
Collection of Outsourcing Misconceptions
Disputes about the advantages and disadvantages of outsourcing are usually dominated by three poles of opinion - the business, the CIO or the IT department and the outsourcing service provider. The funny thing about the situation is that they are all right. But the question is not this, but what point of reference to choose at this time based on the external and internal priorities of the company.
The position of the outsourcing services provider is understandable and simple, he needs to sell as much as possible and expand the list of services provided as relations with the client develop.
It is believed that it is from CIO that the most distrust of outsourcing comes from. His typical position is understandable: I must have my own team with which I can fulfill all the tasks assigned by the leadership. And the larger this team, the more efficient IT work, the greater the responsibility of CIO and the steeper its position among colleagues, the more money passes through his hands and settles in the bonus fund. About how this position is correct, judge the investor or business leader.
Many CIOs are ready to give only unique functions to the side, whose list is extremely limited. The remaining tasks, they believe, should remain within the company and be addressed by its IT department. But this position contradicts the point of view of investors and CEOs who care about the effectiveness of companies. It is quite difficult to achieve efficiency, including the use of IT, if you concentrate everything inside.
For example, how to provide any competency in 24 * 7 mode? It seems that you can do with 3 specialists. And if the IT service is responsible under a tight SLA? Then you need a shift on duty, and this is at least 5 people. The art of managing CIO is how to organize and use them in real work.
By and large, the objective of CIO is to ensure the efficiency of automation of company processes. However, the IT service does not always correctly understand its tasks. And here a situation arises that is becoming more common: integrators over the head of IT enter the business and quickly agree with him, arguing their proposals precisely from the standpoint of efficiency.
In fact, without taking into account the requirements of CIO, no outsourcing project can be successfully implemented. It is necessary to ensure that the person responsible for the project is interested in its implementation, its growth within the company and receiving a bonus for the work done. But this is rather the case in theory. But in practice, one company can have several customers, and each pursues its own interests, which do not always coincide perfectly. And in search of a compromise, it is often just necessary to participate in the affairs of an integrator company, whose superposition more often provides a positive result.
In addition, we finally come to understand that without the approval and understanding of the business it is extremely difficult to implement large outsourcing projects. Actually, their fate depends on the business, since it is the business that allocates funds and is responsible for them.
In fairness, we note that the above and other possible arguments in favor of and against outsourcing models are not new. At the same time, large-scale changes are taking place around us, which in one way or another affect the priorities of the business and its attitude to outsourcing.
On the one hand, companies have become more mature, and on the other hand, new personnel from generation Y, which has grown with devices in their hands, have begun to come into the corporate environment (IT and business). Representatives of this generation have their own view on many things (for example, on state regulation), which seems unthinkable to the older generation of managers.
This is easy to explain with an eloquent example of database management. To support them, you can keep expensive staff or transfer the relevant competences to outsourcing at affordable prices - and this is more convenient and profitable.
Any debate about outsourcing practices can be continued indefinitely, which, in fact, has been going on since their inception. Most often, you can hear the pros for making outsourcing cheaper. But, perhaps, the main thesis of outsourcing supporters in recent years has become the following: the point is not cheapness, but that outsourcing allows you to manage the price / quality ratio.
This makes it possible to structure IT services so that you begin to understand their real value. Accordingly, then you can choose what you directly need, and either reduce the cost to the detriment of quality (continuing to clearly assess the level of quality), or vice versa, increase the quality level, increasing the cost.
In order to fix the level of quality, you will have to bear the initial costs. But in the future, it may be possible to reduce the cost of consumed IT services by several percent per year - by honing IT processes and increasing their efficiency.
As for the cons “con” ... Over the years of outsourcing practice, a whole collection of misconceptions has been formed (they were discussed vigorously at the outsourcing section at InfoSecurity Russia 2014), which we would like to break into “thematic” blocks and comment on them thesis.
“Outsourcers are not responsible for the system with their head, but only within the framework of the SLA.” For small companies, perhaps this is true. But for large - no. As a rule, the experience of an outsourcer can be assessed by the thickness of its SLA, and for large companies typical SLAs reach 80–100 pages, where only the first 2 points represent the basic conditions, and all the rest are the “ifs”. So, the statement about the irresponsibility of companies is simply incorrect.
“There is no specific person who owns all the information and is responsible for the system.” This is also not a completely correct statement. If the key specialist is not in place, he became ill, he was lured, what will happen to the system for which he was responsible? Will she crash?
The absence of such a specialist is not at all a minus, but rather the risk of the customer: he is dependent on the person who closed the system to himself. At the same time, the outsourcer on large contracts always has a dedicated manager and a separate team for the customer.
“Outsourcers can see too much when working with the system.” They can. So what? This statement in itself is not consistent, at least because the employees of your company are just as likely to see the excess. So, to inflate the risk of losing confidential information through external companies is not entirely correct. If the IS service correctly organized and delimited access to information, such information can be transferred to an outsourcing partner, while retaining control over its condition.
“Outsourcing can steal / distort data.” They certainly can steal! However, like the employees of your company. Distorting is extremely unlikely, as the outsourcer is responsible for the services provided to you within the framework of the very SLA, which everyone likes to talk about.
"Unable to control work." Here again the question arises of the maturity of the company's processes. If your internal employees are able to control the perimeter and ongoing work, you should not have problems with external ones. Saying “we all outsourced” and ceasing to control is absolutely wrong. There should always be an internal manager who monitors the contract and verifies the correctness of its implementation based on the expected economic results that affect the efficiency of the business as a whole. If the results do not meet expectations, this is an occasion for analyzing the situation and certain conclusions.
“Own employees will figure it out faster and really“ do things. ”When something happens to you, everyone runs around, rustles, something happens. But the outsourcer has 15 minutes - nothing, 20 minutes - nothing ... So is he doing something or not? ”And didn’t you think that when the head leaves the office for an external meeting or goes on vacation, does the external activity of the unit change? It is entirely possible that all this running around is nothing more than an imitation of violent An outsourcer can also show you how his employees can gayut and even put the video on YouTube or transfer your recordings from the camera. However, only a very important reaction to incidents, and it depends on the customer's operation manager, on how to build communication. When properly constructed communication you do not have time to notice the incident, as SMS will already come to you: “There was an incident. Already fixed! ".
“To control only SLAs is ineffective, it is impossible to take into account everything in it.” What can be controlled can be outsourced. That which cannot be controlled cannot be transferred - it is better to leave it to your own team until the control becomes simple and understandable. Or maybe to offer the outsourcer to make this question transparent too? After all, the theme of control is also relevant for their own team. Even, perhaps, to a greater extent.
“Outsourcers don't know the inside kitchen.” The problem will disappear instantly as soon as the inner kitchen is described under the SLA. If you cannot describe it, then you must honestly admit that the problem is not with the outsourcer: the company itself is simply not ready for outsourcing and optimizing IT efficiency. In this case, outsourcing will not initially be effective. In companies with a high level of maturity, all the features of domestic kitchens fall into the regulations and procedures.
“The outsourcer builds all processes for himself, and the customer becomes addicted for life.” From the point of view of the outsourcing service provider, this is normal. In marketing, they even came up with the appropriate term - "swaddle the client." But the client is not a helpless doll, and he has the right to make his final choice on his own.
There is another term - “Transition period” - time (and money) for which an outsourcer can intercept work from another contractor. As a rule, processes and SLAs are not built for a specific outsourcer, but so that there are always two or three partner companies that are ready to meet the same requirements, you just need to remember the advantages of competition.
"You can deal with your staff much faster (in terms of concepts) than with an outsourcer (under an agreement)." Right. But only if the customer can really quickly deal with their own employees, having in their sleeve a wide range of impact measures. However, in practice this is somehow not the case. The “supreme measure” - dismissal - will not only not help the “dismantling”, but will also create additional problems in hiring a new employee. In the case of an outsourcing agreement, this is a partner's problem.
Perhaps, over the years of practice, two truths have become the main rules of outsourcing.
The first is that outsourcing is not expensive or cheap; it is effective or ineffective. If it is ineffective, why is it needed! And if it is effective, and this is justified and proved to the shareholders of the customer, money for it, as a rule, is much easier than for dubious projects.
The second - the risks of outsourcing do not disappear, just some are replaced by others. The risk associated with their own personnel leaves, but another appears, associated with monitoring partner competencies and regulations within the framework of the SLA. IT risks, like other risks, need to be managed. And life by SLA is an art that needs to be learned, and experience comes only with practice!
Triangle of opinions
The position of the outsourcing services provider is understandable and simple, he needs to sell as much as possible and expand the list of services provided as relations with the client develop.
It is believed that it is from CIO that the most distrust of outsourcing comes from. His typical position is understandable: I must have my own team with which I can fulfill all the tasks assigned by the leadership. And the larger this team, the more efficient IT work, the greater the responsibility of CIO and the steeper its position among colleagues, the more money passes through his hands and settles in the bonus fund. About how this position is correct, judge the investor or business leader.
Many CIOs are ready to give only unique functions to the side, whose list is extremely limited. The remaining tasks, they believe, should remain within the company and be addressed by its IT department. But this position contradicts the point of view of investors and CEOs who care about the effectiveness of companies. It is quite difficult to achieve efficiency, including the use of IT, if you concentrate everything inside.
For example, how to provide any competency in 24 * 7 mode? It seems that you can do with 3 specialists. And if the IT service is responsible under a tight SLA? Then you need a shift on duty, and this is at least 5 people. The art of managing CIO is how to organize and use them in real work.
By and large, the objective of CIO is to ensure the efficiency of automation of company processes. However, the IT service does not always correctly understand its tasks. And here a situation arises that is becoming more common: integrators over the head of IT enter the business and quickly agree with him, arguing their proposals precisely from the standpoint of efficiency.
In fact, without taking into account the requirements of CIO, no outsourcing project can be successfully implemented. It is necessary to ensure that the person responsible for the project is interested in its implementation, its growth within the company and receiving a bonus for the work done. But this is rather the case in theory. But in practice, one company can have several customers, and each pursues its own interests, which do not always coincide perfectly. And in search of a compromise, it is often just necessary to participate in the affairs of an integrator company, whose superposition more often provides a positive result.
In addition, we finally come to understand that without the approval and understanding of the business it is extremely difficult to implement large outsourcing projects. Actually, their fate depends on the business, since it is the business that allocates funds and is responsible for them.
The world is changing
In fairness, we note that the above and other possible arguments in favor of and against outsourcing models are not new. At the same time, large-scale changes are taking place around us, which in one way or another affect the priorities of the business and its attitude to outsourcing.
On the one hand, companies have become more mature, and on the other hand, new personnel from generation Y, which has grown with devices in their hands, have begun to come into the corporate environment (IT and business). Representatives of this generation have their own view on many things (for example, on state regulation), which seems unthinkable to the older generation of managers.
This is easy to explain with an eloquent example of database management. To support them, you can keep expensive staff or transfer the relevant competences to outsourcing at affordable prices - and this is more convenient and profitable.
Points for and against"
Any debate about outsourcing practices can be continued indefinitely, which, in fact, has been going on since their inception. Most often, you can hear the pros for making outsourcing cheaper. But, perhaps, the main thesis of outsourcing supporters in recent years has become the following: the point is not cheapness, but that outsourcing allows you to manage the price / quality ratio.
This makes it possible to structure IT services so that you begin to understand their real value. Accordingly, then you can choose what you directly need, and either reduce the cost to the detriment of quality (continuing to clearly assess the level of quality), or vice versa, increase the quality level, increasing the cost.
In order to fix the level of quality, you will have to bear the initial costs. But in the future, it may be possible to reduce the cost of consumed IT services by several percent per year - by honing IT processes and increasing their efficiency.
As for the cons “con” ... Over the years of outsourcing practice, a whole collection of misconceptions has been formed (they were discussed vigorously at the outsourcing section at InfoSecurity Russia 2014), which we would like to break into “thematic” blocks and comment on them thesis.
Responsibility
“Outsourcers are not responsible for the system with their head, but only within the framework of the SLA.” For small companies, perhaps this is true. But for large - no. As a rule, the experience of an outsourcer can be assessed by the thickness of its SLA, and for large companies typical SLAs reach 80–100 pages, where only the first 2 points represent the basic conditions, and all the rest are the “ifs”. So, the statement about the irresponsibility of companies is simply incorrect.
“There is no specific person who owns all the information and is responsible for the system.” This is also not a completely correct statement. If the key specialist is not in place, he became ill, he was lured, what will happen to the system for which he was responsible? Will she crash?
The absence of such a specialist is not at all a minus, but rather the risk of the customer: he is dependent on the person who closed the system to himself. At the same time, the outsourcer on large contracts always has a dedicated manager and a separate team for the customer.
Work with information
“Outsourcers can see too much when working with the system.” They can. So what? This statement in itself is not consistent, at least because the employees of your company are just as likely to see the excess. So, to inflate the risk of losing confidential information through external companies is not entirely correct. If the IS service correctly organized and delimited access to information, such information can be transferred to an outsourcing partner, while retaining control over its condition.
“Outsourcing can steal / distort data.” They certainly can steal! However, like the employees of your company. Distorting is extremely unlikely, as the outsourcer is responsible for the services provided to you within the framework of the very SLA, which everyone likes to talk about.
"Unable to control work." Here again the question arises of the maturity of the company's processes. If your internal employees are able to control the perimeter and ongoing work, you should not have problems with external ones. Saying “we all outsourced” and ceasing to control is absolutely wrong. There should always be an internal manager who monitors the contract and verifies the correctness of its implementation based on the expected economic results that affect the efficiency of the business as a whole. If the results do not meet expectations, this is an occasion for analyzing the situation and certain conclusions.
Controllability
“Own employees will figure it out faster and really“ do things. ”When something happens to you, everyone runs around, rustles, something happens. But the outsourcer has 15 minutes - nothing, 20 minutes - nothing ... So is he doing something or not? ”And didn’t you think that when the head leaves the office for an external meeting or goes on vacation, does the external activity of the unit change? It is entirely possible that all this running around is nothing more than an imitation of violent An outsourcer can also show you how his employees can gayut and even put the video on YouTube or transfer your recordings from the camera. However, only a very important reaction to incidents, and it depends on the customer's operation manager, on how to build communication. When properly constructed communication you do not have time to notice the incident, as SMS will already come to you: “There was an incident. Already fixed! ".
“To control only SLAs is ineffective, it is impossible to take into account everything in it.” What can be controlled can be outsourced. That which cannot be controlled cannot be transferred - it is better to leave it to your own team until the control becomes simple and understandable. Or maybe to offer the outsourcer to make this question transparent too? After all, the theme of control is also relevant for their own team. Even, perhaps, to a greater extent.
“Outsourcers don't know the inside kitchen.” The problem will disappear instantly as soon as the inner kitchen is described under the SLA. If you cannot describe it, then you must honestly admit that the problem is not with the outsourcer: the company itself is simply not ready for outsourcing and optimizing IT efficiency. In this case, outsourcing will not initially be effective. In companies with a high level of maturity, all the features of domestic kitchens fall into the regulations and procedures.
Role in the process
“The outsourcer builds all processes for himself, and the customer becomes addicted for life.” From the point of view of the outsourcing service provider, this is normal. In marketing, they even came up with the appropriate term - "swaddle the client." But the client is not a helpless doll, and he has the right to make his final choice on his own.
There is another term - “Transition period” - time (and money) for which an outsourcer can intercept work from another contractor. As a rule, processes and SLAs are not built for a specific outsourcer, but so that there are always two or three partner companies that are ready to meet the same requirements, you just need to remember the advantages of competition.
"You can deal with your staff much faster (in terms of concepts) than with an outsourcer (under an agreement)." Right. But only if the customer can really quickly deal with their own employees, having in their sleeve a wide range of impact measures. However, in practice this is somehow not the case. The “supreme measure” - dismissal - will not only not help the “dismantling”, but will also create additional problems in hiring a new employee. In the case of an outsourcing agreement, this is a partner's problem.
Two truths
Perhaps, over the years of practice, two truths have become the main rules of outsourcing.
The first is that outsourcing is not expensive or cheap; it is effective or ineffective. If it is ineffective, why is it needed! And if it is effective, and this is justified and proved to the shareholders of the customer, money for it, as a rule, is much easier than for dubious projects.
The second - the risks of outsourcing do not disappear, just some are replaced by others. The risk associated with their own personnel leaves, but another appears, associated with monitoring partner competencies and regulations within the framework of the SLA. IT risks, like other risks, need to be managed. And life by SLA is an art that needs to be learned, and experience comes only with practice!