaluate their existing deals and reconcile their contracts to this new world.”

Digital services deployed for competitive advantage. Cloud and digital services, in case anyone needs reminding, should not be viewed as just cost-cutting measures but as vehicles for improving a company’s competitive position. Case in point: the equipment manufacturers using Internet of Things (IoT) to allow customers to better manage and monitor their products — and the “tremendous benefits” derived from capturing and analyzing all the data.

2.  Multi-sourcing will push demand for integration services

Dan Masur_Mayer

Dan Masur

The provider list keeps getting bigger. “In the last two years, we have worked with more than 50 providers and the trend is continuing. These range from cloud providers such as Amazon and Salesforce.com to Rackspace to everything-as-a-service providers,” Masur said. In addition to the big name cloud providers, customers are looking at emerging digital technology providers to help them become “truly digital businesses.”

ITO integration services are in demand. The more providers companies hire, the harder it is to integrate all of these services. “Many of the most powerful cloud technologies will require integration efforts comparable to those required to install [enterprise resource planning] systems,” Eisner said.

IT organizations don’t have enough people trained in managing these multiple platforms and providers. “Companies will have to hire the expertise for service integration, incident management, change management and other important cross-functional areas” she said.

Provider partnerships are increasing: Last year saw formal teaming between Accenture and Amazon, PwC and Google and HCL and Microsoft, as vendors scrambled to meet high customer  demand for integrated services and risk mitigation. Expect more such partnerships.

3.  Cybersecurity and data dominate the risk agenda

Poor security will cost you. Cyber threats, now a board-level topic, will only increase as IoT and other telematics are used in consumer and commercial products. “Regulators have clearly taken note and will exact increasingly large fines for poor security,” Roy said

Rebecca Eisner

Rebecca Eisner

Security as a service arrives. In response to increased cyber-risks, companies will rely on third party specialists for managing information security rather than on relying just on their outsourcing partners or on trying to manage security themselves, Eisner said. These security specialists will identify weak links and security gaps between outsourcing providers.

Data protection and privacy laws on the rise. The end of Safe Harbor  for the transfer of personal data out of Europe and passage of a Russian law requiring that data remain in Russia, will challenge customers and ITO/BPO providers. The Mayer Brown experts predict more data centers will be located in Europe to address some of these concerns.

4.  Deal pace, M&A drive ITO-BPO activity

Deals are getting done at warp speed. Competitive pressures have forced deals to “run faster and faster,” according to Peterson. Under pressure to act fast, companies are “fielding substantial negotiating teams working on an agile basis to close smart deals fast,” he said. They also are using a variety of forms, tools, template and instituting policies that will help them move quickly when a market opportunity arises.

Brad Peterson_mayer

 Brad Peterson

Banner 2015 M&A activity gives rise to reconfigured IT services. Record merger-and-acquisitions in 2015 are driving ITO, BPO and cloud activity, as companies rationalize the IT and business processes they inherited.  Said Roy, “2016 will be a banner year for ripping apart shared service centers and service contracts — and replacing them for the newly configured companies created by those M&A deals.”


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: